[_acco]

Among other exploits, you could generate an SSL cert and harvest cookies. All visitors would have to do is load your site in their browser. Right?

[cube00]

Google is pretty good about pinning their certificates so it's unlikely this would work, especially in Chrome where it's locked down even further.

[paxys]

Certificate pinning has already been deprecated as a standard, and no browser supports it anymore. Google may be doing something else for their own properties on Chrome, but that is unlikely and definitely not widely known.

Edit: After a few minutes of internet searching it turns out that while HPKP is deprecated Google does statically pin a set of certs into the Chrome build itself, their own sites presumably included.