App Engine Enable managed security not working
John Janzen
Amit (Google Cloud Support)
Hi John
As it shows you need to be a domain owner, It seems like you probably lost your domain ownership verification somehow. You can run this [1] command to check the list of your verified domains. And If you look into here, it mentioned “ Important: Verifying domain ownership by using a CNAME record is the preferred option for App Engine. If you choose to use a TXT record, you must avoid configuring your domain's DNS with a CNAME record because the CNAME record overrides the TXT record and causes your domain to appear unverified.” I would recommend to check if this could be a reason for you. This link also describes how to verify your ownership through Webmaster Central in case you need that. And for webmaster central setting you can also follow this link. In another note it also appears that the domain verification is automatically re-confirmed about every 30 days. So if you remove the verification string from your DNS settings, you will lose the ability to change the configuration within the GCP Console. However, if this happens, the serving setup for the domain does not change and the app continues to serve over the custom domain.
[1] gcloud domains list-user-verified
John Janzen
Devel63
Harmit Rishi (Cloud Platform Support)
Hello,
Based on the information you have given, it seems that you are encountering an issue when changing from Self-managed SSL certificates to a Google Managed SSL certificate. Specifically issue regarding the verification your custom domain when trying to switch over SSL management.
The troubleshooting section of the Google documents mentions that App-Engine cannot provision certificates for an unverified domain. You mentioned that this is not the case as you have verified domain ownership via Webmaster Central.
I would assume this issue has arised after completing the appropriate set up for mapping your custom domain to your GAE application and configuring your dns record. As a precaution it would be a good idea review the process once more.
At this point, it seems there is more to your issue and we would require more information to resolve it. I would like to redirect you to creating a private issue on our Public Issue Tracker to help with your this.
(Note: You can navigate to the section Compute > Create new App Engine issue.)
On Saturday, October 27, 2018 at 11:00:34 AM UTC-4, Devel63 wrote:
I am having this same problem with subdomain.mydomain.com, which is currently using a self-signed SSL certificate. The problem is that for some reason that certificate is no longer trusted by the browser, so I thought I'd switch over to Google's managed security.
But I can't do anything, and as the original poster says, I'm getting the message that I must be a domain owner.
However, I am also unable to reverify. I have tried adding a TXT record, a CNAME record, and via Webmaster Central, the integrated GoDaddy check. All those checks seem to be trying to verify the domain, not the subdomain, but the documentation seems to imply that's expected.
Not sure if it's related, but Webmaster Central says I am indeed the verified owner of the domain. But it says this is the case via Delegation, from another verified owner that is ******@g*****account.com, which is presumably the standard gmail login that got migrated when I created the Google Apps equivalent. But that happened many years ago, and I added the subdomain.domain.com property to App Engine years long after that. I suppose it's possible that with the new managed security, they are doing some other checks, and this has fouled things up.