Skip to content
Cloudflare API
Start here
API Reference
Custom Hostnames
Certificate Pack
Certificates

Replace Custom Certificate and Custom Key In Custom Hostname

client.CustomHostnames.CertificatePack.Certificates.Update(ctx, customHostnameID, certificatePackID, certificateID, params) (*CertificatePackCertificateUpdateResponse, error)
PUT/zones/{zone_id}/custom_hostnames/{custom_hostname_id}/certificate_pack/{certificate_pack_id}/certificates/{certificate_id}

Replace a single custom certificate within a certificate pack that contains two bundled certificates. The replacement must adhere to the following constraints. You can only replace an RSA certificate with another RSA certificate or an ECDSA certificate with another ECDSA certificate.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
SSL and Certificates Write
ParametersExpand Collapse
customHostnameID string

Identifier.

maxLength32
certificatePackID string

Identifier.

maxLength32
certificateID string

Identifier.

maxLength32
params CertificatePackCertificateUpdateParams
ZoneID param.Field[string]

Path param: Identifier.

maxLength32
CustomCertificate param.Field[string]

Body param: If a custom uploaded certificate is used.

CustomKey param.Field[string]

Body param: The key for a custom uploaded certificate.

ReturnsExpand Collapse
type CertificatePackCertificateUpdateResponse struct{…}
ID string

Identifier.

maxLength32
Hostname string

The custom hostname that will point to your hostname via CNAME.

maxLength255
CreatedAt Timeoptional

This is the time the hostname was created.

formatdate-time
CustomMetadata map[string, string]optional

Unique key/value metadata for this hostname. These are per-hostname (customer) settings.

CustomOriginServer stringoptional

a valid hostname that’s been added to your DNS zone as an A, AAAA, or CNAME record.

CustomOriginSNI stringoptional

A hostname that will be sent to your custom origin server as SNI for TLS handshake. This can be a valid subdomain of the zone or custom origin server name or the string ':request_host_header:' which will cause the host header in the request to be used as SNI. Not configurable with default/fallback origin server.

OwnershipVerification CertificatePackCertificateUpdateResponseOwnershipVerificationoptional

This is a record which can be placed to activate a hostname.

Name stringoptional

DNS Name for record.

Type CertificatePackCertificateUpdateResponseOwnershipVerificationTypeoptional

DNS Record type.

Value stringoptional

Content for the record.

OwnershipVerificationHTTP CertificatePackCertificateUpdateResponseOwnershipVerificationHTTPoptional

This presents the token to be served by the given http url to activate a hostname.

HTTPBody stringoptional

Token to be served.

HTTPURL stringoptional

The HTTP URL that will be checked during custom hostname verification and where the customer should host the token.

SSL CertificatePackCertificateUpdateResponseSSLoptional
ID stringoptional

Custom hostname SSL identifier tag.

maxLength36
minLength36
BundleMethod BundleMethodoptional

A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

One of the following:
const BundleMethodUbiquitous BundleMethod = "ubiquitous"
const BundleMethodOptimal BundleMethod = "optimal"
const BundleMethodForce BundleMethod = "force"
CertificateAuthority CertificateCAoptional

The Certificate Authority that will issue the certificate

One of the following:
const CertificateCADigicert CertificateCA = "digicert"
const CertificateCAGoogle CertificateCA = "google"
const CertificateCALetsEncrypt CertificateCA = "lets_encrypt"
const CertificateCASSLCom CertificateCA = "ssl_com"
CustomCertificate stringoptional

If a custom uploaded certificate is used.

CustomCsrID stringoptional

The identifier for the Custom CSR that was used.

CustomKey stringoptional

The key for a custom uploaded certificate.

DCVDelegationRecords []CertificatePackCertificateUpdateResponseSsldcvDelegationRecordoptional

DCV Delegation records for domain validation.

CNAME stringoptional

The CNAME record hostname for DCV delegation.

CNAMETarget stringoptional

The CNAME record target value for DCV delegation.

Emails []stringoptional

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

HTTPBody stringoptional

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

HTTPURL stringoptional

The url that will be checked during domain validation.

Status stringoptional

Status of the validation record.

TXTName stringoptional

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

TXTValue stringoptional

The TXT record that the certificate authority (CA) will check during domain validation.

ExpiresOn Timeoptional

The time the custom certificate expires on.

formatdate-time
Hosts []stringoptional

A list of Hostnames on a custom uploaded certificate.

Issuer stringoptional

The issuer on a custom uploaded certificate.

Method DCVMethodoptional

Domain control validation (DCV) method used for this hostname.

One of the following:
const DCVMethodHTTP DCVMethod = "http"
const DCVMethodTXT DCVMethod = "txt"
const DCVMethodEmail DCVMethod = "email"
SerialNumber stringoptional

The serial number on a custom uploaded certificate.

Settings CertificatePackCertificateUpdateResponseSSLSettingsoptional
Ciphers []stringoptional

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

EarlyHints CertificatePackCertificateUpdateResponseSSLSettingsEarlyHintsoptional

Whether or not Early Hints is enabled.

One of the following:
const CertificatePackCertificateUpdateResponseSSLSettingsEarlyHintsOn CertificatePackCertificateUpdateResponseSSLSettingsEarlyHints = "on"
const CertificatePackCertificateUpdateResponseSSLSettingsEarlyHintsOff CertificatePackCertificateUpdateResponseSSLSettingsEarlyHints = "off"
HTTP2 CertificatePackCertificateUpdateResponseSSLSettingsHTTP2optional

Whether or not HTTP2 is enabled.

One of the following:
const CertificatePackCertificateUpdateResponseSSLSettingsHTTP2On CertificatePackCertificateUpdateResponseSSLSettingsHTTP2 = "on"
const CertificatePackCertificateUpdateResponseSSLSettingsHTTP2Off CertificatePackCertificateUpdateResponseSSLSettingsHTTP2 = "off"
MinTLSVersion CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersionoptional

The minimum TLS version supported.

One of the following:
const CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion1_0 CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion = "1.0"
const CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion1_1 CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion = "1.1"
const CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion1_2 CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion = "1.2"
const CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion1_3 CertificatePackCertificateUpdateResponseSSLSettingsMinTLSVersion = "1.3"
TLS1_3 CertificatePackCertificateUpdateResponseSSLSettingsTLS1_3optional

Whether or not TLS 1.3 is enabled.

One of the following:
const CertificatePackCertificateUpdateResponseSSLSettingsTLS1_3On CertificatePackCertificateUpdateResponseSSLSettingsTLS1_3 = "on"
const CertificatePackCertificateUpdateResponseSSLSettingsTLS1_3Off CertificatePackCertificateUpdateResponseSSLSettingsTLS1_3 = "off"
Signature stringoptional

The signature on a custom uploaded certificate.

Status CertificatePackCertificateUpdateResponseSSLStatusoptional

Status of the hostname's SSL certificates.

One of the following:
const CertificatePackCertificateUpdateResponseSSLStatusInitializing CertificatePackCertificateUpdateResponseSSLStatus = "initializing"
const CertificatePackCertificateUpdateResponseSSLStatusPendingValidation CertificatePackCertificateUpdateResponseSSLStatus = "pending_validation"
const CertificatePackCertificateUpdateResponseSSLStatusDeleted CertificatePackCertificateUpdateResponseSSLStatus = "deleted"
const CertificatePackCertificateUpdateResponseSSLStatusPendingIssuance CertificatePackCertificateUpdateResponseSSLStatus = "pending_issuance"
const CertificatePackCertificateUpdateResponseSSLStatusPendingDeployment CertificatePackCertificateUpdateResponseSSLStatus = "pending_deployment"
const CertificatePackCertificateUpdateResponseSSLStatusPendingDeletion CertificatePackCertificateUpdateResponseSSLStatus = "pending_deletion"
const CertificatePackCertificateUpdateResponseSSLStatusPendingExpiration CertificatePackCertificateUpdateResponseSSLStatus = "pending_expiration"
const CertificatePackCertificateUpdateResponseSSLStatusExpired CertificatePackCertificateUpdateResponseSSLStatus = "expired"
const CertificatePackCertificateUpdateResponseSSLStatusActive CertificatePackCertificateUpdateResponseSSLStatus = "active"
const CertificatePackCertificateUpdateResponseSSLStatusInitializingTimedOut CertificatePackCertificateUpdateResponseSSLStatus = "initializing_timed_out"
const CertificatePackCertificateUpdateResponseSSLStatusValidationTimedOut CertificatePackCertificateUpdateResponseSSLStatus = "validation_timed_out"
const CertificatePackCertificateUpdateResponseSSLStatusIssuanceTimedOut CertificatePackCertificateUpdateResponseSSLStatus = "issuance_timed_out"
const CertificatePackCertificateUpdateResponseSSLStatusDeploymentTimedOut CertificatePackCertificateUpdateResponseSSLStatus = "deployment_timed_out"
const CertificatePackCertificateUpdateResponseSSLStatusDeletionTimedOut CertificatePackCertificateUpdateResponseSSLStatus = "deletion_timed_out"
const CertificatePackCertificateUpdateResponseSSLStatusPendingCleanup CertificatePackCertificateUpdateResponseSSLStatus = "pending_cleanup"
const CertificatePackCertificateUpdateResponseSSLStatusStagingDeployment CertificatePackCertificateUpdateResponseSSLStatus = "staging_deployment"
const CertificatePackCertificateUpdateResponseSSLStatusStagingActive CertificatePackCertificateUpdateResponseSSLStatus = "staging_active"
const CertificatePackCertificateUpdateResponseSSLStatusDeactivating CertificatePackCertificateUpdateResponseSSLStatus = "deactivating"
const CertificatePackCertificateUpdateResponseSSLStatusInactive CertificatePackCertificateUpdateResponseSSLStatus = "inactive"
const CertificatePackCertificateUpdateResponseSSLStatusBackupIssued CertificatePackCertificateUpdateResponseSSLStatus = "backup_issued"
const CertificatePackCertificateUpdateResponseSSLStatusHoldingDeployment CertificatePackCertificateUpdateResponseSSLStatus = "holding_deployment"
Type DomainValidationTypeoptional

Level of validation to be used for this hostname. Domain validation (dv) must be used.

UploadedOn Timeoptional

The time the custom certificate was uploaded.

formatdate-time
ValidationErrors []CertificatePackCertificateUpdateResponseSSLValidationErroroptional

Domain validation errors that have been received by the certificate authority (CA).

Message stringoptional

A domain validation error.

ValidationRecords []CertificatePackCertificateUpdateResponseSSLValidationRecordoptional
CNAME stringoptional

The CNAME record hostname for DCV delegation.

CNAMETarget stringoptional

The CNAME record target value for DCV delegation.

Emails []stringoptional

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

HTTPBody stringoptional

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

HTTPURL stringoptional

The url that will be checked during domain validation.

Status stringoptional

Status of the validation record.

TXTName stringoptional

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

TXTValue stringoptional

The TXT record that the certificate authority (CA) will check during domain validation.

Wildcard booloptional

Indicates whether the certificate covers a wildcard.

Status CertificatePackCertificateUpdateResponseStatusoptional

Status of the hostname's activation.

One of the following:
const CertificatePackCertificateUpdateResponseStatusActive CertificatePackCertificateUpdateResponseStatus = "active"
const CertificatePackCertificateUpdateResponseStatusPending CertificatePackCertificateUpdateResponseStatus = "pending"
const CertificatePackCertificateUpdateResponseStatusActiveRedeploying CertificatePackCertificateUpdateResponseStatus = "active_redeploying"
const CertificatePackCertificateUpdateResponseStatusMoved CertificatePackCertificateUpdateResponseStatus = "moved"
const CertificatePackCertificateUpdateResponseStatusPendingDeletion CertificatePackCertificateUpdateResponseStatus = "pending_deletion"
const CertificatePackCertificateUpdateResponseStatusDeleted CertificatePackCertificateUpdateResponseStatus = "deleted"
const CertificatePackCertificateUpdateResponseStatusPendingBlocked CertificatePackCertificateUpdateResponseStatus = "pending_blocked"
const CertificatePackCertificateUpdateResponseStatusPendingMigration CertificatePackCertificateUpdateResponseStatus = "pending_migration"
const CertificatePackCertificateUpdateResponseStatusPendingProvisioned CertificatePackCertificateUpdateResponseStatus = "pending_provisioned"
const CertificatePackCertificateUpdateResponseStatusTestPending CertificatePackCertificateUpdateResponseStatus = "test_pending"
const CertificatePackCertificateUpdateResponseStatusTestActive CertificatePackCertificateUpdateResponseStatus = "test_active"
const CertificatePackCertificateUpdateResponseStatusTestActiveApex CertificatePackCertificateUpdateResponseStatus = "test_active_apex"
const CertificatePackCertificateUpdateResponseStatusTestBlocked CertificatePackCertificateUpdateResponseStatus = "test_blocked"
const CertificatePackCertificateUpdateResponseStatusTestFailed CertificatePackCertificateUpdateResponseStatus = "test_failed"
const CertificatePackCertificateUpdateResponseStatusProvisioned CertificatePackCertificateUpdateResponseStatus = "provisioned"
const CertificatePackCertificateUpdateResponseStatusBlocked CertificatePackCertificateUpdateResponseStatus = "blocked"
VerificationErrors []stringoptional

These are errors that were encountered while trying to activate a hostname.

Replace Custom Certificate and Custom Key In Custom Hostname

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/custom_hostnames"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  certificate, err := client.CustomHostnames.CertificatePack.Certificates.Update(
    context.TODO(),
    "023e105f4ecef8ad9ca31a8372d0c353",
    "023e105f4ecef8ad9ca31a8372d0c353",
    "023e105f4ecef8ad9ca31a8372d0c353",
    custom_hostnames.CertificatePackCertificateUpdateParams{
      ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
      CustomCertificate: cloudflare.F("-----BEGIN CERTIFICATE-----\nMIIDdjCCAl6gAwIBAgIJAPnMg0Fs+/B0MA0GCSqGSIb3DQEBCwUAMFsx...\n-----END CERTIFICATE-----\n"),
      CustomKey: cloudflare.F("-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/SCB5...\n-----END PRIVATE KEY-----\n"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", certificate.ID)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "hostname": "app.example.com",
    "created_at": "2020-02-06T18:11:23.531995Z",
    "custom_metadata": {
      "foo": "string"
    },
    "custom_origin_server": "origin2.example.com",
    "custom_origin_sni": "sni.example.com",
    "ownership_verification": {
      "name": "_cf-custom-hostname.app.example.com",
      "type": "txt",
      "value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
    },
    "ownership_verification_http": {
      "http_body": "5cc07c04-ea62-4a5a-95f0-419334a875a4",
      "http_url": "http://custom.test.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9"
    },
    "ssl": {
      "id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
      "bundle_method": "ubiquitous",
      "certificate_authority": "google",
      "custom_certificate": "-----BEGIN CERTIFICATE-----\nMIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E...SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O\nOeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7\n-----END CERTIFICATE-----\n",
      "custom_csr_id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
      "custom_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
      "dcv_delegation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "expires_on": "2021-02-06T18:11:23.531995Z",
      "hosts": [
        "app.example.com",
        "*.app.example.com"
      ],
      "issuer": "DigiCertInc",
      "method": "http",
      "serial_number": "6743787633689793699141714808227354901",
      "settings": {
        "ciphers": [
          "ECDHE-RSA-AES128-GCM-SHA256",
          "AES128-SHA"
        ],
        "early_hints": "on",
        "http2": "on",
        "min_tls_version": "1.2",
        "tls_1_3": "on"
      },
      "signature": "SHA256WithRSA",
      "status": "pending_validation",
      "type": "dv",
      "uploaded_on": "2020-02-06T18:11:23.531995Z",
      "validation_errors": [
        {
          "message": "SERVFAIL looking up CAA for app.example.com"
        }
      ],
      "validation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "wildcard": false
    },
    "status": "pending",
    "verification_errors": [
      "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
    ]
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "hostname": "app.example.com",
    "created_at": "2020-02-06T18:11:23.531995Z",
    "custom_metadata": {
      "foo": "string"
    },
    "custom_origin_server": "origin2.example.com",
    "custom_origin_sni": "sni.example.com",
    "ownership_verification": {
      "name": "_cf-custom-hostname.app.example.com",
      "type": "txt",
      "value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
    },
    "ownership_verification_http": {
      "http_body": "5cc07c04-ea62-4a5a-95f0-419334a875a4",
      "http_url": "http://custom.test.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9"
    },
    "ssl": {
      "id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
      "bundle_method": "ubiquitous",
      "certificate_authority": "google",
      "custom_certificate": "-----BEGIN CERTIFICATE-----\nMIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E...SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O\nOeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7\n-----END CERTIFICATE-----\n",
      "custom_csr_id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
      "custom_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
      "dcv_delegation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "expires_on": "2021-02-06T18:11:23.531995Z",
      "hosts": [
        "app.example.com",
        "*.app.example.com"
      ],
      "issuer": "DigiCertInc",
      "method": "http",
      "serial_number": "6743787633689793699141714808227354901",
      "settings": {
        "ciphers": [
          "ECDHE-RSA-AES128-GCM-SHA256",
          "AES128-SHA"
        ],
        "early_hints": "on",
        "http2": "on",
        "min_tls_version": "1.2",
        "tls_1_3": "on"
      },
      "signature": "SHA256WithRSA",
      "status": "pending_validation",
      "type": "dv",
      "uploaded_on": "2020-02-06T18:11:23.531995Z",
      "validation_errors": [
        {
          "message": "SERVFAIL looking up CAA for app.example.com"
        }
      ],
      "validation_records": [
        {
          "cname": "_acme-challenge.example.com",
          "cname_target": "dcv.cloudflare.com",
          "emails": [
            "administrator@example.com",
            "webmaster@example.com"
          ],
          "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
          "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
          "status": "pending",
          "txt_name": "_acme-challenge.app.example.com",
          "txt_value": "810b7d5f01154524b961ba0cd578acc2"
        }
      ],
      "wildcard": false
    },
    "status": "pending",
    "verification_errors": [
      "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
    ]
  }
}