Netlify won’t be able to provision an SSL certificate for your hostname(s) when the DNS records for a site point to Cloudflare because Cloudflare - not Netlify - is serving the content.

Note: We recommend not using both Cloudflare’s CDN (“Accelerate and Protect”, the orange cloud in their UI) and Netlify for the same site at the same time. Why? Read on!

Netlify’s webservice are not designed to work optimally with another CDN “in front of” our CDN. Proxying to our service is in general not supported and we will advise you not to do it. Using Cloudflare in this way will cause issues with provisioning SSL certificates and with other Netlify features such as:

• atomic deploys and rollbacks (Cloudflare can cache assets longer than our settings ask them to)
• will provide slower service than using our CDN directly (measured by a customer over time using google webmaster tools)
• and occasionally, catastrophic failures are observed where something goes amiss in the proxying and the only fix is disabling Cloudflare’s CDN as shown below.

For these reasons, we recommend disabling Cloudflare for your site when it is being served/hosted by Netlify.

This image shows how to disable Cloudflare’s CDN but continue using their DNS, which IS supported:

Once this change is made, you’ll need an SSL certificate in place at Netlify. Please wait at least five (5) minutes before clicking the “Let’s Encrypt Certificate” button in our UI or adding that custom domain in our admin UI . This will allow time for the old DNS records to expire and for the new values to become active.

If you have any questions about this, we’ll be happy to discuss in more detail!