Skip to main content

SSL Certificates

What is SSL and HTTPS?

SSL encrypts data as it travels between a user's browser and a website. When SSL is active, the browser shows a padlock and the address starts with https://. This protects sensitive information, such as personal data entered into an agency portal, from being intercepted in transit.

For agency portals handling case information, SSL is essential for protecting both your agency and the public.

Automatic provisioning

SSL certificates are provisioned automatically for verified web domains through Cloudflare. You do not need to purchase, install, or renew certificates manually.

Requirements

Two DNS records must be in place for SSL to be provisioned:

  1. SSL Certificate Validation (TXT): add it to your DNS using the name and value from the Console.
  2. SSL Certificate Validation (DCV) (CNAME): add it to your DNS using the name and target from the Console.

Once both records are detected, the certificate is issued automatically. The domain then shows an Active status with its SSL Status active in the Console. See DNS Records for where these records come from.

How it works

After your web domain is created, the records are validated through Cloudflare's domain control validation:

  1. The SSL Certificate Validation TXT and DCV CNAME records prove you control the domain.
  2. Once both records are detected and validated, a certificate is issued.
  3. The certificate is renewed automatically before it expires.

Certificate details in the Console

The DNS Records panel shows the SSL status and certificate details for the domain, including:

  • Hostname: the domain the certificate covers.
  • Certificate Authority: the authority that issued the certificate.
  • Wildcard Support: whether the certificate covers a wildcard.
  • Certificate Details: the issuer, the issued date, and the expiry date for each certificate.

Troubleshooting SSL

SSL handshake failed

Confirm the SSL Certificate Validation TXT and the SSL Certificate Validation (DCV) CNAME records exist at your DNS provider and match the values shown in the Console. Then confirm the domain shows an Active status.

Certificate not issuing

Check that both SSL records have propagated using a public DNS lookup tool. If the records are not yet visible, allow more time for propagation, which can take 24 to 72 hours.

Status not active

Allow time for DNS to propagate. If the domain still does not show an Active status after 72 hours, contact the Help Center.

See also