SSL for my site with Let's Encrypt

Feb 26, 2017 SSL

​I am running this site on AppEngine with Go. Since there is a movement of securing :key: web sites and not only APIs, I understand that I need SSL certificate. So, these are my steps of creating FREE certificate with Let’s Encrypt and applying it on App Engine.

Note: I am using MacOS.

Generate certificate

Install Let’s encrypt certbot

brew install letsencrypt

Run and type your root password. (A little bit scary)

sudo certbot certonly --manual

Input your domain you want to secure

Press “Enter” (Say ‘Yes’)

You will see message like this:

Make sure your web server displays the following content at
http://www.sromku.com/.well-known/acme-challenge/F017qXaqpNvK2sQPqyK000LR7Jr5chouV72 before continuing
 
F017qXaqpNvK2sQPqyK000LR7Jr5chouV72.22Tqsqi0KqOuVEn5g5Ufqq1O7efRoo1m8Lxe722

This means that you need to create static file and put there the content. And update app.yaml file.


Create directory /acme-challenge. Create new file with name mentioned above and put one line of content as it’s written above.

In my case it would be file name F017qXaqpNvK2sQPqyK000LR7Jr5chouV72 and content F017qXaqpNvK2sQPqyK000LR7Jr5chouV72.22Tqsqi0KqOuVEn5g5Ufqq1O7efRoo1m8Lxe722

Update app.yaml and add:

- url: /.well-known/acme-challenge
  static_dir: acme-challenge

Deploy web app.

goapp deploy

Go back to terminal where we stopped on step 5 and press “Enter”.


Now, let’s encrypt will check that the correct file is deployed to your server and if it’s there, you will get a certificate :tada:


Copy the generated files to your workspace and give permissions to yourself:

sudo cp -r /etc/letsencrypt/live/www.sromku.com ~/Desktop/
sudo chown -R sromku ~/Desktop/www.sromku.com

Modify and prepare a private key:

cd ~/Desktop/www.sromku.com
openssl rsa -in privkey.pem > privkey-rsa.pem

Now, we have everything we need :tada:

Apply :key: on App Engine

Go to App Engine -> Settings -> SSL Certificates -> Upload a new certificate

  • For Public key -> Choose fullchain.pem
  • For Private key -> Choose privkey-rsa.pem

That’s it. From:

To: