Create Custom Hostname

client.CustomHostnames.New(ctx, params) (*CustomHostnameNewResponse, error)

POST/zones/{zone_id}/custom_hostnames

Add a new custom hostname and request that an SSL certificate be issued for it. One of three validation methods—http, txt, email—should be used, with 'http' recommended if the CNAME is already in place (or will be soon). Specifying 'email' will send an email to the WHOIS contacts on file for the base domain plus hostmaster, postmaster, webmaster, admin, administrator. If http is used and the domain is not already pointing to the Managed CNAME host, the PATCH method must be used once it is (to complete validation). Enable bundling of certificates using the custom_cert_bundle field. The bundling process requires the following condition One certificate in the bundle must use an RSA, and the other must use an ECDSA.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

SSL and Certificates Write

ParametersExpand Collapse

params CustomHostnameNewParams

ZoneID param.Field[string]

Path param: Identifier.

maxLength32

Hostname param.Field[string]

Body param: The custom hostname that will point to your hostname via CNAME.

maxLength255

CustomMetadata param.Field[map[string, string]]optional

Body param: Unique key/value metadata for this hostname. These are per-hostname (customer) settings.

SSL param.Field[CustomHostnameNewParamsSSL]optional

Body param: SSL properties used when creating the custom hostname.

BundleMethod BundleMethodoptional

A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

One of the following:

const BundleMethodUbiquitous BundleMethod = "ubiquitous"

const BundleMethodOptimal BundleMethod = "optimal"

const BundleMethodForce BundleMethod = "force"

CertificateAuthority CertificateCAoptional

The Certificate Authority that will issue the certificate

One of the following:

const CertificateCADigicert CertificateCA = "digicert"

const CertificateCAGoogle CertificateCA = "google"

const CertificateCALetsEncrypt CertificateCA = "lets_encrypt"

const CertificateCASSLCom CertificateCA = "ssl_com"

CloudflareBranding booloptional

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true

CustomCERTBundle []CustomHostnameNewParamsSSLCustomCERTBundleoptional

Array of custom certificate and key pairs (1 or 2 pairs allowed)

CustomCertificate string

If a custom uploaded certificate is used.

CustomKey string

The key for a custom uploaded certificate.

CustomCertificate stringoptional

If a custom uploaded certificate is used.

CustomCsrID stringoptional

The identifier for the Custom CSR that was used.

CustomKey stringoptional

The key for a custom uploaded certificate.

Method DCVMethodoptional

Domain control validation (DCV) method used for this hostname.

One of the following:

const DCVMethodHTTP DCVMethod = "http"

const DCVMethodTXT DCVMethod = "txt"

const DCVMethodEmail DCVMethod = "email"

Settings CustomHostnameNewParamsSSLSettingsoptional

SSL specific settings.

Ciphers []stringoptional

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

EarlyHints CustomHostnameNewParamsSSLSettingsEarlyHintsoptional

Whether or not Early Hints is enabled.

One of the following:

const CustomHostnameNewParamsSSLSettingsEarlyHintsOn CustomHostnameNewParamsSSLSettingsEarlyHints = "on"

const CustomHostnameNewParamsSSLSettingsEarlyHintsOff CustomHostnameNewParamsSSLSettingsEarlyHints = "off"

HTTP2 CustomHostnameNewParamsSSLSettingsHTTP2optional

Whether or not HTTP2 is enabled.

One of the following:

const CustomHostnameNewParamsSSLSettingsHTTP2On CustomHostnameNewParamsSSLSettingsHTTP2 = "on"

const CustomHostnameNewParamsSSLSettingsHTTP2Off CustomHostnameNewParamsSSLSettingsHTTP2 = "off"

MinTLSVersion CustomHostnameNewParamsSSLSettingsMinTLSVersionoptional

The minimum TLS version supported.

One of the following:

const CustomHostnameNewParamsSSLSettingsMinTLSVersion1_0 CustomHostnameNewParamsSSLSettingsMinTLSVersion = "1.0"

const CustomHostnameNewParamsSSLSettingsMinTLSVersion1_1 CustomHostnameNewParamsSSLSettingsMinTLSVersion = "1.1"

const CustomHostnameNewParamsSSLSettingsMinTLSVersion1_2 CustomHostnameNewParamsSSLSettingsMinTLSVersion = "1.2"

const CustomHostnameNewParamsSSLSettingsMinTLSVersion1_3 CustomHostnameNewParamsSSLSettingsMinTLSVersion = "1.3"

TLS1_3 CustomHostnameNewParamsSSLSettingsTLS1_3optional

Whether or not TLS 1.3 is enabled.

One of the following:

const CustomHostnameNewParamsSSLSettingsTLS1_3On CustomHostnameNewParamsSSLSettingsTLS1_3 = "on"

const CustomHostnameNewParamsSSLSettingsTLS1_3Off CustomHostnameNewParamsSSLSettingsTLS1_3 = "off"

Type DomainValidationTypeoptional

Level of validation to be used for this hostname. Domain validation (dv) must be used.

Wildcard booloptional

Indicates whether the certificate covers a wildcard.

ReturnsExpand Collapse

type CustomHostnameNewResponse struct{…}

ID string

Identifier.

maxLength32

Hostname string

The custom hostname that will point to your hostname via CNAME.

maxLength255

CreatedAt Timeoptional

This is the time the hostname was created.

formatdate-time

CustomMetadata map[string, string]optional

Unique key/value metadata for this hostname. These are per-hostname (customer) settings.

CustomOriginServer stringoptional

a valid hostname that’s been added to your DNS zone as an A, AAAA, or CNAME record.

CustomOriginSNI stringoptional

A hostname that will be sent to your custom origin server as SNI for TLS handshake. This can be a valid subdomain of the zone or custom origin server name or the string ':request_host_header:' which will cause the host header in the request to be used as SNI. Not configurable with default/fallback origin server.

OwnershipVerification CustomHostnameNewResponseOwnershipVerificationoptional

This is a record which can be placed to activate a hostname.

Name stringoptional

DNS Name for record.

Type CustomHostnameNewResponseOwnershipVerificationTypeoptional

DNS Record type.

Value stringoptional

Content for the record.

OwnershipVerificationHTTP CustomHostnameNewResponseOwnershipVerificationHTTPoptional

This presents the token to be served by the given http url to activate a hostname.

HTTPBody stringoptional

Token to be served.

HTTPURL stringoptional

The HTTP URL that will be checked during custom hostname verification and where the customer should host the token.

SSL CustomHostnameNewResponseSSLoptional

ID stringoptional

Custom hostname SSL identifier tag.

maxLength36

minLength36

BundleMethod BundleMethodoptional

One of the following:

const BundleMethodUbiquitous BundleMethod = "ubiquitous"

const BundleMethodOptimal BundleMethod = "optimal"

const BundleMethodForce BundleMethod = "force"

CertificateAuthority CertificateCAoptional

The Certificate Authority that will issue the certificate

One of the following:

const CertificateCADigicert CertificateCA = "digicert"

const CertificateCAGoogle CertificateCA = "google"

const CertificateCALetsEncrypt CertificateCA = "lets_encrypt"

const CertificateCASSLCom CertificateCA = "ssl_com"

CustomCertificate stringoptional

If a custom uploaded certificate is used.

CustomCsrID stringoptional

The identifier for the Custom CSR that was used.

CustomKey stringoptional

The key for a custom uploaded certificate.

DCVDelegationRecords []CustomHostnameNewResponseSsldcvDelegationRecordoptional

DCV Delegation records for domain validation.

CNAME stringoptional

The CNAME record hostname for DCV delegation.

CNAMETarget stringoptional

The CNAME record target value for DCV delegation.

Emails []stringoptional

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

HTTPBody stringoptional

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

HTTPURL stringoptional

The url that will be checked during domain validation.

Status stringoptional

Status of the validation record.

TXTName stringoptional

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

TXTValue stringoptional

The TXT record that the certificate authority (CA) will check during domain validation.

ExpiresOn Timeoptional

The time the custom certificate expires on.

formatdate-time

Hosts []stringoptional

A list of Hostnames on a custom uploaded certificate.

Issuer stringoptional

The issuer on a custom uploaded certificate.

Method DCVMethodoptional

Domain control validation (DCV) method used for this hostname.

One of the following:

const DCVMethodHTTP DCVMethod = "http"

const DCVMethodTXT DCVMethod = "txt"

const DCVMethodEmail DCVMethod = "email"

SerialNumber stringoptional

The serial number on a custom uploaded certificate.

Settings CustomHostnameNewResponseSSLSettingsoptional

Ciphers []stringoptional

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

EarlyHints CustomHostnameNewResponseSSLSettingsEarlyHintsoptional

Whether or not Early Hints is enabled.

One of the following:

const CustomHostnameNewResponseSSLSettingsEarlyHintsOn CustomHostnameNewResponseSSLSettingsEarlyHints = "on"

const CustomHostnameNewResponseSSLSettingsEarlyHintsOff CustomHostnameNewResponseSSLSettingsEarlyHints = "off"

HTTP2 CustomHostnameNewResponseSSLSettingsHTTP2optional

Whether or not HTTP2 is enabled.

One of the following:

const CustomHostnameNewResponseSSLSettingsHTTP2On CustomHostnameNewResponseSSLSettingsHTTP2 = "on"

const CustomHostnameNewResponseSSLSettingsHTTP2Off CustomHostnameNewResponseSSLSettingsHTTP2 = "off"

MinTLSVersion CustomHostnameNewResponseSSLSettingsMinTLSVersionoptional

The minimum TLS version supported.

One of the following:

const CustomHostnameNewResponseSSLSettingsMinTLSVersion1_0 CustomHostnameNewResponseSSLSettingsMinTLSVersion = "1.0"

const CustomHostnameNewResponseSSLSettingsMinTLSVersion1_1 CustomHostnameNewResponseSSLSettingsMinTLSVersion = "1.1"

const CustomHostnameNewResponseSSLSettingsMinTLSVersion1_2 CustomHostnameNewResponseSSLSettingsMinTLSVersion = "1.2"

const CustomHostnameNewResponseSSLSettingsMinTLSVersion1_3 CustomHostnameNewResponseSSLSettingsMinTLSVersion = "1.3"

TLS1_3 CustomHostnameNewResponseSSLSettingsTLS1_3optional

Whether or not TLS 1.3 is enabled.

One of the following:

const CustomHostnameNewResponseSSLSettingsTLS1_3On CustomHostnameNewResponseSSLSettingsTLS1_3 = "on"

const CustomHostnameNewResponseSSLSettingsTLS1_3Off CustomHostnameNewResponseSSLSettingsTLS1_3 = "off"

Signature stringoptional

The signature on a custom uploaded certificate.

Status CustomHostnameNewResponseSSLStatusoptional

Status of the hostname's SSL certificates.

One of the following:

const CustomHostnameNewResponseSSLStatusInitializing CustomHostnameNewResponseSSLStatus = "initializing"

const CustomHostnameNewResponseSSLStatusPendingValidation CustomHostnameNewResponseSSLStatus = "pending_validation"

const CustomHostnameNewResponseSSLStatusDeleted CustomHostnameNewResponseSSLStatus = "deleted"

const CustomHostnameNewResponseSSLStatusPendingIssuance CustomHostnameNewResponseSSLStatus = "pending_issuance"

const CustomHostnameNewResponseSSLStatusPendingDeployment CustomHostnameNewResponseSSLStatus = "pending_deployment"

const CustomHostnameNewResponseSSLStatusPendingDeletion CustomHostnameNewResponseSSLStatus = "pending_deletion"

const CustomHostnameNewResponseSSLStatusPendingExpiration CustomHostnameNewResponseSSLStatus = "pending_expiration"

const CustomHostnameNewResponseSSLStatusExpired CustomHostnameNewResponseSSLStatus = "expired"

const CustomHostnameNewResponseSSLStatusActive CustomHostnameNewResponseSSLStatus = "active"

const CustomHostnameNewResponseSSLStatusInitializingTimedOut CustomHostnameNewResponseSSLStatus = "initializing_timed_out"

const CustomHostnameNewResponseSSLStatusValidationTimedOut CustomHostnameNewResponseSSLStatus = "validation_timed_out"

const CustomHostnameNewResponseSSLStatusIssuanceTimedOut CustomHostnameNewResponseSSLStatus = "issuance_timed_out"

const CustomHostnameNewResponseSSLStatusDeploymentTimedOut CustomHostnameNewResponseSSLStatus = "deployment_timed_out"

const CustomHostnameNewResponseSSLStatusDeletionTimedOut CustomHostnameNewResponseSSLStatus = "deletion_timed_out"

const CustomHostnameNewResponseSSLStatusPendingCleanup CustomHostnameNewResponseSSLStatus = "pending_cleanup"

const CustomHostnameNewResponseSSLStatusStagingDeployment CustomHostnameNewResponseSSLStatus = "staging_deployment"

const CustomHostnameNewResponseSSLStatusStagingActive CustomHostnameNewResponseSSLStatus = "staging_active"

const CustomHostnameNewResponseSSLStatusDeactivating CustomHostnameNewResponseSSLStatus = "deactivating"

const CustomHostnameNewResponseSSLStatusInactive CustomHostnameNewResponseSSLStatus = "inactive"

const CustomHostnameNewResponseSSLStatusBackupIssued CustomHostnameNewResponseSSLStatus = "backup_issued"

const CustomHostnameNewResponseSSLStatusHoldingDeployment CustomHostnameNewResponseSSLStatus = "holding_deployment"

Type DomainValidationTypeoptional

Level of validation to be used for this hostname. Domain validation (dv) must be used.

UploadedOn Timeoptional

The time the custom certificate was uploaded.

formatdate-time

ValidationErrors []CustomHostnameNewResponseSSLValidationErroroptional

Domain validation errors that have been received by the certificate authority (CA).

Message stringoptional

A domain validation error.

ValidationRecords []CustomHostnameNewResponseSSLValidationRecordoptional

CNAME stringoptional

The CNAME record hostname for DCV delegation.

CNAMETarget stringoptional

The CNAME record target value for DCV delegation.

Emails []stringoptional

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

HTTPBody stringoptional

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

HTTPURL stringoptional

The url that will be checked during domain validation.

Status stringoptional

Status of the validation record.

TXTName stringoptional

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

TXTValue stringoptional

The TXT record that the certificate authority (CA) will check during domain validation.

Wildcard booloptional

Indicates whether the certificate covers a wildcard.

Status CustomHostnameNewResponseStatusoptional

Status of the hostname's activation.

One of the following:

const CustomHostnameNewResponseStatusActive CustomHostnameNewResponseStatus = "active"

const CustomHostnameNewResponseStatusPending CustomHostnameNewResponseStatus = "pending"

const CustomHostnameNewResponseStatusActiveRedeploying CustomHostnameNewResponseStatus = "active_redeploying"

const CustomHostnameNewResponseStatusMoved CustomHostnameNewResponseStatus = "moved"

const CustomHostnameNewResponseStatusPendingDeletion CustomHostnameNewResponseStatus = "pending_deletion"

const CustomHostnameNewResponseStatusDeleted CustomHostnameNewResponseStatus = "deleted"

const CustomHostnameNewResponseStatusPendingBlocked CustomHostnameNewResponseStatus = "pending_blocked"

const CustomHostnameNewResponseStatusPendingMigration CustomHostnameNewResponseStatus = "pending_migration"

const CustomHostnameNewResponseStatusPendingProvisioned CustomHostnameNewResponseStatus = "pending_provisioned"

const CustomHostnameNewResponseStatusTestPending CustomHostnameNewResponseStatus = "test_pending"

const CustomHostnameNewResponseStatusTestActive CustomHostnameNewResponseStatus = "test_active"

const CustomHostnameNewResponseStatusTestActiveApex CustomHostnameNewResponseStatus = "test_active_apex"

const CustomHostnameNewResponseStatusTestBlocked CustomHostnameNewResponseStatus = "test_blocked"

const CustomHostnameNewResponseStatusTestFailed CustomHostnameNewResponseStatus = "test_failed"

const CustomHostnameNewResponseStatusProvisioned CustomHostnameNewResponseStatus = "provisioned"

const CustomHostnameNewResponseStatusBlocked CustomHostnameNewResponseStatus = "blocked"

VerificationErrors []stringoptional

These are errors that were encountered while trying to activate a hostname.

Create Custom Hostname

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/custom_hostnames"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  customHostname, err := client.CustomHostnames.New(context.TODO(), custom_hostnames.CustomHostnameNewParams{
    ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    Hostname: cloudflare.F("app.example.com"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", customHostname.ID)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "hostname": "app.example.com",
    "created_at": "2020-02-06T18:11:23.531995Z",
    "custom_metadata": {
      "foo": "string"
    },
    "custom_origin_server": "origin2.example.com",
    "custom_origin_sni": "sni.example.com",
    "ownership_verification": {
      "name": "_cf-custom-hostname.app.example.com",
      "type": "txt",
      "value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
    },
    "ownership_verification_http": {
      "http_body": "5cc07c04-ea62-4a5a-95f0-419334a875a4",
      "http_url": "http://custom.test.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9"
    },
    "ssl": {
      "id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
      "bundle_method": "ubiquitous",
      "certificate_authority": "google",
      "custom_certificate": "-----BEGIN CERTIFICATE-----\nMIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E...SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O\nOeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7\n-----END CERTIFICATE-----\n",
      "custom_csr_id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
      "custom_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
      "dcv_delegation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "expires_on": "2021-02-06T18:11:23.531995Z",
      "hosts": [
        "app.example.com",
        "*.app.example.com"
      ],
      "issuer": "DigiCertInc",
      "method": "http",
      "serial_number": "6743787633689793699141714808227354901",
      "settings": {
        "ciphers": [
          "ECDHE-RSA-AES128-GCM-SHA256",
          "AES128-SHA"
        ],
        "early_hints": "on",
        "http2": "on",
        "min_tls_version": "1.2",
        "tls_1_3": "on"
      },
      "signature": "SHA256WithRSA",
      "status": "pending_validation",
      "type": "dv",
      "uploaded_on": "2020-02-06T18:11:23.531995Z",
      "validation_errors": [
        {
          "message": "SERVFAIL looking up CAA for app.example.com"
        }
      ],
      "validation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "wildcard": false
    },
    "status": "pending",
    "verification_errors": [
      "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
    ]
  }
}

Returns Examples

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "hostname": "app.example.com",
    "created_at": "2020-02-06T18:11:23.531995Z",
    "custom_metadata": {
      "foo": "string"
    },
    "custom_origin_server": "origin2.example.com",
    "custom_origin_sni": "sni.example.com",
    "ownership_verification": {
      "name": "_cf-custom-hostname.app.example.com",
      "type": "txt",
      "value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
    },
    "ownership_verification_http": {
      "http_body": "5cc07c04-ea62-4a5a-95f0-419334a875a4",
      "http_url": "http://custom.test.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9"
    },
    "ssl": {
      "id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
      "bundle_method": "ubiquitous",
      "certificate_authority": "google",
      "custom_certificate": "-----BEGIN CERTIFICATE-----\nMIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E...SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O\nOeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7\n-----END CERTIFICATE-----\n",
      "custom_csr_id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
      "custom_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
      "dcv_delegation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "expires_on": "2021-02-06T18:11:23.531995Z",
      "hosts": [
        "app.example.com",
        "*.app.example.com"
      ],
      "issuer": "DigiCertInc",
      "method": "http",
      "serial_number": "6743787633689793699141714808227354901",
      "settings": {
        "ciphers": [
          "ECDHE-RSA-AES128-GCM-SHA256",
          "AES128-SHA"
        ],
        "early_hints": "on",
        "http2": "on",
        "min_tls_version": "1.2",
        "tls_1_3": "on"
      },
      "signature": "SHA256WithRSA",
      "status": "pending_validation",
      "type": "dv",
      "uploaded_on": "2020-02-06T18:11:23.531995Z",
      "validation_errors": [
        {
          "message": "SERVFAIL looking up CAA for app.example.com"
        }
      ],
      "validation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "wildcard": false
    },
    "status": "pending",
    "verification_errors": [
      "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
    ]
  }
}