Cloudflare API | SSL › Universal › Settings › Edit Universal SSL Settings

For a given zone, restart validation or add cloudflare branding for an advanced certificate pack. The former is only a validation operation for a Certificate Pack in a validation_timed_out status.

Get Certificate Pack -> Envelope<unknown>

get/zones/{zone_id}/ssl/certificate_packs/{certificate_pack_id}

For a given zone, get a certificate pack.

List Certificate Packs -> SinglePage<unknown>

get/zones/{zone_id}/ssl/certificate_packs

For a given zone, list all active certificate packs.

Domain types

Host = string

RequestValidity = 7 | 30 | 90 | 4 more...

The number of days for which the certificate should be valid.

Status = "initializing" | "pending_validation" | "deleted" | 18 more...

Status of certificate pack.

ValidationMethod = "http" | "cname" | "txt"

Validation method in use for a certificate pack order.

SSL Certificate Packs

Quota

ssl.certificate_packs.quota

Methods

Get Certificate Pack Quotas -> Envelope<{ advanced }>

get/zones/{zone_id}/ssl/certificate_packs/quota

For a given zone, list certificate pack quotas.

SSL

Recommendations

ssl.recommendations

Methods

SSL TLS Recommendation -> Envelope<{ id, modified_on, value }>

get/zones/{zone_id}/ssl/recommendation

Retrieve the SSL/TLS Recommender's recommendation for a zone.

SSL

Universal

ssl.universal

SSL Universal

Settings

ssl.universal.settings

Methods

Edit Universal SSL Settings -> Envelope<

UniversalSSLSettings

patch/zones/{zone_id}/ssl/universal/settings

Patch Universal SSL Settings for a Zone.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example: X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example: X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

SSL and Certificates Write

path Parameters

zone_id: string

(maxLength: 32)

Identifier

Body parameters

enabled: boolean

Optional

Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no advanced certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS.

By disabling Universal SSL, you understand that the following Cloudflare settings and preferences will result in visitors being unable to visit your domain unless you have uploaded a custom certificate or purchased an advanced certificate.

HSTS
Always Use HTTPS
Opportunistic Encryption
Onion Routing
Any Page Rules redirecting traffic to HTTPS

Similarly, any HTTP redirect to HTTPS at the origin while the Cloudflare proxy is enabled will result in users being unable to visit your site without a valid certificate at Cloudflare's edge.

If you do not have a valid custom or advanced certificate at Cloudflare's edge and are unsure if any of the above Cloudflare settings are enabled, or if any HTTP redirects exist at your origin, we advise leaving Universal SSL enabled for your domain.

Response fields

errors: Array<

ResponseInfo

messages: Array<

ResponseInfo

success: true

Whether the API call was successful

result:

UniversalSSLSettings

Optional

Request example

curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/ssl/universal/settings \
    -X PATCH \
    -H 'Content-Type: application/json' \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \
    -d '{
      "enabled": true
    }'

200Example

{
  "errors": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message"
    }
  ],
  "success": true,
  "result": {
    "enabled": true
  }
}

Universal SSL Settings Details -> Envelope<

UniversalSSLSettings

get/zones/{zone_id}/ssl/universal/settings

Get Universal SSL Settings for a Zone.

Domain types

UniversalSSLSettings = { enabled }

SSL

Verification

ssl.verification

Methods

Edit SSL Certificate Pack Validation Method -> Envelope<{ status, validation_method }>

patch/zones/{zone_id}/ssl/verification/{certificate_pack_id}

Edit SSL validation method for a certificate pack. A PATCH request will request an immediate validation check on any certificate, and return the updated status. If a validation method is provided, the validation will be immediately attempted using that method.

SSL Verification Details -> Envelope<Array<

Verification

get/zones/{zone_id}/ssl/verification

Get SSL Verification Info for a Zone.

Domain types

Verification = { certificate_status, brand_check, cert_pack_uuid, 5 more... }