Upload a custom SSL certificate to Cloudflare via API
Edge certificates for Business/Enterprise zones — wired into ManageMyCert renew & deploy.
Cloudflare's free Universal SSL covers most sites, but some teams need their own certificate on the edge — compliance, specific CAs, or matching an origin cert policy. Cloudflare's Custom Certificates API lets you upload a PEM certificate and private key to your zone.
ManageMyCert connects with a scoped API token, finds your zone (or uses a Zone ID you paste), then creates or updates the active custom certificate when you renew. No manual dashboard uploads after the first setup.
Create an API token
Cloudflare dashboard → My Profile → API Tokens → Create Token.
Permissions needed:
- Zone → SSL and Certificates → Edit
- Zone → Zone → Read
Scope the token to the specific zone when possible.
In ManageMyCert
Renew & deploy → Install certificate → select Cloudflare → paste token → Test connection → Save.
Zone ID is optional; we resolve example.com from your domain hostname automatically (including common
two-part TLDs like .co.uk).
Edge vs origin (important)
This API installs on Cloudflare's edge — what browsers see when orange-cloud is on.
Your origin server may still need the certificate if you use Full (strict) mode.
In that case, also download the ZIP and install on Nginx, Apache, or your host panel.
Plan requirement: custom certificates need Business, Enterprise, or Advanced Certificate Manager — not the free Universal SSL tier. More detail in Hosting panel install (API).