I made a service with Cloud Run for Anthos on Google Cloud, and the SSL certificate is made by Let’s Encrypt. I want to renew the certificate automatically on serverless, not on GCE.
How can I do that?
Can I use cronJob on GKE?
I just manually created the certificate on my laptop.
sudo certbot certonly --manual --preferred-challenges dns -d '*.default.domain'
sudo kubectl create --namespace istio-system secret tls istio-ingressgateway-certs \
--key /etc/letsencrypt/live/default.domain/privkey.pem \
--cert /etc/letsencrypt/live/default.domain/fullchain.pem
Let's Encrypt certificates created manually with DNS validation cannot be renewed unless you saved the private key used to sign the original CSR and you are able to modify the domain's name servers with TXT DNS challenges.
I am not aware of any apps that accept precreated SSL certificates. Normally, these apps start with nothing and set everything up.
I recommend installing Cert-Manager and reissuing your SSL certificate and setting up automatic renewals.
However, you stated that you want to do this "serverless". There are many examples of creating Let's Encrypt SSL certificates via DNS challenge on the Internet. However, I have not seen one that also handles renewals. There are no technical problems here, you just need a plugin that modifies your name servers with the correct TXT records. If you understand the ACME interface, you could develop your own software. Otherwise, I would use Kubernetes Cert-Manager or another supported package.
Yes you can use CronJob in GKE(is in beta):
https://cloud.google.com/kubernetes-engine/docs/how-to/cronjobs
Either you can use the GCP CLoud Scheduler: