How to setup Letsencrypt for Google Cloud Compute Engine load balancer?

Question

I\'ve setup my Google Cloud Project to use a load balancer in combination with auto scaling instance templates. Currently the instance group only has one instance.

My do

Answer 1

If you use Kubernetes on top of Google Compute Engine, a good solution is cert-manager, which is a successor of kube-lego. Both can automatically requests certificates for Kubernetes Ingress resources from Let's Encrypt:

Features

• Recognizes the need of a new certificate for this cases:
  • No certificate existing
  • Existing certificate is not containing all domain names
  • Existing certificate is expired or near to its expiry date (cf. option LEGO_MINIMUM_VALIDITY)
  • Existing certificate is unparseable, invalid or not matching the secret key
• Creates a user account (incl. private key) for Let's Encrypt and stores it in Kubernetes secrets (secret name is configurable via LEGO_SECRET_NAME)
• Obtains the missing certificates from Let's Encrypt and authorizes the request with the HTTP-01 challenge
• Makes sure that the specific Kubernetes objects (Services, Ingress) contain the rights configuration for the HTTP-01 challenge to succeed
• Official Kubernetes Helm chart for simplistic deployment.

A step-by-step tutorial for GCE is available.