Skip to main content
If you have an external proxy like Cloudflare or AWS CloudFront in front of your Vercel deployment, you must configure it properly to avoid conflicts with Vercel’s domain verification and SSL certificate provisioning. Improper proxy configuration can prevent Vercel from provisioning Let’s Encrypt SSL certificates and cause domain verification failures. See the supported providers in the Vercel documentation.

Required path allowlist

Your external proxy must allow traffic to these specific paths without blocking, redirecting, or heavily caching:
  • /.well-known/acme-challenge/* - Required for Let’s Encrypt certificate verification
  • /.well-known/vercel/* - Required for Vercel domain verification
  • /mintlify-assets/_next/static/* - Required for static assets
These paths should pass through directly to your Vercel deployment without modification.

Header forwarding requirements

Ensure that your proxy correctly forwards the HOST header. Without proper header forwarding, verification requests will fail.

Testing your proxy setup

To verify your proxy is correctly configured:
  1. Test that https://[yourdomain].com/.well-known/vercel/ returns a response.
  2. Ensure SSL certificates are provisioning correctly in your Vercel dashboard.
  3. Check that domain verification completes successfully.