Google Cloud has announced the general availability of Certificate Manager, a service to acquire, manage, and deploy TLS certificates for use with Google Cloud workloads.
This supports both self-managed and Google managed certificates, and has monitoring capabilities to alert for expiring certificates.
Google-managed certificates are certificates validated either with load balancer or DNS authorization that Google Cloud obtains, manages and renews automatically.
Certificate Manager supports as well self-managed certificates, X.509 TLS certificates that the customer obtains and uploads manually to the service.
It also integrates with External HTTP(S) load balancers and Global external HTTP(S) load balancers but they must be on Premium Network Service Tier. Once after the validation that the requester controls the domain, the new service can also act as a public Certificate Authority to provide and deploy widely-trusted X.509 certificates
Google added a number of automation and observability features including the previews of Kubernetes integration and self-service ACME certificate enrollment.
If the requirement is less than 10 certificates per load balancer, Google suggests uploading the certificates directly to Cloud Load Balancing and Certificate Manager is not a mandate.
No additional charges to use Certificate Manager for the first 100 certificates, with an on a per-certificate, per-month pricing structure for further certificates.