Managed SSL Certificates with Certificate Manager (Optional)

Create regional or global SSL certificates for GCP using Certificate Manager

DuploCloud supports both Compute Engine SSL certificates and GCP Certificate Manager certificates (via certificate maps). While both are valid, we recommend Certificate Manager for most use cases. Certificate Manager certificates can be created and validated independently of load balancers, which improves automation support, allows reuse across services, and helps reduce the risk of downtime during load balancer creation. In contrast, Compute Engine certificates must be validated during load balancer setup, which can lead to delays or interruptions.

If you followed the step Certificate for Load Balancer, skip this step.

Prerequisites

  • Obtain public and private certificate files from your chosen SSL certificate provider, such as GoDaddy or Namecheap. Alternatively, you can create Google-managed certificates directly in Certificate Manager without uploading your own files.

Creating a Certificate Map With Certificate Manager

To create a standalone SSL certificate with Certificate Manager, complete the following steps in Google Cloud CLI:

  1. Create a DNS authorization resource using the following command where YOUR_DOMAIN is your domain URL and MAP_NAME is your certificate name (a unique name you choose for your certificate map).

gcloud certificate-manager dns-authorizations create MAP_NAME \
  --domain="YOUR_DOMAIN"
gcloud certificate-manager dns-authorizations list
  1. Manually create the DNS records shown in the output of the list command. You'll usually do this in the certificate's domain zone in the Cloud DNS service for the same project, but it depends on how you set up DNS.

  2. Create the certificate:

gcloud certificate-manager certificates create MAP_NAME \
  --domains="YOUR_DOMAIN,*.YOUR_DOMAIN" \
  --dns-authorizations=MAP_NAME
  1. Create the certificate map and its entries:

gcloud certificate-manager maps create MAP_NAME
gcloud certificate-manager maps entries create MAP_NAME \
  --map="MAP_NAME" \
  --certificates="MAP_NAME" \
  --hostname="YOUR_DOMAIN"
gcloud certificate-manager maps entries create MAP_NAME-wildcard \
  --map="MAP_NAME" \
  --certificates="MAP_NAME" \
  --hostname="*.YOUR_DOMAIN"
  1. After your certificate map is created, register it in DuploCloud so it can be attached to services and load balancers: Navigate to Administrator -> Plans. Select the Certificates tab and click Add. The Add a Certificate pane displays.

    Add a Certificate pane
  2. Complete the following fields.

Name

Enter a friendly display name used within DuploCloud only.

GCP Certificate Type

Select the certificate type used during creation. This must match what you created in GCP.

GCP Certificate Map

Enter the name of the certificate map created using Certificate Manager.

5. Click Create. The certificate will be available for selection when configuring HTTPS Load Balancers.

Last updated

Was this helpful?