Fix GCP Cloud Run Run Managed Ssl Errors
When working with GCP Cloud Run, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with run managed ssl and shows the exact fix.
A Common Mistake
Mapping a custom domain but SSL certificate provisioning fails because the CNAME record does not point to ghs.googlehosted.com, leaving the domain without TLS.
The incorrect command:
gcloud beta run domain-mappings create --service=my-service --domain=app.example.com --region=us-central1
Error output:
Creating mapping...
WARNING: SSL certificate provisioning pending. The domain does not have the required DNS record. To provision SSL:
Type: CNAME
Name: app.example.com
Value: ghs.googlehosted.com
Without this record, SSL provisioning will fail after 1 hour.
The Correct Approach
The right way to configure run managed ssl in GCP Cloud Run:
gcloud beta run domain-mappings create --service=my-service --domain=app.example.com --region=us-central1
Successful result:
Creating mapping...
After adding the CNAME:
$ gcloud beta run domain-mappings describe --domain=app.example.com --region=us-central1
status: ready
Certificate status: active
SSL is managed by Google. Auto-renewal is handled automatically.
How to Prevent This
Add the CNAME record before or immediately after creating the mapping. SSL provisioning takes 5-60 minutes. Google-managed SSL auto-renews. Use gcloud beta run domain-mappings describe to check status. SSL certs are provisioned per-region. Use a global LB for single-cert multi-region.
FAQ
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro