If your site sits behind Cloudflare or another CDN, your domain points at the CDN, and the CDN fetches your content from your origin server. Migrating means changing where the CDN fetches from — not the more familiar nameserver switch. This guide covers the difference.
Why cutover is different with a CDN
Normally you cut over by pointing your domain at iWebVault. But with a CDN in front, your domain stays pointed at the CDN — visitors keep hitting it as before. What changes is the CDN’s origin: you tell the CDN to fetch your content from your new iWebVault server instead of the old one.
The cutover steps
- Migrate your account to iWebVault and verify it
- In your CDN dashboard, find the origin / DNS record that points at your old server’s IP
- Update that record to your new iWebVault server IP
- Purge the CDN cache so it fetches fresh from iWebVault
- Confirm the site loads correctly through the CDN
Watch the proxy and SSL interaction
With a CDN proxying your traffic, the visitor’s SSL connection terminates at the CDN, and there’s a second connection from the CDN to your origin. Make sure your iWebVault origin has a valid certificate (AutoSSL issues one once the origin is reachable) and that your CDN’s SSL mode is set to use a secure origin connection (commonly ‘Full’).
After cutover
Purge the CDN cache so stale pages from the old origin are cleared. Then test thoroughly through the CDN, since what you see is the CDN’s cached/proxied version. Keep the old origin live for a few days as your rollback path.
Two ways Cloudflare can be set up
Cloudflare commonly works one of two ways for your domain. Either it’s your DNS provider with proxied (orange-cloud) records, so your domain’s nameservers point at Cloudflare and it proxies traffic to your origin; or you use it purely as a CDN in front of a site whose DNS lives elsewhere. The cutover step differs slightly between them, but the principle is identical: update where Cloudflare fetches your content.
If Cloudflare manages your DNS
When Cloudflare is your DNS provider, your domain stays pointed at Cloudflare’s nameservers. Inside Cloudflare you change the A record (the proxied one) from your old server’s IP to your new iWebVault IP. Visitors keep reaching Cloudflare exactly as before; Cloudflare now pulls from iWebVault. Then purge the Cloudflare cache so it stops serving the old origin’s pages.
If Cloudflare is a CDN in front of external DNS
If your DNS is elsewhere and Cloudflare sits in front as a CDN, update the origin setting wherever that’s configured to your iWebVault IP, and purge. The exact location depends on your setup, but the goal is the same: the CDN must fetch from iWebVault, not the old server.
SSL with a proxy in front
With Cloudflare proxying, there are two encrypted hops: visitor-to-Cloudflare and Cloudflare-to-origin. Set Cloudflare’s SSL mode to a secure option (commonly ‘Full’) and make sure your iWebVault origin has a valid certificate — AutoSSL issues one once the origin is reachable on your domain. A mismatch here is a frequent cause of errors after a CDN-fronted migration.
- Migrate and verify your account on iWebVault
- Update the origin/A record in Cloudflare to the iWebVault IP
- Confirm Cloudflare SSL mode uses a secure origin connection
- Purge the Cloudflare cache
- Test the site through Cloudflare and watch for SSL or origin errors
What’s next
Still stuck? Our team can run or finish the migration for you — open a support ticket and we’ll take it from there.
Key takeaways
With a CDN like Cloudflare in front, your domain points at the CDN, not your server — so cutover means updating the CDN’s origin (or the proxied A record) to your iWebVault IP, then purging the cache. Set the CDN’s SSL mode to use a secure origin and ensure AutoSSL has issued on iWebVault. Never point the migration’s source at the CDN — it holds no backup; use your real origin.
Do I change my nameservers if Cloudflare manages my DNS?
No. Keep your domain on Cloudflare’s nameservers and instead change the proxied A record inside Cloudflare to your iWebVault IP. Visitors keep hitting Cloudflare, which now fetches from iWebVault. Purge the cache afterward so stale pages from the old origin are cleared.
Common mistakes to avoid
- Pointing the migration’s source at the Cloudflare/CDN hostname (it has no backup)
- Changing nameservers when Cloudflare is your DNS — change the A record instead
- Forgetting to purge the CDN cache after cutover
- Leaving the CDN’s SSL mode on an insecure origin setting
A CDN adds one layer to think about, but the logic stays simple: the migration reads from your real origin, and cutover updates where the CDN fetches from. Get the origin IP updated, the SSL mode secure, and the cache purged, and a CDN-fronted migration is as clean as any other.
When to let us handle it
If you’re unsure where your CDN’s origin setting lives, or your Cloudflare configuration is complex (page rules, workers, custom SSL), it’s worth letting us guide the cutover. We’ll confirm the right origin value to point at iWebVault, advise on the SSL mode, and help you verify the site through the CDN afterward. A CDN-fronted site has a couple of extra moving parts, and a short ticket ensures the origin update, the SSL handshake, and the cache purge all line up — so visitors keep hitting the CDN seamlessly while it quietly starts fetching from iWebVault.
Was this helpful?
Thanks for your feedback!
