TLDR if you are going to use netlify for static site hosting and you care about using https, you have to use Netlify DNS as well.
You are a smart developer and are already using cloudflare dns for your domain. In fact you already have bunch of dns entries set in cloudflare for your domain.
Now you want to use your domain or subdomain for your static website hosted on netlify also care about using https.
You add some cname entries in cloudflare dns entries to point to your netlify url. Based on netlify documents, you disable "Proxied" option and just use "DNS only" on cname dns entry.
After that you try to resolve your domain, it's ok but not secure.
Now you go to netlify website and your site setting and trying to use letsencrypt certificate for your url, and netlify complains that it cannot do that. In order to do that netlify wants you to use netlify's dns hosting rather than cloudflare's.
Since you prefer to stay with cloudflare, you try to think of a solution. You figure out you can use an Origin Certificate for communication between cloudflare and netlify provided that you use cloudflare's CDN, i.e. enabling "Proxied" in CNAME dns entry on cloudflare that redirects to netlify. You figure out the steps to do that, and after setting up you see that is works.
Then you become more curious what could go wrong if you use Cloudflare's CDN (having Proxied on CNAME entry), and figure out in netlify's forum that a lot could go wrong.
No you think for yourself, what can I do?
You figure out you have few options:
- Totally forget about using netlify
- Use Cloudflare's CDN and live with issues that may rise with netlify
- Use netlify dns hosting
I chose option 3.
If you think you are smart and you can use DNS delegation, keep in mind that:
Netlify DNS does not support subdomain delegation and can be used for apex domains only. In other words, you can't have your domain's nameservers on another service, then use our nameservers for a specific subdomain only.
Now, if you decide to use netliify dns hosting for your domain (apex domain), and think of using cloudflare dns hosting for a subdomain domain of yours, you can. It tried it myself and it works. Set ns record for the subdomain you want in netlify dns settings to point to cloudflare's, no in cloudflare dns setting panel, do the configuration for that domain.
Netlify domain setting does not let you delete some entries in domain setting, even though you have delete those entries from all your sites. This is a bug with netlify.