In the introduction to “SSL for SaaS” there’s the following:
How is my customers’ traffic sent to my origin? Is it secured?
Yes, we encourage you to use the Full or Strict SSL mode so that traffic sent to your origin utilizes HTTPS. This option can be configured in the Crypto tab of your zone. If you’re using Strict mode, you must ensure that the certificates on your origin contain a Subject Alternative Names (SAN) that matches your customer’s hostname, e.g. support.yourcustomer.site. Our Origin CA product can be used to generate these certificates for use with Strict mode.
I have a custom hostname configured and verified, but when I try to generate an origin certificate for that hostname, I get the following:
Cloudflare API Error code=1010 message=Failed to validate requested hostname xxx.xxxxxxxxxxx.com: This zone is either not part of your account, or you do not have access to it. Please contact support if using a multi-user organization.
What am I missing?