Skip to content
Cloudflare API
Start here
API Reference
Keyless Certificates

Edit Keyless SSL Configuration

PATCH/zones/{zone_id}/keyless_certificates/{keyless_certificate_id}

This will update attributes of a Keyless SSL. Consists of one or more of the following: host,name,port.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
SSL and Certificates Write
Path ParametersExpand Collapse
zone_id: string

Identifier.

maxLength32
keyless_certificate_id: string

Identifier.

maxLength32
Body ParametersJSONExpand Collapse
Deprecatedenabled: optional boolean

Whether or not the Keyless SSL is on or off.

host: optional string

The keyless SSL name.

formathostname
maxLength253
name: optional string

The keyless SSL name.

maxLength180
port: optional number

The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

maxLength65535
tunnel: optional Tunnel { private_ip, vnet_id }

Configuration for using Keyless SSL through a Cloudflare Tunnel

private_ip: string

Private IP of the Key Server Host

vnet_id: string

Cloudflare Tunnel Virtual Network ID

ReturnsExpand Collapse
errors: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional KeylessCertificate { id, created_on, enabled, 7 more }
id: string

Keyless certificate identifier tag.

maxLength32
created_on: string

When the Keyless SSL was created.

formatdate-time
enabled: boolean

Whether or not the Keyless SSL is on or off.

host: string

The keyless SSL name.

formathostname
maxLength253
modified_on: string

When the Keyless SSL was last modified.

formatdate-time
name: string

The keyless SSL name.

maxLength180
permissions: array of string

Available permissions for the Keyless SSL for the current user requesting the item.

port: number

The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

maxLength65535
status: "active" or "deleted"

Status of the Keyless SSL.

One of the following:
"active"
"deleted"
tunnel: optional Tunnel { private_ip, vnet_id }

Configuration for using Keyless SSL through a Cloudflare Tunnel

private_ip: string

Private IP of the Key Server Host

vnet_id: string

Cloudflare Tunnel Virtual Network ID

Edit Keyless SSL Configuration

curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/keyless_certificates/$KEYLESS_CERTIFICATE_ID \
    -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "host": "example.com",
          "name": "example.com Keyless SSL",
          "port": 24008
        }'
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "4d2844d2ce78891c34d0b6c0535a291e",
    "created_on": "2014-01-01T05:20:00Z",
    "enabled": false,
    "host": "example.com",
    "modified_on": "2014-01-01T05:20:00Z",
    "name": "example.com Keyless SSL",
    "permissions": [
      "#ssl:read",
      "#ssl:edit"
    ],
    "port": 24008,
    "status": "active",
    "tunnel": {
      "private_ip": "10.0.0.1",
      "vnet_id": "7365377a-85a4-4390-9480-531ef7dc7a3c"
    }
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "4d2844d2ce78891c34d0b6c0535a291e",
    "created_on": "2014-01-01T05:20:00Z",
    "enabled": false,
    "host": "example.com",
    "modified_on": "2014-01-01T05:20:00Z",
    "name": "example.com Keyless SSL",
    "permissions": [
      "#ssl:read",
      "#ssl:edit"
    ],
    "port": 24008,
    "status": "active",
    "tunnel": {
      "private_ip": "10.0.0.1",
      "vnet_id": "7365377a-85a4-4390-9480-531ef7dc7a3c"
    }
  }
}