Cloudflare API | SSL › Verification › SSL Verification Details

If the system is enabled, the response will include next_scheduled_scan, representing the next time this zone will be scanned and the zone's ssl/tls encryption mode is potentially upgraded by the system. If the system is disabled, next_scheduled_scan will not be present in the response body.

Patch Automatic SSL TLS Enrollment Status For Given Zone -> Envelope<{ id, editable, modified_on, 2 more... }>

patch/zones/{zone_id}/settings/ssl_automatic_mode

The automatic system is enabled when this endpoint is hit with value in the request body is set to "auto", and disabled when the request body value is set to "custom".

SSL

Certificate Packs

ssl.certificate_packs

Methods

Order Advanced Certificate Manager Certificate Pack -> Envelope<{ id, certificate_authority, cloudflare_branding, 7 more... }>

post/zones/{zone_id}/ssl/certificate_packs/order

For a given zone, order an advanced certificate pack.

Delete Advanced Certificate Manager Certificate Pack -> Envelope<{ id }>

delete/zones/{zone_id}/ssl/certificate_packs/{certificate_pack_id}

For a given zone, delete an advanced certificate pack.

Restart Validation Or Update Advanced Certificate Manager Certificate Pack -> Envelope<{ id, certificate_authority, cloudflare_branding, 7 more... }>

patch/zones/{zone_id}/ssl/certificate_packs/{certificate_pack_id}

For a given zone, restart validation or add cloudflare branding for an advanced certificate pack. The former is only a validation operation for a Certificate Pack in a validation_timed_out status.

Get Certificate Pack -> Envelope<unknown>

get/zones/{zone_id}/ssl/certificate_packs/{certificate_pack_id}

For a given zone, get a certificate pack.

List Certificate Packs -> SinglePage<unknown>

get/zones/{zone_id}/ssl/certificate_packs

For a given zone, list all active certificate packs.

Domain types

Host = string

RequestValidity = 7 | 30 | 90 | 4 more...

The number of days for which the certificate should be valid.

Status = "initializing" | "pending_validation" | "deleted" | 18 more...

Status of certificate pack.

ValidationMethod = "http" | "cname" | "txt"

Validation method in use for a certificate pack order.

SSL Certificate Packs

Quota

ssl.certificate_packs.quota

Methods

Get Certificate Pack Quotas -> Envelope<{ advanced }>

get/zones/{zone_id}/ssl/certificate_packs/quota

For a given zone, list certificate pack quotas.

SSL

Recommendations

ssl.recommendations

Methods

SSL TLS Recommendation -> Envelope<{ id, editable, modified_on, 2 more... }>

Deprecated

get/zones/{zone_id}/ssl/recommendation

Deprecated

SSL/TLS Recommender has been decommissioned in favor of Automatic SSL/TLS

Retrieve the SSL/TLS Recommender's recommendation for a zone.

SSL

Universal

ssl.universal

SSL Universal

Settings

ssl.universal.settings

Methods

Edit Universal SSL Settings -> Envelope<

UniversalSSLSettings

patch/zones/{zone_id}/ssl/universal/settings

Patch Universal SSL Settings for a Zone.

Universal SSL Settings Details -> Envelope<

UniversalSSLSettings

get/zones/{zone_id}/ssl/universal/settings

Get Universal SSL Settings for a Zone.

Domain types

UniversalSSLSettings = { enabled }

SSL

Verification

ssl.verification

Methods

Edit SSL Certificate Pack Validation Method -> Envelope<{ status, validation_method }>

patch/zones/{zone_id}/ssl/verification/{certificate_pack_id}

Edit SSL validation method for a certificate pack. A PATCH request will request an immediate validation check on any certificate, and return the updated status. If a validation method is provided, the validation will be immediately attempted using that method.

SSL Verification Details -> Envelope<Array<

Verification

get/zones/{zone_id}/ssl/verification

Get SSL Verification Info for a Zone.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example: X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example: X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Access: Mutual TLS Certificates Write Access: Mutual TLS Certificates Read SSL and Certificates Write SSL and Certificates Read

path Parameters

zone_id: string

(maxLength: 32)

Identifier.

query Parameters

retry:

Optional

Immediately retry SSL Verification.

true

Response fields

result: Array<

Verification

Optional

Request example

curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/ssl/verification \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200Example

{
  "result": [
    {
      "certificate_status": "active",
      "brand_check": false,
      "cert_pack_uuid": "a77f8bd7-3b47-46b4-a6f1-75cf98109948",
      "signature": "ECDSAWithSHA256",
      "validation_method": "txt",
      "verification_info": {
        "record_name": "record_name",
        "record_target": "record_value"
      },
      "verification_status": true,
      "verification_type": "cname"
    }
  ]
}

Domain types

Verification = { certificate_status, brand_check, cert_pack_uuid, 5 more... }