I’m not sure if I understand that “frontend configuration”, but the IP addresses listed there are completely different from the IP address your hostname ultimately results in?
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;staging.brainpal.io. IN A
;; ANSWER SECTION:
staging.brainpal.io. 1200 IN CNAME c.storage.googleapi
s.com.
c.storage.googleapis.com. 677 IN CNAME storage.l.googleuse
rcontent.com.
storage.l.googleusercontent.com. 218 IN A 216.58.212.144
Just ran dig staging.brainpal.io. But it's not surprising: you said yourself that you created a CNAME for your hostname to c.storage.googleapis.com. And that results in the above posted IP
Yeah, I was asking myself the same question. Turns out, he's got one certificate just for staging.brainpal.io without the Google hostname. I guess he tried certbot a second time without the Google hostname
Great! I’m guessing that, for the long term, you should go back to using a CNAME, since most likely Google will at some point change that IP. I think probably your original CNAME pointed to the wrong hostname, since when I looked it up I got a different IP address. I would double check with Google what domain name you should be pointing your CNAME at.
Totally no clue about the whole Google Cloud stuff, but the IP addresses you have listed in your “Frontend configuration” for HTTP and HTTPS are different.
When I connect to your HTTPS site on 35.186.217.250:443, I’m getting a 403 Forbidden error. But when I go to 35.186.217.250:80, I’m getting a 404 File Not Found?
On the other hand, when I go to 35.186.225.127:80 (i.e.: the IP address listed for HTTP in your “Frontend configuration”), I’m getting the same result as with the HTTPS above: 403 Forbidden (I’m guessing that’s the correct response, not the 404 error).
So if you run into troubles with your non-HTTPS stuff, the above might be the problem
