Cloudflare Docs
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Enable Universal SSL certificates

By default, Cloudflare issues — and renews — free, unshared, publicly trusted SSL certificates to all domains added to and activated on Cloudflare.

The process for activating a Universal SSL certificate depends on your domain’s DNS setup.

​​ Full DNS setup

For domains on a full setup1, your domain should automatically receive its Universal SSL certificate within 15 minutes to 24 hours of domain activation2.

This certificate will cover your zone apex ( and all first-level subdomains (, as long as your domain or subdomains have proxied DNS records within Cloudflare DNS.

  1. The most common Cloudflare setup that involves changing your authoritative nameservers. ↩︎

  2. Provisioning time depends on certain security checks and other requirements mandated by Certificate Authorities (CA). ↩︎

​​ Minimize downtime

If your website or application is already live and cannot be uncovered while the Universal certificate is provisioned, consider the following:

​​ Partial DNS setup

For non-authoritative or partial domains, Universal SSL will be:

Unless you cover and validate multiple subdomains with an advanced certificate, you will need to proxy and validate new subdomains as they are added.

​​ Verify your certificate is active

Once you enable Universal SSL, you can review the activation status in the dashboard at SSL/TLS > Edge Certificates or via the API with a GET request.