Set up a subdomain on Cloudflare for Vercel

22 October 2025

In this post, I'll share the steps I followed to configure Cloudflare and Vercel with a subdomain for my blog.

🧭 Step 1: Add Subdomain in Vercel

Open the Cloudflare Dashboard → select your domain → DNS tab.
Add a new record like this:

Type	Name	Target	Proxy Status
`CNAME`	`blog`	`cname.vercel-dns.com`	DNS only (grey cloud)

Important: Turn off Cloudflare’s proxy (orange cloud).
The record must be DNS only so that Vercel can manage SSL and routing correctly.

Once saved, this tells browsers:

“When someone visits blog.sallydou.dev, send the traffic directly to Vercel’s network.”

Go back to your Vercel project → Settings → Domains.
Follow the recommendation displayed by Vercel:

Use the target value Vercel provides and paste it into the Target field in Cloudflare.
Refresh the page, and it should show Valid Configuration.

cname.vercel-dns.com is Vercel’s universal DNS endpoint.
It automatically handles:

This approach is preferred over older project-specific URLs like my-app.vercel.app, which can break if you move the domain between projects.

Even small DNS misconfigurations can cause major headaches.
Here are the three most common issues — and how to fix them.

When Cloudflare’s proxy is ON, traffic passes through Cloudflare first before reaching Vercel.

Both Cloudflare and Vercel try to handle SSL, which can cause:

Click the orange cloud in Cloudflare to turn it grey (DNS only).
Vercel will then handle HTTPS directly and reliably.

Some older guides recommend using Vercel’s IP address (76.76.21.21) with an A record.
That works for root domains, but not for subdomains.

Always use a CNAME record pointing to cname.vercel-dns.com.