本教程将介绍如何使用 Google Cloud CLI 向 Public Certificate Authority 机构请求 TLS 证书。如需了解 Public Certificate Authority 机构使用的根 CA 和中间 CA,请参阅 Google Trust Services。从公共 CA 请求证书是免费的。

This tutorial walks you through requesting a TLS certificate with Public Certificate Authority by using the Google Cloud CLI. For information about the root and intermediate CAs used by Public Certificate Authority, see Google Trust Services. There is no charge for requesting certificates from Public CA.

一、创建项目并申请EAB
https://console.cloud.google.com/ 创建一个项目,记录下项目id。
1.进入Cloud Shell 执行如下命令

gcloud projects add-iam-policy-binding 项目id \
--member=user:邮箱地址 \
--role=roles/publicca.externalAccountKeyCreator

2.启用 Public CA API

gcloud services enable publicca.googleapis.com

3.请求 EAB 密钥 ID 和 HMAC,并复制下来

gcloud publicca external-account-keys create

4.切换到生产环境

gcloud config unset api_endpoint_overrides/publicca

二、服务器操作
acme.sh中注册账户

/usr/local/acme.sh/acme.sh  --home "/usr/local/acme.sh" --register-account -m email --server google \
--eab-kid keyId \
--eab-hmac-key b64MacKey

以alidns验证方式申请90天的泛域名证书

/usr/local/acme.sh/acme.sh  --home "/usr/local/acme.sh"  -f  --server google  --issue -d 32mb.net -d '*.32mb.net'  --dns dns_ali

CAA信任域名为:pki.goog

详细说明参考 https://cloud.google.com/certificate-manager/docs/public-ca-tutorial

标签: Google, SSL, acme.sh, Google Trust Services

添加新评论