This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

SSL Certificate Stuck in FAILED_NOT_VISIBLE for App Engine Auto-Generated Domain

Posted on 12-12-2024 11:01 PM
maro_h
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM
Hello,
 
I am encountering an issue while setting up HTTPS on a Google Cloud Load Balancer. Despite multiple troubleshooting steps, the SSL certificate remains in the FAILED_NOT_VISIBLE state. Below are the details of my setup and the problem:
 
Setup Information:
1. Domain:
• An auto-generated App Engine domain.
2. SSL Certificate:
• A Google-managed SSL certificate provisioned for the domain.
3. Certificate Status:
• Status: PROVISIONING
• Domain Status: FAILED_NOT_VISIBLE
4. DNS Check:
• The domain resolves correctly with dig.
• Both HTTP and HTTPS requests return 200 OK.
5. Load Balancer Configuration:
• Configured with a frontend HTTPS proxy, URL map, and App Engine backend.
• Firewall rules allow all incoming traffic.
 
Problem:
1. The SSL certificate does not transition to ACTIVE.
2. HTTPS requests to the Load Balancer’s IP result in an SSL handshake failure.
 
Troubleshooting Steps Taken:
1. Regenerated the SSL certificate multiple times.
2. Reconfigured the HTTPS proxy and URL map.
3. Verified that the domain resolves and responds correctly over both HTTP and HTTPS.
4. Confirmed that firewall rules allow all traffic.
5. Reviewed the Google troubleshooting guide for SSL certificates but couldn’t identify the cause.
 
Question:
Could this issue be related to using an auto-generated App Engine domain? If not, are there additional steps I can take to resolve the FAILED_NOT_VISIBLE status and activate the certificate?
 
Thank you for your assistance!
0 2 388
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
kensan
Staff
Reply posted on --/--/---- --:-- AM

Hi @maro_h ,

Welcome to Google Cloud Community!

Given that you are using an auto-generated App Engine domain, the issue is likely related to the way SSL certificates are managed. For auto-generated domains, Google Cloud automatically provisions and manages SSL certificates. This means that when you deploy an application to App Engine, Google handles the issuance and renewal of the SSL certificate for you, ensuring secure connections without requiring manual configuration. Typically, SSL certificates for these domains are automatically provisioned by Google, so you shouldn't need to set up anything manually.

However, there can be visibility issues with these auto-generated domains, especially when using them in a custom load balancer configuration.

If you prefer to use a custom load balancer, consider switching to a custom domain by purchasing a domain from providers like Google Domains. To do this, you'll need to add your custom domain to Google Cloud through the App Engine settings. After that, configure the appropriate DNS records (typically CNAME) and re-issue the SSL certificate for your custom domain.

Make sure the DNS records (A/AAAA or CNAME) are correctly set up to point to the appropriate IP addresses for your load balancer. Proper DNS configuration is essential to ensure that traffic is routed correctly and securely to your application.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

 

0 Likes

Posted on --/--/---- --:-- AM
maro_h
Bronze 1
Bronze 1
In response to kensan
Reply posted on --/--/---- --:-- AM

Hello,

I appreciate your response and guidance. However, the issue I am facing is not directly related to the SSL certificate.

Core Issue

The reason I attempted to configure the load balancer was to create a static IP and link it to App Engine. I tried to set up the static IP in an HTTP environment where an SSL certificate is not required, but this continues to fail.

Areas to Investigate

This issue may not simply be a problem with the load balancer configuration. There could be underlying issues with the App Engine instances or the overall deployment environment, which require a thorough investigation.
Additionally, failures in the health check or improper traffic routing to App Engine are also potential causes.

Request for Support

I am currently working alone on this project and preparing it for deployment, so I am not very experienced with troubleshooting these problems.
Is there any way I could receive support, even if it incurs some temporary costs, through Google Cloud technical support or an official consulting service? I would greatly appreciate assistance in reviewing the overall deployment environment for my service and resolving the static IP configuration issue.

It would be incredibly helpful if you could guide me on the best support options or procedures to resolve this problem.

Thank you for your assistance.

0 Likes
Top Labels in this Space
Top Solution Authors
View all