Argo Tunnel Authorization Improvements


I have some questions and improvement requests regarding the argo tunnel authorization process. Right now, as I understood it, the only way to authorize a new tunnel is to run “cloudflared login”, open the given link in a browser that is logged in to the proper cloudflared account, and authorize the tunnel. Following this authorization, a certificate is generated that will then be used by the tunnel.

I’ve had issues where the certificate doesn’t seem to get generated, so the cloudflared executable gets stuck waiting for authorization, even if I authorized it in the cloudflare account using the link. I tried multiple times today on a Windows machine, until I started getting “too many requests” errors in the cloudflare authorization page.

Aside from the fact that it does not seem to be working all the time, would there be a way to manually generate a key pair that would be bound to a single subdomain, for the sake of copying the key pair to the machine that will run the tunnel? The idea would be to generate one key pair per tunnel ( and make sure that this particular key pair can only be used for the “myapp1” subdomain and nothing else. Ideally, we should be able to track valid key pairs that have been generated and revoke access. This way, the authorization process could be made separate from logging in to the cloudflare account every time (key pairs could be generated in advance).

In the current argo tunnel feature, it looks like one can request any subdomain once authorized. I don’t see an easy way to manage authorizations in the current cloudflare page. Is there a way to see the current status of argo tunnels, like the current active tunnels, the authorized key pairs, etc?