[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

How to install a free SSL certificate on GCP load balancer (GCLB)

2022.09.06

Server construction/operation

*Moeyo Mensuke (Osaka Fukushima)

Hello!
My name is Hide, the ramen king of Beyond Osaka Office.
This is my 7th post.

Last time we talked about monitoring specific strings in your server with CloudwatchLogs! I wrote an interesting blog post about notifications using a useful tool called CloudwatchLogs, so if you're interested, please take a look!

● Monitor specific strings with CloudWatch Logs!

https://beyondjapan.com/blog/2022/07/cloudwatchlogs_word_monitoring/

About Google Managed SSL Certificates, which are free SSL certificates

A Google managed SSL certificate is a free SSL certificate that can be installed on Google Cloud Load Balancing (GCLB).
The types of GCLB that can be installed are as follows.

Global external HTTP(S) load balancer
Global external HTTP(S) load balancer (legacy)
External SSL proxy load balancer

*Not supported for regional external HTTP(S) load balancers and internal HTTP(S).

Also, GCP updates automatically, which is very convenient. Additionally, multiple domains can be specified in the subject alternative name of a single certificate.

Installation can be done from either the "console" or the "gcloud command". This time we will install it from the console, so if you want to install it using the gcloud command, please refer to the article below!

● Try setting a free SSL certificate on the GCP load balancer using the gcloud command

Try setting a free SSL certificate on the GCP load balancer using the gcloud command

*Official document: Using Google managed SSL certificates

Installation procedure

*We will explain about compute and instance groups on the assumption that they have already been constructed.

① Network Services > Load Balancing > Click [Create Load Balancer]

② Click [Start configuration] in the HTTP(S) load balancing column

③ Select the following and click [Continue]

④ Enter the name of the load balancer (LB)

⑤ Set the following

● Name: Please set an appropriate name
● Protocol: HTTPS (including HTTP/2)
● IP version: IPv4
● IP address: *Set a static external IP address using the following steps
● Port: 443

⑥ Click [Create IP address] in the IP address field.

⑦ Fill in your name and description and click [Reservation]

*If creation is successful, the following settings will be automatically set.

⑧ Register the created static external IP address in DNS

*The IP address is written in the black part of the image below.

⑨Click Certificate > [Create new certificate]

⑩ Enter the following and click [Create]

● Name: Please enter a suitable name
● Creation mode: Create a Google managed certificate
● Domain: Please specify the domain registered in DNS

*After creation, it is complete when it is displayed as below.

⑪ Set the following

*If you want to set up redirection to https, please check [Enable redirection from HTTP to HTTPS].

⑫ Set up the backend

*If the end of https communication is LB, the front end will perform https communication, so please configure the back end to enable http communication.

⑬ Set the routing rule and click [Create]

⑭ Load Balancing > LB Name > Front End > Certificate > Click on certificate name

*Please perform this task after the LB update is complete.

⑮ Check whether the SSL certificate has been created

*If the status is ACTIVE, the SSL certificate can be used.
*To make it ACTIVE, you need to point the DNS of the specified domain to LB.

*If the status is [PROVISIONNIG (certifying)] as shown below, the SSL certificate is in the process of being created.
*If multiple domains are included in the subject alternative name, https communication using this certificate will not be possible until all domains have been authenticated.
*It will take up to 24 hours to complete the authentication.

⑯ Operation confirmation

・test

・test2

summary

What do you think? I think it was very easy to issue and install an SSL certificate from the console, like AWS's ACM.

Managing SSL certificates is often very troublesome, so if you can meet the security requirements, please use Google Managed SSL Certificates, which can be created once and then automatically updated!

Also, next time I will write an article about setting up URL redirects with LB.

If you found this article helpful , please give it a like!

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

The person who wrote this article

About the author

Hide@Infrastructure Engineer

It all started with a very interesting interview.
A mid-career employee of the System Solutions Department in Osaka.My
job is to build and operate servers and clouds!
I have the qualifications of LPIC1, AWS SAA, and OCI Architect Associate.

Actually, I love ramen and
have investigated over 100 stores in Osaka (｡-∀-) I'm striving to become the Ramen King of Nibi Beyond
!

I'm also on Twitter, so please follow me (´∇｀)
Click on the Twitter mark on the right corner! !

[Employee interview] What kind of work is pre-sales in the technical sales department? [Part 1] How to configure URL redirection with GCP's global external HTTP(S) load balancer (traditional)