NAME
    gcloud beta certificate-manager certificates create - create a certificate

SYNOPSIS
    gcloud beta certificate-manager certificates create
        (CERTIFICATE : --location=LOCATION)
        (--certificate-file=PATH_TO_FILE --private-key-file=PATH_TO_FILE
          | [--domains=[DOMAINS,...]
          : --dns-authorizations=[DNS_AUTHORIZATIONS,...]
          | --issuance-config=ISSUANCE_CONFIG]) [--async]
        [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]]
        [--scope=SCOPE; default="DEFAULT"] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (BETA) Create a new certificate.

      ▪ Managed certificates can be created by supplying one or more domain
        names and an (optional) list of DNS authorizations for those domain
        names.
      ▪ Self-managed certificates can be created by uploading a certificate
        and its corresponding private key (both in PEM format).

EXAMPLES
    To create (upload) a self-managed certificate called www-example-com, run:

        $ gcloud beta certificate-manager certificates create \
            www-example-com --private-key-file=key.pem \
            --certificate-file=cert.pem

    To create a certificate managed by Certificate Manager called
    api-example-com, run:

        $ gcloud beta certificate-manager certificates create \
            api-example-com --domains="api.example.com"

    To create a certificate managed by Certificate Manager called
    api-example-com, using an existing DNS authorization, run:

        $ gcloud beta certificate-manager certificates create \
            api-example-com --dns-authorizations=api-example-com \
            --domains="api.example.com"

POSITIONAL ARGUMENTS
     Certificate resource - The name of the certificate to create. The
     arguments in this group can be used to specify the attributes of this
     resource. (NOTE) Some attributes are not given arguments in this group but
     can be set in other ways.

     To set the project attribute:
      ◆ provide the argument certificate on the command line with a fully
        specified name;
      ◆ provide the argument --project on the command line;
      ◆ set the property core/project.

     This must be specified.

       CERTIFICATE
          ID of the certificate or fully qualified identifier for the
          certificate.

          To set the certificate attribute:
          ▸ provide the argument certificate on the command line.

          This positional argument must be specified if any of the other
          arguments in this group are specified.

       --location=LOCATION
          Certificate Manager location.

          To set the location attribute:
          ▸ provide the argument certificate on the command line with a fully
            specified name;
          ▸ provide the argument --location on the command line;
          ▸ default value of location is [global].

REQUIRED FLAGS
     Configuration for creating and uploading certificates to Cloud Certificate
     Manager.

     Exactly one of these must be specified:

       Configuration for uploading self-managed certificates and keys.

       --certificate-file=PATH_TO_FILE
          Certificate data in PEM-encoded form. Use a full or relative path to
          a local file containing the value of certificate_file.

          This flag argument must be specified if any of the other arguments in
          this group are specified.

       --private-key-file=PATH_TO_FILE
          Private key data in PEM-encoded form. Use a full or relative path to
          a local file containing the value of private_key_file.

          This flag argument must be specified if any of the other arguments in
          this group are specified.

       Configuration for creating new managed certificates.

       --domains=[DOMAINS,...]
          Public domain name(s) to create a certificate for.

          ▸ If a DNS authorization is provided for the domain, the
            certificate will be validated against the DNS record you added as
            part of the authorization flow.
          ▸ If no DNS authorization is provided, Certificate Manager will
            attempt to validate the domain against the serving endpoint
            directly.

          You may list multiple, comma-separated domain names to include
          multiple names as Subject Alternative Names on the issued
          certificate.

          This flag argument must be specified if any of the other arguments in
          this group are specified.

       At most one of these can be specified:

         --dns-authorizations=[DNS_AUTHORIZATIONS,...]
            Name(s) of the DNS authorizations for each listed domain.

            Note that each domain requires a matching authorization, and any
            domain that fails authorization will prevent issuance and/or
            renewal of the certificate.

            To reference multiple DNS authorizations, provide a list of comma
            separated DNS authorization resource names or URLs. For example:

                $ gcloud beta certificate-manager certificates create \
                     --dns-authorizations=api-example-com,www-example-com

         --issuance-config=ISSUANCE_CONFIG
            Name of the Certificate Issuance Config to use for issuance.

OPTIONAL FLAGS
     --async
        Return immediately, without waiting for the operation in progress to
        complete.

     --description=DESCRIPTION
        Human-readable description of the resource.

     --labels=[KEY=VALUE,...]
        List of label KEY=VALUE pairs to add.

        Keys must start with a lowercase character and contain only hyphens
        (-), underscores (_), lowercase characters, and numbers. Values must
        contain only hyphens (-), underscores (_), lowercase characters, and
        numbers.

     --scope=SCOPE; default="DEFAULT"
        Scope of the managed certificate. This determines which services the
        certificate can be attached to/associated with. Defaults to DEFAULT.
        SCOPE must be one of:

         all-regions
            Certificates with scope ALL_REGIONS are currently used for
            Cross-region Internal Application Load Balancer only.

         client-auth
            Certificates with scope CLIENT_AUTH are used for client
            authentication.

         default
            Certificates with DEFAULT scope are used for Load Balancing and
            Cloud CDN.

            If unsure, choose this option.

         edge-cache
            Certificates with scope EDGE_CACHE are special-purposed
            certificates, scoped for use with Media Edge services only.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

API REFERENCE
    This command uses the certificatemanager/v1 API. The full documentation for
    this API can be found at:
    https://docs.cloud.google.com/certificate-manager/docs/overview

NOTES
    This command is currently in beta and might change without notice. These
    variants are also available:

        $ gcloud certificate-manager certificates create

        $ gcloud alpha certificate-manager certificates create

