Google App Engine SSL error "DNS records could not be found" even though custom domain is working

Question

I pointed a new custom domain to a Google App Engine Standard Environment project and edited the DNS records per Google's instructions, and it seems to be redirected properly. Now I'm under the impression that SSL certificates for App Engine projects can now be provided automatically by Let's Encrypt and do not necessarily need to be supplied by the user separately: https://cloud.google.com/appengine/docs/standard/go/securing-custom-domains-with-ssl

However, I'm having problem getting the SSL security service from Google. The error message in the App Engine console is: DNS records could not be found. Certificate activation will retry automatically.

This error message looks like this:

If I type gcloud beta app domain-mappings list, I get something that looks like this:

ID                    SSL_CERTIFICATE_ID  SSL_MANAGEMENT_TYPE  PENDING_AUTO_CERT
mydomain.com                              AUTOMATIC            1256789
www.mydomain.com      1234567             AUTOMATIC

I also tried "Disable managed security" and turn it back on by "Enable managed security", and get the same result after some minutes: "Managed certificate for www.mydomain.com activated." shows up, but not for mydomain.com.

If I go to www.mydomain.com with its supposedly activated certificate, I still get "connection is not secure" in the browser. If I go to "mydomain.com" it gets redirected to www.mydomain.com with the same result.

Any ideas?

Update: I just tried getting my own keys using Certbot and uploaded them to GAE. GAE showed a Certificate ID for both mydomain.com and www.mydomain.com. However I had to manually type "https" in the browser to get to the secure page. I found that I had to add "secure: always" in app.yaml before the domain will load the secure version by default. I still don't know why Google's default managed security option didn't work for me though; that would be much more convenient than getting and uploading my own scripts every 3 months.

Answer 1

Ok for anyone still stuck on this:

1. Go to https://console.cloud.google.com/appengine/

2. Select Settings

3. Add custom domain. select your domain name. (if you have not verified your account before this then do that first)

4. Select the domain you want to add

5. you will get a list of things that you need to create in your hosting acount something like this:

6. if you bought your domain name in GoDaddy then you will have to go into your Godaddy account -> YourDomain.com -> DNS -> Manage Zones. Then enter it there thus:

7. go back to app engine and click verify.

8. Enjoy!

Answer 2

• Go To "App Engine" -> "Settings" -> "Custom Domains"
• Click on "Add Custom Domain"
• Choose the Domain You Want

• You'll end up with something similar that originally brought you to this solution:

  App Engine Settings With Domain Name SSL Certificate Not Working

---

• Go to your Domain Registrar (assuming you bought your domain through Google) https://domains.google.com/m/registrar/
• Click on the domain name you'd like to resolve.
• Go to "DNS" -> "Custom resource records" at the bottom

• Fill in the info with the appropriately matching IPv4/IPv6 addresses:

  Custom Resource Records Where You'll Copy Over Info From App Engine

** Precaution: This is for domain names bought through Google's registrar. If you bought yours elsewhere then the steps may differ.