Every Lumi domain is automatically connected to Cloudflare right after registration — SSL and baseline DDoS protection are on with no action needed.
What you can set in the bot
The Cloudflare settings section gives you:| Setting | Values |
|---|---|
| SSL mode | Off / Flexible / Full / Full (strict) |
| DDoS protection | Off / Low / Medium / High / Under Attack |
| Redirects | 301/302 to another domain |
| Purge cache | clear the Cloudflare cache after changes to your site |
If the domain’s NS aren’t on Cloudflare, the bot first offers to switch them automatically — without that, SSL, DNS, and redirects won’t work.
SSL modes
The mode determines the encryption on the Cloudflare ↔ your server leg.| Mode | When you need it |
|---|---|
| Off | HTTPS disabled. Almost never needed. |
| Flexible | No certificate on the server. Only as a stopgap. |
| Full | Self-signed or expired certificate. |
| Full (strict) | Valid certificate on the server. Recommended for production sites. |
DDoS protection
You set the level in Cloudflare settings:| Level | When to enable |
|---|---|
| Off | Protection disabled. Not recommended. |
| Low / Medium / High | Baseline filtering. The higher the level, the stricter the checks on suspicious traffic. |
| Under Attack | During an active attack: every visitor sees a short challenge before entering. |
Redirects
Cloudflare settings → Redirects → Add. Target domain withhttps://, code 301 (permanent, recommended) or 302 (temporary).
Make sure there's an A record
A redirect only works if the domain has an A record. For Lumi domains, the bot creates it for you.
If there's no server
If the domain is in your own Cloudflare account and there’s no server, create an A record on the root with the address
192.0.2.1 (a documentation IP from RFC 5737 — it leads nowhere, but Cloudflare accepts it as valid).Connecting an external domain to Cloudflare
Lumi domains are already on Cloudflare. If a domain was bought elsewhere, connect it manually:Add the site
At dash.cloudflare.com → Add a site → enter the domain → choose the Free plan.
Change the NS at your registrar
Set these NS at the domain’s current registrar. Propagation usually takes 10–30 minutes, sometimes up to 24 hours.
Want to host a static site or landing page? Run it on a VPS or build it in your own Cloudflare Pages account, then point the domain at it via DNS or a redirect. There’s no in-bot site upload.
Fine print
HSTS — be careful
HSTS — be careful
Your own SSL instead of Cloudflare
Your own SSL instead of Cloudflare
Want end-to-end encryption with your own certificate, no middleman? In DNS settings, turn off proxying on the relevant record — the orange cloud turns grey. You lose the cache, IP hiding, and some of the protection, but you can install your own certificate. How to install it — SSL and Let’s Encrypt.
Advanced settings live in your own account on cloudflare.com. Errors like 521 / 522 / 525 are covered on the Domain not working page.
DNS records
A, CNAME, MX, TXT, and TTL values.
Domain not working
A diagnostic checklist for DNS and Cloudflare errors.