Provides a Cloudflare Certificate Pack resource that is used to provision managed TLS certificates.
# Advanced certificate manager for DigiCert
resource "cloudflare_certificate_pack" "example" {
zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
type = "advanced"
hosts = ["example.com", "sub.example.com"]
validation_method = "txt"
validity_days = 30
certificate_authority = "digicert"
cloudflare_branding = false
}
# Advanced certificate manager for Let's Encrypt
resource "cloudflare_certificate_pack" "example" {
zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
type = "advanced"
hosts = ["example.com", "*.example.com"]
validation_method = "http"
validity_days = 90
certificate_authority = "lets_encrypt"
cloudflare_branding = false
wait_for_active_status = true
}
certificate_authority
(String) Which certificate authority to issue the certificate pack. Available values: digicert
, lets_encrypt
, google
. Modifying this attribute will force creation of a new resource.hosts
(Set of String) List of hostnames to provision the certificate pack for. The zone name must be included as a host. Note: If using Let's Encrypt, you cannot use individual subdomains and only a wildcard for subdomain is available. Modifying this attribute will force creation of a new resource.type
(String) Certificate pack configuration type. Available values: advanced
. Modifying this attribute will force creation of a new resource.validation_method
(String) Which validation method to use in order to prove domain ownership. Available values: txt
, http
, email
. Modifying this attribute will force creation of a new resource.validity_days
(Number) How long the certificate is valid for. Note: If using Let's Encrypt, this value can only be 90 days. Available values: 14
, 30
, 90
, 365
. Modifying this attribute will force creation of a new resource.zone_id
(String) The zone identifier to target for the resource. Modifying this attribute will force creation of a new resource.cloudflare_branding
(Boolean) Whether or not to include Cloudflare branding. This will add sni.cloudflaressl.com
as the Common Name if set to true
. Modifying this attribute will force creation of a new resource.validation_records
(Block List) (see below for nested schema)wait_for_active_status
(Boolean) Whether or not to wait for a certificate pack to reach status active
during creation. Defaults to false
. Modifying this attribute will force creation of a new resource.id
(String) The ID of this resource.validation_errors
(Block List) (see below for nested schema)validation_records
Optional:
cname_name
(String)cname_target
(String)emails
(List of String)http_body
(String)http_url
(String)txt_name
(String)txt_value
(String)validation_errors
Read-Only:
message
(String)Import is supported using the following syntax:
$ terraform import cloudflare_certificate_pack.example <zone_id>/<certificate_pack_id>
While supported, importing isn't recommended and it is advised to replace the certificate entirely instead.