Cloudflare Docs
SSL/TLS
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Total TLS

Total TLS allows Cloudflare to issue individual certificates for every proxied hostname. These certificates will protect proxied hostnames not covered by Universal certificates.

When issued, these certificates will have a type of Advanced - Total TLS.

​​ Reference

​​ Availability

Total TLS is available for domains that have purchased Advanced Certificate Manager and are currently using a full DNS setup.

​​ Limitations

​​ Load Balancing

Because Total TLS does not issue certificates for any subdomain used by Cloudflare Load Balancing, we recommend using other types of certificates to avoid any potential downtime.

​​ Deleting certificates

Once you enable Total TLS, be careful deleting any certificates associated with proxied hostnames.

If you do, our system assumes you want to opt that hostname out of Total TLS certificate and will not order new certificates for the hostname in the future. This behavior applies even if you delete and re-create the hostname’s DNS record.