Cloudflare Docs
Cloudflare for Platforms
Cloudflare for Platforms
Visit Cloudflare for Platforms on GitHub
Set theme to dark (⇧+D)

Certificate authority specific


​​ DigiCert

These codes are rooted on the /v4/zones/:zone_id/custom_hostnames API endpoint. They will be reported in the validation_errors attribute of the ssl attribute for a custom_hostname resource.

HTTP Status Code Error Status Reason
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET %s reported as potential risk: google_safe_browsing pending_validation Google maintains a list of URLs that contain malware or phishing. If the domain submitted for validation matches any domain in a Google URL, it will fail the risk check.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET %s reported as potential risk: risky_keywords pending_validation Risky Keywords are a set of DigiCert Rules for domains that have potential risk to us or our customers. If the domain submitted for validation matches any of the risky keyword rules it will fail the risk check. (some example rules: “contains google.com”, “ends with amazon.com”, “equals bing.com”)
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET %s reported as potential risk: phishtank pending_validation Phishtank maintains a list of URLs that contain malware or phishing. If the domain submitted for validation matches any domain in a Phishtank URL, it will fail the risk check.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET Domain validation failed for %s pending_validation Could be multiple reasons, with most common reason being that the DCV tokens have expired.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET Issuance blocked by a CAA error for %s pending_issuance The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue.
201 Created on POST; 202 Accepted on PATCH; 200 OK on GET Issuance blocked due to the Common Name being too long (over %d characters). pending_issuance Common names are limited to 64 characters and subject alternative names (SANs) are limited to 255 characters.