How to use let's encrypt on Gooogle cloud

I switched hosting and they canceled my certs. I am supposing the only way to do this is to actually have the key plus the chain. Front end with vm’s so ubuntu won’t work so can I get help configuring a cert? Would like to do it with EFF i got a bumper sticker once :slight_smile:

Hi @MarcLisevich,

Thanks for being an EFF supporter!

I didn’t quite understand your hosting situation now. Why did you say Ubuntu won’t work? What kind of operating system do you have now? Do you have root access?

Ok the setup is separated. And like this and worked before they were canceled. There is and https front end which forwards to multiple vms it is load balanced htttp Only 2 virtual machines right now. So it is transparent. The front end handles the https request and just sends it kinda arbitrarily. My software Akka will handle it so it acts as one so if it goes to many there will not be duplicate writing to the database. Sooo the only way it is setup to work is if I have the actual certs files. I am pretty sure pem.

I would like to give a small donation that I usually give out to orgs of $10 thanks for help and responding

Another option is to have every single vm and I don’t know if it would work use java keystore. Don’t like keystone too much and seems unmanageable

If you lost the previous private keys, simply start over and create new private and public keys and if they never existed.

Correct I was hoping to use EFF for the entire new cert. My current registrar requires me to have a specific users ie webmaster but I would rather not because I would rather EFF provide the service than get charged for a useless account.

Note that Let’s Encrypt is ran by the ISRG, not the EFF (although the EFF is a sponsor of the ISRG and has a member on the board).

There are a few ways you can go with the certificates. Assuming you can edit DNS records, you could use DNS verification to get the certificate. There are several good clients that can manage that method. A more complex method would be to use the http-01 verification method. If you’re not listening on port 80 on the front-end, certbot with the standalone mode will work great. Alternately, you could use certbot’s certonly mode with the webroot method and some light configuration to direct requests for the .well-known directory to a specific directory on the front-end server to serve the validation file.

Thanks motoko If I am correct I could also use email forwarding. I can research all the methods but what is certbot briefly and how is it used? Is it and https forwarder I have other domains and it could be useful that are not multi server. Or maybe I can find a way to reroute traffic through the front end yes I can it has a single public facing ip. Thanks

Ok certbot looks cool if it is easy to find instructions here for Ubuntu 16.04 Xenial don’t post solution found

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.