New service from Google: free SSL certificate through ACME

Started by Guess jr., Oct 06, 2022, 11:54 AM

Previous topic - Next topic

Guess jr.Topic starter

Google started issuing free SSL certificates like Letsencrypt (via ACME). It was launched back in spring, but it's been working recently. Description here [nofollow]. Apparently, these certificates do not have any problems with old OS and browsers (in contrast to Letsencrypt) and they seem to be able to issue certificates for any zone and even .RU, as the trusted root certificate from Globalsign (which has not introduced sanctions).

The only thing is, how to get this certificate, to put it mildly, it is not clear at all. In order to make an ACME client work, I had to specify EAB_KEY_ID, EAB_HMAC_KEY. But how to get them, nowhere is it clearly written (or rather, commands are written for receiving via google-cloud-cli, but in fact, the devil is breaking your head in this google-cloud-cli and a bunch of logins, keys, passwords, accesses). It looks like you still need to fill out some form to get access to API, but there is access to Public Certificate Authority API even without filling out the form.

I wonder if and how anyone can get a certificate from Google.
  •  

wwwmaster@

Somehow google is very slow. It was high time, because there is a lot of traffic and it is impossible to analyze it. And so at once will be the keys to everything.
TO EVERYTHING.  ;D
  •  

Term

Quote from: Guess jr. on Oct 06, 2022, 11:54 AMthese certificates do not have any problems with old OS and browsers (in contrast to Letsencrypt)
Are you one of those who still make maybe CSS for IE6 ? LE has no problems with old operating systems and browsers, because it is not supported by old, but dead operating systems and browser versions.
  •  

Guess jr.Topic starter

Quote from: Term on Oct 06, 2022, 01:16 PMAre you one of those who still make maybe CSS for IE6 ?
If there are certificates that work everywhere and that do not work everywhere, it is better to choose the ones that work everywhere.
The thing is, not everyone knows how to upgrade an OS, and some 6-year-old MAC is fine for surfing the Internet and printing documents.
And even the latest version of Chrome doesn't open LE sites.
And the second situation is when all sorts of fridges, irons and other vacuum cleaners access the site scripts. They make it extremely difficult to update anything.

In general, certificates from Google should be a good substitute for ZeroSSL for domains .RU. All that remains is to figure out how to get EAB_KEY_ID, EAB_HMAC_KEY...
  •  

Term

By the way, in addition to Google, Yandex also offers certificates, only from LE, also did not figure out how to get (there is no time yet) https://console.cloud.yandex.ru/cloud
Maybe, who can drop a clear description, how to do it?
  •  

walker

Like many other "alternatives" to LetsEncrypt, this is just a trial bait, in the hope that potential customers will need an OV/EV certificate, or a wildcard here.
Well, or expensive freeloaders partners with several hundred certificates will simply be offered to switch to an inexpensive, but paid tariff. Here's how cloudflare is for example.
  •