We’re excited to announce adjustments that make getting
Google Belief Providers TLS certificates simpler for Google Domains prospects. With this integration, all Google Domains prospects will be capable to purchase public certificates for his or her web sites at no extra price, whether or not the location runs on a Google service or makes use of one other supplier. Moreover, Google Domains is now making
an API out there to permit for DNS-01 challenges with Google Domains DNS servers to concern and renew certificates robotically.
Like the prevailing
Google Cloud integration, Automated Certificates Administration Atmosphere (
ACME) protocol is used to allow seamless automated lifecycle administration of TLS certificates.
These certificates are issued by the identical Certificates Authority (CA) Google makes use of for its personal websites, so they’re broadly supported throughout the complete spectrum of gadgets used to entry your providers.
How do I exploit it?
Utilizing ACME ensures your certificates are renewed robotically and lots of internet hosting providers already help ACME. When you’re operating your individual internet servers / providers, there are ACME shoppers that combine simply with frequent servers. To make use of this function, you’ll need an API key known as an
Exterior Account Binding key. This permits your certificates requests to be related along with your Google Domains account. You will get an API key by visiting
Google Domains and navigating to the Safety web page to your area. There you’ll see a bit for Google Belief Providers the place you will get your EAB Key.
Instance of EAB Credentials in Google Domains
For example, with the favored Certbot ACME consumer, the configuration to register an account appears to be like like:
certbot register –email <CONTACT_EMAIL> –no-eff-email –server “https://dv.acme-v02.api.pki.goog/listing” –eab-kid “<EAB_KEY_ID>” –eab-hmac-key “<EAB_HMAC_KEY>”
The EAB_KEY_ID and EAB_HMAC_KEY are each supplied in your Google Domains safety web page.
After the account is created, chances are you’ll concern certificates by operating:
certbot certonly -d <area.com> –server “https://dv.acme-v02.api.pki.goog/listing” –standalone
Then observe the prompts to finish validation and obtain your certificates. When you want extra info please go to the
Google Domains assist middle.
Google Domains and ACME DNS-01
ACME makes use of challenges to validate area management earlier than issuing certificates. The
ACME DNS-01 problem might be an environment friendly approach for customers to automate the validation course of and combine with present web sites and internet hosting providers.
Instance of DNS API Entry Token in Google Domains
To arrange automated certificates provisioning with ACME and DNS-01, observe these steps:
- Sign up to Google Domains.
- Choose the area that you just need to use.
- On the prime left, click on “Menu” and choose “Safety”.
- Underneath part “ACME DNS API”, click on “Create token”.
- A dialog field will seem with an “API Token”. That is the API Token you’ll need to enter into your ACME consumer. You have to to repeat this worth and might accomplish that by clicking the copy button subsequent to the API Token.
- NOTE: This worth is just proven as soon as. After the dialog field is closed you will be unable to see this API Token once more. Retailer this token in a protected place, since anybody that has it good points the power to change some DNS TXT information to your Area.
- When you didn’t save this worth earlier than closing the dialog field, you possibly can simply delete and create a brand new API token.
- A restrict of 10 API tokens per area can exist at a time.
As soon as the dialog field is closed it is possible for you to to see within the record that the token has been created. You may delete this token at any time to revoke its entry.
The API token can now be utilized in an ACME consumer that helps the Google Domains ACME DNS API. Every ACME consumer differs barely on the best way to specify this API Token so you’ll need to learn the documentation in your desired ACME consumer.
No matter which ACME consumer you employ, Google Domains and Google Belief Providers are excited to supply a dependable choice for no-cost TLS certificates. This continues the mission of serving to construct a safer web by offering a clear, trusted, and dependable Certificates Authority.
