Skip to main content
The SSL resource provides methods to manage SSL/TLS certificates, certificate packs, verification, and recommendations for your Cloudflare zones.

Certificate packs

create

Order a new certificate pack. 
const certificatePack = await client.ssl.certificatePacks.create({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  type: 'advanced',
  hosts: ['example.com', '*.example.com'],
  validation_method: 'txt',
  validity_days: 90,
  certificate_authority: 'lets_encrypt'
});
zone_id
string
required
Zone identifier
type
'advanced'
required
Certificate pack type
hosts
string[]
required
Comma-separated list of hostnames (e.g., [‘example.com’, ‘*.example.com’])
validation_method
'txt' | 'http' | 'email'
required
Validation method for the certificate
validity_days
number
required
Certificate validity period (14, 30, 90, or 365 days)
certificate_authority
'digicert' | 'google' | 'lets_encrypt'
required
Certificate authority to use
id
string
Certificate pack identifier
type
string
Certificate pack type
hosts
string[]
List of hostnames covered by the certificate
status
string
Certificate status (e.g., ‘initializing’, ‘pending_validation’, ‘active’)
validation_method
string
Validation method used
validity_days
number
Certificate validity period in days

list

List all certificate packs for a zone. 
for await (const pack of client.ssl.certificatePacks.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353'
})) {
  console.log(`${pack.id}: ${pack.status}`);
}
zone_id
string
required
Zone identifier
status
string
Filter by certificate status

delete

Delete a certificate pack. 
const result = await client.ssl.certificatePacks.delete(
  'advanced_cert_123',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }
);
certificate_pack_id
string
required
Certificate pack identifier (first parameter)
zone_id
string
required
Zone identifier

get

Get details for a specific certificate pack. 
const pack = await client.ssl.certificatePacks.get(
  'advanced_cert_123',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }
);
certificate_pack_id
string
required
Certificate pack identifier (first parameter)
zone_id
string
required
Zone identifier

SSL verification

get

Get SSL verification status for all certificate packs. 
const verification = await client.ssl.verification.get({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353'
});
zone_id
string
required
Zone identifier

edit

Edit SSL verification method for a certificate pack. 
const result = await client.ssl.verification.edit(
  'advanced_cert_123',
  {
    zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
    validation_method: 'http'
  }
);
certificate_pack_id
string
required
Certificate pack identifier (first parameter)
zone_id
string
required
Zone identifier
validation_method
'txt' | 'http' | 'email'
required
New validation method

SSL recommendations

get

Get SSL/TLS recommendations for a zone. 
const recommendation = await client.ssl.recommendations.get({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353'
});
zone_id
string
required
Zone identifier
id
string
Recommendation identifier
enabled
boolean
Whether SSL/TLS recommendation is enabled

Universal SSL

settings.get

Get Universal SSL settings for a zone. 
const settings = await client.ssl.universal.settings.get({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353'
});

settings.edit

Edit Universal SSL settings. 
const settings = await client.ssl.universal.settings.edit({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  enabled: true
});
zone_id
string
required
Zone identifier
enabled
boolean
required
Whether to enable Universal SSL

SSL analysis

create

Analyze SSL/TLS configuration for a hostname. 
const analysis = await client.ssl.analyze.create({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  host: 'example.com'
});
zone_id
string
required
Zone identifier
host
string
required
Hostname to analyze

Validation methods

Cloudflare supports three validation methods for SSL certificates:
  • txt - DNS TXT record validation (most common)
  • http - HTTP file validation
  • email - Email validation to domain contacts

Certificate authorities

Cloudflare supports the following certificate authorities:
  • lets_encrypt - Let’s Encrypt (free, automated)
  • google - Google Trust Services
  • digicert - DigiCert (Enterprise only)

Example usage

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env.CLOUDFLARE_API_TOKEN
});

const zoneId = '023e105f4ecef8ad9ca31a8372d0c353';

// Order a new advanced certificate
const cert = await client.ssl.certificatePacks.create({
  zone_id: zoneId,
  type: 'advanced',
  hosts: ['example.com', '*.example.com', 'www.example.com'],
  validation_method: 'txt',
  validity_days: 90,
  certificate_authority: 'lets_encrypt'
});

console.log('Certificate ordered:', cert.id);
console.log('Status:', cert.status);

// Check verification status
const verification = await client.ssl.verification.get({
  zone_id: zoneId
});

console.log('Verification records:', verification);

// List all certificates
for await (const pack of client.ssl.certificatePacks.list({
  zone_id: zoneId
})) {
  console.log(`Certificate ${pack.id}:`);
  console.log(`  Hosts: ${pack.hosts.join(', ')}`);
  console.log(`  Status: ${pack.status}`);
  console.log(`  Valid for: ${pack.validity_days} days`);
}

// Get SSL recommendations
const recommendation = await client.ssl.recommendations.get({
  zone_id: zoneId
});

console.log('SSL Recommendation enabled:', recommendation.enabled);

// Enable Universal SSL
await client.ssl.universal.settings.edit({
  zone_id: zoneId,
  enabled: true
});

// Analyze SSL configuration
const analysis = await client.ssl.analyze.create({
  zone_id: zoneId,
  host: 'example.com'
});

console.log('SSL Analysis:', analysis);

Build docs developers (and LLMs) love

Get started for freeTalk to us