This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Certificate Manager and ACME certs

Posted on 07-16-2024 09:37 AM
bzarboni
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello all,

I'm investigating a requirement for a client, who requires a solution to manage their Public CA certificates.

We were hoping that we could use certbot/LetsEncrypt to create the certificates, and Certificate Manager to view/manage them.

We've followed the instructions here: Request a certificate using Public CA and an ACME client  |  Certificate Manager  |  Google Cloud
But that doesn't automatically add my new certificate to Certificate Manager. We've tried a variety of different flags for the command (e.g. --dns-google after adding the certbot gcp plugin), so for example:

sudo certbot certonly --server "https://dv.acme-v02.api.pki.goog/directory" --domains "certificates.my-lab.com" --dns-google

We get valid certificates on the webserver we are running after running the command, but they are not visible anywhere from the Cloud Console. Is this expected?

1 3 671
3 REPLIES 3

Posted on --/--/---- --:-- AM
AI
Staff
Reply posted on --/--/---- --:-- AM

Hey @bzarboni, hope your day is going well.

I think the process you might be looking for is actually either here for global certificates or here for regional certificates. This is what will make the certificate to appear in certificate manager.

That is if you are actually looking to use a CA service, which is not really necessary if you just need a Let's Encrypt certificate for one of your load balancers, should you choose to allow GCP to take care of everything with Google managed certificates.

Posted on --/--/---- --:-- AM
bzarboni
Bronze 1
Bronze 1
In response to AI
Reply posted on --/--/---- --:-- AM

Thanks for that - I should clarify: These certs aren't necessarily destined to be used on GCP products/load balancers. They could be used outside of GCP. 

In my trial case, I'm running a small nginx server on Compute Engine.

We like the look of the Public CA option, but if there isn't a management interface for the certs created, it won't be a solution we can use.

Posted on --/--/---- --:-- AM
AI
Staff
In response to bzarboni
Reply posted on --/--/---- --:-- AM
@bzarboni wrote:

But that doesn't automatically add my new certificate to Certificate Manager.

to address this statement then, CCM ("certificates" and "classic certificates" tabs) are to be used with Application and Network Load Balancers and SWPs (Secure Web Proxy proxies), see here.

Does this change anything for you and your use case?

Top Labels in this Space
Top Solution Authors
View all