Domains

Cloudflare and proxies

When a CDN proxy sits in front of your PageFork domain, things break. Here's what to do.

PageFork already runs on its own edge CDN with automatic SSL. If your DNS provider has a proxy in front of your domain (Cloudflare’s orange cloud, Fastly, StackPath, etc.), it intercepts traffic before it reaches us — which blocks SSL issuance and can break interactive features.

What to do on Cloudflare

Cloudflare is the most common case. Each DNS record has a toggle between a grey cloud (DNS only) and an orange cloud (proxied).

Set every PageFork-related record to grey cloud (DNS only):

  • The CNAME at www (or at your subdomain) → sites.pagefork.ai.
  • If you used an ALIAS / flattened CNAME at apex, that record too.
  • If you used the Case D apex-redirect pattern, the A record at @ → the redirect IP.

On Cloudflare:

  1. Go to the site’s DNS tab.
  2. Find each record.
  3. Click the orange cloud so it turns grey.
  4. Save.

Why proxies are a problem

  • SSL issuance — Let’s Encrypt needs to reach PageFork directly to validate the domain. A proxy intercepts that challenge.
  • Cache layering — a proxy cache in front of PageFork’s cache doubles invalidation time and can serve stale content after a republish.
  • WAF / rate limits — proxies sometimes block API requests coming from your own site, breaking forms and any interactive feature.

Can I re-enable the proxy later?

Technically yes, once SSL is Active. But we don’t recommend it. You’d need to:

  • Configure origin SSL matching on Cloudflare.
  • Manage the cache layering yourself.
  • Accept that form submissions and dynamic calls route through the proxy.

Most customers leave records grey and let PageFork’s edge do the job.

The only valid CNAME target is sites.pagefork.ai

PageFork routes custom domains through a SaaS-style custom-hostname pipeline keyed to sites.pagefork.ai. Don’t CNAME to a different host (even another PageFork-looking subdomain) — it won’t validate.

Don’t point an A record directly at the PageFork edge either. The only valid A record is the redirect-service IP shown in the app, and only when paired with a CNAME on www. See DNS records reference.

Other proxies

If you use Fastly, AWS CloudFront, StackPath, or similar in front of your domain for PageFork, the same advice applies: turn off proxying for the PageFork hosts. PageFork isn’t designed to sit behind another CDN.

How to tell if a proxy is in the way

Run a DNS lookup from a terminal:

dig www.yourbrand.com +short

Expected result — a CNAME resolving to sites.pagefork.ai. and then PageFork-owned IPs:

sites.pagefork.ai.
104.21.x.x
172.67.x.x

If instead you see an IP range owned by Cloudflare without a sites.pagefork.ai line, Fastly, or another CDN in front of the record, the proxy is still in the way.

Next

Previous SSL certificates Next Changing or removing a domain