Labels

3G (1) 8600GT (1) AI (4) amazon (1) API (1) apple (3) apple mail (1) atlassian (1) audio (1) bambo (1) Bamboo (1) bloat (1) boost (1) bugbear (1) C++ (5) calling conventions (1) cdecl (1) chromecast (1) CI (1) compiler (1) continuous integration (1) coursera (1) custom domain (1) debugging (1) deltanine (1) diagnosis (1) diy (5) DLL (1) dns (1) don't be evil (1) ec2 (1) education (1) electronics (1) express checkout (1) fail (6) fink (1) firewire (1) free hosting (1) GAE (1) google (1) Google App Engine (4) H170 (1) hackerx (1) hackintosh (1) Haskell (3) homebrew (2) i1394 (1) icloud (2) iOS 9 (1) ipad2 (2) jobhunting (2) lag (1) letsencrypt (2) libjpeg (1) linux (1) mac (2) mbcs (1) mechanic (1) memory (1) MFC (3) Microsoft (1) migration (1) ML (1) mobile (1) movi (1) MSBuild (1) music (1) naked domain (1) NLP (2) o2 sensor (1) obd (1) Optiplex960 (1) osx (1) outlook express (1) payments (1) paypal (1) photos (2) PIL (1) Project Euler (1) projectmix (1) python (2) raspberrypi (3) recruitment (1) renwal (1) skylake (1) soundcloud (1) ssl (2) stdcall (1) stripe (1) subaru (2) supermemo (1) supermemo anki java (1) sync (2) Telstra (1) tests (1) thunderbird (1) udacity (1) unicode (1) Uniform Cost Search (1) university (1) upgrade (2) vodafail (1) vodafone (1) VS2010 (1) vs2013 (1) VS6.0 (1) weather (1) win (1) Win32 (1) Z170 (1)

Monday, 2 May 2016

Let's Encrypt and Google App Engine... not a match in heaven

I recently got on the SSL bandwagon for a site I manage, and bought an SSL certificate from GoDaddy for less than $10 (I can't remember exactly), but it only lasted a year.

True to form, when time came up for renewal GoDaddy wanted to charge me $100.

Top Tip: Never, ever allow GoDaddy to autorenew anything you buy from them. Because they alway jack the price up when they autorenew by default.

Anyway, I heard about LetsEncrypt, the new CA which offers SSL certificates for free.

"This must be too good to be true", I thought. And once again, I was proved right.

After much yak-shaving, (installing the prerequisites on my mac, the letsencrypt software, and the appropriate challenge/responses to prove I owned the web servers) I actually managed to sucessfully generate my certificate...

...which expires in 90 days!?!

Now the people at letsencrypt think that 90 days is a really, really long time, and any longer would be a security risk. And they say, "Hey, you should automate all your certificate issuance/renewal/web hosting malarky".

The only problem is, THERE IS NO API TO AUTOMATE UPLOADING OF YOUR CERTIFICATE TO GOOGLE APP ENGINE!!!

So, every 90 days, you will have to do it manually.

And one more thing... when I tried to upload my 4096 bit key certificate, app engine complained with an extremely generic error message. Turns out it only supports a maximum of 2048 bit keys.

Way to be cutting edge Google!