Enable
To enable Total TLS - which issues individual certificates for your proxied hostnames - follow these instructions:
To enable Total TLS in the dashboard:
-
In the Cloudflare dashboard, go to the Edge Certificates page.
Go to Edge Certificates -
For Total TLS, switch the toggle to On and - if desired - choose an issuing Certificate Authority.
To enable Total TLS with the API, send a PATCH request with the enabled parameter set to your desired setting (true or false).
You can also specify a desired certificate authority by adding a value to the certificate_authority parameter.
-
Total TLS certificates follow the Common Name (CN) restriction of 64 characters (RFC 5280 ↗). If you have a hostname that exceeds this length, you can create an Advanced Certificate via API to cover it.