If you run XRay on AppEngine, you'll need to generate an SSL certificate and upload it to AppEngine.
XRay has a built-in tool for assisting in generating a Let's Encrypt certificate.
## Set the Allowed Users
You'll first need to configure which users are allowed to use the SSL configuration utility. In `config.production.php`, add a list of URLs for who should be allowed to sign in. XRay will use indieauth.com to sign users in.
public static $admins = [
## Deploy to App Engine and Sign In
Deploy the project to App Engine, then visit http://xray.p3k.io/cert (using your own domain you installed it on) to begin setup.
Sign in using your domain name.
XRay will verify that the user who signed in matches the allowed users in the config file. If you get an error, double check that you've entered your domain in the config file properly, including the proper https scheme and a trailing slash for root domains. e.g. `https://aaronparecki.com/`
Once you're signed in, you will see a form where you can enter the Certbot challenge.
## Request a Certificate using Certbot
On your local computer, or some other server, install the Let's Encrypt Certbot utility.
Request a certificate using the manual mode. Run this command from the XRay project root so that your certificates will end up in the `certbot` folder in this project.
You're all done! Now just don't forget what you did, because you'll need to do this all again in 3 months when the certificate expires!
Unfortunately App Engine does not yet have an API for programmatically uploading certificates. However there is [an outstanding bug](https://issuetracker.google.com/issues/35900034) to request this feature, so it will likely be supported soon. Once there is an API, then the whole certificate request process can be completely automated in code.
It will take a few minutes for App Engine to start serving the new certificate, so wait a little while if you get an SSL error.