3

I have set up a CDN by following this document: https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket

  1. http (with port 80)
  2. https (with port 443) with a google-managed certificate
  3. example.com is pointing to the load balancer's ip adress (google domains)
  4. the certificate says example.com is active
  5. simple index.html is in the backend bucket

I can load http://example.com fine but it is insecure. When I load https://example.com on chrome I get the following:

This site can’t provide a secure connection
mydomain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Can somebody help me set up Cloud CDN with https using GCP storage?

EDIT: trying adding AAAA following How do you serve a static website using Google Cloud CDN, Google Cloud Storage, and a custom domain?
Requestor Pays was already off
The permission was to allUsers with Storage Object Viewer

EDIT2: adding AAAA didn't work for me

EDIT3: Got rid of AAAA. It is working now... I guess it takes quite long

Dokook Choe
  • 266
  • 2
  • 9
  • Since when was the load balancer configured? It could be the configuration is not yet fully propagated as of the moment. It can take up to 48 hours for it to be accessible via HTTPS. Also, can you recall if you enabled the http-https redirect for the frontend configuration? You can check this documentation[1] on how to enable it. [1] https://cloud.google.com/load-balancing/docs/https/setting-up-http-https-redirect – Marvin Lucero Aug 29 '22 at 01:59
  • @mr.vin thanks for helping me out. i have been changing configurations and it's not been 48 hours. 1) Does it really take that long? I understand it could take long in certain circumstances but given that I was using all Google stacks I expected a quicker turn-around. 2) I didn't enable http-https redirect. Is http-https redirect required for https to work? 3) accessing https using ip (e.g. `https://123.45.67.89`) is not working either and does this also wait for the configuration propagation? – Dokook Choe Aug 29 '22 at 02:43

1 Answers1

0
  1. Yes, depending on your domain provider. Normally, the longest takes up to 78 hours.
  2. You need to enable the http-https redirect. You need to configure the http frontend, and there you have the option to enable the http-https redirect.
  3. I would assume that you did not add the external IP of the Load Balancer as one of the domains accepted by your SSL certificate (and you shouldn't have to), so it will not really load the page via https://(LoadBalancer-IPAddress)
Marvin Lucero
  • 468
  • 1
  • 8