Google Cloud periodically renews Google-managed certificates by requesting them from certificate authorities (CAs)

## Announcement Google Cloud periodically renews Google-managed certificates by requesting them from certificate authorities (CAs). Certificate authorities verify domain control by checking DNS settings of the domain and in case of [load balancer authorization](https://cloud.google.com/certificate-manager/docs/how-it-works#domain-auth) attempting to contact the server behind the domain's IP address. The CAs that Google Cloud works with have introduced a verification method called **Multi-Perspective Issuance Corroboration**, that is becoming mandatory for all public CAs and that consists in performing the verification from multiple locations in the world. As a result, if DNS settings do not correctly and consistently resolve from all locations, the validation fails and Google-managed certificates will fail to renew. To learn more about preventing multi-perspective domain validation failures for misconfigured DNS records, see [Multi-perspective domain validation](https://cloud.google.com/load-balancing/docs/ssl-certificates/troubleshooting#multi-perspective-domain-validation).