SSL

SSLCertificate Packs

resource cloudflare_certificate_pack

required Expand Collapse

zone_id: String

Identifier.

certificate_authority: String

Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions see this page for more details.

type: String

Type of certificate pack.

validation_method: String

Validation Method selected for the order.

validity_days: Int64

Validity Days selected for the order.

optional Expand Collapse

cloudflare_branding?: Bool

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.

hosts?: Set[String]

Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.

computed Expand Collapse

id: String

Identifier.

primary_certificate: String

Identifier of the primary certificate in a pack.

status: String

Status of certificate pack.

certificates: List[Attributes]

Array of certificates in this pack.

id: String

Certificate identifier.

hosts: List[String]

Hostnames covered by this certificate.

status: String

Certificate status.

bundle_method: String

Certificate bundle method.

expires_on: Time

When the certificate from the authority expires.

geo_restrictions: Attributes

Specify the region where your private key can be held locally.

label: String

issuer: String

The certificate authority that issued the certificate.

modified_on: Time

When the certificate was last modified.

priority: Float64

The order/priority in which the certificate will be used.

signature: String

The type of hash used for the certificate.

uploaded_on: Time

When the certificate was uploaded to Cloudflare.

zone_id: String

Identifier.

dcv_delegation_records: List[Attributes]

DCV Delegation records for domain validation.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

validation_errors: List[Attributes]

Domain validation errors that have been received by the certificate authority (CA).

message: String

A domain validation error.

validation_records: List[Attributes]

Certificates' validation records.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

cloudflare_certificate_pack

resource "cloudflare_certificate_pack" "example_certificate_pack" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  certificate_authority = "lets_encrypt"
  hosts = ["example.com", "*.example.com", "www.example.com"]
  type = "advanced"
  validation_method = "txt"
  validity_days = 14
  cloudflare_branding = false
}

data cloudflare_certificate_pack

required Expand Collapse

zone_id: String

Identifier.

optional Expand Collapse

certificate_pack_id?: String

Identifier.

filter?: Attributes

deploy?: String

Specify the deployment environment for the certificate packs.

status?: String

Include Certificate Packs of all statuses, not just active ones.

computed Expand Collapse

id: String

Identifier.

certificate_authority: String

Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions see this page for more details.

cloudflare_branding: Bool

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.

primary_certificate: String

Identifier of the primary certificate in a pack.

status: String

Status of certificate pack.

type: String

Type of certificate pack.

validation_method: String

Validation Method selected for the order.

validity_days: Int64

Validity Days selected for the order.

hosts: Set[String]

Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.

certificates: List[Attributes]

Array of certificates in this pack.

id: String

Certificate identifier.

hosts: List[String]

Hostnames covered by this certificate.

status: String

Certificate status.

bundle_method: String

Certificate bundle method.

expires_on: Time

When the certificate from the authority expires.

geo_restrictions: Attributes

Specify the region where your private key can be held locally.

label: String

issuer: String

The certificate authority that issued the certificate.

modified_on: Time

When the certificate was last modified.

priority: Float64

The order/priority in which the certificate will be used.

signature: String

The type of hash used for the certificate.

uploaded_on: Time

When the certificate was uploaded to Cloudflare.

zone_id: String

Identifier.

dcv_delegation_records: List[Attributes]

DCV Delegation records for domain validation.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

validation_errors: List[Attributes]

Domain validation errors that have been received by the certificate authority (CA).

message: String

A domain validation error.

validation_records: List[Attributes]

Certificates' validation records.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

cloudflare_certificate_pack

data "cloudflare_certificate_pack" "example_certificate_pack" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  certificate_pack_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_certificate_packs

required Expand Collapse

zone_id: String

Identifier.

optional Expand Collapse

deploy?: String

Specify the deployment environment for the certificate packs.

status?: String

Include Certificate Packs of all statuses, not just active ones.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

Identifier.

certificates: List[Attributes]

Array of certificates in this pack.

id: String

Certificate identifier.

hosts: List[String]

Hostnames covered by this certificate.

status: String

Certificate status.

bundle_method: String

Certificate bundle method.

expires_on: Time

When the certificate from the authority expires.

geo_restrictions: Attributes

Specify the region where your private key can be held locally.

label: String

issuer: String

The certificate authority that issued the certificate.

modified_on: Time

When the certificate was last modified.

priority: Float64

The order/priority in which the certificate will be used.

signature: String

The type of hash used for the certificate.

uploaded_on: Time

When the certificate was uploaded to Cloudflare.

zone_id: String

Identifier.

hosts: Set[String]

Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.

status: String

Status of certificate pack.

type: String

Type of certificate pack.

certificate_authority: String

Certificate Authority selected for the order. For information on any certificate authority specific details or restrictions see this page for more details.

cloudflare_branding: Bool

Whether or not to add Cloudflare Branding for the order. This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.

dcv_delegation_records: List[Attributes]

DCV Delegation records for domain validation.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

primary_certificate: String

Identifier of the primary certificate in a pack.

validation_errors: List[Attributes]

Domain validation errors that have been received by the certificate authority (CA).

message: String

A domain validation error.

validation_method: String

Validation Method selected for the order.

validation_records: List[Attributes]

Certificates' validation records.

cname: String

The CNAME record hostname for DCV delegation.

cname_target: String

The CNAME record target value for DCV delegation.

emails: List[String]

The set of email addresses that the certificate authority (CA) will use to complete domain validation.

http_body: String

The content that the certificate authority (CA) will expect to find at the http_url during the domain validation.

http_url: String

The url that will be checked during domain validation.

status: String

Status of the validation record.

txt_name: String

The hostname that the certificate authority (CA) will check for a TXT record during domain validation .

txt_value: String

The TXT record that the certificate authority (CA) will check during domain validation.

validity_days: Int64

Validity Days selected for the order.

cloudflare_certificate_packs

data "cloudflare_certificate_packs" "example_certificate_packs" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  deploy = "staging"
  status = "all"
}

SSLUniversalSettings

resource cloudflare_universal_ssl_setting

required Expand Collapse

zone_id: String

Identifier.

optional Expand Collapse

enabled?: Bool

Disabling Universal SSL removes any currently active Universal SSL certificates for your zone from the edge and prevents any future Universal SSL certificates from being ordered. If there are no advanced certificates or custom certificates uploaded for the domain, visitors will be unable to access the domain over HTTPS.

By disabling Universal SSL, you understand that the following Cloudflare settings and preferences will result in visitors being unable to visit your domain unless you have uploaded a custom certificate or purchased an advanced certificate.

HSTS
Always Use HTTPS
Opportunistic Encryption
Onion Routing
Any Page Rules redirecting traffic to HTTPS

Similarly, any HTTP redirect to HTTPS at the origin while the Cloudflare proxy is enabled will result in users being unable to visit your site without a valid certificate at Cloudflare's edge.

If you do not have a valid custom or advanced certificate at Cloudflare's edge and are unsure if any of the above Cloudflare settings are enabled, or if any HTTP redirects exist at your origin, we advise leaving Universal SSL enabled for your domain.

computed Expand Collapse

id: String

Identifier.

cloudflare_universal_ssl_setting

resource "cloudflare_universal_ssl_setting" "example_universal_ssl_setting" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  enabled = true
}

data cloudflare_universal_ssl_setting

required Expand Collapse

zone_id: String

Identifier.

computed Expand Collapse

id: String

Identifier.

enabled: Bool

HSTS
Always Use HTTPS
Opportunistic Encryption
Onion Routing
Any Page Rules redirecting traffic to HTTPS

Similarly, any HTTP redirect to HTTPS at the origin while the Cloudflare proxy is enabled will result in users being unable to visit your site without a valid certificate at Cloudflare's edge.

cloudflare_universal_ssl_setting

data "cloudflare_universal_ssl_setting" "example_universal_ssl_setting" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}