SSL for my site with Let's Encrypt

Author: Roman Kushnarenko Feb 26, 2017 SSL

​I am running this site on AppEngine with Go. Since there is a movement of securing :key: web sites and not only APIs, I understand that I need SSL certificate. So, these are my steps of creating FREE certificate with Let’s Encrypt and applying it on App Engine.

Note: I am using MacOS.

Generate certificate

Install Let’s encrypt certbot

brew install letsencrypt

Run and type your root password. (A little bit scary)

sudo certbot certonly --manual

Input your domain you want to secure

Press “Enter” (Say ‘Yes’)

You will see message like this:

Make sure your web server displays the following content at before continuing

This means that you need to create static file and put there the content. And update app.yaml file.

Create directory /acme-challenge. Create new file with name mentioned above and put one line of content as it’s written above.

In my case it would be file name F017qXaqpNvK2sQPqyK000LR7Jr5chouV72 and content F017qXaqpNvK2sQPqyK000LR7Jr5chouV72.22Tqsqi0KqOuVEn5g5Ufqq1O7efRoo1m8Lxe722

Update app.yaml and add:

- url: /.well-known/acme-challenge
  static_dir: acme-challenge

Deploy web app.

goapp deploy

Go back to terminal where we stopped on step 5 and press “Enter”.

Now, let’s encrypt will check that the correct file is deployed to your server and if it’s there, you will get a certificate :tada:

Copy the generated files to your workspace and give permissions to yourself:

sudo cp -r /etc/letsencrypt/live/ ~/Desktop/
sudo chown -R sromku ~/Desktop/

Modify and prepare a private key:

cd ~/Desktop/
openssl rsa -in privkey.pem > privkey-rsa.pem

Now, we have everything we need :tada:

Apply :key: on App Engine

Go to App Engine -> Settings -> SSL Certificates -> Upload a new certificate

  • For Public key -> Choose fullchain.pem
  • For Private key -> Choose privkey-rsa.pem

That’s it. From: