Renew
The exact method for certificate renewal depends on whether that hostname is active1 and whether it is a wildcard certificate.
Custom hostnames certificates have a 90-day validity period and are available for renewal 30 days before their expiration.
If you are using a non-wildcard hostname and the hostname is active, Cloudflare will try to perform DCV automatically on the hostname's behalf by serving the HTTP token.
If the custom hostname is not active, then the custom hostname domain owner will need to add the TXT or HTTP DCV token for the new certificate to validate and issue. As the SaaS provider, you will be responsible for sharing this token with the custom hostname domain owner.
With wildcard hostnames, you cannot use HTTP. In this case, you will have to use TXT DCV tokens.
These tokens can be fetched through the API or the dashboard when the certificates are in a pending validation state during custom hostname creation or during certificate renewals.
If your hostname is using another validation method, you will need to update the "method" field in the SSL object to be "txt".
After this step, follow the normal steps for TXT validation.
-
Meaning Cloudflare could verify your customer's ownership of the hostname and the hostname status is active. ↩
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
