0

I am trying to get a custom domain linked to my Google App Engine project and am completely stuck - it will just not work.

I am trying to do everything through Google - I have no third-party domain registrars or anything.

I have purchased a domain myapp.app through Google Domains, and linked it to my App Engine app through AppEngine settings.

When I go to App Engine -> Settings -> Custom Domains, my custom domain shows as "Google-managed, auto-renewing" in the SSL security tab, and it shows a progress loader which when hovered, says "The certificate is being activated."

It doesn't show anything in certificate ID.

app engine settings

However, on the troubleshooting section at https://cloud.google.com/appengine/docs/flexible/java/securing-custom-domains-with-ssl#troubleshooting_managed_ssl_certificates it says "You can check the status of your certificate with the Admin API by using an AuthorizedCertificate.GET request." I don't know what ID to pass to that API, but if I go to the neighbouring LIST API, I get some valid json, that looks like this:

{
    "certificates": [
        {
            "name": "apps/myapp/authorizedCertificates/16858526",
            "id": "16858526",
            "displayName": "managed_certificate",
            "domainNames": [
                "mydomain.app"
            ],
            "managedCertificate": {
                "lastRenewalTime": "1970-01-01T00:00:00Z"
            }
        }
    ]
}

(substituted 'myapp' and 'mydomain')

My custom domain ends with .app - and apparently they ONLY allow SSL. Have I bitten off more than I can chew here by introducing a chicken and egg situation - is it trying to verify the domain in order to set up the SSL, but the domain itself needs SSL from the start in order to work?

I am slightly confused about whether I need to enter the DNS records settings shown in the App Engine settings section below into Google Domains, or whether because I have left it on the "Use the Google Domains nameservers" setting this is configured automatically for me? There is a section at the bottom called "Custom resource records" where you can enter A records. I tried entering the "A" records shown on the Google App Engine settings section below, but it would only let me enter 1, and there are 4 showing. It was my understanding that a domain could only have 1 A record, so why does it list 4 in the App Engine Settings section?

I am unsure as to what the primary problem is here. Is the domain not working because the SSL certificate is not configured correctly, or is the SSL certificate not working because the domain is not configured correctly?

Any ideas what I am missing or where to go from here or things to check much appreciated.

BenTaylor
  • 191
  • 1
  • 6
  • [As mentioned here](https://cloud.google.com/appengine/docs/flexible/java/mapping-custom-domains#before_you_begin), Google domains do not require verification with App Engine. The Domain should automatically show up in the section, Select the domain you want to use. I assume you went through the next steps to map the Domain to the application. Additionally, [as indicated on the doc](https://cloud.google.com/appengine/docs/flexible/java/mapping-custom-domains#dns_update), there is a need to update the DNS records at your domain registrar. Did you? Please ensure you follow the steps described – oakinlaja May 06 '20 at 15:34
  • Yes, the "select the domain you want to use" selector shows the domain I registered with Google Domains, and yes, I went through the next steps to map the domain to the application. – BenTaylor May 07 '20 at 16:05
  • I didn't update the DNS domain records at the domain registrar because like I say the domain registrar IS google, and it's got "Use the google domains nameservers" ticked instead of "Use custom nameservers". But it's not clear whether the "Custom resource records" section at the bottom needs to be filled in - if it does, which A record do I put in? Because it will only allow 1, and there are 4 showing in the AppEngine settings page. (Well, 4 IPv4 ones and 4 IPv6 ones) – BenTaylor May 07 '20 at 16:08

1 Answers1

3

Ah. The answer to this seems to be that you in fact can put all 4 IP addresses into the A-record. But that you have to put them all into the same record, rather than 4 records one with each.

It seems the way to use the UI to put multiple IP addresses into the one A record is to use this tiny 'plus' icon next to the text box. It then adds another row with a text box where you can add another IP address.

plus icon

BenTaylor
  • 191
  • 1
  • 6