Migrating to load balancer from

[Zhiling Chen]

Hello!

I have an existing setup for serving a static website with Cloudflare SSL sitting in front of a public gcs bucket (similar to this), but I want to migrate to a setup using google load balancing (as described in the official docs). I'd like to do this without any downtime, but since I can't swap out the DNS configuration until the new setup is ready I'm unable to provision the certificate on google cloud for this domain, which is stuck in the FAILED_NOT_VISIBLE state. Is there any way around this problem?

Would appreciate any help,

Thanks,

Zhiling

[osaeed]

Hello Zhiling,

I understand that you are seeing an error message: FAILED_NOT_VISIBLE, on the certificate domain status. According to this document[1], this indicates that the domain's DNS record doesn't resolve to the IP address of the Google Cloud load balancer. To resolve this issue, update the DNS A and AAAA records to point to your load balancer's IP address.

[1]https://cloud.google.com/load-balancing/docs/ssl-certificates/troubleshooting#domain-status

[Zhi Ling Chen]

Hi osaeed,

The DNS for the given domain resolves to the current website setup, won't adding the A and AAAA records disrupt connectivity to the site while the certificate is provisioning?

GetGround is the trading name of Terranova.Network Limited a limited company registered in England and Wales No.11273793 at 1 Lyric Square, London, United Kingdom, W6 0NB. GetGround FS Limited is registered with the Financial Conduct Authority (FRN 948302) as an Appointed Representative of Kession Capital Limited (FRN 582160). Details of the registration can be checked on the FCA's website.

Informational purposes only, not to be construed as legal, tax, investment, financial, or other advice. We recommend that you take independent advice. All reasonable efforts have been made to ensure that this information is accurate and up to date; however it does not constitute a comprehensive or complete statement of the matters discussed or the law and should not be relied on as such. Nothing contained here constitutes a solicitation recommendation or endorsement by GetGround to make an investment.

 

The contents of this email and any attachments are confidential and may be legally privileged. If you are not the intended recipient of this email, any disclosure, copying, distribution or use of its contents is strictly prohibited, please notify the sender immediately and then delete it (including any attachments) from your system. 

 

No employee, agent or advisor of Terranova.Network Limited is authorised to create any legally binding obligations on behalf of Terranova.Network Limited by the medium of email. This email must not be relied upon as such.

 

For information about how we process data please see our Privacy Policy here.

[osaeed]

Hello Zhiling,

I don't think this will affect the website, as according to this[1] Domain (A record) can have two public IP addresses, this is called Round-Robin DNS. Clients will semi-randomly use one of the two addresses. 

Also if you are using a SSL certificate, The certificate is not tied to the IP address, only to the domain name,so if it is installed on both servers, there should be no issues with SSL.

[1]https://en.wikipedia.org/wiki/Round-robin_DNS