Google Trust Services Now Offers TLS Certificates For Google Domains Customers

We’re excited to announce changes that make getting Google Trust Services TLS certificates easier for Google Domains customers. With this integration, all Google Domains customers will be able to acquire public certificates for their websites at no additional cost, whether the site runs on a Google service or uses another provider. Additionally, Google Domains is now making an API available to allow for DNS-01 challenges with Google Domains DNS servers to issue and renew certificates automatically.

Like the existing Google Cloud integration, Automatic Certificate Management Environment (ACME) protocol is used to enable seamless automatic lifecycle management of TLS certificates.

These certificates are issued by the same Certificate Authority (CA) Google uses for its own sites, so they are widely supported across the entire spectrum of devices used to access your services.

How do I use it?

Using ACME ensures your certificates are renewed automatically, and many hosting services already support ACME. If you’re running your own web servers/services, there are ACME clients that integrate easily with common servers. To use this feature, you will need an API key called an External Account Binding key. This enables your certificate requests to be associated with your Google Domains account. You can get an API key by visiting Google Domains and navigating to the Security page for your domain. There you’ll see a section for Google Trust Services where you can get your EAB Key.

Google Trust Services Now Offers TLS Certificates for Google Domains Customers

Example of EAB Credentials in Google Domains

As an example, with the popular Certbot ACME client, the configuration to register an account looks like:

certbot register –email <CONTACT_EMAIL> –no-eff-email –server “https://dv.acme-v02.api.pki.goog/directory” –eab-kid “<EAB_KEY_ID>” –eab-hmac-key “<EAB_HMAC_KEY>”

The EAB_KEY_ID and EAB_HMAC_KEY are both provided on your Google Domains security page.

After the account is created, you may issue certificates by running:

certbot certonly -d <domain.com> –server “https://dv.acme-v02.api.pki.goog/directory” –standalone

Then follow the prompts to complete validation and download your certificate. If you need additional information, please visit the Google Domains help center.

Google Domains and ACME DNS-01

ACME uses challenges to validate domain control before issuing certificates. The ACME DNS-01 challenge can be an efficient way for users to automate the validation process and integrate with existing websites and web hosting services.

Google Domains now provides an API for ACME DNS-01 challenges that helps streamline the process for users to authenticate domain control quickly and securely. This is now offered in some popular ACME clients like Certbot via this plugin, Caddy, Certify The Web, Posh-ACME. You can find additional information on the Google Domains site.

Example of DNS API Access Token in Google Domains

To set up automatic certificate provisioning with ACME and DNS-01, follow these steps:

Sign in to Google Domains.
Select the domain that you want to use.
At the top left, click “Menu” and select “Security”.
Under the section “ACME DNS API”, click “Create token”.
A dialog box will appear with an “API Token”. This is the API Token you will need to enter into your ACME client. You will need to copy this value and can do so by clicking the copy button next to the API Token.

NOTE: This value is only shown once. After the dialog box is closed, you will not be able to see this API Token again. Store this token in a safe place, since anyone that has it gains the ability to modify some DNS TXT records for your Domain.
If you did not save this value before closing the dialog box, you can easily delete and create a new API token.
A limit of 10 API tokens per domain can exist at a time.
Once the dialog box is closed, you will be able to see in the list that the token has been created. You can delete this token at any time to revoke its access.
The API token can now be used in an ACME client that supports the Google Domains ACME DNS API. Each ACME client differs slightly on how to specify this API Token, so you will need to read the documentation on your desired ACME client.

Regardless of which ACME client you use, Google Domains and Google Trust Services are excited to offer a reliable option for no-cost TLS certificates. This continues the mission of helping build a safer internet by providing a transparent, trusted, and reliable Certificate Authority.

Source

LiteSpeed Cache vs WP Rocket

Shared Web Hosting: Is It the Right Choice for Your Website?

Memorial Day Weekend Deals

Crucial Things to Know When Choosing Web Hosting Services

Switching to cPanel’s Jupiter Theme

Automatically Clear Elementor Cache and Regenerate CSS

Website Speedtest macOS Shortcuts

New method accelerates data retrieval in huge databases

LiteSpeed Cache Settings for Voxel

Are You Using Redis Cache on Your Website?

Automatically Clear Elementor Cache and Regenerate CSS

Unlock the Full Potential of Elementor with These 10 Advanced Tips

Master the Art of Web Design with Elementor Pro

What Is CSS Print Method in the Elementor Settings? Which Should I Choose?

Remove Unused Elementor Widgets

How do I use it?

Google Domains and ACME DNS-01

Google Cloud “Next” Event Set for August 29-31

Memorial Day Weekend Deals

Securing Your Business Internet Network: Best Practices for Enhanced Cybersecurity

Tags

Google Trust Services Now Offers TLS Certificates for Google Domains Customers

How do I use it?

Google Domains and ACME DNS-01

Related Posts