There’s lots of ways to issue a Let’s Encrypt certificate using DNS validation and Cloudflare. You can Google it. I’ll link this one, using certbot-auto, that I wrote, but you can use anything. You’ll need to install certbot-auto on whatever machine you’re going to issue the certificate from, before you get started.
That’s the easy part. At the end of it, you’ll have a certificate sitting in /etc/letsencrypt/live/ on the server.
From there, you need to get it to your Google Cloud load balancer. I don’t use Google Cloud so I can’t actually help you there, but it seems like you’ll need to write a script that does two things (as documented in the link I already showed you):
- Upload the certificate to the LB using the
gcloud compute ssl-certificates createcommand - Update your load balancer to switch to the new certificate you just uploaded:
gcloud compute target-https-proxies update
You can optionally also pass this script to certbot-auto as a --deploy-hook and it will automatically run it every time the certificate renews.