If your customers' domains were added on partial (CNAME) setup after July 20, 2017, you will need to use the following API call to obtain CNAME record/s for SSL to be issued successfully and placed under your authoritative DNS. Here is the API call:
curl -X GET "https:/ /api.cloudflare.com /client /v4 /zones /ZoneID/ssl /verification?retry =true" \
-H "X-Auth-Email: [email protected]" \
-H "X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \
-H "Content-Type: application/json"
The output will be:
{
"result": [
{
"certificate_status": "authorizing",
"signature": "ECDSAWithSHA256",
"brand_check": false,
"verification_info": {
"record_name": "_222222222222222222RRRRRRRR.example.com",
"record_target": "24242424242424242424242424242424BBBBBBBBBBBBBBBBBBBB242424242424.comodoca.com"
},
"verification_status": null,
"verification_type": "cname"
}
],
"success": true,
"errors": [],
"messages": []
}'
Please make sure you have a CNAME record specific to your domain in place to trigger obtaining the SSL certificate successfully (the example above is using fake values).