带有 Let's Encrypt 的 Google App Engine SSL“无法插入" [英] Google App Engine SSL with Let's Encrypt "could not be inserted"

问题描述

当尝试使用通过 Google App Engine 控制台通过 Let's Encrypt 生成的 App Engine 设置选项卡添加新的 SSL 证书"时，会导致对话框错误和对 POST 请求的 400 响应.

When trying to "Add a new SSL certificate" using App Engine's Settings tab that was generated with Let's Encrypt via Google App Engine's console results in a dialog error and a 400 response to the POST request.

错误
无法插入提供的 SSL 证书."

Error
"The SSL certificate provided could not be inserted."

之前生成的(大约 2 个月前 - 当然还没有过期)SSL 密钥/证书通过完全相同的方法插入就好了 - 但任何新生成的都没有.我尝试了传统的 Let's Encrypt 和相对较新的 Certbot 方法.还尝试了多个子域、裸域、单一域，每个都导致相同的错误.

A previously generated (about 2 months ago - not yet expired of course) SSL key/certificate via the exact same method is inserted just fine - but any newly generated one does not. I attempted both traditional Let's Encrypt and the relatively new Certbot method. Also tried multiple subdomains, naked domains, singular domains and each results in the same error.

我已经看到有几个人指出 --rsa-key-size 2048 解决了同样的问题，但我也尝试过指定它(即使它是 Certbot 的默认设置).其他答案是等了 2 个小时，现在它可以工作了"——寻找真正的解决方案，因为不可靠的插入和过期的证书可能会成为一个真正的痛苦.

I've seen several people spec that --rsa-key-size 2048 solved the same issue, but I've tried specifying that as well (even though it is the default for Certbot as is). Other answers have been "waiting 2 hours and now its working" - looking for a real solution as unreliable inserts and expired certs can become a real pain.

推荐答案

几周前，当我尝试使用我之前成功使用的相同配方上传我的新证书时，我也遇到了类似的问题.

I ran into similar problems as well a few weeks ago when trying to upload my new certificate using the same recipe I successfully used before.

最终对我有用的是:

• 将证书文件的全部内容复制粘贴到标记为的框中，或者将公钥证书粘贴到下面的框中:

和，

• 将我的私钥 .pem 文件末尾的完整密钥复制粘贴到标记为 的框中，或者将 RSA 私钥粘贴到下面的框中: (虽然我不太记得我是否包含了前导 -----BEGIN RSA PRIVATE KEY----- 和尾随 -----END RSA PRIVATE KEY----- 行与否).

• copy-pasting just the full key at the end of my private key .pem file into the box marked Or paste the RSA private key in the box below: (though I don't exactly recall if I included the leading -----BEGIN RSA PRIVATE KEY----- and tailing -----END RSA PRIVATE KEY----- lines or not).

我(有点盲目地)对 2 次复制粘贴操作中的每一次都进行了几次尝试，我想到了什么 - 成功/失败的反馈是即时的.

I (kinda blindly) made several attempts for each of the 2 copy-paste operations with whatever crossed my mind - the success/failure feedback is immediate.

旁注 - 您可能还想仔细检查您的证书，在我的情况下，我成功上传的第一个证书文件是不完整的(缺少中间实体)，它在我的桌面上似乎运行良好，但是从 Android 浏览时失败，我不得不重新生成另一个.我使用 digicert 来确认问题并验证第二个证书(当然，遵循 SO 答案的建议;)

Side note - you may want to also double-check your certificate, in my case the 1st certificate file I managed to upload successfully was an incomplete one (missing intermediate entities), which appeared to be working fine from my desktop, but was failing when browsing from Android, I had to re-generate another one. I used digicert to confirm the problem and verify the 2nd certificate (following suggestions from an SO answer, of course ;)

这篇关于带有 Let's Encrypt 的 Google App Engine SSL“无法插入"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！