Hacker News new | ask | show | jobs
by NearAP 3206 days ago
This is welcome news. This means I no longer have to track and manually renew my Let's Encrypt certificates for my websites.

I also see it as a way to incentivize folks to use GAE (not only are you getting free quotas to run your app, you also don't have to spend money to buy certificates and don't have to worry about installing or renewing them).

Finally, I also see it as another way of pushing for the uptake of SSL. With GAE doing this, other hosting services might also start offering something similar or close to it which would then beg the question - why is your site not using SSL.
4 comments
daave 3205 days ago
Agreed this is super-exciting.

Hope they add the same functionality for Google Cloud HTTPS Load Balancers soon as well.

link
mchristen 3205 days ago
AWS has been offering free SSL certs for a year now, happy to see Google following their lead.
link
hw 3205 days ago
> Finally, I also see it as another way of pushing for the uptake of SSL. With GAE doing this, other hosting services might also start offering something similar or close to it which would then beg the question - why is your site not using SSL.

Good question. Everybody should be on SSL. It isn't just hosting services that should offer something similar, but SaaSes too that provide SSL on custom domains for their customers. They usually don't get around to securing those custom domains due to the pain and inconvenience and maintenance.

There are platforms out there like Clearalias and Cloudfront that help with making that a breeze though, so I don't see why it would be an issue going forward.

Hopefully with Google and browsers punishing non-SSL sites more, there'll be more sites behind an SSL cert.

link
joshribakoff 3206 days ago
The whole premise behind letsencrypt is the ACME protocol, so you don't have to manually renew certs [although you can]. The problem is in handling SSL renewals on a cluster, you have to do renewals via DNS & rsync certs around, and there's not many tools to do this. But for a single server, its very easy to automate. Another problem with letsencrypt is the rate limits & such.
link
bckygldstn 3205 days ago
Google App Engine only a few weeks ago released an API for managing certificates. Before that, the only way to add or update a certificate was to manually paste the key into a web form.
link
andy_ppp 3205 days ago
If using docker you can mount a volume to your let’s encrypt certs on all your frontend servers.
link