[SSL] Recommend update/renew instead of delete-and-reupload for custom certificates

[ngayerie]

Summary

Customers often delete and re-upload custom certificates when renewing, which causes downtime and unnecessarily consumes quota slots. The PATCH (update) path is the recommended renewal approach but was buried in the docs — error 1212 told customers to "delete some existing certificates" without acknowledging the downtime risk.

Source: SSL/TLS Clarity Report, theme 19

Changes (3 updates across 2 files)

#	File	Change
1	ssl/edge-certificates/custom-certificates/uploading.mdx	Renamed ## Update an existing custom certificate → ## Update or renew an existing custom certificate and framed it as the recommended renewal path
2	ssl/edge-certificates/custom-certificates/troubleshooting.mdx	Error 1212 (quota reached): point users to the update path first (dashboard, then API PATCH), add a caution about downtime when deleting active certificates
3	ssl/edge-certificates/custom-certificates/troubleshooting.mdx	Error 1220 (duplicate certificate): point users to the update path instead of delete-and-reupload

Stats

2 files changed, +11 insertions, -3 deletions

Resolves DEE-3624

[github-actions]

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
/src/content/docs/ssl/	@baubuchon-cf, @cloudflare/appsec-reviewers, @elithrar, @cloudflare/product-owners

[ask-bonk]

Summary

This is a good documentation improvement. The PR correctly identifies that customers default to delete-and-reupload for custom certificate renewals, which causes downtime and wastes quota slots. Elevating the update/renew path in both the how-to page and the troubleshooting errors is the right fix.

What needs attention before merge

Broken links from heading anchor change

Renaming the heading in changes its auto-generated anchor from to .

You correctly updated the links in Error 1212 and Error 1220, but four other existing links to the old anchor will break once this merges:

File	Line	Link text / current anchor
	67
	20
	18
	131

Please update these four links to use .

Minor observation (non-blocking)

In (~line 201), the still instructs users to "delete and re-add the certificate" to update the Private Key Restriction setting. This is technically accurate but may feel at odds with the new guidance. Consider adding a brief caution or framing it as an exception.

---

Once the broken links are fixed, this is good to merge. Nice work.

[ask-bonk]

Summary

This is a good documentation improvement. The PR correctly identifies that customers default to delete-and-reupload for custom certificate renewals, which causes downtime and wastes quota slots. Elevating the update/renew path in both the how-to page and the troubleshooting errors is the right fix.

What needs attention before merge

Broken links from heading anchor change

Renaming the ## Update an existing custom certificate heading in uploading.mdx changes its auto-generated anchor from #update-an-existing-custom-certificate to #update-or-renew-an-existing-custom-certificate.

You correctly updated the links in Error 1212 and Error 1220, but four other existing links to the old anchor will break once this merges:

File	Line	Link text / current anchor
src/content/docs/ssl/edge-certificates/custom-certificates/troubleshooting.mdx	67	[update your custom certificate](/.../#update-an-existing-custom-certificate)
src/content/docs/ssl/edge-certificates/custom-certificates/index.mdx	20	[Update the certificate](/.../#update-an-existing-custom-certificate)
src/content/docs/ssl/edge-certificates/custom-certificates/renewing.mdx	18	[update](/.../#update-an-existing-custom-certificate)
src/content/docs/ssl/reference/certificate-rotation.mdx	131	[Manage custom certificates](/.../#update-an-existing-custom-certificate)

Please update these four links to use #update-or-renew-an-existing-custom-certificate.

Minor observation (non-blocking)

In uploading.mdx (~line 201), the :::note still instructs users to "delete and re-add the certificate" to update the Private Key Restriction setting. This is technically accurate but may feel at odds with the new guidance. Consider adding a brief caution or framing it as an exception.

---

Once the broken links are fixed, this is good to merge. Nice work.

[ask-bonk]

I've reviewed PR #31645 and posted a review requesting changes. Here's what I found:

Summary of changes
The PR elevates the update/renew path for custom certificates over the harmful delete-and-reupload pattern. It renames the "Update an existing custom certificate" heading in uploading.mdx and updates Error 1212 (quota reached) and Error 1220 (duplicate certificate) in troubleshooting.mdx to point users toward the PATCH/dashboard update flow, adding a caution callout about downtime when deleting active certificates. This is a solid documentation improvement.

Issue flagged — broken internal links
Renaming the heading changes its auto-generated anchor from #update-an-existing-custom-certificate to #update-or-renew-an-existing-custom-certificate. The PR correctly updates the two links inside the error sections it changes, but four other existing links to the old anchor will break once this merges:

File	Line
ssl/edge-certificates/custom-certificates/troubleshooting.mdx	67 (Let's Encrypt section)
ssl/edge-certificates/custom-certificates/index.mdx	20
ssl/edge-certificates/custom-certificates/renewing.mdx	18
ssl/reference/certificate-rotation.mdx	131

I suggested updating all four to #update-or-renew-an-existing-custom-certificate.

Minor observation
In uploading.mdx (~line 201), a :::note still tells users they must delete and re-add a certificate to update the Private Key Restriction setting. I flagged this as a non-blocking suggestion to add a brief caution since it conflicts slightly with the new anti-deletion messaging.

Labels applied

• documentation
• content:edit

(The PR already had product:ssl and size/s.)

---

Note: A duplicate empty review comment briefly appeared due to shell escaping on my first command attempt. The complete review is posted correctly and actionable.

github run

[github-actions]

Preview URL: https://074da756.preview.developers.cloudflare.com
Preview Branch URL: https://ngayerie-dee-3624.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/troubleshooting/	https://ngayerie-dee-3624.preview.developers.cloudflare.com/ssl/edge-certificates/custom-certificates/troubleshooting/
https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/uploading/	https://ngayerie-dee-3624.preview.developers.cloudflare.com/ssl/edge-certificates/custom-certificates/uploading/
https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/	https://ngayerie-dee-3624.preview.developers.cloudflare.com/ssl/edge-certificates/custom-certificates/
https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/renewing/	https://ngayerie-dee-3624.preview.developers.cloudflare.com/ssl/edge-certificates/custom-certificates/renewing/
https://developers.cloudflare.com/ssl/reference/certificate-rotation/	https://ngayerie-dee-3624.preview.developers.cloudflare.com/ssl/reference/certificate-rotation/

[cloudflare-docs-bot]

Review

⚠️ 2 warnings found in commit 074da75.

Code Review

This code review is in beta and may not always be helpful — use your judgment.

✅ No code review issues found.

Style Guide Review

Warnings (2)

File	Issue
ssl/edge-certificates/custom-certificates/uploading.mdx line 171	Directional words — Added line uses follow the steps below Fix: Replace below with a direct reference by name or link, e.g., follow these steps or link to the steps section.
ssl/edge-certificates/custom-certificates/uploading.mdx line 201	Directional words — Added line uses recommended renewal flow above Fix: Remove above and refer directly to the recommended renewal flow by name or link.

Commands

Only codeowners can run commands. Post a comment with the command to trigger it.

Command	Description
/review	Runs a review now. Incremental if a prior review exists, full if not.
/full-review	Re-reviews the entire PR diff from scratch, ignoring incremental history. Useful after a rebase, when you want a fresh review, or if the bot gets out of sync and reports issues that no longer exist.
/ignore-review-limit	Permanently lifts the 2-review automatic limit for this PR. Future pushes will trigger reviews as normal.