我们加密的Google App Engine SSL无法插入 [英] Google App Engine SSL with Let's Encrypt "could not be inserted"

问题描述

当使用App Engine的设置选项卡尝试添加新的SSL证书时，我们通过Google App Engine的控制台加密生成一个对话框错误，并对POST请求进行了400次响应。

When trying to "Add a new SSL certificate" using App Engine's Settings tab that was generated with Let's Encrypt via Google App Engine's console results in a dialog error and a 400 response to the POST request.

错误

提供的SSL证书无法插入。

Error
"The SSL certificate provided could not be inserted."

以前生成的（约2个月前） - 当然还没有过期）SSL密钥/证书通过完全相同的方法插入很好 - 但任何新生成的不会。我尝试传统的让我们加密和相对较新的Certbot方法。还尝试了多个子域名，裸域名，单个域名，并且每个都会导致相同的错误。

A previously generated (about 2 months ago - not yet expired of course) SSL key/certificate via the exact same method is inserted just fine - but any newly generated one does not. I attempted both traditional Let's Encrypt and the relatively new Certbot method. Also tried multiple subdomains, naked domains, singular domains and each results in the same error.

我看过几个人规定--rsa-key-size 2048解决同样的问题，但我已经尝试指定了（尽管它是Certbot的默认值）。其他答案已经等待了2个小时，现在正在工作 - 寻找一个真正的解决方案，因为不可靠的插入和过期的证书可以成为一个真正的痛苦。

I've seen several people spec that --rsa-key-size 2048 solved the same issue, but I've tried specifying that as well (even though it is the default for Certbot as is). Other answers have been "waiting 2 hours and now its working" - looking for a real solution as unreliable inserts and expired certs can become a real pain.

推荐答案

我遇到类似的问题，以及几个星期前，尝试使用我以前成功使用的相同配方上传我的新证书。

I ran into similar problems as well a few weeks ago when trying to upload my new certificate using the same recipe I successfully used before.

什么工作对我来说最后是：

What worked for me in the end was:

• 将证书文件的全部内容复制到标有或将公钥证书粘贴在下面的框中：

• copy-pasting the entire content of the certificate file into the box marked Or paste the public key certificate in the box below:

和

• 将我的私人密钥 .pem 文件末尾的完整密钥复制到标有或者将RSA私钥粘贴到下面的框中：（尽管如果我包含了领先的 ----BEGIN RSA私钥， ----- 和tailing ----- END RSA PRIVATE KEY ----- lines or not）。

• copy-pasting just the full key at the end of my private key .pem file into the box marked Or paste the RSA private key in the box below: (though I don't exactly recall if I included the leading -----BEGIN RSA PRIVATE KEY----- and tailing -----END RSA PRIVATE KEY----- lines or not).

我（盲目地）对每个2份复制粘贴操作进行了多次尝试，无论跨越我的想法 - 成功/失败的反馈是即时的。

I (kinda blindly) made several attempts for each of the 2 copy-paste operations with whatever crossed my mind - the success/failure feedback is immediate.

侧记 - 你可能还要仔细检查你的证书，在我的情况下，我成功上传的第一个证书文件是一个不完整的（缺少中间实体），这似乎在我的桌面上工作正常，但是从Android浏览失败，我不得不重新生成另一个。我使用 digicert 来确认问题并验证第二个证书（以下来自SO答案的建议，当然;）

Side note - you may want to also double-check your certificate, in my case the 1st certificate file I managed to upload successfully was an incomplete one (missing intermediate entities), which appeared to be working fine from my desktop, but was failing when browsing from Android, I had to re-generate another one. I used digicert to confirm the problem and verify the 2nd certificate (following suggestions from an SO answer, of course ;)

这篇关于我们加密的Google App Engine SSL无法插入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！