Vercel and Cloudflare Integration
Integrate your Vercel project with your Cloudflare domain.Vercel integrates with Cloudflare in two ways:
While Vercel does offer DNS, you may already have a domain registered with Cloudflare. If so, Cloudflare manages DNS for your domain.
To use Cloudflare as your DNS provider, follow the steps below:
In your Cloudflare dashboard, create a CNAME record pointing your domain to cname.vercel-dns.com.
Set the Proxy status to DNS only. This ensures DNS queries result in Vercel serving the request instead of Cloudflare.
Vercel offers a native reverse proxy with redirects to proxy requests to other services. However, if you want to use Cloudflare as a reverse proxy, you can do so by following the steps below:
In your Cloudflare dashboard, create a CNAME record pointing your domain to cname.vercel-dns.com.
Enable the Cloudflare proxy to send traffic through Cloudflare first.
Set Cloudflare SSL mode to Full to encrypt traffic between Cloudflare and Vercel.
Only Enterprise plan customers can set up wildcard domains with Cloudflare Proxy.
Enterprise plan customers can issue a Cloduflare Origin CA certificate with a wildcard SAN (Subject Alternative Name) and upload it on Vercel.
Both Cloudflare and Vercel utilize the ACME protocol—with SSL providers like Let’s Encrypt—to issue certificates. To validate domain ownership, the protocol sends an HTTP (not HTTPS) request to /.well-known/acme-challenge/<id> on your server.
Cloudflare has a variety of services that, depending on their configuration, could block the ACME protocol verification checks, resulting in Vercel failing to issue TLS certificates properly:
- Page Rules
- Access
- Bot Fight Mode
To avoid disruption, the following path:
http://<YOUR_DOMAIN>/.well-known/acme-challenge/*
Must be excluded from page rules, bot protection, or bypassed inside Access.
Was this helpful?