If a zone has multiple SSL certificates, you can set the order in which they should be used during a request. The higher priority will break ties across overlapping 'legacy_custom' certificates.
/zones/{zone_identifier}/custom_certificates/prioritize
put
Custom SSL for a Zone
custom-ssl-for-a-zone-re-prioritize-ssl-certificates
{
"business": true,
"enterprise": true,
"free": false,
"pro": false
}{
"enum": [
"#ssl:edit"
]
}[
{
"in": "path",
"name": "zone_identifier",
"required": true,
"schema": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
}
}
]{
"content": {
"application/json": {
"schema": {
"properties": {
"certificates": {
"description": "Array of ordered certificates.",
"example": [
{
"id": "5a7805061c76ada191ed06f989cc3dac",
"priority": 2
},
{
"id": "9a7806061c88ada191ed06f989cc3dac",
"priority": 1
}
],
"items": {
"properties": {
"id": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
},
"priority": {
"default": 20,
"description": "The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacy_custom' certificates, but 'legacy_custom' certificates will always supercede 'sni_custom' certificates.",
"example": 1,
"type": "number"
}
},
"type": "object"
},
"type": "array"
}
},
"required": [
"certificates"
]
}
}
},
"required": true
}{
"200": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"items": {},
"nullable": true,
"type": "array"
},
"result_info": {
"properties": {
"count": {
"description": "Total number of results for the requested service",
"example": 1,
"type": "number"
},
"page": {
"description": "Current page within paginated list of results",
"example": 1,
"type": "number"
},
"per_page": {
"description": "Number of results per page of results",
"example": 20,
"type": "number"
},
"total_count": {
"description": "Total results available without any search parameters",
"example": 2000,
"type": "number"
}
},
"type": "object"
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"items": {
"properties": {
"bundle_method": {
"default": "ubiquitous",
"description": "A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.",
"enum": [
"ubiquitous",
"optimal",
"force"
],
"example": "ubiquitous",
"type": "string"
},
"expires_on": {
"description": "When the certificate from the authority expires.",
"example": "2016-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"geo_restrictions": {
"description": "Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.",
"properties": {
"label": {
"enum": [
"us",
"eu",
"highest_security"
],
"example": "us"
}
},
"type": "object"
},
"hosts": {
"items": {
"description": "The valid hosts for the certificates.",
"example": "example.com",
"maxLength": 253,
"readOnly": true,
"type": "string"
},
"type": "array"
},
"id": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
},
"issuer": {
"description": "The certificate authority that issued the certificate.",
"example": "GlobalSign",
"readOnly": true,
"type": "string"
},
"keyless_server": {
"allOf": [
{
"properties": {
"created_on": {
"description": "When the Keyless SSL was created.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"enabled": {
"description": "Whether or not the Keyless SSL is on or off.",
"example": false,
"readOnly": true,
"type": "boolean"
},
"host": {
"description": "The keyless SSL name.",
"example": "example.com",
"format": "hostname",
"maxLength": 253,
"type": "string"
},
"id": {
"description": "Keyless certificate identifier tag.",
"example": "4d2844d2ce78891c34d0b6c0535a291e",
"maxLength": 32,
"readOnly": true,
"type": "string"
},
"modified_on": {
"description": "When the Keyless SSL was last modified.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"name": {
"description": "The keyless SSL name.",
"example": "example.com Keyless SSL",
"maxLength": 180,
"readOnly": true,
"type": "string"
},
"permissions": {
"description": "Available permissions for the Keyless SSL for the current user requesting the item.",
"example": [
"#ssl:read",
"#ssl:edit"
],
"items": {},
"readOnly": true,
"type": "array"
},
"port": {
"default": 24008,
"description": "The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.",
"example": 24008,
"maxLength": 65535,
"type": "number"
},
"status": {
"description": "Status of the Keyless SSL.",
"enum": [
"active",
"deleted"
],
"example": "active",
"readOnly": true,
"type": "string"
},
"tunnel": {
"description": "Configuration for using Keyless SSL through a Cloudflare Tunnel",
"properties": {
"private_ip": {
"description": "Private IP of the Key Server Host",
"example": "10.0.0.1",
"type": "string"
},
"vnet_id": {
"description": "Cloudflare Tunnel Virtual Network ID",
"example": "7365377a-85a4-4390-9480-531ef7dc7a3c",
"type": "string"
}
},
"required": [
"private_ip",
"vnet_id"
],
"type": "object"
}
},
"required": [
"id",
"name",
"host",
"port",
"status",
"enabled",
"permissions",
"created_on",
"modified_on"
],
"type": "object"
}
],
"type": "object"
},
"modified_on": {
"description": "When the certificate was last modified.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"policy": {
"description": "Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.",
"example": "(country: US) or (region: EU)",
"type": "string"
},
"priority": {
"default": 20,
"description": "The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacy_custom' certificates, but 'legacy_custom' certificates will always supercede 'sni_custom' certificates.",
"example": 1,
"type": "number"
},
"signature": {
"description": "The type of hash used for the certificate.",
"example": "SHA256WithRSA",
"readOnly": true,
"type": "string"
},
"status": {
"description": "Status of the zone's custom SSL.",
"enum": [
"active",
"expired",
"deleted",
"pending",
"initializing"
],
"example": "active",
"readOnly": true
},
"uploaded_on": {
"description": "When the certificate was uploaded to Cloudflare.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"zone_id": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
}
},
"required": [
"id",
"hosts",
"issuer",
"signature",
"status",
"bundle_method",
"zone_id",
"uploaded_on",
"modified_on",
"expires_on",
"priority"
],
"type": "object"
},
"type": "array"
}
}
}
]
}
}
},
"description": "Re-prioritize SSL Certificates response"
},
"4xx": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"items": {},
"nullable": true,
"type": "array"
},
"result_info": {
"properties": {
"count": {
"description": "Total number of results for the requested service",
"example": 1,
"type": "number"
},
"page": {
"description": "Current page within paginated list of results",
"example": 1,
"type": "number"
},
"per_page": {
"description": "Number of results per page of results",
"example": 20,
"type": "number"
},
"total_count": {
"description": "Total results available without any search parameters",
"example": 2000,
"type": "number"
}
},
"type": "object"
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"items": {
"properties": {
"bundle_method": {
"default": "ubiquitous",
"description": "A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.",
"enum": [
"ubiquitous",
"optimal",
"force"
],
"example": "ubiquitous",
"type": "string"
},
"expires_on": {
"description": "When the certificate from the authority expires.",
"example": "2016-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"geo_restrictions": {
"description": "Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.",
"properties": {
"label": {
"enum": [
"us",
"eu",
"highest_security"
],
"example": "us"
}
},
"type": "object"
},
"hosts": {
"items": {
"description": "The valid hosts for the certificates.",
"example": "example.com",
"maxLength": 253,
"readOnly": true,
"type": "string"
},
"type": "array"
},
"id": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
},
"issuer": {
"description": "The certificate authority that issued the certificate.",
"example": "GlobalSign",
"readOnly": true,
"type": "string"
},
"keyless_server": {
"allOf": [
{
"properties": {
"created_on": {
"description": "When the Keyless SSL was created.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"enabled": {
"description": "Whether or not the Keyless SSL is on or off.",
"example": false,
"readOnly": true,
"type": "boolean"
},
"host": {
"description": "The keyless SSL name.",
"example": "example.com",
"format": "hostname",
"maxLength": 253,
"type": "string"
},
"id": {
"description": "Keyless certificate identifier tag.",
"example": "4d2844d2ce78891c34d0b6c0535a291e",
"maxLength": 32,
"readOnly": true,
"type": "string"
},
"modified_on": {
"description": "When the Keyless SSL was last modified.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"name": {
"description": "The keyless SSL name.",
"example": "example.com Keyless SSL",
"maxLength": 180,
"readOnly": true,
"type": "string"
},
"permissions": {
"description": "Available permissions for the Keyless SSL for the current user requesting the item.",
"example": [
"#ssl:read",
"#ssl:edit"
],
"items": {},
"readOnly": true,
"type": "array"
},
"port": {
"default": 24008,
"description": "The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.",
"example": 24008,
"maxLength": 65535,
"type": "number"
},
"status": {
"description": "Status of the Keyless SSL.",
"enum": [
"active",
"deleted"
],
"example": "active",
"readOnly": true,
"type": "string"
},
"tunnel": {
"description": "Configuration for using Keyless SSL through a Cloudflare Tunnel",
"properties": {
"private_ip": {
"description": "Private IP of the Key Server Host",
"example": "10.0.0.1",
"type": "string"
},
"vnet_id": {
"description": "Cloudflare Tunnel Virtual Network ID",
"example": "7365377a-85a4-4390-9480-531ef7dc7a3c",
"type": "string"
}
},
"required": [
"private_ip",
"vnet_id"
],
"type": "object"
}
},
"required": [
"id",
"name",
"host",
"port",
"status",
"enabled",
"permissions",
"created_on",
"modified_on"
],
"type": "object"
}
],
"type": "object"
},
"modified_on": {
"description": "When the certificate was last modified.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"policy": {
"description": "Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.",
"example": "(country: US) or (region: EU)",
"type": "string"
},
"priority": {
"default": 20,
"description": "The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacy_custom' certificates, but 'legacy_custom' certificates will always supercede 'sni_custom' certificates.",
"example": 1,
"type": "number"
},
"signature": {
"description": "The type of hash used for the certificate.",
"example": "SHA256WithRSA",
"readOnly": true,
"type": "string"
},
"status": {
"description": "Status of the zone's custom SSL.",
"enum": [
"active",
"expired",
"deleted",
"pending",
"initializing"
],
"example": "active",
"readOnly": true
},
"uploaded_on": {
"description": "When the certificate was uploaded to Cloudflare.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"zone_id": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
}
},
"required": [
"id",
"hosts",
"issuer",
"signature",
"status",
"bundle_method",
"zone_id",
"uploaded_on",
"modified_on",
"expires_on",
"priority"
],
"type": "object"
},
"type": "array"
}
}
}
]
},
{
"properties": {
"errors": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": [
{
"code": 7003,
"message": "No route for the URI"
}
],
"minLength": 1
},
"messages": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": []
},
"result": {
"enum": [
null
],
"nullable": true,
"type": "object"
},
"success": {
"description": "Whether the API call was successful",
"enum": [
false
],
"example": false,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
}
]
}
}
},
"description": "Re-prioritize SSL Certificates response failure"
}
}[
{
"api_email": [],
"api_key": []
}
]