Updating SSL certificate on Google AppEngine

A year ago at Google announced HTTPS as a ranking signal and following suit  I added SSL support to aroundairports.com and a few days ago I received an renewal email from GoDaddy for the cert. I recalled setting SSL up on AppEngine was a royal PITA and aligning the stars just so took several hours over a few days spelunking around the web to piece together the right steps. So this year I couldn’t quire recall all of the details though I had written a few key pieces of information down which really helped.

First, a few useful blog post including SSL for custom domains, and this Undocumented Guide to SSL for AppEngine. Once you’ve generated your key it will work for SSL cert updates so you don’t need to go through those steps again assuming you still have your *.key.pem file! With the new certs simply concatenate the files together and upload it with your PEM encoded key file (see above blog posts to create the key).
You need to select both your certificate bundle.crt and your PEM encoded key file then click UPLOAD on the Google Apps for Domains dashboard .
SSL Certificate upload
Update Aug 15, 2016: I got a notice about the SSL cert expiring from Godaddy.com so I logged into their console and downloaded the new cert (after paying for the update). The download was a .zip file that contained two files:

  • 71f9ea57ce20e7e2.crt
  • gd_bundle-g2-g1.crt

To update the SSL cert for Google Appengine you need to do the following to avoid SSL chain errors:

$ openssl x509 -inform PEM -in 71f9ea57ce20e7e3.crt > 71f9ea57ce20e7e3.pem
$ openssl x509 -inform PEM -in gd_bundle-g2-g1.crt > gd_bundle-g2-g1.pem
$ cat 71f9ea57ce20e7e3.pem gd_bundle-g2-g1.pem > combined.pem

This post was helpful figuring out the chain error on the new cert.