Skip to content
Cloudflare API
Start here
API Reference
Custom Csrs

Create Custom CSR

custom_csrs.create(CustomCsrCreateParams**kwargs) -> CustomCsrCreateResponse
POST/{accounts_or_zones}/{account_or_zone_id}/custom_csrs

Generate a new custom Certificate Signing Request (CSR) for an account or zone. Cloudflare generates and securely stores the private key associated with the CSR.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Account: SSL and Certificates Write
ParametersExpand Collapse
common_name: str

The common name (domain) for the CSR. Must be at most 64 characters.

maxLength64
country: str

Two-letter ISO 3166-1 alpha-2 country code.

locality: str

City or locality name.

organization: str

Organization name.

sans: Sequence[str]

Subject Alternative Names for the CSR. At least one SAN is required.

state: str

State or province name.

account_id: Optional[str]

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: Optional[str]

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

description: Optional[str]

Optional description for the CSR.

key_type: Optional[Literal["rsa2048", "p256v1"]]

Key algorithm to use for the CSR. Defaults to rsa2048 if not specified.

One of the following:
"rsa2048"
"p256v1"
name: Optional[str]

Human-readable name for the CSR.

organizational_unit: Optional[str]

Organizational unit name.

ReturnsExpand Collapse
class CustomCsrCreateResponse:

A custom Certificate Signing Request (CSR).

id: str

Custom CSR identifier tag.

maxLength36
created_at: datetime

When the CSR was created.

formatdate-time
key_type: Literal["rsa2048", "p256v1"]

The key algorithm used to generate the CSR.

One of the following:
"rsa2048"
"p256v1"
account_tag: Optional[str]

Account identifier associated with this CSR.

common_name: Optional[str]

The common name (domain) for the CSR.

maxLength64
country: Optional[str]

Two-letter ISO 3166-1 alpha-2 country code.

csr: Optional[str]

The PEM-encoded Certificate Signing Request.

description: Optional[str]

Optional description for the CSR.

locality: Optional[str]

City or locality name.

name: Optional[str]

Human-readable name for the CSR.

organization: Optional[str]

Organization name.

organizational_unit: Optional[str]

Organizational unit name.

sans: Optional[List[str]]

Subject Alternative Names included in the CSR.

state: Optional[str]

State or province name.

Create Custom CSR

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
custom_csr = client.custom_csrs.create(
    common_name="example.com",
    country="US",
    locality="San Francisco",
    organization="Cloudflare, Inc.",
    sans=["example.com", "www.example.com"],
    state="California",
    account_id="account_id",
)
print(custom_csr.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
    "created_at": "2024-01-15T10:30:00Z",
    "key_type": "rsa2048",
    "account_tag": "23e087bd19bc1d40ae95b6f297263ceb",
    "common_name": "example.com",
    "country": "US",
    "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYzCCAUsCAQAwHj...",
    "description": "CSR for example.com wildcard",
    "locality": "San Francisco",
    "name": "My Custom CSR",
    "organization": "Cloudflare, Inc.",
    "organizational_unit": "Engineering",
    "sans": [
      "example.com",
      "www.example.com"
    ],
    "state": "California"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
    "created_at": "2024-01-15T10:30:00Z",
    "key_type": "rsa2048",
    "account_tag": "23e087bd19bc1d40ae95b6f297263ceb",
    "common_name": "example.com",
    "country": "US",
    "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYzCCAUsCAQAwHj...",
    "description": "CSR for example.com wildcard",
    "locality": "San Francisco",
    "name": "My Custom CSR",
    "organization": "Cloudflare, Inc.",
    "organizational_unit": "Engineering",
    "sans": [
      "example.com",
      "www.example.com"
    ],
    "state": "California"
  }
}