Editing domains in a Google Managed SSL Certificate

2,040 views
Skip to first unread message

Daniel Krause

unread,
Jan 28, 2020, 10:01:56 AM1/28/20
to Google Cloud Developers
Is it possible to edit a managed SSL cert.
ie adding or deleting domains that are linked to a specific cert
I know this can be done with Letsencrypt so I assume this should be possible, but I do not see any way at present to do this

Having to delete and recreate certificates to add/delete domains would be rather painful

noverlyjoseph

unread,
Jan 30, 2020, 8:49:01 AM1/30/20
to Google Cloud Developers
With Google-managed SSL, you don't have to manually renew the certificate. They will be renewed automatically as you can see here[1]

[1] https://cloud.google.com/load-balancing/docs/ssl-certificates#google-managed_ssl_certificate_renewal

Daniel Krause

unread,
Feb 3, 2020, 10:03:50 AM2/3/20
to Google Cloud Developers
I'm not referring to renewal of the cert, I am talking about adding and removing domains to an existing certificate.

Each cert can contain 100domains, if I create a cert and only add 50domains, how to I expand that cert post-creation with additional domains

Dattu Pragnu Nellutla

unread,
Feb 3, 2020, 7:44:47 PM2/3/20
to Google Cloud Developers

Currently, as per GCP documentation[1] I could see that each certificate can be associated with 100 Domains. However, we don't have an “update command”[2] to update the managed certificates. 


This being said, if you wish to update the domains in the SSL certificate, you could create a new google managed certificate and associate with all the existing and new domains. Once the certificate status shows active you can delete the older certificate.


[1]Self-managed and Google-managed SSL certificates

https://cloud.google.com/load-balancing/docs/ssl-certificates#certificate-types


[2]Commands for ssl certificates

https://cloud.google.com/sdk/gcloud/reference/beta/compute/ssl-certificates


Daniel Krause

unread,
Feb 4, 2020, 8:54:26 AM2/4/20
to Google Cloud Developers
Thanks, I had thought of trying this out
The only problem with this method, it means that you would need to keep one spare cert open at all times, which effectively means a loss of 100 potential domains
We are expecting 900-1200 domains for our platform so this is quite a loss

Hopefully this feature will still be implemented

Daniel Krause

unread,
Feb 4, 2020, 8:54:26 AM2/4/20
to Google Cloud Developers
Should anyone have a similar need I have submitted a feature request for this

https://issuetracker.google.com/issues/148809372




On Tuesday, February 4, 2020 at 4:44:47 AM UTC+4, Dattu Pragnu Nellutla wrote:

Roldan Vallejo

unread,
Feb 4, 2020, 3:18:02 PM2/4/20
to Google Cloud Developers
Thank you for your notification. If you want to be automatically notified of any updates you can "Star" the Feature Request and you'll receive an email message. Otherwise you can simply visit the link periodically and check if there's anything new. It's worth noting that at the moment there's no ETA for the availability of this feature.
Reply all
Reply to author
Forward
0 new messages