|
|
|
|
|
|
by prdonahue
3143 days ago
|
|
|
Our API for doing this is quite simple: POST https://api.cloudflare.com/client/v4/zones/:zone_id/custom_hostnames
{
"hostname":"app.example.com",
"ssl": {
"method":"http",
"type":"dv"
}
}
In addition to "http" (described in this thread) we also support "cname" and "email" methods for validation. Some of our customers prefer these other methods as it lets us issue the certificates before /their/ customer points the CNAME over.Once we receive the call we generate multiple certificates for each hostname: one SHA-2/ECDSA that's presented to modern browsers and one SHA-2/RSA that we serve to legacy ones that don't support ECC. (Let's Encrypt doesn't do SHA-2/ECDSA signing yet but plans to sometime next year.) We also support uploading your own custom certificates for those that, e.g. see value in Extended Validation (EV): POST https://api.cloudflare.com/client/v4/zones/:zone_id/custom_hostnames
{
"hostname":"app.example.com",
"ssl": {
"custom_certificate": "$MYCERT",
"custom_key": "$MYKEY"
}
}
Where $MYCERT and $MYKEY are the PEM payloads with newlines removed. |
|
|