Using Cloudflare with custom domains on Vercel requires some minor steps to work correctly, this depends on whether the domain is being used with or without a proxy.

Without Proxy (DNS only)

In this method, you need to insert a CNAME record with the value

A Cloudflare CNAME record that is not using a proxy.

Following this method will guarantee the speed and reliability of your domain since Vercel will handle the subdomain.


CNAME flattening is a supported feature, however, it will impact the performance of your root domain. We recommend users to redirect the root domain ( to the www subdomain ( when possible.

With Proxy

If your domain does require the Cloudflare's proxy to be turned on by default, only one requirement is needed:

  • The domain must allow HTTP requests (without HTTPS) to the path /.well-known/*.

A Cloudflare CNAME record that is using a proxy.

To verify if that is possible with your domain, you can run the following command (notice the http:// part in the URL):

curl -I

A configuration that does allow Vercel to run smoothly would return the following:

curl -I
HTTP/1.1 404 Not Found

If you run the curl command and receive a 3XX redirect instead, Cloudflare is preventing this route from being accessed, and Vercel will mark the domain as not configured:

curl -I
HTTP/1.1 404 Moved Permanently

You need to explore the following configuration in the Cloudflare dashboard:

  • Page Rules — You can disable HTTPS for the path /.well-known/**.
  • Always use HTTPS — This configuration is under the "SSL/TLS" tab and it may affect your page rules.
  • Other Configurations — Cloudflare can offer multiple settings and this will directly affect Vercel's ability to generate certificates.

Vercel cannot offer Cloudflare-specific support. If you are facing difficulties with your Cloudflare managed domain, please reach out to their support at

Last Edited on August 6th 2020