10

Can anyone help me with the pricing and support for Subdomain for Google-managed SSL certificate in Load Balancing.

I am working with https for Static website. https://medium.com/@marco_37432/create-a-custom-domain-cdn-with-google-beta-7ad9531dfbae

I want to create a Subdomain with admin.example.com to link Google-managed SSL certificate in Load Balancing

enter image description here

But with Google docs I can see "Its not supporting wildcard common names or multiple subject alternate names" I cant understand, Can any one explain me and can I use create admin.example.com to link Google-managed SSL certificate.

enter image description here

With pricing I can see its free in https://geekflare.com/google-managed-certificate-lb/ Can I find them google Document to confirm.

fernandus
  • 538
  • 1
  • 6
  • 24

2 Answers2

20

Google Cloud Managed SSL Certificates are free.

You can only use Google Managed SSL Certificates with Google services such as load balancers. You cannot use them on services you control. Google does not make the certificate private key available.

Google services such as load balancers support more than one SSL certificate. Each Google managed certificate can only have one verified domain name. This can be a subdomain of a root domain you own/control. Wildcards are not supported.

If any of the above limitations affect you, then you will need to select self-managed certificates. You can easily create your own Let's Encrypt SSL certificates with Cloud Shell.

Example commands to run on Cloud Shell:

wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
./certbot-auto certonly --manual --preferred-challenges dns -d 'example.com' -d '*.example.com'

I wrote an article that covers this in detail here.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Can the hosting DNS be done from different provider in this case I got FAILED_NOT_VISIBLE in Managed SSL Certificate – fernandus Oct 04 '19 at 19:40
  • Yes, you can use anyone's DNS server that serves as your domain's name servers. Remember that it takes time for the resource records to go around the world. Typically, 10 minutes or the value of the preexisting TTL value, whichever is longer. – John Hanley Oct 04 '19 at 19:43
  • Stuck with Domain status FAILED_NOT_VISIBLE, I have my DND in GoDaddy do I need to create Cloud DNS > Zone for subdomain A record and point the Nameservers to Godaddy https://www.youtube.com/watch?v=4iciq0ck8Ns So that it gets resolved, Am I missing anything – fernandus Oct 05 '19 at 08:57
  • I have created https://stackoverflow.com/q/58246180/5886899 & https://stackoverflow.com/q/58246759/5886899 in connection with the above comment – fernandus Oct 05 '19 at 09:01
  • After pointing my Static IP in LB to GoDaddy with A record it worked, Took some time to point. – fernandus Oct 05 '19 at 13:31
  • "Each Google managed certificate can only have one verified domain name" I think that's no longer the case if your cluster version is > 1.16.* – GabrielBB Oct 04 '20 at 10:50
9

As of today (2020-01-28) Google supports multiple domains in a single certificate (in beta):

Cloud Load Balancing – multiple domain support for Google-managed SSL certificates: beta

https://cloud.google.com/load-balancing/docs/ssl-certificates
https://cloud.google.com/load-balancing/docs/quotas#ssl_certificates

yuranos
  • 8,799
  • 9
  • 56
  • 65
qtxo
  • 1,378
  • 12
  • 12
  • If all you need is to a SSL certificate for `foo.example.com` and `bar.example.com`, etc, then a Google-managed SSL certificate is enough. However, if you need/want a wildcard, like `*.example.com`, then you will need to use Certificate Manager. https://cloud.google.com/certificate-manager/docs/overview – jackdbd Feb 02 '22 at 15:55