Transferring a Domain from Squarespace to Cloudflare

Published: May 18, 2026

Background

Back when Google Domains was a thing, I happily registered my domain there. It was simple, reasonably priced, and just worked.

Then Google sold the whole operation to Squarespace in 2023.

I’m not a Squarespace customer. I just had a domain parked there for my GitHub Pages site. And over time, I never saw myself using other Squarespace products.

I’d been meaning to move it to Cloudflare Registrar — where domains are at-cost with no markup. This would put me in a familiar ecosystem (as a ex-Cloudflare employee). This post is the walkthrough I wish I’d had.

The Architecture

My setup was simple:

Domain: registered at Squarespace
DNS: Squarespace’s nameservers
Hosting: GitHub Pages (static site, custom domain)
Email: none (just the domain)

The goal: move both DNS management and domain registration to Cloudflare, with zero downtime for the GitHub Pages site.

I also packaged this workflow as a reusable AI skill so coding agents can walk through the same steps, check DNS propagation, and handle gotchas automatically.

The Core Insight: DNS First, Registration Later

The most important thing to understand: DNS and registration are separate.

You can manage DNS with Cloudflare months before you transfer the actual registration. The domain stays registered at Squarespace; you just point its nameservers at Cloudflare. This means:

Phase 1: Set up DNS at Cloudflare, switch nameservers, verify site works
Phase 2: Transfer the registration to Cloudflare

Doing it in this order means zero downtime. The site stays live throughout.

Phase 1: DNS Handover

Step 1: Add the domain to Cloudflare

Created a Cloudflare account, clicked “Add a Site”, entered my domain. Cloudflare scanned the existing DNS records and imported them.

Step 2: Fix the DNS records for GitHub Pages

This is where the biggest gotcha lives.

Cloudflare imports your records with the “proxied” (orange cloud) setting by default. For GitHub Pages, this will break HTTPS.

GitHub Pages uses Let’s Encrypt to issue TLS certificates for custom domains. Let’s Encrypt does an HTTP-01 challenge — it makes a request to your domain and checks for a specific response. If Cloudflare is proxying the traffic, it terminates the TLS and responds on behalf of your origin. GitHub never sees the challenge request, and the certificate fails to issue.

The fix: set all A records pointing to GitHub Pages to DNS Only (gray cloud).

The correct records for GitHub Pages apex domain:

Type	Name	Value	Proxy
A	@	185.199.108.153	DNS only
A	@	185.199.109.153	DNS only
A	@	185.199.110.153	DNS only
A	@	185.199.111.153	DNS only

There’s also an optional domain verification TXT record that should be carried over: _github-pages-challenge-<your-username>.

Step 3: Disable DNSSEC (critical!)

Do not skip this. DNSSEC was enabled by default on Squarespace. If you switch nameservers without disabling DNSSEC, some DNS resolvers will reject Cloudflare’s responses, and your site becomes unreachable for those users.

In Squarespace: Domains → your domain → Advanced Settings → toggle DNSSEC off.

Step 4: Switch nameservers

In Squarespace: Domains → your domain → Nameservers → switch from Squarespace default to Cloudflare’s custom nameservers.

Cloudflare gives you two nameservers during the “Add a Site” flow that look like something.ns.cloudflare.com and something-else.ns.cloudflare.com.

After saving at Squarespace, Cloudflare takes a few minutes to hours to show the domain as Active.

Step 5: Re-trigger GitHub Pages cert

Go to your repo → Settings → Pages. The DNS check should now run automatically. If it passes, GitHub will request a Let’s Encrypt certificate for your domain.

If the DNS check fails or “Enforce HTTPS” is greyed out:

Click Remove next to your custom domain
Re-enter the domain
Click Save
This re-triggers the DNS check and cert issuance

If it’s still failing after hours, double-check: are your A records gray cloud? That’s the root cause 90% of the time.

Phase 2: Registration Transfer

Once the site is live on Cloudflare DNS and HTTPS is working, it’s time to move the registration itself.

Step 1: Prepare at Squarespace

Unlock the domain:

Turn off Domain Lock
Turn off WHOIS Privacy
Confirm DNSSEC is still off

Step 2: Get the auth code

In Squarespace: Domains → your domain → … menu → Send Transfer Authorization Code.

This sends an EPP (authorization) code to the domain’s registrant email. This took over 2 hours to arrive in my case. Be patient.

Step 3: Initiate the transfer at Cloudflare

In Cloudflare Dashboard → Domain Registration → Transfer Domains:

Select your domain
Paste the authorization code
Confirm your contact information
Pay the transfer fee

Cloudflare charges at-cost — roughly the ICANN fee + one year registration extension. There’s no markup.

Step 4: Wait (and optionally expedite)

Squarespace holds the domain for up to 5 days by default. You can speed this up:

Check your email for a transfer-out confirmation from Squarespace. Click the approval link (or respond in the Squarespace dashboard). This tells Squarespace to release the domain immediately instead of waiting the full 5 days.

Step 5: Clean up

Once Cloudflare shows the domain as registered (check Domain Registration → Manage), go back to Squarespace and delete the domain from the dashboard. Otherwise it’ll still show up as managed there.

Recap of Hidden Gotchas

Gotcha	What happens	Fix
A records proxied (orange cloud)	Let’s Encrypt can’t issue cert — “Unavailable for your site” in GitHub Pages	Set to DNS only (gray cloud)
DNSSEC still on at old registrar	DNS resolution fails after nameserver switch	Disable DNSSEC before switching nameservers
Auth code takes hours	You’re stuck waiting	Check spam folder, be patient
60-day ICANN lock	Transfer rejected at Cloudflare	Wait 60 days since last WHOIS change or transfer
No nameserver control at old registrar	Can’t point DNS to Cloudflare	Need intermediate transfer (Squarespace usually allows it, but Shopify/Wix don’t)

Final State

After the dust settles:

Registrar: Cloudflare (at-cost, no markup)
DNS: Cloudflare (free plan, DNS-only for GitHub Pages records)
Hosting: GitHub Pages (unchanged)
Cost: ~$12/year for .com domains (ICANN fee only)

The site never went down during the entire process. The DNS handover was seamless because both old and new nameservers served the same records. The only real delay was waiting for the auth code email and the 5-day transfer hold.

Why Not Cloudflare Pages?

During this process I also looked at migrating the site itself to Cloudflare Pages. GitHub Pages works fine for me, so I kept it. If you’re already going through this migration, Cloudflare Pages is a compelling alternative — free tier, global CDN, automatic HTTPS, and you can use the proxied (orange cloud) setup since Cloudflare owns both the DNS and hosting layers.

That said, this same DNS pattern applies regardless of what you’re hosting. Static site, web app, API, blog — the DNS-first, registration-later approach is universal.