# 1. Clone the repo

```bash
git clone https://github.com/diafygi/letsencrypt-nosudo.git
cd letsencrypt-nosudo
```

# 2. Generate Let's Encrypt user account key

```bash
openssl genrsa 2048 > user.key
openssl rsa -in user.key -pubout > user.pub
```

# 3. Generate a Certificate Signing Request for <your-domain>

```bash
openssl genrsa 2048 > domain.key
openssl req -new -sha256 -key domain.key -subj "/CN=<your-domain>" > domain.csr
```

# 4. Signing the certificate

```bash
python sign_csr.py --file-based --public-key user.pub domain.csr > signed.crt
```

Now follow the instructions:
- Type your email
- Run the manual commands in a separate terminal window (`cd` to this same folder)
- Upload a new version of your website containing the file requested by the script

# 5. Uploading the certificate to GAE

Prerequisites: you must have correctly setup a custom domain.

Go to the App Engine -> Settings -> SSL certificates -> Upload new certificate

Select `signed.crt` as the public key certificate, and `domain.key` as the RSA private key

Click `upload`, then enable SSL for the custom domain by ticking the checkbox and clicking Save