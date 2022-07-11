Cloudflare Docs
Cloudflare-for-Saas
Cloudflare Docs
Cloudflare for SaaS
Search icon (depiction of a magnifying glass)
GitHub icon
Visit Cloudflare for SaaS on GitHub
Set theme to dark (⇧+D)

Certificate authority specific

DigiCert

These codes are rooted on the /v4/zones/:zone_id/custom_hostnames API endpoint. They will be reported in the validation_errors attribute of the ssl attribute for a custom_hostname resource.

HTTP Status CodeErrorStatusReason
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET%s reported as potential risk: google_safe_browsingpending_validationGoogle maintains a list of URLs that contain malware or phishing. If the domain submitted for validation matches any domain in a Google URL, it will fail the risk check.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET%s reported as potential risk: risky_keywordspending_validationRisky Keywords are a set of Digicert Rules for domains that have potential risk to us or our customers. If the domain submitted for validation matches any of the risky keyword rules it will fail the risk check. (some example rules: “contains google.com”, “ends with amazon.com”, “equals bing.com”)
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET%s reported as potential risk: phishtankpending_validationPhishtank maintains a list of URLs that contain malware or phishing. If the domain submitted for validation matches any domain in a Phishtank URL, it will fail the risk check.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GETDomain validation failed for %spending_validationCould be multiple reasons, with most common reason being that the DCV tokens have expired.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GETIssuance blocked by a CAA error for %spending_issuanceThe Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GETIssuance blocked due to the Common Name being too long (over %d characters).pending_issuanceCommon names are limited to 64 characters and subject alternative names (SANs) are limited to 255 characters.