How to configure Google Trust CA in caddy?

Showcase
1

Follow up of How to add Google Certificate Manager to the Caddyfile?

How to use Google Trust CA with caddy ?

First install the gcloud CLI (command line): https://docs.cloud.google.com/sdk/docs/install-sdk#deb
Then follow: Request a certificate using Public CA and an ACME client | Certificate Manager | Google Cloud Documentation

That means the commands:

  • gcloud init that requires a Google account
  • gcloud projects create tls-acme-example-eu
  • gcloud config set project tls-acme-example-eu
gcloud projects add-iam-policy-binding tls-acme-example-eu \
    --member=user:yourself@gmail.com \
    --role=roles/publicca.externalAccountKeyCreator
  • gcloud services enable publicca.googleapis.com to enable the API used to request certificates
  • gcloud publicca external-account-keys create
  • Then in your Caddyfile:
https://example.org {
    tls tech@example.org {
            ca https://dv.acme-v02.api.pki.goog/directory
            # Testing: https://dv.acme-v02.test-api.pki.goog/directory
            eab 36bd41d3fefefefefefefef207f84545 xxxxxx-xxxxxxx-xx-xxx-xxxxxxxxx
    }
    handle_path /robots.txt {
        respond <<EOF
        User-agent: *
        Disallow: /
        EOF 200
    }

    handle_path /sitemap.xml {
        respond <<EOF
        Not found
        EOF 410
    }

    handle_path / {
        header Content-Type "text/html; charset=utf-8"
        respond <<EOF
        <html><div style="text-align: center;">It works !</div></html>
        EOF 200
    }

}
1 Like