? How to implement managed SSL for a pre-existing domain mapping.

[timh]

Hi

Managed SSL - fantastic.

However I have an existing domain mapped, (for many years) and you don't seem to be able to add a certificate to this.

Not sure what the strategy would be to resolve this without potential downtime for the domain.

The only thing would be drop the existing domain mapping and re-add, but that will mean downtime for the service for that domain.

Any ideas on how one might approach this without the potential downtime ?

Thanks

Tim

[timh]

So I re-verified the same domain which appeared to work.

It's details now look different but everything still working.

I then "Enable Managed Security", and it started to show "Google-managed, auto-renewing " under SSL Security.

However an hour later the adjacent spinning gif is still spinning, have disabled and tried again to no avail.

Not sure how to progress now.

T 

[Mike Hardy]

+1

I've got the same problem.

[Kamran (Google Cloud Support)]

Hello Tim,

I'd recommend filing an issue on Google Issue Tracker include reproduction steps, the error messages that you receive or a redacted screenshot of the error, your Project ID and any other information that could help us to investigate this issue further.

[timh]

Hi

Thanks have done so.

Other than it not working there isn't much to report, there are no error messages as such, just the forever spinning circle.

The main bit of info will of course be the appid.

Cheers

T

[Mike Hardy]

Likewise. I posted it here.

[Lorne Kligerman]

Tim, are you sure your DNS records have been updated?

Could you send me a link to the public issue you logged with more details?

Thanks!

[Tim Hoffman]

Hi Lorne

Here is the link  https://issuetracker.google.com/issues/65781183

The DNS changed in cloud console on reverification, and our site is accessible using the name.

So I don't have any evidence to suggest it didn't . 

Regards

Tim Hoffman 

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/_ErrNAHN3_4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/2b94783f-d540-4275-8b61-2c7928d34a83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Kamran (Google Cloud Support)]

Hello Tim,

It looks like that CNAME record of your domain is not correctly configured. Please login to your domain registrar and modify the CNAME record of your domain to point to ghs.googlehosted.com.  Right now I can see that it's configured incorrectly pointing to ghs.google.com. 

After updating the CNAME, it would take some time for DNS record to be propagated and the managed security takes place.

Sincerely,

On Monday, September 18, 2017 at 7:04:07 PM UTC-4, timh wrote:

Hi Lorne

Here is the link  https://issuetracker.google.com/issues/65781183

The DNS changed in cloud console on reverification, and our site is accessible using the name.

So I don't have any evidence to suggest it didn't . 

Regards

Tim Hoffman 

[Tim Hoffman]

Ok

The cname record  is what was there from the many years old mapping.

I havent changed that as I was concerned we would then lose access to the site.

Ignoring the ssl security do you see it changing  causing a problem for http

Thanks

Tim

On 19 Sep. 2017 7:46 am, "'Kamran (Google Cloud Support)' via Google App Engine" <google-a...@googlegroups.com> wrote:

Hello Tim,

It looks like that CNAME record of your domain is not correctly configured. Please login to your domain registrar and modify the CNAME record of your domain to point to ghs.googlehosted.com.  Right now I can see that it's configured incorrectly pointing to ghs.google.com. 

After updating the CNAME, it would take some time for DNS record to be propagated and the managed security take place.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/f3538d88-f920-452b-b92d-6a2ff97f281c%40googlegroups.com.

[Kamran (Google Cloud Support)]

No. Updating the CNAME to point to ghs.googlehosted.com shouldn't interrupt your HTTP service.

 

On Monday, September 18, 2017 at 7:50:12 PM UTC-4, timh wrote:

Ok

The cname record  is what was there from the many years old mapping.

I havent changed that as I was concerned we would then lose access to the site.

Ignoring the ssl security do you see it changing  causing a problem for http

Thanks

Tim

[timh]

Just a bit more background

This site was mapped to a google apps domain back in September 2012, that is when the cname record as it currently is was set up.

Thanks

Tim

[Tapir]

On Monday, September 18, 2017 at 7:54:13 PM UTC-4, Kamran (Google Cloud Support) wrote:

No. Updating the CNAME to point to ghs.googlehosted.com shouldn't interrupt your HTTP service.

how long will it take effect after clicking the "Enable Managed Security" button?

I changed all my cnames to ghs.googlehosted.com but it still doesn't work.

There is a waiting circle always rotating beside the domain.

The "Enable Managed Security" button of one of my another app is even always disabled, even of I select the www.mydomain.com domain.

 

 

On Monday, September 18, 2017 at 7:50:12 PM UTC-4, timh wrote:

Ok

The cname record  is what was there from the many years old mapping.

I havent changed that as I was concerned we would then lose access to the site.

Ignoring the ssl security do you see it changing  causing a problem for http

Thanks

Tim

To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.

Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/2b94783f-d540-4275-8b61-2c7928d34a83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/_ErrNAHN3_4/unsubscribe.

To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.

Visit this group at https://groups.google.com/group/google-appengine.

[Tapir]

On Wednesday, September 20, 2017 at 8:32:16 AM UTC-4, Tapir wrote:

On Monday, September 18, 2017 at 7:54:13 PM UTC-4, Kamran (Google Cloud Support) wrote:

No. Updating the CNAME to point to ghs.googlehosted.com shouldn't interrupt your HTTP service.

how long will it take effect after clicking the "Enable Managed Security" button?

I changed all my cnames to ghs.googlehosted.com but it still doesn't work.

There is a waiting circle always rotating beside the domain.

The circle disappears now and the ssl takes effect now! Thanks!
 

The "Enable Managed Security" button of one of my another app is even always disabled, even of I select the www.mydomain.com domain.

But this button is still always disabled.

BTW, is there a way to force a http connection to convert to https connection?
 

[Lorne Kligerman]

Glad it kicked in!  If DNS entries aren't found, the system will automatically retry, however it will back off and the retry is less periodic the longer time passes.  Have you tried checking off only one domain in the table?  Are the buttons still disabled then?

To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.

Visit this group at https://groups.google.com/group/google-appengine.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/6b640c83-d4b7-49c7-8ca9-31b51088bf3e%40googlegroups.com.

[Kamran (Google Cloud Support)]

Tapir, 

You can use "secure" handlers sub-element to automatically redirect HTTP requests to the HTTPS URL with the same path. For more information on this visit this article.

[Tapir]

On Thursday, September 21, 2017 at 5:55:29 PM UTC-4, Lorne Kligerman wrote:

Glad it kicked in!  If DNS entries aren't found, the system will automatically retry, however it will back off and the retry is less periodic the longer time passes.  Have you tried checking off only one domain in the table?  Are the buttons still disabled then?

Yes, I only checked one domain, but the button is still disabled.
 

[Tapir]

On Thursday, September 21, 2017 at 6:01:07 PM UTC-4, Kamran (Google Cloud Support) wrote:

Tapir, 

You can use "secure" handlers subelement to automatically redirect HTTP requests to the HTTPS URL with the same path. For more information on this visit this article.

Thanks!
 

[Lorne Kligerman]

Please send me your project id and domain that's having the issue privately and we'll take a look.

To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.

Visit this group at https://groups.google.com/group/google-appengine.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/547b5007-1583-43e8-be13-6d14fe3be7b1%40googlegroups.com.

[timh]

Hi Kamran


I have changed the CNAME to be ghs.googlehosted.com. and that did sort out the problem

Thanks for your help.

Regards

Tim Hoffman

On Tuesday, September 19, 2017 at 7:46:08 AM UTC+8, Kamran (Google Cloud Support) wrote:

Hello Tim,

To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.