From 5d64e277d181d63a9181af4f3d97af33a6703bff Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 6 Feb 2025 10:56:34 +0000 Subject: [PATCH 1/4] Replace links by DirectoryListing and add note on external CDN --- .../domain-support/hostname-validation/index.mdx | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/index.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/index.mdx index 4d1dcee460c4b66..54c5c32efc20bfe 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/index.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/index.mdx @@ -6,14 +6,12 @@ sidebar: --- +import { DirectoryListing } from "~/components"; + Before Cloudflare can proxy traffic through a custom hostname, we need to verify your customer's ownership of that hostname. :::note - - If a custom hostname is already on Cloudflare, using the [pre-validation methods](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/pre-validation/) will not shift the traffic to the SaaS zone. That will only happen once the [DNS target](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/#3-have-customer-create-cname-record) of the custom hostnames changes to point to the SaaS zone. - - ::: ## Options @@ -22,7 +20,10 @@ If minimizing downtime is more important to you, refer to our [pre-validation me If ease of use for your customers is more important, review our [real-time validation methods](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/realtime-validation/). -## Other resources +## Limitations + +Custom hostnames using another CDN are not compatible with Cloudflare for SaaS. Since Cloudflare must be able to validate your customer's ownership of the hostname you add, if their usage of another CDN obfuscates their DNS records, hostname validation will fail. + +## Related resources -* [Hostname validation statuses](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status/) -* [Error codes](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/error-codes/) + \ No newline at end of file From fe9e26c0512d4208615e82f86fe59ab51cfdf296 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 6 Feb 2025 11:04:03 +0000 Subject: [PATCH 2/4] Add refresh validation option to status page --- .../hostname-validation/validation-status.mdx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx index 67741514e2da0b9..23bbcba4cbee0f2 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx @@ -19,3 +19,9 @@ When you [validate a custom hostname](/cloudflare-for-platforms/cloudflare-for-s | Blocked | Custom hostname cannot be added to Cloudflare at this time. Custom hostname was likely associated with Cloudflare previously and flagged for abuse.

If you are an Enterprise customer, contact your Customer Success Manager. Otherwise, email `abusereply@cloudflare.com` with the name of the web property and a detailed explanation of your association with this web property. | | Moved | Custom hostname is not active after **Pending** for the entirety of the [Validation Backoff Schedule](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/backoff-schedule/) or it no longer points to the fallback origin. | | Deleted | Custom hostname was deleted from the zone. Occurs when status is **Moved** for more than seven days. | + +## Refresh validation + +To run the custom hostname validation check again, select **Refresh** on the dashboard or send a `PATCH` request to the [Edit custom hostname endpoint](/api/resources/custom_hostnames/methods/edit/) with an empty body. + +If the hostname is in a **Moved** or **Deleted** state, the refresh will set the custom hostname back to **Pending validation**. \ No newline at end of file From b88c7c0f68886e92878c3a55f730ded55dbf2396 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 11 Feb 2025 13:04:48 +0000 Subject: [PATCH 3/4] Update instructions following PM review --- .../domain-support/hostname-validation/validation-status.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx index 23bbcba4cbee0f2..2128624b586d1e5 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx @@ -22,6 +22,6 @@ When you [validate a custom hostname](/cloudflare-for-platforms/cloudflare-for-s ## Refresh validation -To run the custom hostname validation check again, select **Refresh** on the dashboard or send a `PATCH` request to the [Edit custom hostname endpoint](/api/resources/custom_hostnames/methods/edit/) with an empty body. +To run the custom hostname validation check again, select **Refresh** on the dashboard or send a `PATCH` request to the [Edit custom hostname endpoint](/api/resources/custom_hostnames/methods/edit/). If using the API, make sure that the `--data` field is not empty. If the hostname is in a **Moved** or **Deleted** state, the refresh will set the custom hostname back to **Pending validation**. \ No newline at end of file From e4c1a4a4c90d14250b34c108e9679e4e4f319d28 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 19 Feb 2025 18:00:05 +0000 Subject: [PATCH 4/4] Call out need for ssl object even if for refresh or CA update --- .../domain-support/hostname-validation/validation-status.mdx | 2 +- .../cloudflare-for-saas/reference/troubleshooting.mdx | 2 +- .../validate-certificates/troubleshooting.mdx | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx index 2128624b586d1e5..cb9d375767fb957 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/validation-status.mdx @@ -22,6 +22,6 @@ When you [validate a custom hostname](/cloudflare-for-platforms/cloudflare-for-s ## Refresh validation -To run the custom hostname validation check again, select **Refresh** on the dashboard or send a `PATCH` request to the [Edit custom hostname endpoint](/api/resources/custom_hostnames/methods/edit/). If using the API, make sure that the `--data` field is not empty. +To run the custom hostname validation check again, select **Refresh** on the dashboard or send a `PATCH` request to the [Edit custom hostname endpoint](/api/resources/custom_hostnames/methods/edit/). If using the API, make sure that the `--data` field contains an `ssl` object with the same `method` and `type` as the original request. If the hostname is in a **Moved** or **Deleted** state, the refresh will set the custom hostname back to **Pending validation**. \ No newline at end of file diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx index 0c96c5cd8b3d54d..194da1bd9029661 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx @@ -106,7 +106,7 @@ Consider the following solutions: -- Use the [Edit Custom Hostname](/api/resources/custom_hostnames/methods/edit/) endpoint to set the `certificate_authority` parameter to `google`: this sets Google Trust Services as the CA for your custom hostnames. +- Use the [Edit Custom Hostname](/api/resources/custom_hostnames/methods/edit/) endpoint to set the `certificate_authority` parameter to `google`: this sets Google Trust Services as the CA for your custom hostnames. In your API call, make sure to also include `method` and `type` in the `ssl` object. - If you are using a custom certificate for your custom hostname, refer to the [custom certificates troubleshooting](/ssl/edge-certificates/custom-certificates/troubleshooting/#lets-encrypt-chain-update). ## Custom hostname fails to verify because the zone is held diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx index e9fb440badc31ad..a381d920a56aa3a 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx @@ -51,13 +51,14 @@ If a certificate issuance times out, the error message will indicate where the t * Timed Out (Deployment) * Timed Out (Deletion) -To fix this error, send a [PATCH request](/api/resources/custom_hostnames/methods/edit/) through the API or select **Refresh** for the specific custom hostname in the dashboard. Please make sure that the `--data` field is not empty in your request. +To fix this error, send a [PATCH request](/api/resources/custom_hostnames/methods/edit/) through the API or select **Refresh** for the specific custom hostname in the dashboard. If using the API, make sure that the `--data` field contains an `ssl` object with the same `method` and `type` as the original request. + If these return an error, delete and recreate the custom hostname. *** ## Immediate validation checks -You can send a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to request an immediate validation check on any certificate. The PATCH data only needs include the same `ssl` object as the original request. +You can send a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to request an immediate validation check on any certificate. The PATCH data should include the same `ssl` object as the original request. ***