Sonntag, 10. August 2014

Google AppEngine and GoDaddy SSL certificate - renewal process

I just had to renew my AppEngine SSL certificate and as always I totally forogt how I did it the last time.

So here are steps. Maybe they prove helpful for someone else. :)

  1. First create a CSR (certificate signing request). Since I already had one for creating the certificate in the first place I reused it. Fire up Google if you need to know how it is done.
  2. Log into your GoDaddy account and follow the steps for the renewal.
  3. Be sure to select deployment on an external server! Otherwise GoDaddy uses it for there hosted products and you can't download it. 
  4. Download the certificate. It is a zip containing 2 files. Your certifcate and the certificate chain (something like gd_bundle-g2-g1.crt)
  5. Now here comes the most important part. The Google Management console always complaint that I need to upload the private key and the crt in unencrypted pem/x509 format. You have to combine the two files via
    1. cat YOUR_CERT.crt GODADDY_CERT_CHAIN.crt > your-crt-combined.pem
  6. After that upload this file together with your private key and you're good to go.

One last note: The SSL configuration doesn't take place in AppEngine settings but inside your Google Apps account.


  1. Bluehost is ultimately one of the best web-hosting provider for any hosting plans you might need.

  2. If you landed here from a google search while dealing tying to setup your GoDaddy cert on AppEngine and having an issue with Android and GoDaddy's intermediate cert chains, I figured out the solution and documented here:

    Long story short, you must PEM format the individual .crt files from GoDaddy prior to concating in step 5 above. Pulled my hair out trying to figure this out.