From 7e2a0e6f1be65ddb19e95d8382c7b0413245c6b7 Mon Sep 17 00:00:00 2001 From: mmalden Date: Wed, 5 Feb 2025 16:10:36 -0500 Subject: [PATCH 1/9] Updated to reflect RSA and ECDSA cert bundling on custom hostnames --- .../custom-certificates/index.mdx | 2 -- .../custom-certificates/uploading-certificates.mdx | 14 +++++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/index.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/index.mdx index cf916b9211c5870..eee83d5cc1e4325 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/index.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/index.mdx @@ -28,6 +28,4 @@ Cloudflare also only accepts publicly trusted certificates of these types: * `SHA1WithRSA` * `ECDSAWithSHA256` -You can only use one of the different supported types. For example, you cannot upload an `SHA256WithRSA` + `ECDSAWithSHA256` certificate. - If you attempt to upload another type of certificate or a certificate that has been self-signed, it will be rejected. diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index 47c6174f7ef44e0..cba88eac2c2d18b 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -28,7 +28,7 @@ For more details on bundle method, refer to [Bundle Methodologies](/ssl/edge-cer ### With the API -The call below will upload a certificate for use with `app.example.com`. +### The call below will upload a certificate for use with `app.example.com`. Note that if you are using an ECC key generated by OpenSSL, you will need to first remove the `-----BEGIN EC PARAMETERS-----...-----END EC PARAMETERS-----` section of the file. @@ -58,6 +58,18 @@ Use a [POST request](/api/resources/custom_hostnames/methods/create/) to upload The serial number returned is unique to the issuer, but not globally unique. Additionally, it is returned as a string, not an integer. +## Certificate bundling + +Use a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to upload an RSA and/or ECDSA certificate to a custom hostname. + +### Delete a custom certificate and custom key for custom hostname + +Use a [DELETE request](/api/resources/custom_hostnames/subresources/certificate_pack/) to remove one custom certificate and key from a custom hostname. You cannot delete a certificate if it is the only remaining certificate in the pack. + +### Replace a custom certificate and custom key in custom hostname + +Use a [PUT request](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/update/) to replace a single custom certificate within a certificate pack within a certificate pack that contains two bundled certificates. You can only replace an RSA certificate with another RSA certificate or an ECDSA certificate with another ECDSA certificate. + *** ## Move to a Cloudflare certificate From 02f09f306411307fd4653dfd878205d2d819f7be Mon Sep 17 00:00:00 2001 From: mia303 Date: Thu, 6 Feb 2025 10:47:46 -0500 Subject: [PATCH 2/9] Update uploading-certificates.mdx --- .../custom-certificates/uploading-certificates.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index cba88eac2c2d18b..1bdeb3f64bd6a12 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -28,7 +28,7 @@ For more details on bundle method, refer to [Bundle Methodologies](/ssl/edge-cer ### With the API -### The call below will upload a certificate for use with `app.example.com`. +The call below will upload a certificate for use with `app.example.com`. Note that if you are using an ECC key generated by OpenSSL, you will need to first remove the `-----BEGIN EC PARAMETERS-----...-----END EC PARAMETERS-----` section of the file. From ed2859f137e234ee0a2f0dea4f6e4c650e0f64a4 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 6 Feb 2025 17:37:23 +0000 Subject: [PATCH 3/9] Remove remaining warning at the top of uploading-certificates --- .../custom-certificates/uploading-certificates.mdx | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index 1bdeb3f64bd6a12..59ec772217fb002 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -13,11 +13,6 @@ import { Render } from "~/components" For use cases and limitations, refer to [custom certificates](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/). -:::caution - -You can only use one of the different [supported types](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/#limitations). For example, you cannot upload an `SHA256WithRSA` + `ECDSAWithSHA256` certificate. -::: - ## Upload certificates ### With the dashboard From 416cf942db55e35988c8ac9085ce3be72ec86455 Mon Sep 17 00:00:00 2001 From: mia303 Date: Thu, 6 Feb 2025 13:54:54 -0500 Subject: [PATCH 4/9] Updated to clarify POST/PATCH calls, "custom key" versus "private key", and certificate packs rather than "bundling" --- .../custom-certificates/uploading-certificates.mdx | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index 59ec772217fb002..c0f19d5ebc5e5d8 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -53,15 +53,17 @@ Use a [POST request](/api/resources/custom_hostnames/methods/create/) to upload The serial number returned is unique to the issuer, but not globally unique. Additionally, it is returned as a string, not an integer. -## Certificate bundling +## Upload certificate packs: RSA and ECDSA uploads -Use a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to upload an RSA and/or ECDSA certificate to a custom hostname. +A certificate pack can support up to one RSA certificate and one ECDSA certificate. -### Delete a custom certificate and custom key for custom hostname +To upload an RSA and/or ECDSA certificate to a custom hostname certificate pack, use a [POST request](/api/resources/custom_hostnames/methods/create/) with the `custom_cert_bundle` property. Use a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to edit an RSA and/or ECDSA certificate to a custom hostname. + +### Delete a custom certificate and private key for custom hostname Use a [DELETE request](/api/resources/custom_hostnames/subresources/certificate_pack/) to remove one custom certificate and key from a custom hostname. You cannot delete a certificate if it is the only remaining certificate in the pack. -### Replace a custom certificate and custom key in custom hostname +### Replace a custom certificate and private key in custom hostname Use a [PUT request](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/update/) to replace a single custom certificate within a certificate pack within a certificate pack that contains two bundled certificates. You can only replace an RSA certificate with another RSA certificate or an ECDSA certificate with another ECDSA certificate. From 2680c0bff714c22128528589c26d9985e5ee7e0d Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 7 Feb 2025 11:28:36 +0000 Subject: [PATCH 5/9] Text and formatting adjustments --- .../uploading-certificates.mdx | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index c0f19d5ebc5e5d8..0bb4984b1f91cc8 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -9,25 +9,27 @@ head: --- -import { Render } from "~/components" +import { Render, TabItem, Tabs } from "~/components" For use cases and limitations, refer to [custom certificates](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/). ## Upload certificates -### With the dashboard +This section describes the general process for uploading a custom certificate corresponding to one of the [supported types](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/#limitations). If you must support both RSA and ECDSA with the same certificate refer to [TBD](#) below. + + To upload a custom certificate in the dashboard, follow the steps for [issuing new certificates](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/issue-certificates/), but change the **Certificate type** to **Custom certificate**. For more details on bundle method, refer to [Bundle Methodologies](/ssl/edge-certificates/custom-certificates/bundling-methodologies/) -### With the API + The call below will upload a certificate for use with `app.example.com`. Note that if you are using an ECC key generated by OpenSSL, you will need to first remove the `-----BEGIN EC PARAMETERS-----...-----END EC PARAMETERS-----` section of the file. -#### 1. Update the file and build the payload +1. Update the file and build the payload @@ -47,11 +49,13 @@ EOF )) ``` -#### 2. Upload your certificate and key - -Use a [POST request](/api/resources/custom_hostnames/methods/create/) to upload your certificate and key. +2. Use a [POST request](/api/resources/custom_hostnames/methods/create/) to upload your certificate and key. +:::note The serial number returned is unique to the issuer, but not globally unique. Additionally, it is returned as a string, not an integer. +::: + + ## Upload certificate packs: RSA and ECDSA uploads @@ -65,7 +69,7 @@ Use a [DELETE request](/api/resources/custom_hostnames/subresources/certificate_ ### Replace a custom certificate and private key in custom hostname -Use a [PUT request](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/update/) to replace a single custom certificate within a certificate pack within a certificate pack that contains two bundled certificates. You can only replace an RSA certificate with another RSA certificate or an ECDSA certificate with another ECDSA certificate. +Use a [PUT request](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/update/) to replace a single custom certificate within a certificate pack that contains two bundled certificates. You can only replace an RSA certificate with another RSA certificate, or an ECDSA certificate with another ECDSA certificate. *** From bfde371042043868f1d7285020cbda104b1ec4d3 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 7 Feb 2025 11:42:36 +0000 Subject: [PATCH 6/9] Take the chance to review previous content --- .../custom-certificates/uploading-certificates.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index 0bb4984b1f91cc8..2454ac1885b5a4a 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -19,9 +19,9 @@ This section describes the general process for uploading a custom certificate co -To upload a custom certificate in the dashboard, follow the steps for [issuing new certificates](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/issue-certificates/), but change the **Certificate type** to **Custom certificate**. +To upload a custom certificate in the dashboard, select **Custom certificate** while [creating your custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames/). -For more details on bundle method, refer to [Bundle Methodologies](/ssl/edge-certificates/custom-certificates/bundling-methodologies/) +For information about the **bundle method** options, refer to the [Cloudflare SSL/TLS documentation](/ssl/edge-certificates/custom-certificates/bundling-methodologies/). From 0f9b8a1f75a1c11e94a6f8b83b737e1230bcc1cb Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 7 Feb 2025 12:14:25 +0000 Subject: [PATCH 7/9] Make headings shorter and add specific text to API hyperlinks --- .../uploading-certificates.mdx | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index 2454ac1885b5a4a..af3a06a714f346e 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -15,7 +15,7 @@ For use cases and limitations, refer to [custom certificates](/cloudflare-for-pl ## Upload certificates -This section describes the general process for uploading a custom certificate corresponding to one of the [supported types](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/#limitations). If you must support both RSA and ECDSA with the same certificate refer to [TBD](#) below. +This section describes the general process for uploading a custom certificate corresponding to one of the [supported types](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/#limitations). If you must support both RSA and ECDSA refer to [certificate packs](#use-certificate-packs-rsa-and-ecdsa) below. @@ -57,19 +57,25 @@ The serial number returned is unique to the issuer, but not globally unique. Add -## Upload certificate packs: RSA and ECDSA uploads +## Use certificate packs: RSA and ECDSA -A certificate pack can support up to one RSA certificate and one ECDSA certificate. +A certificate pack allows you to upload up to one RSA and one ECDSA custom certificates. -To upload an RSA and/or ECDSA certificate to a custom hostname certificate pack, use a [POST request](/api/resources/custom_hostnames/methods/create/) with the `custom_cert_bundle` property. Use a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to edit an RSA and/or ECDSA certificate to a custom hostname. +To upload an RSA and ECDSA certificate to a custom hostname, use the `custom_cert_bundle` property when making a POST request to the [Create Custom Hostname](/api/resources/custom_hostnames/methods/create/) endpoint. -### Delete a custom certificate and private key for custom hostname +You can also use `custom_cert_bundle` with a PATCH request to the [Edit Custom Hostname](/api/resources/custom_hostnames/methods/edit/) endpoint. -Use a [DELETE request](/api/resources/custom_hostnames/subresources/certificate_pack/) to remove one custom certificate and key from a custom hostname. You cannot delete a certificate if it is the only remaining certificate in the pack. +### Delete a custom certificate and private key -### Replace a custom certificate and private key in custom hostname +Use the [Delete Single Certificate And Key For Custom Hostname](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/delete/) endpoint to remove one of the custom certificates and corresponding key from a certificate pack. -Use a [PUT request](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/update/) to replace a single custom certificate within a certificate pack that contains two bundled certificates. You can only replace an RSA certificate with another RSA certificate, or an ECDSA certificate with another ECDSA certificate. +You cannot delete a certificate if it is the only remaining certificate in the pack. + +### Replace a custom certificate and private key + +To replace a single custom certificate within a certificate pack that contains two bundled certificates, use the [Replace Custom Certificate And Custom Key In Custom Hostname](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/update/) endpoint. + +You can only replace an RSA certificate with another RSA certificate, or an ECDSA certificate with another ECDSA certificate. *** From d6aeabf31a3146eec7fbb8a6fd5273149e620625 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 7 Feb 2025 12:29:27 +0000 Subject: [PATCH 8/9] Add missing monospace and call out API-only --- .../custom-certificates/uploading-certificates.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index af3a06a714f346e..ad71ac3626f2ce4 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -49,7 +49,7 @@ EOF )) ``` -2. Use a [POST request](/api/resources/custom_hostnames/methods/create/) to upload your certificate and key. +2. Use a [`POST` request](/api/resources/custom_hostnames/methods/create/) to upload your certificate and key. :::note The serial number returned is unique to the issuer, but not globally unique. Additionally, it is returned as a string, not an integer. @@ -59,11 +59,11 @@ The serial number returned is unique to the issuer, but not globally unique. Add ## Use certificate packs: RSA and ECDSA -A certificate pack allows you to upload up to one RSA and one ECDSA custom certificates. +A certificate pack allows you to upload up to one RSA and one ECDSA custom certificates to a custom hostname. This process is currently only supported via API. -To upload an RSA and ECDSA certificate to a custom hostname, use the `custom_cert_bundle` property when making a POST request to the [Create Custom Hostname](/api/resources/custom_hostnames/methods/create/) endpoint. +To upload an RSA and ECDSA certificate to a custom hostname, use the `custom_cert_bundle` property when making a `POST` request to the [Create Custom Hostname](/api/resources/custom_hostnames/methods/create/) endpoint. -You can also use `custom_cert_bundle` with a PATCH request to the [Edit Custom Hostname](/api/resources/custom_hostnames/methods/edit/) endpoint. +You can also use `custom_cert_bundle` with a `PATCH` request to the [Edit Custom Hostname](/api/resources/custom_hostnames/methods/edit/) endpoint. ### Delete a custom certificate and private key @@ -83,4 +83,4 @@ You can only replace an RSA certificate with another RSA certificate, or an ECDS If you want to switch from maintaining a custom certificate to using one issued by Cloudflare, you can migrate that certificate with zero downtime. -Send a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to your custom hostname with a value for the DCV `method`. As soon as the [certificate is validated](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/) and the [hostname is validated](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/), Cloudflare will remove the old custom certificate and begin serving the new one. +Send a [`PATCH` request](/api/resources/custom_hostnames/methods/edit/) to your custom hostname with a value for the DCV `method`. As soon as the [certificate is validated](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/) and the [hostname is validated](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/), Cloudflare will remove the old custom certificate and begin serving the new one. From 23a7a13d5fe946387db79c3f28c89c214b44be6d Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 7 Feb 2025 17:01:35 +0000 Subject: [PATCH 9/9] Add page description and mention bundle_method should be force --- .../uploading-certificates.mdx | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx index ad71ac3626f2ce4..4855eb89234ddbf 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx @@ -1,21 +1,26 @@ --- title: Manage custom certificates pcx_content_type: how-to +description: Learn how to manage custom certificates for your Cloudflare for SaaS custom hostnames. sidebar: order: 6 head: - tag: title - content: Manage custom certificates — Cloudflare for SaaS + content: Manage custom certificates --- import { Render, TabItem, Tabs } from "~/components" -For use cases and limitations, refer to [custom certificates](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/). +Learn how to manage custom certificates for your Cloudflare for SaaS custom hostnames. For use cases and limitations, refer to [custom certificates](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/). ## Upload certificates -This section describes the general process for uploading a custom certificate corresponding to one of the [supported types](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/#limitations). If you must support both RSA and ECDSA refer to [certificate packs](#use-certificate-packs-rsa-and-ecdsa) below. +This section describes the general process for uploading a custom certificate corresponding to one of the [supported types](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/#limitations). + +:::note +If you must support both RSA and ECDSA refer to [certificate packs](#use-certificate-packs-rsa-and-ecdsa) below. +::: @@ -61,9 +66,9 @@ The serial number returned is unique to the issuer, but not globally unique. Add A certificate pack allows you to upload up to one RSA and one ECDSA custom certificates to a custom hostname. This process is currently only supported via API. -To upload an RSA and ECDSA certificate to a custom hostname, use the `custom_cert_bundle` property when making a `POST` request to the [Create Custom Hostname](/api/resources/custom_hostnames/methods/create/) endpoint. +To upload an RSA and ECDSA certificate to a custom hostname, set the `bundle_method` to `force` and define the `custom_cert_bundle` property when [creating a custom hostname via API](/api/resources/custom_hostnames/methods/create/). -You can also use `custom_cert_bundle` with a `PATCH` request to the [Edit Custom Hostname](/api/resources/custom_hostnames/methods/edit/) endpoint. +You can also use `"bundle_method": "force"` and `custom_cert_bundle` with a `PATCH` request to the [Edit Custom Hostname](/api/resources/custom_hostnames/methods/edit/) endpoint. ### Delete a custom certificate and private key