Google Offers Free SSL Certificate to Websites

Google has announced the release of Certificate Manager Preview, an enhancement that enables customers to receive public certificates for their workloads. These certifications can be used for terminating TLS directly or for cross-cloud & on-premise workloads via Automatic Certificate Management process. Please read from this post https://cloud.google.com/blog/products/identity-security/automate-public-certificate-lifecycle-management-via--acme-client-api

Please see the step-by-step guide below for details.

Clone Acme.sh

git clone https://github.com/acmesh-official/acme.sh.git

Provide valid Email

cd acme.sh

/acme.sh --install --accountemail "security@example.com"

source ~/.bashrc

cd

Wildcard Certs from google using DNS API validation from Cloudflare

export CF_Key="XXXXXXXXXXXXX" 

export CF_Email="xxxx@example.com"

Google External Account Binding

Access  https://console.cloud.google.com/ and execute these command from gshell

gcloud config set project <project ID>
gcloud alpha publicca external-account-keys create

Register an ACME and issue certs

acme.sh  --register-account  -m  myemail@example.com --server google \
    --eab-kid xxxxxxx \
    --eab-hmac-key xxxxxxx

Change default CA to Google

acme.sh --set-default-ca --server google

Issue a cert

acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' --ocsp-must-staple --keylength 2048

acme.sh --list

Create Directory

mkdir -p /etc/google/example.com

Install Cert

acme.sh --install-cert \
        --domain example.com \
        --cert-file /etc/google/example.com/cert.pem  \
        --key-file /etc/goolge/example.com/key.pem \
        --fullchain-file /etc/google/example.com/fullchain.pem