How to Setup HTTPS for your Google Domains with Google Cloud CLI

By: Aiden White
Last Edited:

This website supports HTTPS connections. I wanted to make sure that any user logins or form submissions I implement in the future would be encrypted when communicating with the server. In order to achieve this, I needed to get a certificate authority (CA) to issue me a TLS (Transport Layer Security) certificate for the domain. Since I was already using Google Domains, I decided to use the free service Public CA from Google Trust Services (GTS). Public CA can be used via any Automatic Certificate Management Environment (ACME), and I recommend the free, open source tool called Certbot. Here's how I managed to set up TLS certificates at no additional cost using Google Domains, Google Cloud CLI, and Certbot:

1) Install Certbot on the server

In my case, I am using a Virtual Private Server (VPS) from Digital Ocean running Ubuntu 22.04. After SSH'ing onto the server, I install certbot with apt install.

apt install certbot

2) Install and Start Google Cloud CLI

In my case I curl'd and extracted the download, then ran the install script and the init command.

curl -O
tar -xf google-cloud-cli-441.0.0-linux-x86_64.tar.gz 
./google-cloud-sdk/bin/gcloud init

3) Get EAB key from Google Domains

Log into Google Domains in a browser, select the domain you want to configure, and go to Security. Scroll down to SSL/TLS Certificates and underneath Google Trust Services click "Get EAB key". Keep track of the EAB and HMAC keys that are generated. We will use these to connect to our Google Domains account while using Certbot.

4) Register ACME account

Run the following command on the server with Certbot installed. For server, see the Google documentation for more information. Basically, use "" in production and "" in staging.

certbot register \
    --email "EMAIL_ADDRESS" \
    --no-eff-email \
    --server "SERVER" \
    --eab-kid "EAB_KID" \
    --eab-hmac-key "EAB_HMAC_KEY"

5) Request Certificates

Run the following command on the server. For server, see above. For domains, enter a comma-separated list of domains for which you are requesting certificates, i.e. ",".

certbot certonly \
    --manual \
    --preferred-challenges "dns-01" \
    --server "SERVER" \
    --domains "DOMAINS"

7) Add DNS Record

Now Certbot will prompt you to publish a specific TXT record at a given hostname. Go to the DNS page in Google Domains and paste and save this record. Then go back to your terminal running Certbot on the server and press enter to make Certbot validate the DNS record.

8) Deploy Certificates

If Certbot was able to successfully validate your DNS record, it will notify you that a certificate and key have been created and give you their location. It will also tell you the date the certificate expires and directions for renewing the certificate, so make sure to save these for later. Then, all you need to do is let your web server know where to find your certificate and key. For example, I run NGINX so I go into my /etc/nginx/sites-enabled/ file and add the paths to my certificate and key. See below for an example. I also redirect any HTTP requests on port 80 to HTTPS on port 443.

server {
    # listen on port 80 (HTTP)
    listen 80;
    location / {
        # redirect any requests to the same URL but on HTTPS
        return 301 https://$host$request_uri;

server {
    # listen on port 443 (HTTPS)
    listen 443 ssl;

    # location of the certificate & key
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;


Don't forget to restart NGINX to reflect these changes

systemctl restart nginx

That's it! Your site should now support HTTPS connections.

My GeoPandas Plot Went Viral on Reddit

By: Aiden White
Last Edited:

Plot of the tree density in Manhattan

In December 2022 I entered a competition on datacamp that involved visualizing the tree density of Manhattan, NY. I decided to post the above plot I created with GeoPandas to the subreddit /r/dataisbeautiful, and to my surprise, it ended up receiving over 1 million views and 8,000+ upvotes. I got a lot of great feedback in the comments about how I could improve the plot, and I think that engagement may have contributed to reddit showing the post to more users. It just goes to show that if you're willing to be a bit vulnerable and put your work out there to the world, you can learn a lot.