Google Offers Free SSL Certificate to Websites
Google has announced the release of Certificate Manager Preview, an enhancement that enables customers to receive public certificates for their workloads. These certifications can be used for terminating TLS directly or for cross-cloud & on-premise workloads via Automatic Certificate Management process. Please read from this post https://cloud.google.com/blog/products/identity-security/automate-public-certificate-lifecycle-management-via--acme-client-api
Please see the step-by-step guide below for details.
Clone Acme.sh
git clone https://github.com/acmesh-official/acme.sh.git
Provide valid Email
cd acme.sh
/acme.sh --install --accountemail "security@example.com"
source ~/.bashrc
cd
Wildcard Certs from google using DNS API validation from Cloudflare
export CF_Key="XXXXXXXXXXXXX"
export CF_Email="xxxx@example.com"
Google External Account Binding
Access https://console.cloud.google.com/ and execute these command from gshell
gcloud config set project <project ID>
gcloud alpha publicca external-account-keys create
Register an ACME and issue certs
acme.sh --register-account -m myemail@example.com --server google \
--eab-kid xxxxxxx \
--eab-hmac-key xxxxxxx
Change default CA to Google
acme.sh --set-default-ca --server google
Issue a cert
acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' --ocsp-must-staple --keylength 2048
acme.sh --list
Create Directory
mkdir -p /etc/google/example.com
Install Cert
acme.sh --install-cert \
--domain example.com \
--cert-file /etc/google/example.com/cert.pem \
--key-file /etc/goolge/example.com/key.pem \
--fullchain-file /etc/google/example.com/fullchain.pem