custom_hostname resource does not allow passing in CSR ID/Certificate.

Current Terraform and Cloudflare provider version

Terraform v1.1.5 on darwin_amd64

provider registry.terraform.io/chanzuckerberg/snowflake v0.24.0
provider registry.terraform.io/cloudflare/cloudflare v3.10.1
provider registry.terraform.io/hashicorp/aws v3.73.0
provider registry.terraform.io/hashicorp/random v3.1.2
provider registry.terraform.io/rollbar/rollbar v1.0.6

Description

This is a bit of a twofold issue - we don't have a way to setup a CSR via Terraform - nor do we have a way to pass in a CSR id/Certificate to the custom_hostname resource.

Based on this doc: https://developers.cloudflare.com/ssl/ssl-for-saas/custom-certificates/certificate-signing-requests/#step-4--upload-the-certificate

The terraform provider should be able to handle the CSR Id and certificate - not just the private key and certificate.

Use cases

Enterprise customers wanting to manage everything through Terraform.

Potential Terraform configuration

resource "cloudflare_custom_hostname" "custom-ssl-for-saas" {
  for_each = {
  for k, v in var.customer_domain_ssl_for_saas : k => v
  if v.private_key_secret_name != null
  }
  zone_id              = var.zone_id
  hostname             = each.value.customer_domain
  custom_origin_server = each.value.domain
  ssl {
    method             = "txt"
    type               = "dv"
    wildcard           = false
    custom_certificate = data.aws_secretsmanager_secret_version.certificate[each.key].secret_string
    custom_csr = data.aws_secretsmanager_secret_version.csr[each.key].secret_string
    settings {
      http2           = "on"
      tls13           = "on"
      min_tls_version = "1.2"
    }
  }
}

References

No response

cloudflare / terraform-provider-cloudflare

custom_hostname resource does not allow passing in CSR ID/Certificate. #1526

Current Terraform and Cloudflare provider version

Description

Use cases

Potential Terraform configuration

References