How do partners enable SSL for partial and full DNS integrations?

As of December 9, 2016, all new domains added to Cloudflare via partners have free SSL enabled. In order to enable free SSL for existing customers whose domains were added prior to this date, it's necessary to delete and re-add the domain to be provisioned automatically.

If your domain was added using full zone setup (using Cloudflare's DNS as the authoritative DNS), you don't need to do anything as we issue root and wildcard certificates automatically, which will also be automatically renewed.  

For Partial (CNAME) setup, due to new guidelines by the issuing CA, in order to issue the certificate requires that you place CNAME records for SSL verification under your authoritative DNS provider. These CNAME records can be obtained by running this Cloudflare API call.  Please note, that the domains that are affected are those that were added or required to be renewed after July 20, 2017.

You can check the status of the SSL certificate on the Crypto tab in the Cloudflare dashboard. Additional information can be found in our SSL FAQ.

If you wish to change from partial to full DNS setup, you will need to delete the domain and re-add using the full DNS API call.

If you have any issue or need additional information, please contact [email protected] and provide your domain name/s.

 

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk