stackoom
  简体   繁体   中英

Configuring google Cloud Load balancer and managed SSL without downtime

 原文  2021-08-25 05:23:56       google-cloud-platform/ openssl/ ssl-certificate/ cpanel/ google-cloud-load-balancer

Question

objective: Moving a website to Google Cloud with a load balancer using Google's managed SSL without downtime.

current configuration:

  • A Google Load Balancer with unmanaged instance group that currently has 1 VM.

  • The website is using a cpanel which I have access to update the DNS settings.

  • The domain has a wildcare positiveSSL certificate.

  • The website is also using cloudfront SSL.

Problem: The main issue I have is configuring and provisioning SSL.

Mentally, before making the move, I'm thinking it should be a breeze. No.....!

Situation:

  • I set up the load balancer but it can't provision the SSL because the domain is using positiveSSL on another server.

I read that I need to have a A record pointed to the load balancer in order for it to provision. I also read that for cpanel, if I were to make any changes to the A record, it will affect the mail service. I don't want the mail services to be disrupted.

  • I tried adding a new A record pointing to the load balancer's IP but it doesn't allow because the current A record is using Alias pointing to cloudfront's and I have to detach them first. I don't think this is a good move.

  • My planned ideal steps are to ensure the load balancer is functioning properly and pointing to the website correctly before I update the DNS.

I'm not sure if this approach makes sense technically, I set up a A record for a random subdomain to point to the load balancer's IP, the provisioning is successful but it returns an error

curl: (35) error:14084210:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

How should I go about doing it? I didn't know switching a server is so difficult.

1 answers

solution1
 0  2021-08-25 11:50:26

Discard the wildcare SSL and cloudfront SSL from your domain and provision a google managed SSL instead.But before that, you need to create a managed zone in cloud DNS add your website as A record there pointing to server's IP address, only then you will be able to provision SSL. It might require a little downtime which you can reduce using tactics mentioned in John's link.
Check here for help in managing cloud DNS records.
Refer to this for help in provisioning google managed SSL certificates.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to log SSL/TLS Handshake details on Google Cloud Load Balancer Gcloud LoadBalancer: change Google Managed certificate without downtime GCP Google Cloud - Cannot create Load Balancer google cloud HTTPS load balancer session affinity Google Cloud HTTP Load Balancer Health Check Fails Without An External IP Google Cloud Load Balancer Cloud Run Developer Access Server Maintenance Page on Google Load Balancer while waiting for SSL to provision Configuring Application Load Balancer with ports How to configure Google Cloud DNS for an AWS Load balancer Google Cloud HTTPS Load Balancer URL Rewrite To Remove .html Extension
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM