I intend to use Gcloud managed certificate. The way it works is that I already have a custom certificate managed by Let's Encrypt, which is assigned to my LoadBalancer. Now I want to swich to the Google Managed certificate. In order to achieve this I have to point the domains to the LoadBalncer's IP, then go to Load balancing components page, then I have to create the Google Managed certificate at the CERTIFICATES tab and, finally, edit the LoadBalancer to change its Frontend Configuration of HTTPS protocol and select the newly created certificate. Then, and only then, GCP will be allowed to provision the certificate. The problem is that it may take a few minutes (like 10 minutes) to the certificate to be provisioned. During this time my application will eventually lose the certificate and the browser will block it. This is not an acceptable scenario for us.
So, in short, I need to replace the certificate of the LoadBalancer to another one not yet verifyed which will cause my application to be out for the time it takes to provision it. The ideal scenario would be to provision the certificate first, then edit the LoadBalancer to bind it with the new certificate.
Is there any way to achieve this? Otherwise I will have to still issue my certificates with Let's Encrypt and manually replace it every time it's about to expire.
A load balancer front end can have more than one certificate attached.
Create a new managed certificate and attach it to the front end.
Once you have more than one certificate attached, you can then remove the one you no longer want to use without downtime.