We’re excited to announce modifications that make getting
Google Trust Services TLS certificates simpler for Google Domains prospects. With this integration, all Google Domains prospects will be capable to purchase public certificates for his or her web sites at no further value, whether or not the positioning runs on a Google service or makes use of one other supplier. Additionally, Google Domains is now making
an API out there to permit for DNS-01 challenges with Google Domains DNS servers to situation and renew certificates routinely.
Like the prevailing
Google Cloud integration, Automatic Certificate Management Environment (
ACME) protocol is used to allow seamless computerized lifecycle administration of TLS certificates.
These certificates are issued by the identical Certificate Authority (CA) Google makes use of for its personal websites, so they’re extensively supported throughout your complete spectrum of gadgets used to entry your companies.
How do I exploit it?
Using ACME ensures your certificates are renewed routinely and lots of internet hosting companies already assist ACME. If you are working your individual internet servers / companies, there are ACME purchasers that combine simply with frequent servers. To use this function, you have to an API key known as an
External Account Binding key. This allows your certificates requests to be related together with your Google Domains account. You can get an API key by visiting
Google Domains and navigating to the Security web page in your area. There you’ll see a piece for Google Trust Services the place you may get your EAB Key.
Example of EAB Credentials in Google Domains
As an instance, with the favored Certbot ACME consumer, the configuration to register an account seems like:
certbot register –email <CONTACT_EMAIL> –no-eff-email –server “https://dv.acme-v02.api.pki.goog/directory” –eab-kid “<EAB_KEY_ID>” –eab-hmac-key “<EAB_HMAC_KEY>”
The EAB_KEY_ID and EAB_HMAC_KEY are each offered in your Google Domains safety web page.
After the account is created, you might situation certificates by working:
certbot certonly -d <area.com> –server “https://dv.acme-v02.api.pki.goog/directory” –standalone
Then observe the prompts to finish validation and obtain your certificates. If you want further data please go to the
Google Domains assist heart.
Google Domains and ACME DNS-01
ACME makes use of challenges to validate area management earlier than issuing certificates. The
ACME DNS-01 problem will be an environment friendly manner for customers to automate the validation course of and combine with present web sites and webhosting companies.
Example of DNS API Access Token in Google Domains
To arrange computerized certificates provisioning with ACME and DNS-01, observe these steps:
- Sign in to Google Domains.
- Select the area that you simply need to use.
- At the highest left, click on “Menu” and choose “Security”.
- Under part “ACME DNS API”, click on “Create token”.
- A dialog field will seem with an “API Token”. This is the API Token you have to to enter into your ACME consumer. You might want to copy this worth and might achieve this by clicking the copy button subsequent to the API Token.
- NOTE: This worth is just proven as soon as. After the dialog field is closed you won’t be able to see this API Token once more. Store this token in a secure place, since anybody that has it positive factors the power to change some DNS TXT information in your Domain.
- If you didn’t save this worth earlier than closing the dialog field, you may simply delete and create a brand new API token.
- A restrict of 10 API tokens per area can exist at a time.
Once the dialog field is closed it is possible for you to to see within the record that the token has been created. You can delete this token at any time to revoke its entry.
The API token can now be utilized in an ACME consumer that helps the Google Domains ACME DNS API. Each ACME consumer differs barely on the best way to specify this API Token so you have to to learn the documentation in your desired ACME consumer.
Regardless of which ACME consumer you employ, Google Domains and Google Trust Services are excited to supply a dependable possibility for no-cost TLS certificates. This continues the mission of serving to construct a safer web by offering a clear, trusted, and dependable Certificate Authority.
