Let’s Encrypt certificate on Google App Engine with flat HTML

There are many tutorials on how to generate SSL certificates using Let’s Encrypt for Google App Engine but none was applicable for my particular case:

-web-site build with Polymer with just HTML5 (no Python, no PHP, no Java,… and didn’t want any of them)

-I wanted to use the Google Cloud Shell to generate the certificate, just because.

-I wanted to use a docker image for Let’s Encrypt, again just because.

-I wanted to create a certificate for with and without www.

The first certificate I used 3 months ago was from Comodo, free and only valid for 3 months. After reading about Let’s Encrypt and learning that Comodo was not very nice with the little guy, I’ve decided to move my certificate.

Docker on Google Cloud Shell

The first step is to activate a Shell Console from your Cloud console. Once logged, you can use docker to get and run an image with contains everything you need:

docker run -it -p 443:443 -p 8080:8080 -v "$(pwd)/ssl-keys:/etc/letsencrypt" quay.io/letsencrypt/letsencrypt:latest -a manual certonly

Next, you go through the interactive tools that ask you the following:

-domain name(s): I realised after I did mine that I could use here both none and www rather than repeating the process and have 2 certificates in Google App Engine.

-email address

-confirmation about sharing the IP address of the machine (I guessed it was OK).

Once this is done, you are asked to have on your web-site a specific string (challenge key), in a specific file, in a specific folder. You must have this ready before continuing (press Enter).

Make the challenge visible

This part of the process seems a bit more complicated than it is; just follow these few steps to make it easier:

1- create a folder in your web-site directory called “letsencrypt” (it could be something different)

2- in this folder, create a file using as filename the first part of the challenge key

3- insert in this file, the first part of the challenge key, a dot (.), and the 2nd part of the challenge key. To do that, you can use the suggested command from the Let’s Encrypt tool:

printf "%s" [challenge part1].[challenge part2] > letsencrypt/[challenge part1]

4- edit your app.yaml to make sure this file will be visible on the web. You need the following on top of “handlers:”:

- url: /\.well-known/acme-challenge/(.+)
static_files: letsencrypt/\1
upload: letsencrypt/(.+)
mime_type: text/plain

5- deploy your app to Google App Engine, either from the command line or the Launcher.

6- once the deployment is successful, it is a good idea to test the URL given during the process before Let’s Encrypt tries to access it. Otherwise, if Let’s Encrypt fails to open the file, you will need to start the process from the beginning. The URL is displayed in the instructions (2nd line) and starts with http://…

7- Once all of the above is done, you can press Enter to continue the process and get your certificate.

Notes: If you have asked for multiple domains, you need to do a challenge for each, which means that you need to repeat 2 – 7. However, at the end, the good news is that you have just one certificate. Also, make sure to include the letsencrypt folder in your build process, if you have one (gulp, grunt,…).

Upload your new certificate

At the end of the verification, Let’s Encrypt will generate few folders and files but you need just 2 for Google App Engine. In /ssl-keys/live/[first domain]/ you will find:

fullchain.pem: this is your public key certificate. It contains 2 certificates and both need to be copied in the 1st text area in the Add a new SSL certificate page in Google App Engine.

privkey.pem: this is your private key but it needs to be converted to RSA with the following command:

opennssl rsa -in privkey.pem -out rsa.pem

opensssl is one of the tools included in Cloud Shell so no need to install it. It generates rsa.pem, this is your RSA private key, to be copied in the 2nd text area.

The easiest way to access these files is to use:

cat fullchain.pem

and then copy and paste the text. You could also use a bucket to copy and then download the .pem files.

You can then click upload to add this certificate. If it goes well, you are asked to confirm for which domain(s) the certificate is enabled.

The last step is to test and see if indeed your web-site is served over https and that the certificate is the one you just generated.

Screen Shot 2016-06-26 at 18.43.28

You might want to add:

  secure: always

in your app.yaml, to force every visit over https.

To do…

As the certificate is only valid for 3 months, the next step could be to have this process automated on a server, there are many how-to detailing the process but, if like me, you have only a few web-sites, a calendar reminder and a visit to this page would be as efficient.

Post scriptum

You might be wondering with this page is not served as https, well the blog is not (yet!) on Google App Engine, only savina.net is.

Posted in Internet, savina[.]net, Technology | Leave a comment

Twist on Website Monitoring with Google Docs

I came across this neat Google Apps Script that monitor your website and send you an alert if it is down.

It was not a perfect fit for my needs so I made some modifications to the original script.

  • First, I have hardcoded URL (more than one in an array) in the script. Then I added a FOR loop that checks all the URLs.
  • My email is also hardcoded, it makes the spreadsheet neater.
  • Finally, I only need a flag (entry in the sheet and email) when a site is down. I don’t want to know if it’s up so I filtered out “200” responses.

One last thing I’ve done in Gmail is adding a filter to highlight the emails sent from the script (Mark as important, starred and add a specific Label).

The email once filtred in Gmail.

The email once filtred in Gmail.

Here is my version of the script, feel free to copy and change as you see fit!

/** Monitor Sites's Uptime **/
/** based on: Site's Uptime **/
/** By Amit Agarwal 26/03/2012 **/
/** http://labnol.org/?p=33232 **/

function isMySiteDown()
{
var url= new Array();
url[0] = "http://one.example.com";
url[1] = "http://two-example.net";
url[2] = "http://www.google.com";

var response, error;

for (var n=url.length-1;n>=0;--n){
try {
response = UrlFetchApp.fetch(url[n]);
} catch(error)
{
var msg = "[UPTIME] " + url[n] + " is DOWN";
insertData(error, -1, msg);
return;
}

var code = response.getResponseCode();

if (code!=200) {
var msg = "[UPTIME] " + url[n] + " is DOWN";
insertData(response.getContent()[0], code, msg);}
};
}

function insertData(error, code, msg) {

var sheet = SpreadsheetApp.getActiveSheet();
var email = "youremail@address.net";
var row = sheet.getLastRow() + 1;

sheet.getRange(row,1).setValue(new Date());
sheet.getRange(row,2).setValue(error);
sheet.getRange(row,3).setValue(code);
sheet.getRange(row,4).setValue(msg);

if (code!=200)
MailApp.sendEmail(email, msg, msg+" "+error);
}


Posted in Internet, Technology | Tagged , , , , | 1 Comment

Photofusion, Dublin new & old

You might have seen these type of photo montage where an old photo is mixed with a new one. This is what we decided to try my daughter and myself.

We got the old photos (1961) from Charles W. Cushman, “An American, [who] travelled the world for 30 years, including a visit to Dublin.“.

The 2 photos I decided to work with are of the front of Trinity College and the Bank Of Ireland building. This corner of Dublin has changed a lot in 50 years, more trees, signs, traffic lights,… Anyway, here are the results.

The first one is a polaroid of the old on top of the new. There were too many elements on the photo to manage a different montage.

The second one is a real mix. Some road, pedestrians and 2 modern Dublin Bus are included in the 1961 street view, this is working well.

You can see another “photofusion” by visiting my daughter’s website.

Raphael

Posted in Photo, Travel | Tagged , , | Comments Off on Photofusion, Dublin new & old

expansys’ unrealistic stock and status…

See update at the bottom (Thursday 13th October)

I wanted to order a new Canon DSLR. After looking at different online shops, I decided to use expansys for 3 reasons:

  • The prices were similar to all the other shops
  • I have used them a lot before and they always been good in term of price and delivery time
  • they had everything I wanted in stock (very important!).

So, on Friday 23rd of September I placed my order and paid with Paypal. I immediately received the order confirmation… all good, all good! Continue reading

Posted in Internet, Photo, Technology | Tagged , , , , , , | Comments Off on expansys’ unrealistic stock and status…

Holidays calendar in Google Spreadsheet with scripting

At work, we found that the easiest way to track holidays (days off) was to use a Google Docs spreadsheet. The only issue we had was to keep track of the days taken by each of us, but scripting came to the rescue!  You can access the spreadsheet in Google Docs from this link. Create a copy and share it as you see fit. The script is in full below with comments but let’s go through some of the interesting parts first.

Continue reading

Posted in Internet, Technology | Tagged , , , , , , , | Comments Off on Holidays calendar in Google Spreadsheet with scripting

15 years online!

Last month (February 2011) marked my 15th year anniversary of internet activity. It started at the end of February 1996 on my first Windows computer (Windows 95 was magic… was it not?) and an old 14,400 modem from my Atari’s days.

I had to wait for the price (monthly subscription + local calls) to come down before our family budget could accomodate this large expense. The company was fcnet (they are still in business) and my first email address was very complicated, no one could understand it. It might have been due to the fact that only a few people knew what it was for.

The major milestones:

  • First time online.
  • Dialup for free with no time limit and better speed (V92!) from free.fr.
  • Buying my domain (savina,net) and having an easy to give email address.
  • Cable modem with a decent speed and a fixed monthly cost not linked to the time spent online. Also not using the only phone line in the house, no more busy tone.
  • Broadband coming in Ireland (long-awaited!).
  • Wifi to connect computers and phones to the same connection without cables.
  • Using Google App for email, Docs, Calandar. Stop using an email client.
  • Android smartphone (Nexus One) with g3reat internet access and usable browser.
  • Cable modem with decent web 2.0 speed (30MB).

I am looking forward for the next 15 years, I am not sure what to expect…

Raphael

Posted in Internet, Technology | Tagged , , , , , , , , , | Comments Off on 15 years online!