Is there a way to renew an SslCertificate resource on the Google Cloud load balancer when the underlying certificate expires, or do you have to create a new resource with the renewed certificate?
I'm referring to this service: https://cloud.google.com/compute/docs/load-balancing/http/ssl-certificates (Note the lack of reference to renewing a certificate).
Thanks, all!
Best Answer
On Google’s Global HTTP Load Balancer, each HTTPS target proxy is linked to a certificate. You can use the gcloud tool (pre-installed on GCE images) to update your target proxies with new certificates. But make sure that:
target-http-proxies
, which manges plaintext HTTP sites)You can query gcloud for the current certificate, to check if it’s about to expire. If it is, you can upload your new certificate, then use the
target-https-proxies update
command to switch over to the new certificate. You won’t see the changes immediately, but soon, the renewed certificate should be installed globally.There’s a usage quota of 30 SSL certificates (at least on my account). But if you aren’t too aggressive with your renewals, you won’t have any problems even if your renewal script doesn’t clean out expired certificates. It’d be a good idea to keep around at least 1 old certificate, just in case something goes wrong and you need to revert.