Skip to content
Cloudflare API
Start here
API Reference
SSL
Certificate Packs

Order Advanced Certificate Manager Certificate Pack

ssl.certificate_packs.create(CertificatePackCreateParams**kwargs) -> CertificatePackCreateResponse
POST/zones/{zone_id}/ssl/certificate_packs/order

For a given zone, order an advanced certificate pack.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
SSL and Certificates Write
ParametersExpand Collapse
zone_id: str

Identifier.

maxLength32
certificate_authority: Literal["google", "lets_encrypt", "ssl_com"]

Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions see this page for more details.

One of the following:
"google"
"lets_encrypt"
"ssl_com"
hosts: SequenceNotStr[Host]

Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.

type: Literal["advanced"]

Type of certificate pack.

validation_method: Literal["txt", "http", "email"]

Validation Method selected for the order.

One of the following:
"txt"
"http"
"email"
validity_days: Literal[14, 30, 90, 365]

Validity Days selected for the order.

One of the following:
14
30
90
365
cloudflare_branding: Optional[bool]

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.

ReturnsExpand Collapse
class CertificatePackCreateResponse:

A certificate pack with all its properties.

id: str

Identifier.

maxLength32
certificates: List[Certificate]

Array of certificates in this pack.

id: str

Certificate identifier.

hosts: List[str]

Hostnames covered by this certificate.

status: str

Certificate status.

bundle_method: Optional[str]

Certificate bundle method.

expires_on: Optional[datetime]

When the certificate from the authority expires.

formatdate-time
geo_restrictions: Optional[CertificateGeoRestrictions]

Specify the region where your private key can be held locally.

label: Optional[Literal["us", "eu", "highest_security"]]
One of the following:
"us"
"eu"
"highest_security"
issuer: Optional[str]

The certificate authority that issued the certificate.

modified_on: Optional[datetime]

When the certificate was last modified.

formatdate-time
priority: Optional[float]

The order/priority in which the certificate will be used.

signature: Optional[str]

The type of hash used for the certificate.

uploaded_on: Optional[datetime]

When the certificate was uploaded to Cloudflare.

formatdate-time
zone_id: Optional[str]

Identifier.

maxLength32
hosts: List[Host]

Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.

status: Status

Status of certificate pack.

One of the following:
"initializing"
"pending_validation"
"deleted"
"pending_issuance"
"pending_deployment"
"pending_deletion"
"pending_expiration"
"expired"
"active"
"initializing_timed_out"
"validation_timed_out"
"issuance_timed_out"
"deployment_timed_out"
"deletion_timed_out"
"pending_cleanup"
"staging_deployment"
"staging_active"
"deactivating"
"inactive"
"backup_issued"
"holding_deployment"
type: Literal["mh_custom", "managed_hostname", "sni_custom", 5 more]

Type of certificate pack.

One of the following:
"mh_custom"
"managed_hostname"
"sni_custom"
"universal"
"advanced"
"total_tls"
"keyless"
"legacy_custom"
certificate_authority: Optional[Literal["google", "lets_encrypt", "ssl_com"]]

Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions see this page for more details.

One of the following:
"google"
"lets_encrypt"
"ssl_com"
cloudflare_branding: Optional[bool]

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.

dcv_delegation_records: Optional[List[DCVDelegationRecord]]

DCV Delegation records for domain validation.

cname: Optional[str]

The CNAME record hostname for DCV delegation.

cname_target: Optional[str]

The CNAME record target value for DCV delegation.

emails: Optional[List[str]]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: Optional[str]

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: Optional[str]

The url that will be checked during domain validation.

status: Optional[str]

Status of the validation record.

txt_name: Optional[str]

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: Optional[str]

The TXT record that the certificate authority (CA) will check during domain validation.

primary_certificate: Optional[str]

Identifier of the primary certificate in a pack.

validation_errors: Optional[List[ValidationError]]

Domain validation errors that have been received by the certificate authority (CA).

message: Optional[str]

A domain validation error.

validation_method: Optional[Literal["txt", "http", "email"]]

Validation Method selected for the order.

One of the following:
"txt"
"http"
"email"
validation_records: Optional[List[ValidationRecord]]

Certificates' validation records.

cname: Optional[str]

The CNAME record hostname for DCV delegation.

cname_target: Optional[str]

The CNAME record target value for DCV delegation.

emails: Optional[List[str]]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: Optional[str]

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: Optional[str]

The url that will be checked during domain validation.

status: Optional[str]

Status of the validation record.

txt_name: Optional[str]

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: Optional[str]

The TXT record that the certificate authority (CA) will check during domain validation.

validity_days: Optional[Literal[14, 30, 90, 365]]

Validity Days selected for the order.

One of the following:
14
30
90
365

Order Advanced Certificate Manager Certificate Pack

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
certificate_pack = client.ssl.certificate_packs.create(
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
    certificate_authority="lets_encrypt",
    hosts=["example.com", "*.example.com", "www.example.com"],
    type="advanced",
    validation_method="txt",
    validity_days=14,
)
print(certificate_pack.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "certificates": [
      {
        "id": "7e7b8deba8538af625850b7b2530034c",
        "hosts": [
          "example.com",
          "*.example.com"
        ],
        "status": "active",
        "bundle_method": "ubiquitous",
        "expires_on": "2024-01-01T00:00:00Z",
        "geo_restrictions": {
          "label": "us"
        },
        "issuer": "Let's Encrypt",
        "modified_on": "2014-01-01T05:20:00Z",
        "priority": 0,
        "signature": "ECDSAWithSHA256",
        "uploaded_on": "2014-01-01T05:20:00Z",
        "zone_id": "023e105f4ecef8ad9ca31a8372d0c353"
      }
    ],
    "hosts": [
      "example.com",
      "*.example.com",
      "www.example.com"
    ],
    "status": "initializing",
    "type": "universal",
    "certificate_authority": "lets_encrypt",
    "cloudflare_branding": false,
    "dcv_delegation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "primary_certificate": "7e7b8deba8538af625850b7b2530034c",
    "validation_errors": [
      {
        "message": "SERVFAIL looking up CAA for app.example.com"
      }
    ],
    "validation_method": "txt",
    "validation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "validity_days": 14
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "certificates": [
      {
        "id": "7e7b8deba8538af625850b7b2530034c",
        "hosts": [
          "example.com",
          "*.example.com"
        ],
        "status": "active",
        "bundle_method": "ubiquitous",
        "expires_on": "2024-01-01T00:00:00Z",
        "geo_restrictions": {
          "label": "us"
        },
        "issuer": "Let's Encrypt",
        "modified_on": "2014-01-01T05:20:00Z",
        "priority": 0,
        "signature": "ECDSAWithSHA256",
        "uploaded_on": "2014-01-01T05:20:00Z",
        "zone_id": "023e105f4ecef8ad9ca31a8372d0c353"
      }
    ],
    "hosts": [
      "example.com",
      "*.example.com",
      "www.example.com"
    ],
    "status": "initializing",
    "type": "universal",
    "certificate_authority": "lets_encrypt",
    "cloudflare_branding": false,
    "dcv_delegation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "primary_certificate": "7e7b8deba8538af625850b7b2530034c",
    "validation_errors": [
      {
        "message": "SERVFAIL looking up CAA for app.example.com"
      }
    ],
    "validation_method": "txt",
    "validation_records": [
      {
        "cname": "_acme-challenge.example.com",
        "cname_target": "dcv.cloudflare.com",
        "emails": [
          "administrator@example.com",
          "webmaster@example.com"
        ],
        "http_body": "ca3-574923932a82475cb8592200f1a2a23d",
        "http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
        "status": "pending",
        "txt_name": "_acme-challenge.app.example.com",
        "txt_value": "810b7d5f01154524b961ba0cd578acc2"
      }
    ],
    "validity_days": 14
  }
}