## Edit SSL Configuration

`client.CustomCertificates.Edit(ctx, customCertificateID, params) (*CustomCertificate, error)`

**patch** `/zones/{zone_id}/custom_certificates/{custom_certificate_id}`

Upload a new private key and/or PEM/CRT for the SSL certificate. Note: PATCHing a configuration for sni_custom certificates will result in a new resource id being returned, and the previous one being deleted.

### Parameters

- `customCertificateID string`

  Identifier.

- `params CustomCertificateEditParams`

  - `ZoneID param.Field[string]`

    Path param: Identifier.

  - `BundleMethod param.Field[BundleMethod]`

    Body param: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

  - `Certificate param.Field[string]`

    Body param: The zone's SSL certificate or certificate and the intermediate(s).

  - `CustomCsrID param.Field[string]`

    Body param: The identifier for the Custom CSR that was used.

  - `Deploy param.Field[CustomCertificateEditParamsDeploy]`

    Body param: The environment to deploy the certificate to, defaults to production

    - `const CustomCertificateEditParamsDeployStaging CustomCertificateEditParamsDeploy = "staging"`

    - `const CustomCertificateEditParamsDeployProduction CustomCertificateEditParamsDeploy = "production"`

  - `GeoRestrictions param.Field[GeoRestrictions]`

    Body param: Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.

  - `Policy param.Field[string]`

    Body param: Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
    Note: The API accepts this field as either "policy" or "policy_restrictions" in requests. Responses return this field as "policy_restrictions".

  - `PrivateKey param.Field[string]`

    Body param: The zone's private key.

### Returns

- `type CustomCertificate struct{…}`

  - `ID string`

    Identifier.

  - `ZoneID string`

    Identifier.

  - `BundleMethod BundleMethod`

    A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

    - `const BundleMethodUbiquitous BundleMethod = "ubiquitous"`

    - `const BundleMethodOptimal BundleMethod = "optimal"`

    - `const BundleMethodForce BundleMethod = "force"`

  - `CustomCsrID string`

    The identifier for the Custom CSR that was used.

  - `ExpiresOn Time`

    When the certificate from the authority expires.

  - `GeoRestrictions GeoRestrictions`

    Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.

    - `Label GeoRestrictionsLabel`

      - `const GeoRestrictionsLabelUs GeoRestrictionsLabel = "us"`

      - `const GeoRestrictionsLabelEu GeoRestrictionsLabel = "eu"`

      - `const GeoRestrictionsLabelHighestSecurity GeoRestrictionsLabel = "highest_security"`

  - `Hosts []string`

  - `Issuer string`

    The certificate authority that issued the certificate.

  - `KeylessServer KeylessCertificate`

    - `ID string`

      Keyless certificate identifier tag.

    - `CreatedOn Time`

      When the Keyless SSL was created.

    - `Enabled bool`

      Whether or not the Keyless SSL is on or off.

    - `Host string`

      The keyless SSL name.

    - `ModifiedOn Time`

      When the Keyless SSL was last modified.

    - `Name string`

      The keyless SSL name.

    - `Permissions []string`

      Available permissions for the Keyless SSL for the current user requesting the item.

    - `Port float64`

      The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

    - `Status KeylessCertificateStatus`

      Status of the Keyless SSL.

      - `const KeylessCertificateStatusActive KeylessCertificateStatus = "active"`

      - `const KeylessCertificateStatusDeleted KeylessCertificateStatus = "deleted"`

    - `Tunnel Tunnel`

      Configuration for using Keyless SSL through a Cloudflare Tunnel

      - `PrivateIP string`

        Private IP of the Key Server Host

      - `VnetID string`

        Cloudflare Tunnel Virtual Network ID

  - `ModifiedOn Time`

    When the certificate was last modified.

  - `PolicyRestrictions string`

    The policy restrictions returned by the API. This field is returned in responses
    when a policy has been set. The API accepts the "policy" field in requests but
    returns this field as "policy_restrictions" in responses.

    Specifies the region(s) where your private key can be held locally for optimal
    TLS performance. Format is a boolean expression, for example:
    "(country: US) or (region: EU)"

  - `Priority float64`

    The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacy_custom' certificates, but 'legacy_custom' certificates will always supercede 'sni_custom' certificates.

  - `Signature string`

    The type of hash used for the certificate.

  - `Status CustomCertificateStatus`

    Status of the zone's custom SSL.

    - `const CustomCertificateStatusActive CustomCertificateStatus = "active"`

    - `const CustomCertificateStatusExpired CustomCertificateStatus = "expired"`

    - `const CustomCertificateStatusDeleted CustomCertificateStatus = "deleted"`

    - `const CustomCertificateStatusPending CustomCertificateStatus = "pending"`

    - `const CustomCertificateStatusInitializing CustomCertificateStatus = "initializing"`

  - `UploadedOn Time`

    When the certificate was uploaded to Cloudflare.

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/custom_certificates"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  customCertificate, err := client.CustomCertificates.Edit(
    context.TODO(),
    "023e105f4ecef8ad9ca31a8372d0c353",
    custom_certificates.CustomCertificateEditParams{
      ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", customCertificate.ID)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "bundle_method": "ubiquitous",
    "custom_csr_id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
    "expires_on": "2016-01-01T05:20:00Z",
    "geo_restrictions": {
      "label": "us"
    },
    "hosts": [
      "example.com"
    ],
    "issuer": "GlobalSign",
    "keyless_server": {
      "id": "4d2844d2ce78891c34d0b6c0535a291e",
      "created_on": "2014-01-01T05:20:00Z",
      "enabled": false,
      "host": "example.com",
      "modified_on": "2014-01-01T05:20:00Z",
      "name": "example.com Keyless SSL",
      "permissions": [
        "#ssl:read",
        "#ssl:edit"
      ],
      "port": 24008,
      "status": "active",
      "tunnel": {
        "private_ip": "10.0.0.1",
        "vnet_id": "7365377a-85a4-4390-9480-531ef7dc7a3c"
      }
    },
    "modified_on": "2014-01-01T05:20:00Z",
    "policy_restrictions": "(country: US) or (region: EU)",
    "priority": 1,
    "signature": "SHA256WithRSA",
    "status": "active",
    "uploaded_on": "2014-01-01T05:20:00Z"
  }
}
```