Implement Let’s Encrypt on google app engine ubuntu 16.04 LTS apache

Saurabh YadavUpdated: 2 days ago

I am aware that I am rare

Let’s encrypt is an open source certificate authority that provides free ssl using ACME Protocol backed by some big brands like cisco, mozilla and facebook with a mission to secure the internet. Today supported by major cloud platforms and operating systems.

Step One — Create A Backup of Virtual Host Files


sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf


File Looks Like this


ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined


Step Two — Install Certbot by running the following commands


$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-apache


Step Three — Install Certbot by running the following commands


Certbot have an Apache plugin that can install the certificate automatically based on the virtual host and Server Alias Running this command will automatically obtain certificates for the listed domains



$ sudo certbot --apache



Command will give result like this



Saving debug log to /var/log/letsencrypt/letsencrypt.log


Plugins selected: Authenticator apache, Installer apache


Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org


Which names would you like to activate HTTPS for?


1: example.com


2: www.example.com


Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): We can also specifically provide the domain which we need to be covered by ssl by this command $ sudo certbot -a dns-plugin -i apache -d "*.example.com" -d example.com --server https://acme-v02.api.letsencrypt.org/directory


Step Four — Automating renewal


As Let’s encrypt ssl is valid for 90 days so we have to explicitly renew the ssl certificate there is a command for that also that setup cron on our server to regularly check for expired certificate and automatically renew them.


$ sudo certbot renew --dry-run


Step Five — Enable Https Support in GCP app engine firewall settings


1. Go to the Instance Detail and click Edit




2. Enable Https Support in the firewall settings




Step Six — Enable port 443 for Https Support


1. Goto Network Details




2. Add Firewall rule if not created automatically like this


Step Seven — Restart Apache


Certbot have an Apache plugin that can install the certificate automatically based on the virtual host and Server Alias Running this command will automatically obtain certificates for the listed domains