Get Google API Key

Login to your GCP console panel and go to the Public Certificate Authority API administration page.

https://console.cloud.google.com/apis/library/publicca.googleapis.com

Start Cloud Shell

gcloud services enable publicca.googleapis.com

Enter the following to check the item, you can skip this step if you only have one item, it will be automatically set as the only item:

gcloud config set project [project ID]

Get the API Key

gcloud beta publicca external-account-keys create

The pop-up window, when clicked on to authorize, returns a message in the following format for the record:

Created an external account key
[b64MacKey: xxxxxxxxxxxxxxxxxxxxxxx
keyId: xxxxxxxxxxxxxxx]

acme.sh

Setting Google public certificate authorization

acme.sh  --register-account -m [YOUR_EMAIL] --server google \
    --eab-kid [keyId] \
    --eab-hmac-key [b64MacKey]

Setting default CA server

acme.sh --set-default-ca --server google --accountconf /root/.acme.sh/account-custom.conf

Issuance of certificates

(RSA)

acme.sh --issue --dns -d [mydomain.com] -d [*.mydomain.com] --accountconf /root/.acme.sh/account-custom.conf

(ECC)

acme.sh --issue --dns -d [mydomain.com] -d [*.mydomain.com] --keylength ec-256 --accountconf /root/.acme.sh/account-custom.conf
文章目錄