The moment you register your custom domain with Bubble and Cloudflare, your domain is registered with both services. In order for it to work correctly, Cloudflare needs to validate that your DNS entries point to their servers.
When you update your DNS records (adding, removing, or renaming a record), the length of time they stay available is determined by the record's TTL (time-to-live) value.
Let's say you change a record at your registrar, and that record has a TTL of 1 hour. After 1 hour, you can be certain that that server is reporting your new record to the internet. However, there are many name servers on the internet, and all of them will need to have your most up-to-date record. On average, you can expect your records to be broadcast across the internet within twice the length of your TTL. So if your TTL is 1 hour, expect your record to be everywhere after 2 hours.
Once your record has been updated everywhere, Cloudflare will be able to verify that you own the domain, and your app will become active.
Name server (NS) records are different from CNAMEs and A records in that they can take quite a bit longer to update. Typical TTL (time-to-live) values for NS records are on the order of 12-24 hours. If your NS records haven't fully updated across the internet yet, a user who types your custom domain into their browser could hit either your new name server, or your old name server, unpredictably.
To avoid this, copy your existing DNS records (A, CNAME, TXT) over to your new name server and don't change them for at least 24 hours after changing name servers.
If you're having problems that you think might be caused by Cloudflare, you can temporarily disable Cloudflare by changing your DNS records from
CNAME app.bubble.io to the A record you were previously assigned.
When you've identified what the problem was and are ready to turn Cloudflare back on, delete the A record and replace it with the CNAME/ALIAS Bubble provided you.
If you click on "Advanced" and then look at the certificate details, and the certificate is of the form
ssl123456.cloudflare.net, your DNS entry is pointing to the correct place, but Cloudflare has not validated your domain yet. Please wait an hour and check again.
A2. You are using URL Redirection (or Forwarding) and your users are trying to load an invalid domain name.
There are four combinations of urls your users could use to reach your domain: https + www, http + www, https + bare, and http + bare. If you have configured URL Redirection (for instance, from
www.example.com), your users will get redirected to your app when they type in
However, if your users type https://example.com, or if they have that url in their browser's history, they may get a generic certificate from your DNS provider that does not match your custom domain. Since the names don't match, your users may think your site is broken.
A records are always of the form
www A 123.456.78.90. A records must direct to an IP address, which is four numbers separated by periods.
Bubble custom domains route to another domain name. Most commonly, this record is
app.bubble.io. In order to configure your domain records for Bubble, you must use a CNAME record, or an ALIAS. ALIAS records are not supported by every registrar, so you may have to change your name servers.
You can only have one domain record (of certain types) for each named resource. For instance, if you have an A record for
www, you will either need to edit it and change it to a CNAME, or delete it and create a CNAME in its place.
(All three record types behave mostly identically, although bare domain CNAMEs will prevent you from creating other record types, such as MX records.)
Bare domain CNAME:
- CloudFlare—has a free tier plan. When configuring this you MUST use the DNS only setting ("grey cloud") or you will get 1014 errors.
The first, to check to see if your domain records have propagated, is the Google DNS lookup tool.
When you've changed your domain records, you can go to the CNAME tab to check to see if your CNAME has propagated.
Then, you can go to the A record tab to check to see if your alias records have propagated. Hit return multiple times to see what records come back; if you see the same records come back consistently, then your records have propagated.
mywebpage.us. 299 IN A 220.127.116.11 mywebpage.us. 299 IN A 18.104.22.168
Cloudflare serves a page on a certain route on every site hosted on their domain at
/cdn-cgi/trace. You can see bubble's page at bubble.io/cdn-cgi/trace; replace 'bubble.io' with your own custom domain (once it loads) to see if it's working.
The output should look somewhat like this:
fl=xxxxx h=bubble.io ip=xxx.xxx.xxx.xxx ts=1572657558.41 visit_scheme=http uag=Mozilla/5.0 [...] colo=EWR http=http/1.1 loc=US tls=off sni=off warp=off
Q. I've followed all the instructions here, and I still get "This Connection is Not Secure." What gives?
A. It's possible that we cannot issue SSL certificates on your domain. You will have to remove your CAA record and try again.
Go to the Google DNS lookup tool's CAA tab and check to see if your bare domain (e.g.
example.com) has a CAA record. A CAA record restricts which certificate providers can issue certificates for your domain. (Only about 1% of Bubble apps have a CAA record.)
For instance, when you look up
google.com with this tool, you can see the following record:
id 61662 opcode QUERY rcode NOERROR flags QR RD RA ;QUESTION google.com. IN CAA ;ANSWER google.com. 21599 IN CAA 0 issue "pki.goog" ;AUTHORITY ;ADDITIONAL
This means that only
pki.goog is allowed to issue certificates for sites across the
SSL Certificate issuance is a critical part of making your site work on Bubble and Cloudflare, so if you find a CAA record, delete it. Your site should begin working in a matter of minutes.
If you are a Legacy Customer who wasn't using SSL prior to switching over to Cloudflare, some of Bubble's servers won't have your updated certificate available to them. A 525 error happens when the Origin Server (where your app is hosted on Bubble) serves nonsecure content (http) to a server that is expecting secure content (https). We refresh your SSL and certificate settings on all servers once per hour, so if you've recently changed your settings wait and try again.
You can search the forum to see if anyone else has had the same issue as you.
If you can't find an answer here or there, submit a bug report.