How to setup Letsencrypt for Google Cloud Compute Engine load balancer?

Question

I\'ve setup my Google Cloud Project to use a load balancer in combination with auto scaling instance templates. Currently the instance group only has one instance.

My do

Answer 1

A good way to achieve your goal is cloud function + cloud scheduler + https://github.com/bloomapi/letsencrypt-gcloud-balancer

Answer 2

You can use sslforfree.com, which calls LetsEncrypt for you and gives you the keys for downloading. It can also remind you to renew your certs. (There's currently no way to auto-renew certs in Google LB)

Answer 3

You can use certbot

Here is an example of how to create only the certificates

$ ./certbot-auto certonly --standalone --email admin@example.com -d example.com -d www.example.com

Answer 4

If you use Kubernetes on top of Google Compute Engine, a good solution is cert-manager, which is a successor of kube-lego. Both can automatically requests certificates for Kubernetes Ingress resources from Let's Encrypt:

Features

• Recognizes the need of a new certificate for this cases:
  • No certificate existing
  • Existing certificate is not containing all domain names
  • Existing certificate is expired or near to its expiry date (cf. option LEGO_MINIMUM_VALIDITY)
  • Existing certificate is unparseable, invalid or not matching the secret key
• Creates a user account (incl. private key) for Let's Encrypt and stores it in Kubernetes secrets (secret name is configurable via LEGO_SECRET_NAME)
• Obtains the missing certificates from Let's Encrypt and authorizes the request with the HTTP-01 challenge
• Makes sure that the specific Kubernetes objects (Services, Ingress) contain the rights configuration for the HTTP-01 challenge to succeed
• Official Kubernetes Helm chart for simplistic deployment.

A step-by-step tutorial for GCE is available.