SSL/HTTPS for a Google Domain [compute engine Ubuntu]

My domain is: danielbakas.com

My web server is (include version): Google Compute Engine

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Not that I know of

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know what certbot is

My problem: I'm trying to find my HTTPS key and cert for a server configuration. Do you know how and where I can find this information?

Please help. Thank you.

1 Like

You got a cert for that domain from Google Trust Services. This forum is for the Let's Encrypt Certificate Authority. Use a tool like crt.sh to see your cert history. Your latest cert is this one

You should ask about this on a forum for Google Cloud / Trust Services.

4 Likes

Thank you for your quick response! I've reached out to them via email and will be asking this shortly.

I am specifically interested in a certificate for pod.danielbakas.com. Do you know if I already have one or I need to purchase one?

Thank you so much!

1 Like

As I noted, you can use a tool like this to search certs

3 Likes

Got it! Thanks!

2 Likes

Let's Encrypt certificates are free of charge.

3 Likes

Yes! I was just looking into that! But I am not sure how to generate one for my subdomain. I have access to an SSH for my Compute Engine instance. Do you know how I can generate a cert here?

Thank you!!

1 Like

I'm afraid I'm not familiar with Google Compute Engine, so I personally don't know. Maybe someone else on this Community knows :slight_smile:

3 Likes
pod.danielbakas.com

On https://crt.sh it shows you already got a cert for that subdomain (from Google Trust Services). Can't you just use that?

6 Likes

If your linux virtual machine is just a single instance and you have a domain pointing to it then you can use certbot (https://certbot.eff.org/) to acquire a certificate from any ACME CA (Let's Encrypt, Google etc). If it's starting from a image you provide (like a container image etc) that's more complicated. If it's part of an instance group (cluster of VMs) that's also more complicated.

Note that getting a certificate is one thing, deploying it is something else and the two things are not always directly connected.

To get a certificate you have to prove to the certificate authority (.e.g Let's Encrypt) that you control the domain, usually using either http or dns validation, using ACME via a tool such as certbot. Once you've completed that and got your certificate you will have a public certificate file (generated by the CA) and a private key file (generated by you), these combine to form the public and private parts of your certificate.

You then use these in whatever service need to use the certificate (most often a web server but also pretty much anything that has a domain name).

If you are using an external service in front of your server, such as a load balancer or application gateway service then generally you need to provide the cert to that so it knows how to terminate TLS for your domain, or occasionally the service provider (e.g. google) can automatically do all that for you and just proxy requests back to your server (e.g. via http or https).

6 Likes

I could! I'm just not sure how I can retrieve the key and cred. Do you know how??

This answer is great @webprofusion! Thanks!!

I currently have an Ubuntu Compute Engine Instance running on Google Cloud, and have successfully pointed my pod.danielbakas.com domain to the server's external IP.

Right now I'm not sure whether I need to generate a certificate or if I already got one for that subdomain. If I do have one I am also curious as to how to retrieve the key and cert since the command I'm trying to use is asking for the http cert and key.

Thanks for your help!!! I'm excited to know what you think

2 Likes

That depends on the ACME client used and where it stores the certs.
How did you get a cert?

2 Likes

If you ignore where your hosting is etc, what command are you trying to use, why, why are you not using certbot etc. Are you following some sort of guide for hosting something like a website?

3 Likes

Yes! I'm trying run a Community Solid Server, and for that I need to use this command:

sudo community-solid-server -b http://pod.danielbakas.com -c @css:config/https-file-cli.json -p 80 --httpsKey {File path to the HTTPS key} --httpsCert {File path to the HTTPS certificate}

Basically I need to pass the path to an HTTP key and another for an HTTP cert but I am not sure how to get those :sweat_smile:

Ok, try installing and using certbot to get a certificate. You will probably want to the the "standalone" option to perform http vailidation. Make sure port 80 is open so http validation will work.

Then use the fullchain.pem file that creates as the cert, and the privkey file as the key. Certbot Instructions | Certbot

2 Likes

Would need to use something like this?

  • sudo certbot --apache -d example.com -d www.example.com

I imagine changing the domain to pod.danielbakas.com or something similar right?

Are you using Apache?

2 Likes

@rg305 I'm not sure. I'm just running the command

  • sudo community-solid-server -b http://pod.danielbakas.com -c @css:config/https-file-cli.json -p 80 --httpsKey {File path to the HTTPS key} --httpsCert {File path to the HTTPS certificate}
    on a Compute Engine with Ubuntu.

Why?

Would require having Apache.

3 Likes