I also see it as a way to incentivize folks to use GAE (not only are you getting free quotas to run your app, you also don't have to spend money to buy certificates and don't have to worry about installing or renewing them).
Finally, I also see it as another way of pushing for the uptake of SSL. With GAE doing this, other hosting services might also start offering something similar or close to it which would then beg the question - why is your site not using SSL.
Hope they add the same functionality for Google Cloud HTTPS Load Balancers soon as well.
Good question. Everybody should be on SSL. It isn't just hosting services that should offer something similar, but SaaSes too that provide SSL on custom domains for their customers. They usually don't get around to securing those custom domains due to the pain and inconvenience and maintenance.
There are platforms out there like Clearalias and Cloudfront that help with making that a breeze though, so I don't see why it would be an issue going forward.
Hopefully with Google and browsers punishing non-SSL sites more, there'll be more sites behind an SSL cert.
It is _so_ nice not to (1) manage the certs with your own infrastructure (2) automatically deploy these things to HAProxy, Apache, MySQL, random server X.
Automated load balancing + cert management is heaven.
Automating all routing, API gateways, TLS termination and certificate management makes life so much easier.
I checked the DNS records and the CNAME, A, AAAA records of all the domains match exactly what is shown on the admin console.
I believe all my DNS records look fine, and I have the domain ownership set correctly with GAE. Not sure what else I can change to get it working.
Thanks for the support! And thanks for all the good work on AppEngine!
And thanks to other commenters too!
I love app engine but one of the biggest issues I've had with it is the fact that memcached and search are not available for anything but app engine standard - python (2.7).
Providing access to both via app engine flexible would be god sent!
Also I think there is an alpha for flex?
If you want to see the progress here's the relevant ticket -- nice to see it finally closed!
Not privy to the final implementation details but my guess it's a based on Let's Encrypt as suggested by the originator of the ticket and others.
Edit: Yeah, probably not Let's Encrypt as others have stated.
Common Name (CN) Let's Encrypt Authority X3
The traditional process for installing a custom domain SSL cert on App Engine was very clunky. Involved running OpenSSL commands, cut-n-pasting PEM data, etc. If you were using LetsEncrypt, then it was more or less impossible to automate... you had to go through a tedious manual process every 3 months (including updating your app, to respond to the LetsEncrypt verification endpoint!).
Edit: I am wrong. They use letsencrypt.
A click on the browser padlock icon says that it's a LetEncrypt cert. Unsurprising, since Google is such a major sponsor. Also unsurprising that Google chooses to focus on their own branding rather than call attention to it.
This is fully automatic SSL management for your own domains that point to Google App Engine, with certs managed by Google.
Previously you had to use your own certs and manually upload them through the UI (or via the beta API, which is also now in general availability).
edit: managed, not provided, the certs are actually Let's Encrypt