Cloudflare Docs
Edit this page
Give us feedback
Set theme to dark (⇧+D)

Total TLS

Total TLS allows Cloudflare to issue individual certificates for your proxied hostnames. These certificates will protect proxied hostnames not covered by Universal certificates.

When issued, these certificates will have a type of Advanced - Total TLS.

​​ Reference

​​ Availability

Total TLS is available for domains that have purchased Advanced Certificate Manager and are currently using a full DNS setup.

​​ Limitations

​​ Hostnames used with other Cloudflare products

Total TLS does not issue certificates for any hostnames used with:

You can use other types of certificates or manually order advanced certificates for these hostnames.

​​ Deleting certificates

Once you enable Total TLS, be careful deleting any Total TLS certificates associated with proxied hostnames.

If you do, our system assumes you want to opt that hostname out of Total TLS certificate and will not order new certificates for the hostname in the future. This behavior applies even if you delete and re-create the hostname’s DNS record.