This is welcome news. This means I no longer have to track and manually renew my Let's Encrypt certificates for my websites.
I also see it as a way to incentivize folks to use GAE (not only are you getting free quotas to run your app, you also don't have to spend money to buy certificates and don't have to worry about installing or renewing them).
Finally, I also see it as another way of pushing for the uptake of SSL. With GAE doing this, other hosting services might also start offering something similar or close to it which would then beg the question - why is your site not using SSL.
> Finally, I also see it as another way of pushing for the uptake of SSL. With GAE doing this, other hosting services might also start offering something similar or close to it which would then beg the question - why is your site not using SSL.
Good question. Everybody should be on SSL. It isn't just hosting services that should offer something similar, but SaaSes too that provide SSL on custom domains for their customers. They usually don't get around to securing those custom domains due to the pain and inconvenience and maintenance.
There are platforms out there like Clearalias and Cloudfront that help with making that a breeze though, so I don't see why it would be an issue going forward.
Hopefully with Google and browsers punishing non-SSL sites more, there'll be more sites behind an SSL cert.
The whole premise behind letsencrypt is the ACME protocol, so you don't have to manually renew certs [although you can]. The problem is in handling SSL renewals on a cluster, you have to do renewals via DNS & rsync certs around, and there's not many tools to do this. But for a single server, its very easy to automate. Another problem with letsencrypt is the rate limits & such.
Google App Engine only a few weeks ago released an API for managing certificates. Before that, the only way to add or update a certificate was to manually paste the key into a web form.
It is _so_ nice not to (1) manage the certs with your own infrastructure (2) automatically deploy these things to HAProxy, Apache, MySQL, random server X.
Automated load balancing + cert management is heaven.
I was in the preview/alpha/whatever group. Never could get cert creation to work through the console UI, but it worked fine when using the gcloud SDK from the command-line.
Hello from the App Engine team. Could you double check that your DNS records are accurate? Everything is looking good on our end. Thanks for the feedback!
We've found the glitch in the UI and the issue will be resolved shortly. Thanks for all the support and quick testing after announcing this beta release.
I love app engine but one of the biggest issues I've had with it is the fact that memcached and search are not available for anything but app engine standard - python (2.7).
Providing access to both via app engine flexible would be god sent!
They do offer it for webapps using Lets Encrypt, but nothing else afaik. But I look forward to it being added, it is definitely needed. Even setting up the Let's Encrypt to auto renew is a very tedious process.
Hello from Backplane. You can get this on Azure today using https://www.backplane.io with end-to-end encryption to your backends plus a huge chest of other routing and security features. It's free to start. I'm blake at backplane dot io
It's basically invisible automation for creating and renewing LetEncrypt certs on App Engine.
The traditional process for installing a custom domain SSL cert on App Engine was very clunky. Involved running OpenSSL commands, cut-n-pasting PEM data, etc. If you were using LetsEncrypt, then it was more or less impossible to automate... you had to go through a tedious manual process every 3 months (including updating your app, to respond to the LetsEncrypt verification endpoint!).
A click on the browser padlock icon says that it's a LetEncrypt cert. Unsurprising, since Google is such a major sponsor. Also unsurprising that Google chooses to focus on their own branding rather than call attention to it.
Your issue is then with using App Engine, not with them giving you a certificate. There is no way to use App Engine without them getting the plaintext in the end.
I also see it as a way to incentivize folks to use GAE (not only are you getting free quotas to run your app, you also don't have to spend money to buy certificates and don't have to worry about installing or renewing them).
Finally, I also see it as another way of pushing for the uptake of SSL. With GAE doing this, other hosting services might also start offering something similar or close to it which would then beg the question - why is your site not using SSL.