Edit: Of particular note is that if you have a VM in say us-central1 talking to another of your VMs in us-east1, we encrypt that traffic across regions (even though it's riding our backbone).
Disclosure: I work on Google Cloud (and even sort of contributed to this).
It wasn’t there before, but you can assign multiple certs to a front end now, and it works as you expect (tested with SSLLabs.com).
Great, thanks! :)