Bulk SSL Modification

I have about 50 domains in one account and i wanted to use a flarectl utility to check the SSL status of all the domains.

by default my domains are added as flexible but i need to modify all domains to Full .

is there a way to do it using command line.

i am very new to CF and scripting world. i use windows so a simple script would be very helpful.

Here is a PowerShell script I threw together. Not sure if it works 100% of the time. All you need is an API token with Zone:Edit for all zones you want to change.

$API_TOKEN = "<>"

$baseUrl = "https://api.cloudflare.com/client/v4/zones"

$headers = @{
  'Authorization' = "Bearer $API_TOKEN"
  'Content-Type'  = "application/json"
}

$ssl_setting = @{
	'value' = 'full'
}

$listUrl = $baseUrl + '?per_page=500'
Write-Host $listUrl
$zones = Invoke-RestMethod -Uri $listUrl -Method 'GET' -Headers $headers
$zones = $zones | Select-Object -ExpandProperty result

foreach ($zones in $zones) {
  Write-Host "Setting zone $($record.name) to full SSL"

  $patchUrl = $baseUrl + '/' + $record.id + '/settings/ssl'
Invoke-RestMethod -Uri $patchUrl -Method 'PATCH' -Headers $headers -Body ($settings_ssl|ConvertTo-Json)
Write-Host $patchUrl
}
5 Likes

Wow Brilliant work and amazing fast turnaround, how do you guys do it :slight_smile:

Also will this scrip first list all the domains and its current state of SSL and then can i pick and choose ? Or it would apply to all the domains in the account ?

 
https://api.cloudflare.com/client/v4/zones//settings/ssl
Setting zone  to full SSL
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At C:\Users\samco\pythonexp\cfssl.ps1:23 char:1
+ Invoke-RestMethod -Uri $patchUrl -Method 'PATCH' -Headers $headers -B ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
 
https://api.cloudflare.com/client/v4/zones//settings/ssl

below is the api permissions

Guess I should have checked my work. Tested and this script works for me

$API_TOKEN = "<>"

$baseUrl = "https://api.cloudflare.com/client/v4/zones"

$headers = @{
  'Authorization' = "Bearer $API_TOKEN"
  'Content-Type'  = "application/json"
}


$listUrl = $baseUrl + '?per_page=500'

$zones = Invoke-RestMethod -Uri $listUrl -Method 'GET' -Headers $headers | Select-Object -ExpandProperty result

foreach ($zones in $zones) {
    Write-Host "Setting zone $($zones.name) to full SSL"
    Write-Host "$($settings_ssl|ConvertTo-Json)"
    $patchUrl = $baseUrl + '/' + $zones.id + '/settings/ssl'
    $response = Invoke-RestMethod -Uri $patchUrl -Method 'PATCH' -Headers $headers -Body '{"value": "full"}'

}

API Token permissions

This script will go through all zones that the API token has permission to and set the SSL state to full regardless of current state. If you don’t want all the zones then restrict the API permissions to certain zones.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.