Cloudflare Docs
Cloudflare for Platforms
Cloudflare for Platforms
Visit Cloudflare for Platforms on GitHub
Set theme to dark (⇧+D)

Renew certificates

The exact method for certificate renewal depends on whether that hostname is proxying traffic through Cloudflare and whether it is a wildcard certificate.

Custom hostnames with DigiCert certificates currently have a validity period of one year, though DigiCert is going to be deprecated soon as an option. Custom hostnames using Let’s Encrypt or Google Trust Services have a 90 day validity period.

Certificates are available for renewal 30 days before their expiration.

​​ Non-wildcard hostnames

If you are using a non-wildcard hostname and proxying traffic through Cloudflare, Cloudflare will try to perform DCV automatically on the hostname’s behalf by serving the HTTP token.

If the custom hostname is not proxying traffic through Cloudflare, then the custom hostname domain owner will need to add the TXT or HTTP DCV token for the new certificate to validate and issue. As the SaaS provider, you will be responsible for sharing this token with the custom hostname domain owner.

​​ Wildcard hostnames

These tokens can be fetched through the API or the dashboard when the certificates are in a pending validation state during custom hostname creation or during certificate renewals.

If your hostname is using another validation method, you will need to update the "method" field in the SSL object to be "txt".


After this step, follow the normal steps for TXT validation.