This is a Django app which helps to make it a bit easier to create & renew SSL certificates with Let's Encrypt when the site you want the certificate for is running on Google App Engine.
It's written to work with a project that uses Djangae.
- Put this package into your Django project. I haven't released it to PyPi yet, so just dump the repo or use
pip install git+https://github.com/adamalton/letsencrypt-appengine.git#egg=letsencryptae. - Add
'letsencryptae'toINSTALLED_APPS - Add
url(r'^', include('letsencryptae.urls')),as the last entry in yourpatterns()in your root URL conf. - You'll also need to add this index to index.yaml (unless you visit the Django admin and trigger App Engine to add it to index.yaml for you automatically):
- kind: letsencryptae_secret
properties:
- name: __key__
direction: desc- Make sure that your application is serving on App Engine on your custom domain and that the code is deployed with
letsencryptaeincluded (as per above). - Download Let's Encrypt.
git clone git@github.com:letsencrypt/letsencrypt.gitcd letsencrypt
- Run
./letsencrypt-auto certonly --manual -d yourdomain.com.- You can create a certificate for multiple domains by adding additional
-d other.domain.comonto that command (see notes below).
- You can create a certificate for multiple domains by adding additional
- Answer the questions that it gives you.
- At some point it will then give you a prompt to add a file that contains a long random-looking string to be served at a random-lloking URL that starts with
/.well-known/acme-challenge/.... - Go to the Django admin of your site, and create a new
Secretobject in the 'letsencryptae' app.- In the
url_slugfield, insert everything that comes after/.well-known/acme-challenge/. - In the
secretfield insert the longer secret that Let's Encrypt wants you to serve. This should start the same as the URL slug.
- In the
- Now tell the
letsencryptcommand to continue. - If you are issuing a single certificate that covers more than 1 domain (e.g.
my-domain.com andwww.y-domain.com), note that:letsencrypt-autowill give you MULTIPLE different secrets (one per domain).__ You must create aSecretin the Django admin and then hit enter to continue in theletsencrypt-autocommand for each one.- Your app must be able to serve from all of the included domains in order that Let's Encrypt can validate that you own each one.
- Go to your project in the Google Cloud Console.
- In the left menu to to App Engine and then Settings.
- Go to the SSL Certificates tab and click 'Upload a new certificate'.
Let's Encrypt should have told you where the certificate and the key have been stored on your computer. But you need to convert the key into RSA format because App Engine won't accept it in the default format (and won't convert it for you).
- Run
openssl rsa -in /path/to/privkey.pem -out /path/to/privkey.rsa.- Note that the
letsencrypt-autocommand will probably have put the certifcate and key in a location that is owned byroot, so you will probably need tosudothat command.
- Note that the
- Now copy and paste the certificate and RSA-encoded priviate key into the form.
- Note that you want the
fullchain.pemfile.
- Note that you want the
- Save it!