Cloudflare origin certificates

Cloudflare origin certificates are free TLS certificates that Cloudflare issues. You can install them on your origin server to enable end-to-end encryption for your visitors using HTTPS.


Cloudflare origin CA certificates are not compatible with managed CNAME deployments.

To leverage origin certificates through Cloud Edge:

  1. Contact Acquia Support and provide the following information as described in Creating and managing certificates with Origin CA:

    • A confirmation regarding Certificate Signing Request (CSR)

      You can provide your own CSR or allow Acquia to generate a CSR through Cloud Edge.

    • The private key type

    • The hostnames that you want to include in the certificate

      By default, the certificate includes zone root and first level wildcard hostname.

      In a single certificate, you can include up to 100 hostnames or wildcard hostnames. You can include hostnames for other zones on the same account.

    Acquia provides the public and private key location on your non-production environment.

  2. Install the certificate within 24 hours of receiving the certificate information. If you do not upload certificate details within 24 hours, the certificate times out and Acquia Support requires to re-order the certificate and repeat the process.