Nicolas Duchon
1.4 KiB
Google Trust Services
Google Trust Service is an ACME CA with generous default quota and high ubiquity.
Using Google Trust Services through an ACME client, like in this container, allows for unlimited 90 days and multi-domains (SAN) certificates.
Activation
Google Trust Services support is activated when the ACME_CA_URI environment variable is set to the Google Trust Services ACME endpoint (https://dv.acme-v02.api.pki.goog/directory).
Account
Google Trust Services requires the use of an externally bound account. First create a Google Trust Services account:
- provide the pre-generated EAB credentials using the
ACME_EAB_KIDandACME_EAB_HMAC_KEYenvironment variables.
These variables can be set on the proxied containers or directly on the acme-companion container.
When registering a new ACME account with EAB, Google Trust Services expects a contact email. Set either LETSENCRYPT_EMAIL on the proxied container or DEFAULT_EMAIL on the acme-companion container so the initial acme.sh --register-account call includes it.
If both are unset or blank, acme-companion will still try to register the EAB account without an email and log a warning, but Google Trust Services may reject the registration.