Unable to establish SSL/TLS connection to naked domain

[Denis Dmitriev]

Hi,

we were using App Engine bound to naked custom domain for quite some time. 

At some moment it just stopped working because of inability to establish SSL/TLS connection.

We have verified domain registered in Google Admin. App Engine is configured to work on this custom domain. SSL Security is set to be Google Managed. DNS records recommended in Control Panel were set correctly. 

We are completely sure that everything was set up correctly because it was working for several months without a glitch.

But recently naked domain stopped working with the following symptoms (replaced my domain with bla-bla-bla.com):

MacDenisPro3~(:|✔) % curl -vvv https://bla-bla-bla.com
*   Trying 216.239.34.21...
* TCP_NODELAY set
* Connected to bla-bla-bla.com (216.239.34.21) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bla-bla-bla.com:443
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bla-bla-bla.com:443

The following command just shows CONNECTED(00000006):

openssl s_client -connect itspartner.by:443 -showcerts

Interesting that the following commands give different IPs:

dig www.bla-bla-bla.com @8.8.8.8
dig bla-bla-bla.com @8.8.8.8

I'm really stunned and can't think of a solution other than re-setup everything from scratch. Which will potentially break development process and there's no guarantee that situation resolves itself.

[Mohammad I (Cloud Platform Support)]

Hello Denis, 

There could be various reasons for unable to establish SSL/TLS connection to naked domain.  

It is difficult to determine the root cause and provide work around to resolve the issue without inspecting your Google Cloud Platform project, Stackdriver Logging Logs and internal monitoring tools. 

I have tried to do some internal search and found similar errors have been reported in the past number of times which occurred for a number of reasons and troubleshooting that in Google Groups is beyond the scope. 

I would recommend you to create an App Engine Public Issue under the “Compute” section by going here as the issue may be required to refer to the App Engine Engineering team to resolve it. Please select the private component as probably you will have to share project specific information, so that it is not visible to the public. One of the Google Cloud Platform Support Agents will assist you to resolve your issue.

Please note that Google Groups is only meant for general discussion related to Google Cloud Platform products which are not technical in nature, service status updates and release notes, and ranging from book recommendations to creative shortcuts.