Frequently Asked Questions (FAQ)

Q: How long does it take for my domain to move to Cloudflare?

A. Two minutes to several hours, depending on how long your DNS records take to update.

The moment you register your custom domain with Bubble and Cloudflare, your domain is registered with both services. In order for it to work correctly, Cloudflare needs to validate that your DNS entries point to their servers.

When you update your DNS records (adding, removing, or renaming a record), the length of time they stay available is determined by the record's TTL (time-to-live) value.

Let's say you change a record at your registrar, and that record has a TTL of 1 hour. After 1 hour, you can be certain that that server is reporting your new record to the internet. However, there are many name servers on the internet, and all of them will need to have your most up-to-date record. On average, you can expect your records to be broadcast across the internet within twice the length of your TTL. So if your TTL is 1 hour, expect your record to be everywhere after 2 hours.

Once your record has been updated everywhere, Cloudflare will be able to verify that you own the domain, and your app will become active.

Q. I am a Legacy Customer; what should I do to temporarily disable Cloudflare?

A. Change your DNS records back to the A record you were previously using.

If you're having problems that you think might be caused by Cloudflare, you can temporarily disable Cloudflare by changing your DNS records from A 104.xxx.xxx.xxx to the A record you were previously assigned.

When you've identified what the problem was and are ready to turn Cloudflare back on, delete the A record and replace it with the A records Bubble provided you.

Q. Why are my users are getting "This Connection is Not Secure" errors?

A. Cloudflare has not validated your domain yet.

If you click on "Advanced" and then look at the certificate details, and the certificate is of the form ssl123456.cloudflare.net, your DNS entry is pointing to the correct place, but Cloudflare has not validated your domain yet. Please wait an hour and check again.

Q. How do I know my site is working on Cloudflare?

A. There are several tools.

The first, to check to see if your domain records have propagated, is the Google DNS lookup tool.

When you've changed your domain records, you can go to the A record tab to check to see if your A record has propagated.

mywebpage.us. 299 IN A 104.19.241.93
mywebpage.us. 299 IN A 104.19.240.93

You can also take advantage of a service like What's my DNS, which tests your custom domain from many locations all over the world. It's not uncommon to see a few blank entries on this page; what you're looking for is any records that return an error (red X) or different results than you are expecting.

Cloudflare serves a page on a certain route on every site hosted on their domain at /cdn-cgi/trace. You can see bubble's page at bubble.io/cdn-cgi/trace; replace 'bubble.io' with your own custom domain (once it loads) to see if it's working.

The output should look somewhat like this:

fl=xxxxx
h=bubble.io
ip=xxx.xxx.xxx.xxx
ts=1572657558.41
visit_scheme=http
uag=Mozilla/5.0 [...]
colo=EWR
http=http/1.1
loc=US
tls=off
sni=off
warp=off

Q. I've followed all the instructions here, and I still get "This Connection is Not Secure." What gives?

A. It's possible that we cannot issue SSL certificates on your domain. You will have to remove your CAA record and try again.

Go to the Google DNS lookup tool's CAA tab and check to see if your bare domain (e.g. example.com) has a CAA record. A CAA record restricts which certificate providers can issue certificates for your domain. (Only about 1% of Bubble apps have a CAA record.)

For instance, when you look up google.com with this tool, you can see the following record:

id 61662
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
google.com. IN CAA
;ANSWER
google.com. 21599 IN CAA 0 issue "pki.goog"
;AUTHORITY
;ADDITIONAL

This means that only pki.goog is allowed to issue certificates for sites across the google.com domain.

SSL Certificate issuance is a critical part of making your site work on Bubble and Cloudflare, so if you find a CAA record, delete it. Your site should begin working in a matter of minutes.

Q. I just turned Cloudflare on, and now I'm getting 525 errors on my site! What's happening?

A. Wait an hour and check again.

If you are a Legacy Customer who wasn't using SSL prior to switching over to Cloudflare, some of Bubble's servers won't have your updated certificate available to them. A 525 error happens when the Origin Server (where your app is hosted on Bubble) serves nonsecure content (http) to a server that is expecting secure content (https). We refresh your SSL and certificate settings on all servers once per hour, so if you've recently changed your settings wait and try again.

Q. What should I do if I'm getting 1001 errors?

A. Verify your A records, wait two hours, and check again.

Cloudflare has to verify that your A records are pointing to Bubble's IPs. If you're sure your A records are correct, Cloudflare will schedule a re-check of your records for several days (starting at 1 minute intervals, increasing to a maximum of 2 hours between checks). If, after 2 hours, your site is still showing 1001 errors, go to Bubble, delete your custom domain, wait one minute, and re-create it.

Q. I am getting 1014 errors on my site!

A. If you're using Cloudflare for DNS, turn off proxying.

The most common cause of 1014 errors is when you're using Cloudflare for DNS, and you're using an "orange cloud" (proxy) setting. Click the orange cloud to turn off proxying (resulting in a grey cloud).

Q. I am having another issue post Cloudflare transition that's not answered here. What should I do?

A. That depends.

You can search the forum to see if anyone else has had the same issue as you.

If you can't find an answer here or there, submit a bug report.