Cloudflare Docs
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Changes to Universal certificates

Cloudflare will stop using DigiCert as an issuing certificate authority (CA) for new Universal certificates. This will not affect existing Universal certificates.

The validity period for Universal certificates will also be decreased from one year to 90 days.

​​ DCV changes

You do not need to make any updates to the Domain Control Validation (DCV) for your zone.

If your domain is using a Full setup, Cloudflare will automatically complete TXT-based DCV on your behalf.

If your domain is on a Partial setup, Cloudflare will automatically complete HTTP-based DCV on your behalf.

​​ Recommendations

If you are currently pinning your Universal certificate, stop pinning the certificate. This will ensure your certificates are not impacted during the Universal certificate renewal.

If you want to choose the issuing CA for your certificate, order an Advanced certificate. Once that certificate has deployed, disable Universal SSL to prevent Cloudflare from issuing the Universal certificate for you.