GCP Load Balancer fails to obtain a certificate when behind a proxied DNS record

Maybe I’m missing something but here are the steps to reproduce the issue. When the A record is DNS Only, it obtains a certificate within around 10 minutes. When Proxied it gives up within around 30 minutes.

I also saw this topic, so it seems like there’s no way to make the load balancer obtain a certificate.

Origin CA certificates? This sounds like I need to occasionally give GCP a new certificate. This can probably be automated, but it’ll take time to come up with a solution. But then I noticed that the default validity period is 15 years? Is that so? Isn’t it too much? I mean there must be a reason why e.g. Let’s Encrypt issues certificates for only 3 months.

Is there something I’m missing? Ideally I’d like GCP to just obtain a certificate.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.