Question

我想自动将ssl证书部署到我的Google App Engine项目中。我希望能够使用服务帐户来执行此操作。

这是我的命令：

PROJECT=mycompany
gcloud auth activate-service-account --key-file /Users/antkong/gcloud_keys/${PROJECT}.json
gcloud app --project=${PROJECT} ssl-certificates create --display-name='certbot-$CERT_NAME' \
        --certificate=./letsencrypt-config/live/${DOMAIN}/cert.pem \
        --private-key=./letsencrypt-config/live/${DOMAIN}/privkey.pem

但是我收到了这个错误：

Activated service account credentials for: [mycompany@appspot.gserviceaccount.com]
ERROR: (gcloud.app.ssl-certificates.create) User [mycompany@appspot.gserviceaccount.com] does not have permission to access app [mycompany] (or it may not exist): Caller is not authorized to administer this certificate. You must be a verified owner of the certificate's domain(s) [zeetings-dev.com] to create, modify, or delete this resource. Your authorized domain(s) are []. If you own the certificate domain(s), you can obtain authorization by verifying ownership via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification.

我可以授予服务a / c哪些权限以使其正常工作？

我已将这些角色授予服务帐户：

Answer 1

该问题似乎与权限无关。运行该命令的帐户必须是证书域的授权代表。验证代表是否特定于用户帐户的过程，不适用于服务帐户。因此，您必须运行gcloud auth login而不是gcloud auth activate-service-account。

如何启用服务帐户将ssl证书部署到谷歌应用程序引擎项目？

1 个答案: