Cloudflare Docs
SSL/TLS
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Changes to Universal certificates

Cloudflare will stop using DigiCert as an issuing certificate authority (CA) for new Universal certificates. This will not affect existing Universal certificates.

This process will begin for Enterprise zones on September 12, 2022.

The maximum validity period for Universal certificates will also be decreased from 1 year to 90 days.

​​ DCV changes

You do not need to make any updates to the Domain Control Validation (DCV) for your zone.

If your domain is using a Full setup, Cloudflare will automatically complete TXT-based DCV on your behalf.

If your domain is on a Partial setup, Cloudflare will automatically complete HTTP-based DCV on your behalf.

​​ Recommendations

If you are currently pinning your Universal certificate, stop pinning the certificate. This will ensure your certificates are not impacted during the Universal certificate renewal.

If you want to choose the issuing CA for your certificate, order an Advanced certificate. Once that certificate has deployed, disable Universal SSL to prevent Cloudflare from issuing the Universal certificate for you.