Cloudflare Docs
Ssl
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Migrating Custom Hostnames

As a SaaS provider, you may want, or have, multiple zones to manage hostnames. Each zone can have different configurations or origins, as well as correlate to varying products. You might shift custom hostnames between zones to enable or disable certain features. Cloudflare allows migration within the same account through the steps below:


CNAME

If your custom hostname uses a CNAME record, add the custom hostname to the new zone and update your DNS record to point to the new zone.

  1. Add custom hostname to your new zone.

  2. Direct your customer to change the DNS record so that it points to the new zone.

  3. Confirm that the custom hostname has validated in the new zone.

  4. Wait for the certificate to validate automatically through Cloudflare or validate it using Domain Control Validation (DCV).

  5. Remove custom hostname from the old zone.

Once these steps are complete, the custom hostname’s traffic will route to the second SaaS zone and will use its configuration.

A record

Through Apex Proxying or BYOIP, you can migrate the custom hostname without action from your end customer.

  1. Verify with the account team that your apex proxying IPs have been assigned to both SaaS zones.

  2. Add custom hostname to the new zone.

  3. Confirm that the custom hostname has validated in the new zone.

  4. Wait for the certificate to validate automatically through Cloudflare or validate it using DCV.

  5. Remove custom hostname from the old zone.

Wildcard certificate

If you are migrating custom hostnames that rely on a Wildcard certificate, Cloudflare cannot automatically complete Domain Control Validation (DCV).

  1. Add custom hostname to the new zone.

  2. Direct your customer to change the DNS record so that it points to the new zone.

  3. Validate the certificate on the new zone through DCV.

The custom hostname can activate on the new zone even if the certificate is still active on the old zone. This ensures a valid certificate exists during migration. However, it is important to validate the certificate on the new zone as soon as possible.