This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Does Google Managed SSL Certificate Can Cause Downtime of my Application

Posted on 04-01-2024 12:10 AM
ATUL-VERMA
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

My ColdFusion application was down for 15 minutes, and after checking the load balancer log one of my team members found that GCP generated a Certificate Refresh Request.

So, Do Google-managed SSL certificates cause the downtime of my application, and How much time Google SSL certificate to renew? After all my SSL certification will expire in June 2024.


Note:- Does Google Managed SSL Certificate cause downtime of my application or does certificate refresh request cause downtime??


ATULVERMA_0-1711956525885.png

 

In the above screenshot, we found that within seconds certificate is refreshed 

ATULVERMA_0-1712146328482.png

Also getting this issue at same time

So is this cause downtime of my application??

 

2 1 193
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
Rfelizardo
Staff
Reply posted on --/--/---- --:-- AM

Hello @ATUL-VERMA,

Welcome to the Google Cloud Community!

I've stumbled upon a similar community discussion that might be helpful on your case.  

Summarizing the findings on this post:

The "Error getting config status, workload may not be configured: HTTP 404" message that you encounter is related to a Google Cloud Workload Identity. This basically means that the feature of your GCE VM to authenticate with Google Metadata is timing out. 

Troubleshooting Steps:

  1. Enable Workload Identity:

    • In the Google Cloud Console, go to your VM instance details.
    • Under the "Security" section, ensure "Enable Workload Identity" is checked. If not, enable it.

  2. Network Access to the Metadata Server:

    • Confirm that your instance's network configuration allows access to the metadata server at the internal IP address 169.254.169.254.
    • In cases of restrictive network configurations, you might need to set specific firewall rules to permit access to the metadata server.

  3. Verify Service Account and Scopes:

    • Ensure the service account linked to your VM has the necessary IAM permissions for the Google APIs you're using.
    • Typically, the "Compute Engine default service account" has sufficient permissions, but review the permissions for your specific API requirements.

If the Issue Persists:

  • Check for Updates: Ensure you're using the latest version of the Google Cloud guest agent. Update it through your package manager if necessary.
  • Review Documentation: Carefully go through the Workload Identity Documentation to ensure no steps were missed.
  • Seek Google Cloud Support: If the problem remains unresolved, consider contacting Google Cloud Support for more in-depth assistance.

Additional Considerations:

  • Complex Networking Setups: If you're using custom VPCs or intricate firewall rules, these may need adjustment to ensure access to the metadata server.
  • Service Account Permissions: The required permissions for the service account vary based on the APIs you need. Consult the Google Cloud documentation for your specific APIs to understand the necessary permissions.

Reference community post: https://www.googlecloudcommunity.com/gc/Infrastructure-Compute-Storage/port-443-refused/m-p/699826/h....

To answer your question of whether Google Managed SSL Certificate can cause a downtime in your application, the answer is no unless there is an error encountered when replacing the existing SSL certificate. The new certificate will not be in ACTIVE status until the target proxy references the new certificate as well.
You may refer to this documentation for further references.

Hope you find this helpful.