API Reference

SSL

Certificate Packs

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Order Advanced Certificate Manager Certificate Pack

client.SSL.CertificatePacks.New(ctx, params) (*CertificatePackNewResponse, error)

POST/zones/{zone_id}/ssl/certificate_packs/order

For a given zone, order an advanced certificate pack.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

SSL and Certificates Write

ParametersExpand Collapse

params CertificatePackNewParams

ZoneID param.Field[string]

Path param: Identifier.

maxLength32

CertificateAuthority param.Field[CertificatePackNewParamsCertificateAuthority]

Body param: Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions see this page for more details.

const CertificatePackNewParamsCertificateAuthorityGoogle CertificatePackNewParamsCertificateAuthority = "google"

const CertificatePackNewParamsCertificateAuthorityLetsEncrypt CertificatePackNewParamsCertificateAuthority = "lets_encrypt"

const CertificatePackNewParamsCertificateAuthoritySSLCom CertificatePackNewParamsCertificateAuthority = "ssl_com"

Hosts param.Field[[]Host]

Body param: Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.

Type param.Field[CertificatePackNewParamsType]

Body param: Type of certificate pack.

const CertificatePackNewParamsTypeAdvanced CertificatePackNewParamsType = "advanced"

ValidationMethod param.Field[CertificatePackNewParamsValidationMethod]

Body param: Validation Method selected for the order.

const CertificatePackNewParamsValidationMethodTXT CertificatePackNewParamsValidationMethod = "txt"

const CertificatePackNewParamsValidationMethodHTTP CertificatePackNewParamsValidationMethod = "http"

const CertificatePackNewParamsValidationMethodEmail CertificatePackNewParamsValidationMethod = "email"

ValidityDays param.Field[CertificatePackNewParamsValidityDays]

Body param: Validity Days selected for the order.

const CertificatePackNewParamsValidityDays14 CertificatePackNewParamsValidityDays = 14

const CertificatePackNewParamsValidityDays30 CertificatePackNewParamsValidityDays = 30

const CertificatePackNewParamsValidityDays90 CertificatePackNewParamsValidityDays = 90

const CertificatePackNewParamsValidityDays365 CertificatePackNewParamsValidityDays = 365

CloudflareBranding param.Field[bool]optional

Body param: Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.

ReturnsExpand Collapse

type CertificatePackNewResponse struct{…}

A certificate pack with all its properties.

ID string

Identifier.

maxLength32

Certificates []CertificatePackNewResponseCertificate

Array of certificates in this pack.

ID string

Certificate identifier.

Hosts []string

Hostnames covered by this certificate.

Status string

Certificate status.

BundleMethod stringoptional

Certificate bundle method.

ExpiresOn Timeoptional

When the certificate from the authority expires.

formatdate-time

GeoRestrictions CertificatePackNewResponseCertificatesGeoRestrictionsoptional

Specify the region where your private key can be held locally.

Label CertificatePackNewResponseCertificatesGeoRestrictionsLabeloptional

One of the following:

const CertificatePackNewResponseCertificatesGeoRestrictionsLabelUs CertificatePackNewResponseCertificatesGeoRestrictionsLabel = "us"

const CertificatePackNewResponseCertificatesGeoRestrictionsLabelEu CertificatePackNewResponseCertificatesGeoRestrictionsLabel = "eu"

const CertificatePackNewResponseCertificatesGeoRestrictionsLabelHighestSecurity CertificatePackNewResponseCertificatesGeoRestrictionsLabel = "highest_security"

Issuer stringoptional

The certificate authority that issued the certificate.

ModifiedOn Timeoptional

When the certificate was last modified.

formatdate-time

Priority float64optional

The order/priority in which the certificate will be used.

Signature stringoptional

The type of hash used for the certificate.

UploadedOn Timeoptional

When the certificate was uploaded to Cloudflare.

formatdate-time

ZoneID stringoptional

Identifier.

maxLength32

Hosts []Host

Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.

Status Status

Status of certificate pack.

One of the following:

const StatusInitializing Status = "initializing"

const StatusPendingValidation Status = "pending_validation"

const StatusDeleted Status = "deleted"

const StatusPendingIssuance Status = "pending_issuance"

const StatusPendingDeployment Status = "pending_deployment"

const StatusPendingDeletion Status = "pending_deletion"

const StatusPendingExpiration Status = "pending_expiration"

const StatusExpired Status = "expired"

const StatusActive Status = "active"

const StatusInitializingTimedOut Status = "initializing_timed_out"

const StatusValidationTimedOut Status = "validation_timed_out"

const StatusIssuanceTimedOut Status = "issuance_timed_out"

const StatusDeploymentTimedOut Status = "deployment_timed_out"

const StatusDeletionTimedOut Status = "deletion_timed_out"

const StatusPendingCleanup Status = "pending_cleanup"

const StatusStagingDeployment Status = "staging_deployment"

const StatusStagingActive Status = "staging_active"

const StatusDeactivating Status = "deactivating"

const StatusInactive Status = "inactive"

const StatusBackupIssued Status = "backup_issued"

const StatusHoldingDeployment Status = "holding_deployment"

Type CertificatePackNewResponseType

Type of certificate pack.

One of the following:

const CertificatePackNewResponseTypeMhCustom CertificatePackNewResponseType = "mh_custom"

const CertificatePackNewResponseTypeManagedHostname CertificatePackNewResponseType = "managed_hostname"

const CertificatePackNewResponseTypeSNICustom CertificatePackNewResponseType = "sni_custom"

const CertificatePackNewResponseTypeUniversal CertificatePackNewResponseType = "universal"

const CertificatePackNewResponseTypeAdvanced CertificatePackNewResponseType = "advanced"

const CertificatePackNewResponseTypeTotalTLS CertificatePackNewResponseType = "total_tls"

const CertificatePackNewResponseTypeKeyless CertificatePackNewResponseType = "keyless"

const CertificatePackNewResponseTypeLegacyCustom CertificatePackNewResponseType = "legacy_custom"

CertificateAuthority CertificatePackNewResponseCertificateAuthorityoptional

Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions see this page for more details.

One of the following:

const CertificatePackNewResponseCertificateAuthorityGoogle CertificatePackNewResponseCertificateAuthority = "google"

const CertificatePackNewResponseCertificateAuthorityLetsEncrypt CertificatePackNewResponseCertificateAuthority = "lets_encrypt"

const CertificatePackNewResponseCertificateAuthoritySSLCom CertificatePackNewResponseCertificateAuthority = "ssl_com"

CloudflareBranding booloptional

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.

DCVDelegationRecords []CertificatePackNewResponseDCVDelegationRecordoptional

DCV Delegation records for domain validation.

CNAME stringoptional

The CNAME record hostname for DCV delegation.

CNAMETarget stringoptional

The CNAME record target value for DCV delegation.

Emails []stringoptional

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

HTTPBody stringoptional

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

HTTPURL stringoptional

The url that will be checked during domain validation.

Status stringoptional

Status of the validation record.

TXTName stringoptional

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

TXTValue stringoptional

The TXT record that the certificate authority (CA) will check during domain validation.

PrimaryCertificate stringoptional

Identifier of the primary certificate in a pack.

ValidationErrors []CertificatePackNewResponseValidationErroroptional

Domain validation errors that have been received by the certificate authority (CA).

Message stringoptional

A domain validation error.

ValidationMethod CertificatePackNewResponseValidationMethodoptional

Validation Method selected for the order.

One of the following:

const CertificatePackNewResponseValidationMethodTXT CertificatePackNewResponseValidationMethod = "txt"

const CertificatePackNewResponseValidationMethodHTTP CertificatePackNewResponseValidationMethod = "http"

const CertificatePackNewResponseValidationMethodEmail CertificatePackNewResponseValidationMethod = "email"

ValidationRecords []CertificatePackNewResponseValidationRecordoptional

Certificates' validation records.

CNAME stringoptional

The CNAME record hostname for DCV delegation.

CNAMETarget stringoptional

The CNAME record target value for DCV delegation.

Emails []stringoptional

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

HTTPBody stringoptional

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

HTTPURL stringoptional

The url that will be checked during domain validation.

Status stringoptional

Status of the validation record.

TXTName stringoptional

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

TXTValue stringoptional

The TXT record that the certificate authority (CA) will check during domain validation.

ValidityDays CertificatePackNewResponseValidityDaysoptional

Validity Days selected for the order.

One of the following:

const CertificatePackNewResponseValidityDays14 CertificatePackNewResponseValidityDays = 14

const CertificatePackNewResponseValidityDays30 CertificatePackNewResponseValidityDays = 30

const CertificatePackNewResponseValidityDays90 CertificatePackNewResponseValidityDays = 90

const CertificatePackNewResponseValidityDays365 CertificatePackNewResponseValidityDays = 365

Order Advanced Certificate Manager Certificate Pack

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/ssl"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  certificatePack, err := client.SSL.CertificatePacks.New(context.TODO(), ssl.CertificatePackNewParams{
    ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    CertificateAuthority: cloudflare.F(ssl.CertificatePackNewParamsCertificateAuthorityLetsEncrypt),
    Hosts: cloudflare.F([]ssl.HostParam{"example.com", "*.example.com", "www.example.com"}),
    Type: cloudflare.F(ssl.CertificatePackNewParamsTypeAdvanced),
    ValidationMethod: cloudflare.F(ssl.CertificatePackNewParamsValidationMethodTXT),
    ValidityDays: cloudflare.F(ssl.CertificatePackNewParamsValidityDays14),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", certificatePack.ID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "certificates": [
      {
        "id": "7e7b8deba8538af625850b7b2530034c",
        "hosts": [
          "example.com",
          "*.example.com"
        ],
        "status": "active",
        "bundle_method": "ubiquitous",
        "expires_on": "2024-01-01T00:00:00Z",
        "geo_restrictions": {
          "label": "us"
        },
        "issuer": "Let's Encrypt",
        "modified_on": "2014-01-01T05:20:00Z",
        "priority": 0,
        "signature": "ECDSAWithSHA256",
        "uploaded_on": "2014-01-01T05:20:00Z",
        "zone_id": "023e105f4ecef8ad9ca31a8372d0c353"
      }
    ],
    "hosts": [
      "example.com",
      "*.example.com",
      "www.example.com"
    ],
    "status": "initializing",
    "type": "universal",
    "certificate_authority": "lets_encrypt",
    "cloudflare_branding": false,
    "dcv_delegation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "primary_certificate": "7e7b8deba8538af625850b7b2530034c",
    "validation_errors": [
      {
        "message": "SERVFAIL looking up CAA for app.example.com"
      }
    ],
    "validation_method": "txt",
    "validation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "validity_days": 14
  }
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "certificates": [
      {
        "id": "7e7b8deba8538af625850b7b2530034c",
        "hosts": [
          "example.com",
          "*.example.com"
        ],
        "status": "active",
        "bundle_method": "ubiquitous",
        "expires_on": "2024-01-01T00:00:00Z",
        "geo_restrictions": {
          "label": "us"
        },
        "issuer": "Let's Encrypt",
        "modified_on": "2014-01-01T05:20:00Z",
        "priority": 0,
        "signature": "ECDSAWithSHA256",
        "uploaded_on": "2014-01-01T05:20:00Z",
        "zone_id": "023e105f4ecef8ad9ca31a8372d0c353"
      }
    ],
    "hosts": [
      "example.com",
      "*.example.com",
      "www.example.com"
    ],
    "status": "initializing",
    "type": "universal",
    "certificate_authority": "lets_encrypt",
    "cloudflare_branding": false,
    "dcv_delegation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "primary_certificate": "7e7b8deba8538af625850b7b2530034c",
    "validation_errors": [
      {
        "message": "SERVFAIL looking up CAA for app.example.com"
      }
    ],
    "validation_method": "txt",
    "validation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "validity_days": 14
  }
}