【发布时间】:2018-05-03 22:27:56
【问题描述】:
我想自动将 ssl 证书部署到我的 Google App Engine 项目。我希望能够使用服务帐户来执行此操作。
这是我的命令:
PROJECT=mycompany
gcloud auth activate-service-account --key-file /Users/antkong/gcloud_keys/${PROJECT}.json
gcloud app --project=${PROJECT} ssl-certificates create --display-name='certbot-$CERT_NAME' \
--certificate=./letsencrypt-config/live/${DOMAIN}/cert.pem \
--private-key=./letsencrypt-config/live/${DOMAIN}/privkey.pem
但是我得到了这个错误:
Activated service account credentials for: [mycompany@appspot.gserviceaccount.com]
ERROR: (gcloud.app.ssl-certificates.create) User [mycompany@appspot.gserviceaccount.com] does not have permission to access app [mycompany] (or it may not exist): Caller is not authorized to administer this certificate. You must be a verified owner of the certificate's domain(s) [zeetings-dev.com] to create, modify, or delete this resource. Your authorized domain(s) are []. If you own the certificate domain(s), you can obtain authorization by verifying ownership via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification.
我可以授予服务 a/c 什么样的权限以使其工作?
我已将这些角色授予服务帐号:
【问题讨论】:
-
您是否验证了要为其创建证书的域 [zeetings-dev.com]?您可以使用控制台执行此操作,导航到 APIs & Services -> Credentials,然后单击域验证。然后添加一个域。
-
已经过验证。您的评论甚至没有远程解决问题中概述的问题 - 如何自动上传 ssl 证书。
-
@AnthonyKong - 你解决了这个问题吗?如果是,解决方案是什么?
-
@JohnHanley 抱歉,我还没有找到解决方案
-
首先,您需要先验证您的域,然后才能对其进行任何操作。关注此文档:cloud.google.com/appengine/docs/standard/python/…
标签: google-app-engine google-iam