How to generate Google-managed certificates for wildcard hostnames in GCP?

Question

I would like to use Google-managed certificates for wildcard hostnames—for example, *.example.com.

I know I could use Certificate Manager from the doc to do that in GCP, but I cannot find a concrete example.

Could you please show me some examples?

Answer 1

Thanks @James' s answer. I also reference this doc.

I would like to post a concret example for this question in case anyone have the same doubts as me.

Most of the steps could reference to the doc, I would like to point out two steps you need to take care of.

In Create a Google-managed certificate referencing the DNS authorization step, provide your single domain and your wildcard hostname in the --domains options.

gcloud certificate-manager certificates create "my-cert" \
    --domains="example.com,*.example.com" \
    --dns-authorizations=my-dns-auth

In Create a certificate map entry step, create two entries for both single hostname and wildcard hostname.

gcloud certificate-manager maps entries create "my-entry1" \
    --map=my-map \
    --certificates=my-cert \
    --hostname="example.com"

gcloud certificate-manager maps entries create "my-entry2" \
    --map=my-map \
    --certificates=my-cert \
    --hostname="*.example.com"

Answer 2

For your use case, it will be best to use DNS authorization since Load balancer authorization does not support wildcard certificates. Each DNS authorization stores information about the DNS record that you need to set up and covers a single domain plus its wildcard—for example, example.com and *.example.com.

While this may not be a concrete example, this document is a helpful guide in creating a Google-managed certificate with DNS authorization and its deployment to your Load Balancer. Hope this helps.