Cloudflare Docs
SSL/TLS
SSL/TLS
Edit this page
Give us feedback
Set theme to dark (⇧+D)

Manage advanced certificates

​​ Create a certificate

If you are using an existing Universal SSL certificate, Cloudflare will automatically replace this certificate once you finish ordering your advanced certificate.

Once you order a certificate, you can review the certificate’s status in the dashboard at SSL/TLS > Edge Certificates or via the API with a GET request.

To create a new advanced certificate in the dashboard:

  1. Log in to your Cloudflare account and select a domain.
  2. Go to SSL/TLS > Edge Certificates.
  3. Select Order Advanced Certificate.
  4. If Cloudflare does not have your billing information, you will need to enter that information.
  5. Enter the following information:
    • Certificate Authority
    • Certificate Hostnames
    • Validation method
    • Certificate Validity Period
  6. Select Save.
To create a new certificate using the API, send a POST request to the Cloudflare API.

​​ Delete a certificate

To delete an advanced certificate in the dashboard:

  1. Log in to your Cloudflare account and select a domain.
  2. Select SSL/TLS > Edge Certificates.
  3. Select a certificate.
  4. Select Delete Certificate.
To delete a certificate using the API, send a DELETE request to the Cloudflare API.

​​ Restart validation

To restart validation for a certificate in a validation_timed_out status, send a PATCH request to the API.


​​ Restrict cipher suites

Cipher suites are a combination of ciphers used to negotiate security settings during the SSL/TLS handshake (and therefore separate from the SSL/TLS protocol).

For more details, refer to Disable cipher suites.


​​ Perform domain control validation (DCV)

Before a certificate authority (CA) will issue a certificate for a domain, the requester must prove they have control over that domain. This process is known as domain control validation (DCV).

Normally, you only need to update DCV if you have your application on a partial setup (Cloudflare does not run your authoritative nameservers).

For more information about DCV, refer to DCV methods.


​​ Set up alerts

You can configure alerts to receive notifications for changes in your certificates.

Advanced Certificate Alert

Who is it for?

Customers with advanced certificates that want to be alerted on validation, issuance, renewal, and expiration of certificates.

Other options / filters

None.

Included with

When an advanced certificate is validated, issued, renewed, or expired.

What should you do if you receive one?

Action only needed if notification is about a certificate that failed to be issued. Refer to SSL expired or SSL mismatch errors for more information.

Refer to Cloudflare Notifications for more information on how to set up an alert.