How do I obtain an SSL certificate for customers on partial (CNAME) setup?

If your customers' domains were added on partial (CNAME) setup after July 20, 2017, you will need to use the following API call to obtain CNAME record/s for SSL to be issued successfully and placed under your authoritative DNS. Here is the API call: 

curl -X GET "" \
     -H "X-Auth-Email: [email protected]" \
     -H "X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \
     -H "Content-Type: application/json"


The output will be:

    "result": [
            "certificate_status": "authorizing",
            "signature": "ECDSAWithSHA256",
            "brand_check": false,
            "verification_info": {
                "record_name": "",
                "record_target": ""
            "verification_status": null,
            "verification_type": "cname"
    "success": true,
    "errors": [],
    "messages": []

Please make sure you have a CNAME record specific to your domain in place to trigger obtaining the SSL certificate successfully (the example above is using fake values).

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk