65°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Day 82: Switching to Let's Encrypt for XRay on App Engine #100DaysOfIndieWeb

    March 12, 2017

    A couple days ago, I switched most of my *.p3k.io domains over to individual Let's Encrypt certificates. It was relatively easy for the apps that are running on my main server. However, XRay is actually running on Google App Engine, which means my streamlined workflow for requesting and renewing certificates doesn't apply.

    App Engine doesn't have an integration with Let's Encrypt yet, and there is also no API for uploading certificates, so this will require some manual work for now.

    The Let's Encrypt client supports a "manual" method of requesting certificates, where it will show you the challenge text and wait for you to put the challenge response onto the server where the client expects to find it. I figured I could use this to request a certificate for my App Engine app.

    I had to build a form into XRay that would let me enter the challenge text and save it to be served by App Engine. Of course I couldn't let just anyone use the form, otherwise anyone could request certs for my domain. So I had to build a login mechanism into XRay so that only I can use the form.

    Since XRay is deployed from a public GitHub repository, I couldn't put any secrets in the config file, so this sounded like a great use for indieauth.com which lets me sign in without the consuming website needing any secret keys.

    So now I can sign in to XRay:

    And after I'm signed in, there is a form to save the challenge text from Let's Encrypt.

    I wrote up full setup instructions in the XRay project.

    https://github.com/aaronpk/XRay/blob/master/HTTPS-SETUP.md

    Portland, Oregon
    Sun, Mar 12, 2017 10:28am -07:00 #100daysofindieweb #xray #letsencrypt
    2 replies 2 mentions
    • Aaron Parecki aaronparecki.com
      Every three months? Manual until it hurts I guess!
      Sun, Mar 12, 2017 2:44pm -07:00
    • Ryan Barrett snarfed.org

      wow, elaborate! i just stick the challenge response in a file and deploy it manually each time.:P

      Sun, Mar 12, 2017 2:39pm -07:00

    Other Mentions

    • Aaron Parecki aaronparecki.com
      My 2017 Year in Review
      Thu, Jan 4, 2018 2:40pm -08:00
    • 100 Days of IndieWeb aaronparecki.com/tag/100daysofindieweb
      Day 82: Switching to Let's Encrypt for XRay on App Engine #100DaysOfIndieWeb: aaronparecki.com/2017/03/12/4/d…
      Sun, Mar 12, 2017 5:29pm +00:00 (via brid-gy.appspot.com)
Posted in /articles using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv