Skip to content
Cloudflare API
Start here
API Reference

Custom Hostnames

resource cloudflare_custom_hostname

required Expand Collapse
zone_id: String

Identifier.

hostname: String

The custom hostname that will point to your hostname via CNAME.

optional Expand Collapse
custom_origin_server?: String

a valid hostname that’s been added to your DNS zone as an A, AAAA, or CNAME record.

custom_origin_sni?: String

A hostname that will be sent to your custom origin server as SNI for TLS handshake. This can be a valid subdomain of the zone or custom origin server name or the string ':request_host_header:' which will cause the host header in the request to be used as SNI. Not configurable with default/fallback origin server.

custom_metadata?: Map[String]

Unique key/value metadata for this hostname. These are per-hostname (customer) settings.

ssl?: Attributes

SSL properties used when creating the custom hostname.

bundle_method?: String

A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

certificate_authority?: String

The Certificate Authority that will issue the certificate

cloudflare_branding?: Bool

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true

custom_cert_bundle?: List[Attributes]

Array of custom certificate and key pairs (1 or 2 pairs allowed)

custom_certificate: String

If a custom uploaded certificate is used.

custom_key: String

The key for a custom uploaded certificate.

custom_certificate?: String

If a custom uploaded certificate is used.

custom_csr_id?: String

The identifier for the Custom CSR that was used.

custom_key?: String

The key for a custom uploaded certificate.

method?: String

Domain control validation (DCV) method used for this hostname.

settings?: Attributes

SSL specific settings.

ciphers?: List[String]

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

early_hints?: String

Whether or not Early Hints is enabled.

http2?: String

Whether or not HTTP2 is enabled.

min_tls_version?: String

The minimum TLS version supported.

tls_1_3?: String

Whether or not TLS 1.3 is enabled.

type?: String

Level of validation to be used for this hostname. Domain validation (dv) must be used.

wildcard?: Bool

Indicates whether the certificate covers a wildcard.

computed Expand Collapse
id: String

Identifier.

created_at: Time

This is the time the hostname was created.

status: String

Status of the hostname's activation.

verification_errors: List[String]

These are errors that were encountered while trying to activate a hostname.

ownership_verification: Attributes

This is a record which can be placed to activate a hostname.

name: String

DNS Name for record.

type: String

DNS Record type.

value: String

Content for the record.

ownership_verification_http: Attributes

This presents the token to be served by the given http url to activate a hostname.

http_body: String

Token to be served.

http_url: String

The HTTP URL that will be checked during custom hostname verification and where the customer should host the token.

cloudflare_custom_hostname

resource "cloudflare_custom_hostname" "example_custom_hostname" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  hostname = "app.example.com"
  custom_metadata = {
    foo = "string"
  }
  ssl = {
    bundle_method = "ubiquitous"
    certificate_authority = "google"
    cloudflare_branding = false
    custom_cert_bundle = [{
      custom_certificate = <<EOT
      -----BEGIN CERTIFICATE-----
      MIIDdjCCAl6gAwIBAgIJAPnMg0Fs+/B0MA0GCSqGSIb3DQEBCwUAMFsx...
      -----END CERTIFICATE-----

      EOT
      custom_key = <<EOT
      -----BEGIN PRIVATE KEY-----
      MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/SCB5...
      -----END PRIVATE KEY-----

      EOT
    }]
    custom_certificate = <<EOT
    -----BEGIN CERTIFICATE-----
    MIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E...SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O
    OeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7
    -----END CERTIFICATE-----

    EOT
    custom_csr_id = "7b163417-1d2b-4c84-a38a-2fb7a0cd7752"
    custom_key = <<EOT
    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG
    dtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn
    abIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid
    tnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py
    FxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE
    ewooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb
    HBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/
    axiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb
    +ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g
    +j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv
    KLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7
    9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo
    /WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu
    iacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9
    N2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe
    VAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB
    vULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U
    lySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR
    9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7
    mEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX
    dFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe
    PG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS
    fhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W
    qu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T
    lv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi
    -----END RSA PRIVATE KEY-----

    EOT
    method = "http"
    settings = {
      ciphers = ["ECDHE-RSA-AES128-GCM-SHA256", "AES128-SHA"]
      early_hints = "on"
      http2 = "on"
      min_tls_version = "1.2"
      tls_1_3 = "on"
    }
    type = "dv"
    wildcard = false
  }
}

data cloudflare_custom_hostname

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
custom_hostname_id?: String

Identifier.

filter?: Attributes
id?: String

Hostname ID to match against. This ID was generated and returned during the initial custom_hostname creation. This parameter cannot be used with the 'hostname' parameter.

certificate_authority?: String

Filter by the certificate authority that issued the SSL certificate.

custom_origin_server?: String

Filter by custom origin server name.

direction?: String

Direction to order hostnames.

hostname?: Attributes
contain?: String

Filters hostnames by a substring match on the hostname value. This parameter cannot be used with the 'id' parameter.

hostname_status?: String

Filter by the hostname's activation status.

order?: String

Field to order hostnames by.

ssl?: Float64

Whether to filter hostnames based on if they have SSL enabled.

ssl_status?: String

Filter by SSL certificate status.

wildcard?: Bool

Filter by whether the custom hostname is a wildcard hostname.

computed Expand Collapse
id: String

Identifier.

created_at: Time

This is the time the hostname was created.

custom_origin_server: String

a valid hostname that’s been added to your DNS zone as an A, AAAA, or CNAME record.

custom_origin_sni: String

A hostname that will be sent to your custom origin server as SNI for TLS handshake. This can be a valid subdomain of the zone or custom origin server name or the string ':request_host_header:' which will cause the host header in the request to be used as SNI. Not configurable with default/fallback origin server.

hostname: String

The custom hostname that will point to your hostname via CNAME.

status: String

Status of the hostname's activation.

custom_metadata: Map[String]

Unique key/value metadata for this hostname. These are per-hostname (customer) settings.

verification_errors: List[String]

These are errors that were encountered while trying to activate a hostname.

ownership_verification: Attributes

This is a record which can be placed to activate a hostname.

name: String

DNS Name for record.

type: String

DNS Record type.

value: String

Content for the record.

ownership_verification_http: Attributes

This presents the token to be served by the given http url to activate a hostname.

http_body: String

Token to be served.

http_url: String

The HTTP URL that will be checked during custom hostname verification and where the customer should host the token.

ssl: Attributes
id: String

Custom hostname SSL identifier tag.

bundle_method: String

A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

certificate_authority: String

The Certificate Authority that will issue the certificate

custom_certificate: String

If a custom uploaded certificate is used.

custom_csr_id: String

The identifier for the Custom CSR that was used.

custom_key: String

The key for a custom uploaded certificate.

dcv_delegation_records: List[Attributes]

DCV Delegation records for domain validation.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

expires_on: Time

The time the custom certificate expires on.

hosts: List[String]

A list of Hostnames on a custom uploaded certificate.

issuer: String

The issuer on a custom uploaded certificate.

method: String

Domain control validation (DCV) method used for this hostname.

serial_number: String

The serial number on a custom uploaded certificate.

settings: Attributes
ciphers: List[String]

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

early_hints: String

Whether or not Early Hints is enabled.

http2: String

Whether or not HTTP2 is enabled.

min_tls_version: String

The minimum TLS version supported.

tls_1_3: String

Whether or not TLS 1.3 is enabled.

signature: String

The signature on a custom uploaded certificate.

status: String

Status of the hostname's SSL certificates.

type: String

Level of validation to be used for this hostname. Domain validation (dv) must be used.

uploaded_on: Time

The time the custom certificate was uploaded.

validation_errors: List[Attributes]

Domain validation errors that have been received by the certificate authority (CA).

message: String

A domain validation error.

validation_records: List[Attributes]
cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

wildcard: Bool

Indicates whether the certificate covers a wildcard.

cloudflare_custom_hostname

data "cloudflare_custom_hostname" "example_custom_hostname" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  custom_hostname_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_custom_hostnames

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
certificate_authority?: String

Filter by the certificate authority that issued the SSL certificate.

custom_origin_server?: String

Filter by custom origin server name.

direction?: String

Direction to order hostnames.

hostname_status?: String

Filter by the hostname's activation status.

id?: String

Hostname ID to match against. This ID was generated and returned during the initial custom_hostname creation. This parameter cannot be used with the 'hostname' parameter.

ssl?: Float64

Whether to filter hostnames based on if they have SSL enabled.

ssl_status?: String

Filter by SSL certificate status.

wildcard?: Bool

Filter by whether the custom hostname is a wildcard hostname.

hostname?: Attributes
contain?: String

Filters hostnames by a substring match on the hostname value. This parameter cannot be used with the 'id' parameter.

order?: String

Field to order hostnames by.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

Identifier.

hostname: String

The custom hostname that will point to your hostname via CNAME.

created_at: Time

This is the time the hostname was created.

custom_metadata: Map[String]

Unique key/value metadata for this hostname. These are per-hostname (customer) settings.

custom_origin_server: String

a valid hostname that’s been added to your DNS zone as an A, AAAA, or CNAME record.

custom_origin_sni: String

A hostname that will be sent to your custom origin server as SNI for TLS handshake. This can be a valid subdomain of the zone or custom origin server name or the string ':request_host_header:' which will cause the host header in the request to be used as SNI. Not configurable with default/fallback origin server.

ownership_verification: Attributes

This is a record which can be placed to activate a hostname.

name: String

DNS Name for record.

type: String

DNS Record type.

value: String

Content for the record.

ownership_verification_http: Attributes

This presents the token to be served by the given http url to activate a hostname.

http_body: String

Token to be served.

http_url: String

The HTTP URL that will be checked during custom hostname verification and where the customer should host the token.

ssl: Attributes
id: String

Custom hostname SSL identifier tag.

bundle_method: String

A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

certificate_authority: String

The Certificate Authority that will issue the certificate

custom_certificate: String

If a custom uploaded certificate is used.

custom_csr_id: String

The identifier for the Custom CSR that was used.

custom_key: String

The key for a custom uploaded certificate.

dcv_delegation_records: List[Attributes]

DCV Delegation records for domain validation.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

expires_on: Time

The time the custom certificate expires on.

hosts: List[String]

A list of Hostnames on a custom uploaded certificate.

issuer: String

The issuer on a custom uploaded certificate.

method: String

Domain control validation (DCV) method used for this hostname.

serial_number: String

The serial number on a custom uploaded certificate.

settings: Attributes
ciphers: List[String]

An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.

early_hints: String

Whether or not Early Hints is enabled.

http2: String

Whether or not HTTP2 is enabled.

min_tls_version: String

The minimum TLS version supported.

tls_1_3: String

Whether or not TLS 1.3 is enabled.

signature: String

The signature on a custom uploaded certificate.

status: String

Status of the hostname's SSL certificates.

type: String

Level of validation to be used for this hostname. Domain validation (dv) must be used.

uploaded_on: Time

The time the custom certificate was uploaded.

validation_errors: List[Attributes]

Domain validation errors that have been received by the certificate authority (CA).

message: String

A domain validation error.

validation_records: List[Attributes]
cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

wildcard: Bool

Indicates whether the certificate covers a wildcard.

status: String

Status of the hostname's activation.

verification_errors: List[String]

These are errors that were encountered while trying to activate a hostname.

cloudflare_custom_hostnames

data "cloudflare_custom_hostnames" "example_custom_hostnames" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  id = "0d89c70d-ad9f-4843-b99f-6cc0252067e9"
  certificate_authority = "google"
  custom_origin_server = "origin2.example.com"
  direction = "desc"
  hostname = {
    contain = "example.com"
  }
  hostname_status = "provisioned"
  ssl = 0
  ssl_status = "active"
  wildcard = false
}

Custom HostnamesFallback Origin

resource cloudflare_custom_hostname_fallback_origin

required Expand Collapse
zone_id: String

Identifier.

origin: String

Your origin hostname that requests to your custom hostnames will be sent to.

computed Expand Collapse
id: String

Identifier.

created_at: Time

This is the time the fallback origin was created.

status: String

Status of the fallback origin's activation.

updated_at: Time

This is the time the fallback origin was updated.

errors: List[String]

These are errors that were encountered while trying to activate a fallback origin.

cloudflare_custom_hostname_fallback_origin

resource "cloudflare_custom_hostname_fallback_origin" "example_custom_hostname_fallback_origin" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  origin = "fallback.example.com"
}

data cloudflare_custom_hostname_fallback_origin

required Expand Collapse
zone_id: String

Identifier.

computed Expand Collapse
id: String

Identifier.

created_at: Time

This is the time the fallback origin was created.

origin: String

Your origin hostname that requests to your custom hostnames will be sent to.

status: String

Status of the fallback origin's activation.

updated_at: Time

This is the time the fallback origin was updated.

errors: List[String]

These are errors that were encountered while trying to activate a fallback origin.

cloudflare_custom_hostname_fallback_origin

data "cloudflare_custom_hostname_fallback_origin" "example_custom_hostname_fallback_origin" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}