True to form, when time came up for renewal GoDaddy wanted to charge me $100.
Top Tip: Never, ever allow GoDaddy to autorenew anything you buy from them. Because they alway jack the price up when they autorenew by default.
Anyway, I heard about LetsEncrypt, the new CA which offers SSL certificates for free.
"This must be too good to be true", I thought. And once again, I was proved right.
After much yak-shaving, (installing the prerequisites on my mac, the letsencrypt software, and the appropriate challenge/responses to prove I owned the web servers) I actually managed to sucessfully generate my certificate...
...which expires in 90 days!?!
Now the people at letsencrypt think that 90 days is a really, really long time, and any longer would be a security risk. And they say, "Hey, you should automate all your certificate issuance/renewal/web hosting malarky".
And one more thing... when I tried to upload my 4096 bit key certificate, app engine complained with an extremely generic error message. Turns out it only supports a maximum of 2048 bit keys.
Way to be cutting edge Google!
EDIT: Google App Engine has finally automated SSL certifcates issuance and renewal!!!
https://cloudplatform.googleblog.com/2017/09/introducing-managed-SSL-for-Google-App-Engine.html
No comments:
Post a Comment