Skip to content
Visit SSL on GitHub
Set theme to dark (⇧+D)

Advanced Certificate Manager

Advanced Certificate Manager is a flexible and customizable way to issue and manage certificates in Cloudflare.

Use Advanced Certificate Manager when you want something more customizable than Universal SSL but still want the convenience of SSL certificate issuance and renewal. For example, use Advanced Certificate Manager to cover more than one level of subdomain, remove Cloudflare branding from the Universal certificate, or adjust the shortest certificate lifespan.

FeaturesCommon API commandsCreate in dashboard

Features of Advanced Certificate Manager

Advanced Certificate Manager defines several certificate options:

  • Add up to 100 edge certificates per zone.
  • Include the zone apex and less than 50 hosts as covered hostnames.
  • Select the preferred validation method (HTTP, TXT or Email).
  • Choose the certificate validity period (14, 30, 90, or 365 days).
  • Choose the Certificate Authority to issue the certificate (Let’s Encrypt or Digicert).
  • Select a custom trust store for origin authentication.
  • Control cipher suites used for TLS.

Common API commands

CommandMethodEndpointAdditional notes
Order Advanced CertificatePOSTzones/:zone/ssl/certificate_packs/order
Restart validation for an Advanced Certificate Manager certificate packPATCHzones/:zone/ssl/certificate_packs/:certificate_pack
Delete Advanced Certificate Manager certificate packDELETEzones/:zone/ssl/certificate_packs/:certificate_pack
List all Advanced Certificate Manager certificate packsGETzones/:zone/ssl/certificate_packs?status=allThis API call returns all certificate packs for a domain (Universal, Custom, and Advanced).
List Cipher Suite settingsGETzones/:zone/settings/ciphers
Change Cipher Suite settingsPATCHzones/:zone/settings/ciphersTo restore default settings, send a blank array in the value parameter.
List SSL configurationsGETzones/:zone/custom_certificates
Create SSL configurationsPOSTzones/:zone/custom_certificates

Create a certificate in the dashboard

To create a new advanced certificate in the dashboard:

  1. Log into your Cloudflare account and select a domain.
  2. Select SSL/TLS > Edge Certificates.
  3. Select Order Advanced Certificate.
  4. If Cloudflare does not have your billing information, you will need to enter that information.
  5. Enter the following information:
    • Certificate Authority
    • Certificate Hostnames
    • Validation method
    • Certificate Validity Period
  6. Select Save.