You will need to open a support ticket to request a CSR for your domain.

And then using the steps found below, use the CSR we provided to generate your certificate, we recommend setting the Certificate Validity to 15 years.


  1. Log in to Cloudflare.
  2. Select the appropriate account for the domain requiring an Origin CA certificate.
  3. Select the domain.
  4. Click the SSL/TLS app.
  5. Click the Origin Server tab.
  6. Click Create Certificate to open the Origin Certificate Installation window.
  7. In the Origin Certificate Installation window, choose:
    I have my own private key and CSR - requires pasting the Certificate Signing Request we provided into the text field.
  8. List the hostnames (including wildcards) the certificate should protect with SSL encryption. The zone root and first level wildcard hostname are included by default.
  9. Set the Certificate Validity to 15 years
  10. Finally click Create


When you have finished, download the certificate in PEM format and reply to your support ticket being sure to attach the certificate.