cloudflare ssl

H

hostgliders

New member
Is there anybody using cloudflare ssl . Can it be compared to Cpanel's Lets and encrypt in terms of working and no cost?:shh:
 
I have installed it on 4 websites and have had NO ISSUES.

It is 100% free.

These websites are "blog" or "informational" type websites, and not running ecommerce transactions. For those, we still advise our business clients to get an EV SSL - spend the money and make an impression.
 
bigredseo said:
I have installed it on 4 websites and have had NO ISSUES.

It is 100% free.

These websites are "blog" or "informational" type websites, and not running ecommerce transactions. For those, we still advise our business clients to get an EV SSL - spend the money and make an impression.
Click to expand...

It would be great if you can let me know the steps involved in ordering and setting up cloudflare ssl . so , a cloudflare account is enough to do that? :shaky:
 
AutoSSL and Lets Encrypt are awesome features and many of our clients started using them! I Didn't know CloudFlare was providing a similar service. :thumbup:
 
the thing is all these services that are now offering Free SSL certs cost webhosts revenue as will clients purchase a basic SSL from your if they can get 1 free.
 
hostgliders said:
It would be great if you can let me know the steps involved in ordering and setting up cloudflare ssl . so , a cloudflare account is enough to do that? :shaky:
Click to expand...

Basic steps;

Get a cloudflare account
If on Apache, verify mod_cloudflare is installed
If on Ngix, there's other options needed, BUT
If the client uses WordPress on Ngix, install cloudflare plugin and it takes care of things.
Set cloudflare to use Flexible SSL
Enable HTTPS redirects
I also use HSTS, but that many not be necessary for others

and that's really about it. There are really limited steps to get it up and running.

From a browser end of things, it redirects to HTTPS and says "Secure" in the browser bar. While not branded with company information, it gets the job done.

My site with Cloudflare SSL - https://www.conortreacy.com
Business Site (EV SSL) - https://www.bigredseo.com

You'll see the difference in the browser address bar listing the company information on our business account. Any clients we work with for marketing, we strongly recommend using an EV SSL for further branding and security reinforcement.
 
Nothing can beat LetsEncrypt it's free and easy to set-up the only downside is it's only valid for 30 days to a year. Then you have to renew it. I've never recommended CloudFlare as it looks too good to be true but it's a pain in the arse.
 
Licensecart said:
Nothing can beat LetsEncrypt it's free and easy to set-up the only downside is it's only valid for 30 days to a year. Then you have to renew it. I've never recommended CloudFlare as it looks too good to be true but it's a pain in the arse.
Click to expand...

with WHM/cpanel 60 LetsEncrypt is dead in the water as cpanel provide autoSSL which once enabled will give all accounts on the server a free DV SSL certificate unless an account already has an SSL and this will autorenew these without any need on your part.
 
Here's my thoughts on it;
You can use a self-encrypted certificate, and it *DOES* encrypt the session. There are the free/recurring ones and they're perfectly fine too.

For Cloudflare, the big thing that it has going for it is that not only do you get the SSL, but you also get the CDN, and this is HUGE. I've always run CDN's on websites, whether it's MaxCDN, Akami or AmazonWS. Speed is critical on websites.

The only time I don't use a CDN is when I'm targeting a specific area and the servers are located in that area. CDN's are all about decreasing the response times, but kick in CloudFlare's FREE SSL, and FREE CDN, and you have a winner on your hands.
 
We thought long and hard about whether to use LetsEncrypt and starting using it before our C'Panel supported it.
As easyhostmedia states, it is a loss of revenue for the host. We haven't sold any SSL certificates in ages, but I wonder how many customers we might have lost to our competitors if we hadn't started using it.
I know for certain that several of our customers came specifically for LetsEncrypt when we first started.

I think an EV certificate is always a worthwhile edition to any online retail site where the goods have any value, purely as it shows that the certificate issuer has taken the time to verify who the site owner is.

At this point, however, I have no plans to offer them myself.
 
I sell many Comodo Positive and RapidSSL certificates which these sales have reduced since cpanel brought in their AutoSSL feature which is set as enabled by default.

You have just got to try and convince users that a paid SSL is far better than the free DV SSLs
 
hostgliders said:
Is there anybody using cloudflare ssl . Can it be compared to Cpanel's Lets and encrypt in terms of working and no cost?:shh:
Click to expand...

I have used CF ssl before and found un useful because in terms of security cf's ssl is not up to the mark. Cpanel's Let's and encrypt is much better option. I wouldn't recommend cloudflare's ssl
 
Keep in mind that the SSL being provided by cloudflare is a shared wildcard ssl furthermore the provide ssl for connections to the origin so in reality it is not a full SSL connection from end user to the CDN.
 
I've been using CloudFlare SSL for years now with no problems at all. It doesn't expire for 15 years either.

Aside from EV SSL certs, there's really no point in paying anymore.
 
Here's the thing with these 'free SSL' setups

If you run something like a blog, app, game, whatever, they're just fine. There's no need to actually identify that you own the certificate, that you purchased the certificate, that's great and good.

If, however, you actually intend on getting money from someone, you need to have a real certificate, purchased from a vendor, not issued by cloudflare, cpanel, etc. It's quite easy to tell the difference, and if you're going to cheap out on getting a certificate, why should someone pay you any $$$ in the first place?
 
Yes! cloudflare provides good addon service for secure access between client and website. I recommend to install cloudflare SSL on your site to secure the access. It is best service.
 
One thing I did notice the other day that they don't support the (not very secure) leftover encryption in Chrome/IE on XP with their default certs. While one would say that it wouldn't be the best idea to support this either way I've seen statistics say up to 7% are still using XP now. :/
 
You must log in or register to reply here.

Supporters

Back
Top