Renew
The exact method for certificate renewal depends on whether that hostname is active1 and whether it is a wildcard certificate.
Custom hostname certificates have a 90-day validity period and are available for renewal 30 days before their expiration.
If all of the following are true, Cloudflare will try to perform DCV automatically on the hostname's behalf by serving the HTTP token.
- You are using a non-wildcard hostname.
- The hostname is active.
- You are not using Delegated DCV.
If the custom hostname is not active, then the custom hostname domain owner will need to add the TXT or HTTP DCV token for the new certificate to validate and issue. As the SaaS provider, you will be responsible for sharing this token with the custom hostname domain owner.
If you are using Delegated DCV, Cloudflare will continue to add TXT DCV tokens on your behalf as explained in Issue and validate certificates.
With wildcard hostnames, you cannot use HTTP. In this case, you will have to use TXT DCV tokens.
These tokens can be fetched through the API or the dashboard when the certificates are in a pending validation state during custom hostname creation or during certificate renewals.
If your hostname is using another validation method, you will need to update the "method" field in the SSL object to be "txt".
After this step, follow the normal steps for TXT validation.
-
Meaning Cloudflare could verify your customer's ownership of the hostname and the hostname status is active. ↩
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2026 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
