A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

custom_csr_id: Optional[str]

The identifier for the Custom CSR that was used.

expires_on: Optional[datetime]

When the certificate from the authority expires.

formatdate-time

geo_restrictions: Optional[GeoRestrictions]

Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.

hosts: Optional[List[str]]

issuer: Optional[str]

The certificate authority that issued the certificate.

keyless_server: Optional[KeylessCertificate]

modified_on: Optional[datetime]

When the certificate was last modified.

formatdate-time

policy_restrictions: Optional[str]

The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policy_restrictions" in responses.

Specifies the region(s) where your private key can be held locally for optimal TLS performance. Format is a boolean expression, for example: "(country: US) or (region: EU)"

priority: Optional[float]

The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacy_custom' certificates, but 'legacy_custom' certificates will always supercede 'sni_custom' certificates.

signature: Optional[str]

The type of hash used for the certificate.

status: Optional[Literal["active", "expired", "deleted", 2 more]]

Status of the zone's custom SSL.

One of the following:

"active"

"expired"

"deleted"

"pending"

"initializing"

uploaded_on: Optional[datetime]

When the certificate was uploaded to Cloudflare.

formatdate-time

class GeoRestrictions: …

label: Optional[Literal["us", "eu", "highest_security"]]

One of the following:

"us"

"eu"

"highest_security"

Literal["active", "pending_reactivation", "pending_revocation", "revoked"]

Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions

One of the following:

"active"

"pending_reactivation"

"pending_revocation"

"revoked"

class CustomCertificateDeleteResponse: …

id: Optional[str]

Identifier.

maxLength32

Custom CertificatesPrioritize

Re-prioritize SSL Certificates

custom_certificates.prioritize.update() -> SyncSinglePage[CustomCertificate]

PUT/zones/{zone_id}/custom_certificates/prioritize