Cloudflare Docs
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Total TLS

Total TLS allows Cloudflare to issue individual certificates for every proxied hostname. These certificates will protect proxied hostnames not covered by Universal certificates.

When issued, these certificates will have a type of Advanced - Total TLS.

When you enable Total TLS, Cloudflare will also show a warning on proxied DNS records that are not covered by a TLS certificate.

​​ Availability

Total TLS is available for domains that have purchased Advanced Certificate Manager and are currently using a full DNS setup.

​​ Enable Total TLS

To enable Total TLS:

To enable Total TLS in the dashboard:

  1. Log into the Cloudflare dashboard.
  2. Choose your account and domain.
  3. Go to SSL/TLS > Edge Certificates.
  4. For Total TLS, switch the toggle to On and - if desired - choose an issuing Certificate Authority.

To enable Total TLS with the API, send a PATCH request with the enabled parameter set to your desired setting (true or false).

You can also specify a desired certificate authority by adding a value to the certificate_authority parameter.