I want to use Google Trust's SSL certificate instead of Let's Encrypt

I want to use Google Trust’s SSL certificate instead of Let’s Encrypt
As you can see, two different subdomains, one uses GTS and the other is Let’s Encrypt how do I set it up to use GTS
In the Edge Certificates panel, the Google Trust certificate is only used as a backup, how can I set it as the primary because Google Trust is much more compatible than Let’s Encrypt

1 Like

You can pay for advanced certificate manager and select from the available CAs.

2 Likes

The best option is to use Advanced Certificate Manager, since you are able to customize the CA, the certificate duration, SANs, etc.

However, there’s a quick trick to make the change to Google Trust Services, and it’s via the API.

You’ll need your Global API key, your domain’s zone ID and your email address.

Open a command prompt (cmd) on Windows, or Terminal on Mac or Linux.

Type (for Mac/Linux):

curl -sX PATCH "https://api.cloudflare.com/client/v4/zones/[DOMAIN_ZONE_ID_HERE]/ssl/universal/settings" -H "X-Auth-Email: [CLOUDFLARE_EMAIL_HERE]" -H "X-Auth-Key: [GLOBAL_API_KEY_HERE]" -H "Content-Type: application/json" --data '{"certificate_authority":"google"}'

Or (for Windows):

curl -sX PATCH "https://api.cloudflare.com/client/v4/zones/[DOMAIN_ZONE_ID_HERE]/ssl/universal/settings" -H "X-Auth-Email: [CLOUDFLARE_EMAIL_HERE]" -H "X-Auth-Key: [GLOBAL_API_KEY_HERE]" -H "Content-Type: application/json" --data "{\"certificate_authority\":\"google\"}"

Remember to change [DOMAIN_ZONE_ID_HERE] to your domain’s zone ID, [CLOUDFLARE_EMAIL_HERE] to your Cloudflare’s email address, and [GLOBAL_API_KEY_HERE] with your secret Global API key.

If you don’t get any errors, you’re CA should change to Google Trust Services.

Hope it helps!

4 Likes

Thank you very much for your answer, I successfully made changes to the Zone certificate via the API
But failed to change the certificate for the host in Custom Hostnames
Please how should I change the certificate in Custom Hostnames

1 Like

I seem to have found an imperfect solution
Certificates in Custom Hostnames are sometimes Let’s Encrypt and sometimes Google Trust, and can be assigned to Google Trust certificates by simply deleting the domain name repeatedly

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.