# SSL # Analyze ## Analyze Certificate `ssl.analyze.create(AnalyzeCreateParams**kwargs) -> object` **post** `/zones/{zone_id}/ssl/analyze` Returns the set of hostnames, the signature algorithm, and the expiration date of the certificate. ### Parameters - `zone_id: str` Identifier. - `bundle_method: Optional[BundleMethod]` A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. - `"ubiquitous"` - `"optimal"` - `"force"` - `certificate: Optional[str]` The zone's SSL certificate or certificate and the intermediate(s). ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) analyze = client.ssl.analyze.create( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(analyze) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {} } ``` # Certificate Packs ## List Certificate Packs `ssl.certificate_packs.list(CertificatePackListParams**kwargs) -> SyncV4PagePaginationArray[CertificatePackListResponse]` **get** `/zones/{zone_id}/ssl/certificate_packs` For a given zone, list all active certificate packs. ### Parameters - `zone_id: str` Identifier. - `deploy: Optional[Literal["staging", "production"]]` Specify the deployment environment for the certificate packs. - `"staging"` - `"production"` - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Number of certificate packs per page. - `status: Optional[Literal["all"]]` Include Certificate Packs of all statuses, not just active ones. - `"all"` ### Returns - `class CertificatePackListResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.ssl.certificate_packs.list( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificates": [ { "id": "7e7b8deba8538af625850b7b2530034c", "hosts": [ "example.com", "*.example.com" ], "status": "active", "bundle_method": "ubiquitous", "expires_on": "2024-01-01T00:00:00Z", "geo_restrictions": { "label": "us" }, "issuer": "Let's Encrypt", "modified_on": "2014-01-01T05:20:00Z", "priority": 0, "signature": "ECDSAWithSHA256", "uploaded_on": "2014-01-01T05:20:00Z", "zone_id": "023e105f4ecef8ad9ca31a8372d0c353" } ], "hosts": [ "example.com", "*.example.com", "www.example.com" ], "status": "initializing", "type": "universal", "certificate_authority": "lets_encrypt", "cloudflare_branding": false, "dcv_delegation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "primary_certificate": "7e7b8deba8538af625850b7b2530034c", "validation_errors": [ { "message": "SERVFAIL looking up CAA for app.example.com" } ], "validation_method": "txt", "validation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "validity_days": 14 } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get Certificate Pack `ssl.certificate_packs.get(strcertificate_pack_id, CertificatePackGetParams**kwargs) -> CertificatePackGetResponse` **get** `/zones/{zone_id}/ssl/certificate_packs/{certificate_pack_id}` For a given zone, get a certificate pack. ### Parameters - `zone_id: str` Identifier. - `certificate_pack_id: str` Identifier. ### Returns - `class CertificatePackGetResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) certificate_pack = client.ssl.certificate_packs.get( certificate_pack_id="023e105f4ecef8ad9ca31a8372d0c353", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(certificate_pack.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificates": [ { "id": "7e7b8deba8538af625850b7b2530034c", "hosts": [ "example.com", "*.example.com" ], "status": "active", "bundle_method": "ubiquitous", "expires_on": "2024-01-01T00:00:00Z", "geo_restrictions": { "label": "us" }, "issuer": "Let's Encrypt", "modified_on": "2014-01-01T05:20:00Z", "priority": 0, "signature": "ECDSAWithSHA256", "uploaded_on": "2014-01-01T05:20:00Z", "zone_id": "023e105f4ecef8ad9ca31a8372d0c353" } ], "hosts": [ "example.com", "*.example.com", "www.example.com" ], "status": "initializing", "type": "universal", "certificate_authority": "lets_encrypt", "cloudflare_branding": false, "dcv_delegation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "primary_certificate": "7e7b8deba8538af625850b7b2530034c", "validation_errors": [ { "message": "SERVFAIL looking up CAA for app.example.com" } ], "validation_method": "txt", "validation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "validity_days": 14 } } ``` ## Order Advanced Certificate Manager Certificate Pack `ssl.certificate_packs.create(CertificatePackCreateParams**kwargs) -> CertificatePackCreateResponse` **post** `/zones/{zone_id}/ssl/certificate_packs/order` For a given zone, order an advanced certificate pack. ### Parameters - `zone_id: str` Identifier. - `certificate_authority: Literal["google", "lets_encrypt", "ssl_com"]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `hosts: SequenceNotStr[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `type: Literal["advanced"]` Type of certificate pack. - `"advanced"` - `validation_method: Literal["txt", "http", "email"]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validity_days: Literal[14, 30, 90, 365]` Validity Days selected for the order. - `14` - `30` - `90` - `365` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. ### Returns - `class CertificatePackCreateResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) certificate_pack = client.ssl.certificate_packs.create( zone_id="023e105f4ecef8ad9ca31a8372d0c353", certificate_authority="lets_encrypt", hosts=["example.com", "*.example.com", "www.example.com"], type="advanced", validation_method="txt", validity_days=14, ) print(certificate_pack.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificates": [ { "id": "7e7b8deba8538af625850b7b2530034c", "hosts": [ "example.com", "*.example.com" ], "status": "active", "bundle_method": "ubiquitous", "expires_on": "2024-01-01T00:00:00Z", "geo_restrictions": { "label": "us" }, "issuer": "Let's Encrypt", "modified_on": "2014-01-01T05:20:00Z", "priority": 0, "signature": "ECDSAWithSHA256", "uploaded_on": "2014-01-01T05:20:00Z", "zone_id": "023e105f4ecef8ad9ca31a8372d0c353" } ], "hosts": [ "example.com", "*.example.com", "www.example.com" ], "status": "initializing", "type": "universal", "certificate_authority": "lets_encrypt", "cloudflare_branding": false, "dcv_delegation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "primary_certificate": "7e7b8deba8538af625850b7b2530034c", "validation_errors": [ { "message": "SERVFAIL looking up CAA for app.example.com" } ], "validation_method": "txt", "validation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "validity_days": 14 } } ``` ## Restart Validation or Update Advanced Certificate Manager Certificate Pack `ssl.certificate_packs.edit(strcertificate_pack_id, CertificatePackEditParams**kwargs) -> CertificatePackEditResponse` **patch** `/zones/{zone_id}/ssl/certificate_packs/{certificate_pack_id}` For a given zone, restart validation or add cloudflare branding for an advanced certificate pack. The former is only a validation operation for a Certificate Pack in a validation_timed_out status. ### Parameters - `zone_id: str` Identifier. - `certificate_pack_id: str` Identifier. - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. ### Returns - `class CertificatePackEditResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.ssl.certificate_packs.edit( certificate_pack_id="023e105f4ecef8ad9ca31a8372d0c353", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "certificates": [ { "id": "7e7b8deba8538af625850b7b2530034c", "hosts": [ "example.com", "*.example.com" ], "status": "active", "bundle_method": "ubiquitous", "expires_on": "2024-01-01T00:00:00Z", "geo_restrictions": { "label": "us" }, "issuer": "Let's Encrypt", "modified_on": "2014-01-01T05:20:00Z", "priority": 0, "signature": "ECDSAWithSHA256", "uploaded_on": "2014-01-01T05:20:00Z", "zone_id": "023e105f4ecef8ad9ca31a8372d0c353" } ], "hosts": [ "example.com", "*.example.com", "www.example.com" ], "status": "initializing", "type": "universal", "certificate_authority": "lets_encrypt", "cloudflare_branding": false, "dcv_delegation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "primary_certificate": "7e7b8deba8538af625850b7b2530034c", "validation_errors": [ { "message": "SERVFAIL looking up CAA for app.example.com" } ], "validation_method": "txt", "validation_records": [ { "cname": "_acme-challenge.example.com", "cname_target": "dcv.cloudflare.com", "emails": [ "administrator@example.com", "webmaster@example.com" ], "http_body": "ca3-574923932a82475cb8592200f1a2a23d", "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt", "status": "pending", "txt_name": "_acme-challenge.app.example.com", "txt_value": "810b7d5f01154524b961ba0cd578acc2" } ], "validity_days": 14 } } ``` ## Delete Advanced Certificate Manager Certificate Pack `ssl.certificate_packs.delete(strcertificate_pack_id, CertificatePackDeleteParams**kwargs) -> CertificatePackDeleteResponse` **delete** `/zones/{zone_id}/ssl/certificate_packs/{certificate_pack_id}` For a given zone, delete an advanced certificate pack. ### Parameters - `zone_id: str` Identifier. - `certificate_pack_id: str` Identifier. ### Returns - `class CertificatePackDeleteResponse: …` - `id: Optional[str]` Identifier. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) certificate_pack = client.ssl.certificate_packs.delete( certificate_pack_id="023e105f4ecef8ad9ca31a8372d0c353", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(certificate_pack.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Host - `str` ### Request Validity - `Literal[7, 30, 90, 4 more]` The number of days for which the certificate should be valid. - `7` - `30` - `90` - `365` - `730` - `1095` - `5475` ### Status - `Literal["initializing", "pending_validation", "deleted", 18 more]` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` ### Validation Method - `Literal["http", "cname", "txt"]` Validation method in use for a certificate pack order. - `"http"` - `"cname"` - `"txt"` ### Certificate Pack List Response - `class CertificatePackListResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Certificate Pack Get Response - `class CertificatePackGetResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Certificate Pack Create Response - `class CertificatePackCreateResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Certificate Pack Edit Response - `class CertificatePackEditResponse: …` A certificate pack with all its properties. - `id: str` Identifier. - `certificates: List[Certificate]` Array of certificates in this pack. - `id: str` Certificate identifier. - `hosts: List[str]` Hostnames covered by this certificate. - `status: str` Certificate status. - `bundle_method: Optional[str]` Certificate bundle method. - `expires_on: Optional[datetime]` When the certificate from the authority expires. - `geo_restrictions: Optional[CertificateGeoRestrictions]` Specify the region where your private key can be held locally. - `label: Optional[Literal["us", "eu", "highest_security"]]` - `"us"` - `"eu"` - `"highest_security"` - `issuer: Optional[str]` The certificate authority that issued the certificate. - `modified_on: Optional[datetime]` When the certificate was last modified. - `priority: Optional[float]` The order/priority in which the certificate will be used. - `signature: Optional[str]` The type of hash used for the certificate. - `uploaded_on: Optional[datetime]` When the certificate was uploaded to Cloudflare. - `zone_id: Optional[str]` Identifier. - `hosts: List[Host]` Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty. - `status: Status` Status of certificate pack. - `"initializing"` - `"pending_validation"` - `"deleted"` - `"pending_issuance"` - `"pending_deployment"` - `"pending_deletion"` - `"pending_expiration"` - `"expired"` - `"active"` - `"initializing_timed_out"` - `"validation_timed_out"` - `"issuance_timed_out"` - `"deployment_timed_out"` - `"deletion_timed_out"` - `"pending_cleanup"` - `"staging_deployment"` - `"staging_active"` - `"deactivating"` - `"inactive"` - `"backup_issued"` - `"holding_deployment"` - `type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]` Type of certificate pack. - `"mh_custom"` - `"managed_hostname"` - `"sni_custom"` - `"universal"` - `"advanced"` - `"total_tls"` - `"keyless"` - `"legacy_custom"` - `certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]` Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions [see this page for more details.](https://developers.cloudflare.com/ssl/reference/certificate-authorities) - `"google"` - `"lets_encrypt"` - `"ssl_com"` - `cloudflare_branding: Optional[bool]` Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true. - `dcv_delegation_records: Optional[List[DCVDelegationRecord]]` DCV Delegation records for domain validation. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `primary_certificate: Optional[str]` Identifier of the primary certificate in a pack. - `validation_errors: Optional[List[ValidationError]]` Domain validation errors that have been received by the certificate authority (CA). - `message: Optional[str]` A domain validation error. - `validation_method: Optional[Literal["txt", "http", "email"]]` Validation Method selected for the order. - `"txt"` - `"http"` - `"email"` - `validation_records: Optional[List[ValidationRecord]]` Certificates' validation records. - `cname: Optional[str]` The CNAME record hostname for DCV delegation. - `cname_target: Optional[str]` The CNAME record target value for DCV delegation. - `emails: Optional[List[str]]` The set of email addresses that the certificate authority (CA) will use to complete domain validation. - `http_body: Optional[str]` The content that the certificate authority (CA) will expect to find at the http_url during the domain validation. - `http_url: Optional[str]` The url that will be checked during domain validation. - `status: Optional[str]` Status of the validation record. - `txt_name: Optional[str]` The hostname that the certificate authority (CA) will check for a TXT record during domain validation . - `txt_value: Optional[str]` The TXT record that the certificate authority (CA) will check during domain validation. - `validity_days: Optional[Literal[14, 30, 90, 365]]` Validity Days selected for the order. - `14` - `30` - `90` - `365` ### Certificate Pack Delete Response - `class CertificatePackDeleteResponse: …` - `id: Optional[str]` Identifier. # Quota ## Get Certificate Pack Quotas `ssl.certificate_packs.quota.get(QuotaGetParams**kwargs) -> QuotaGetResponse` **get** `/zones/{zone_id}/ssl/certificate_packs/quota` For a given zone, list certificate pack quotas. ### Parameters - `zone_id: str` Identifier. ### Returns - `class QuotaGetResponse: …` - `advanced: Optional[Advanced]` - `allocated: Optional[int]` Quantity Allocated. - `used: Optional[int]` Quantity Used. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) quota = client.ssl.certificate_packs.quota.get( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(quota.advanced) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "advanced": { "allocated": 0, "used": 0 } } } ``` ## Domain Types ### Quota Get Response - `class QuotaGetResponse: …` - `advanced: Optional[Advanced]` - `allocated: Optional[int]` Quantity Allocated. - `used: Optional[int]` Quantity Used. # Recommendations ## SSL/TLS Recommendation `ssl.recommendations.get(RecommendationGetParams**kwargs) -> RecommendationGetResponse` **get** `/zones/{zone_id}/ssl/recommendation` Retrieve the SSL/TLS Recommender's recommendation for a zone. ### Parameters - `zone_id: str` ### Returns - `class RecommendationGetResponse: …` - `id: str` - `editable: bool` Whether this setting can be updated or not. - `modified_on: datetime` Last time this setting was modified. - `value: Literal["auto", "custom"]` Current setting of the automatic SSL/TLS. - `"auto"` - `"custom"` - `next_scheduled_scan: Optional[datetime]` Next time this zone will be scanned by the Automatic SSL/TLS. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) recommendation = client.ssl.recommendations.get( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(recommendation.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "ssl_automatic_mode", "editable": true, "modified_on": "2014-01-01T05:20:00.12345Z", "value": "auto", "next_scheduled_scan": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Domain Types ### Recommendation Get Response - `class RecommendationGetResponse: …` - `id: str` - `editable: bool` Whether this setting can be updated or not. - `modified_on: datetime` Last time this setting was modified. - `value: Literal["auto", "custom"]` Current setting of the automatic SSL/TLS. - `"auto"` - `"custom"` - `next_scheduled_scan: Optional[datetime]` Next time this zone will be scanned by the Automatic SSL/TLS. # Automatic Upgrader # Universal # Settings ## Universal SSL Settings Details `ssl.universal.settings.get(SettingGetParams**kwargs) -> UniversalSSLSettings` **get** `/zones/{zone_id}/ssl/universal/settings` Get Universal SSL Settings for a Zone. ### Parameters - `zone_id: str` Identifier. ### Returns - `class UniversalSSLSettings: …` - `enabled: Optional[bool]` Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no advanced certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS. By disabling Universal SSL, you understand that the following Cloudflare settings and preferences will result in visitors being unable to visit your domain unless you have uploaded a custom certificate or purchased an advanced certificate. * HSTS * Always Use HTTPS * Opportunistic Encryption * Onion Routing * Any Page Rules redirecting traffic to HTTPS Similarly, any HTTP redirect to HTTPS at the origin while the Cloudflare proxy is enabled will result in users being unable to visit your site without a valid certificate at Cloudflare's edge. If you do not have a valid custom or advanced certificate at Cloudflare's edge and are unsure if any of the above Cloudflare settings are enabled, or if any HTTP redirects exist at your origin, we advise leaving Universal SSL enabled for your domain. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) universal_ssl_settings = client.ssl.universal.settings.get( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(universal_ssl_settings.enabled) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "enabled": true } } ``` ## Edit Universal SSL Settings `ssl.universal.settings.edit(SettingEditParams**kwargs) -> UniversalSSLSettings` **patch** `/zones/{zone_id}/ssl/universal/settings` Patch Universal SSL Settings for a Zone. ### Parameters - `zone_id: str` Identifier. - `enabled: Optional[bool]` Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no advanced certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS. By disabling Universal SSL, you understand that the following Cloudflare settings and preferences will result in visitors being unable to visit your domain unless you have uploaded a custom certificate or purchased an advanced certificate. * HSTS * Always Use HTTPS * Opportunistic Encryption * Onion Routing * Any Page Rules redirecting traffic to HTTPS Similarly, any HTTP redirect to HTTPS at the origin while the Cloudflare proxy is enabled will result in users being unable to visit your site without a valid certificate at Cloudflare's edge. If you do not have a valid custom or advanced certificate at Cloudflare's edge and are unsure if any of the above Cloudflare settings are enabled, or if any HTTP redirects exist at your origin, we advise leaving Universal SSL enabled for your domain. ### Returns - `class UniversalSSLSettings: …` - `enabled: Optional[bool]` Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no advanced certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS. By disabling Universal SSL, you understand that the following Cloudflare settings and preferences will result in visitors being unable to visit your domain unless you have uploaded a custom certificate or purchased an advanced certificate. * HSTS * Always Use HTTPS * Opportunistic Encryption * Onion Routing * Any Page Rules redirecting traffic to HTTPS Similarly, any HTTP redirect to HTTPS at the origin while the Cloudflare proxy is enabled will result in users being unable to visit your site without a valid certificate at Cloudflare's edge. If you do not have a valid custom or advanced certificate at Cloudflare's edge and are unsure if any of the above Cloudflare settings are enabled, or if any HTTP redirects exist at your origin, we advise leaving Universal SSL enabled for your domain. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) universal_ssl_settings = client.ssl.universal.settings.edit( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(universal_ssl_settings.enabled) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "enabled": true } } ``` ## Domain Types ### Universal SSL Settings - `class UniversalSSLSettings: …` - `enabled: Optional[bool]` Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no advanced certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS. By disabling Universal SSL, you understand that the following Cloudflare settings and preferences will result in visitors being unable to visit your domain unless you have uploaded a custom certificate or purchased an advanced certificate. * HSTS * Always Use HTTPS * Opportunistic Encryption * Onion Routing * Any Page Rules redirecting traffic to HTTPS Similarly, any HTTP redirect to HTTPS at the origin while the Cloudflare proxy is enabled will result in users being unable to visit your site without a valid certificate at Cloudflare's edge. If you do not have a valid custom or advanced certificate at Cloudflare's edge and are unsure if any of the above Cloudflare settings are enabled, or if any HTTP redirects exist at your origin, we advise leaving Universal SSL enabled for your domain. # Verification ## SSL Verification Details `ssl.verification.get(VerificationGetParams**kwargs) -> VerificationGetResponse` **get** `/zones/{zone_id}/ssl/verification` Get SSL Verification Info for a Zone. ### Parameters - `zone_id: str` Identifier. - `retry: Optional[Literal[true]]` Immediately retry SSL Verification. - `true` ### Returns - `List[Verification]` - `certificate_status: Literal["initializing", "authorizing", "active", 4 more]` Current status of certificate. - `"initializing"` - `"authorizing"` - `"active"` - `"expired"` - `"issuing"` - `"timing_out"` - `"pending_deployment"` - `brand_check: Optional[bool]` Certificate Authority is manually reviewing the order. - `cert_pack_uuid: Optional[str]` Certificate Pack UUID. - `signature: Optional[Literal["ECDSAWithSHA256", "SHA1WithRSA", "SHA256WithRSA"]]` Certificate's signature algorithm. - `"ECDSAWithSHA256"` - `"SHA1WithRSA"` - `"SHA256WithRSA"` - `validation_method: Optional[ValidationMethod]` Validation method in use for a certificate pack order. - `"http"` - `"cname"` - `"txt"` - `verification_info: Optional[VerificationInfo]` Certificate's required verification information. - `record_name: Optional[Literal["record_name", "http_url", "cname", "txt_name"]]` Name of CNAME record. - `"record_name"` - `"http_url"` - `"cname"` - `"txt_name"` - `record_target: Optional[Literal["record_value", "http_body", "cname_target", "txt_value"]]` Target of CNAME record. - `"record_value"` - `"http_body"` - `"cname_target"` - `"txt_value"` - `verification_status: Optional[bool]` Status of the required verification information, omitted if verification status is unknown. - `verification_type: Optional[Literal["cname", "meta tag"]]` Method of verification. - `"cname"` - `"meta tag"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) verifications = client.ssl.verification.get( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(verifications) ``` #### Response ```json { "result": [ { "certificate_status": "active", "brand_check": false, "cert_pack_uuid": "a77f8bd7-3b47-46b4-a6f1-75cf98109948", "signature": "ECDSAWithSHA256", "validation_method": "txt", "verification_info": { "record_name": "record_name", "record_target": "record_value" }, "verification_status": true, "verification_type": "cname" } ] } ``` ## Edit SSL Certificate Pack Validation Method `ssl.verification.edit(strcertificate_pack_id, VerificationEditParams**kwargs) -> VerificationEditResponse` **patch** `/zones/{zone_id}/ssl/verification/{certificate_pack_id}` Edit SSL validation method for a certificate pack. A PATCH request will request an immediate validation check on any certificate, and return the updated status. If a validation method is provided, the validation will be immediately attempted using that method. ### Parameters - `zone_id: str` Identifier. - `certificate_pack_id: str` Certificate Pack UUID. - `validation_method: Literal["http", "cname", "txt", "email"]` Desired validation method. - `"http"` - `"cname"` - `"txt"` - `"email"` ### Returns - `class VerificationEditResponse: …` - `status: Optional[str]` Result status. - `validation_method: Optional[Literal["http", "cname", "txt", "email"]]` Desired validation method. - `"http"` - `"cname"` - `"txt"` - `"email"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.ssl.verification.edit( certificate_pack_id="a77f8bd7-3b47-46b4-a6f1-75cf98109948", zone_id="023e105f4ecef8ad9ca31a8372d0c353", validation_method="txt", ) print(response.validation_method) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "status": "pending_validation", "validation_method": "txt" } } ``` ## Domain Types ### Verification - `class Verification: …` - `certificate_status: Literal["initializing", "authorizing", "active", 4 more]` Current status of certificate. - `"initializing"` - `"authorizing"` - `"active"` - `"expired"` - `"issuing"` - `"timing_out"` - `"pending_deployment"` - `brand_check: Optional[bool]` Certificate Authority is manually reviewing the order. - `cert_pack_uuid: Optional[str]` Certificate Pack UUID. - `signature: Optional[Literal["ECDSAWithSHA256", "SHA1WithRSA", "SHA256WithRSA"]]` Certificate's signature algorithm. - `"ECDSAWithSHA256"` - `"SHA1WithRSA"` - `"SHA256WithRSA"` - `validation_method: Optional[ValidationMethod]` Validation method in use for a certificate pack order. - `"http"` - `"cname"` - `"txt"` - `verification_info: Optional[VerificationInfo]` Certificate's required verification information. - `record_name: Optional[Literal["record_name", "http_url", "cname", "txt_name"]]` Name of CNAME record. - `"record_name"` - `"http_url"` - `"cname"` - `"txt_name"` - `record_target: Optional[Literal["record_value", "http_body", "cname_target", "txt_value"]]` Target of CNAME record. - `"record_value"` - `"http_body"` - `"cname_target"` - `"txt_value"` - `verification_status: Optional[bool]` Status of the required verification information, omitted if verification status is unknown. - `verification_type: Optional[Literal["cname", "meta tag"]]` Method of verification. - `"cname"` - `"meta tag"` ### Verification Get Response - `List[Verification]` - `certificate_status: Literal["initializing", "authorizing", "active", 4 more]` Current status of certificate. - `"initializing"` - `"authorizing"` - `"active"` - `"expired"` - `"issuing"` - `"timing_out"` - `"pending_deployment"` - `brand_check: Optional[bool]` Certificate Authority is manually reviewing the order. - `cert_pack_uuid: Optional[str]` Certificate Pack UUID. - `signature: Optional[Literal["ECDSAWithSHA256", "SHA1WithRSA", "SHA256WithRSA"]]` Certificate's signature algorithm. - `"ECDSAWithSHA256"` - `"SHA1WithRSA"` - `"SHA256WithRSA"` - `validation_method: Optional[ValidationMethod]` Validation method in use for a certificate pack order. - `"http"` - `"cname"` - `"txt"` - `verification_info: Optional[VerificationInfo]` Certificate's required verification information. - `record_name: Optional[Literal["record_name", "http_url", "cname", "txt_name"]]` Name of CNAME record. - `"record_name"` - `"http_url"` - `"cname"` - `"txt_name"` - `record_target: Optional[Literal["record_value", "http_body", "cname_target", "txt_value"]]` Target of CNAME record. - `"record_value"` - `"http_body"` - `"cname_target"` - `"txt_value"` - `verification_status: Optional[bool]` Status of the required verification information, omitted if verification status is unknown. - `verification_type: Optional[Literal["cname", "meta tag"]]` Method of verification. - `"cname"` - `"meta tag"` ### Verification Edit Response - `class VerificationEditResponse: …` - `status: Optional[str]` Result status. - `validation_method: Optional[Literal["http", "cname", "txt", "email"]]` Desired validation method. - `"http"` - `"cname"` - `"txt"` - `"email"`