hostgliders
New member
Is there anybody using cloudflare ssl . Can it be compared to Cpanel's Lets and encrypt in terms of working and no cost?:shh:
cloudflare ssl
- Thread starter hostgliders
- Start date
I have installed it on 4 websites and have had NO ISSUES.
It is 100% free.
These websites are "blog" or "informational" type websites, and not running ecommerce transactions. For those, we still advise our business clients to get an EV SSL - spend the money and make an impression.
It is 100% free.
These websites are "blog" or "informational" type websites, and not running ecommerce transactions. For those, we still advise our business clients to get an EV SSL - spend the money and make an impression.
hostgliders
New member
It would be great if you can let me know the steps involved in ordering and setting up cloudflare ssl . so , a cloudflare account is enough to do that? :shaky:
easyhostmedia
Well-known member
the thing is all these services that are now offering Free SSL certs cost webhosts revenue as will clients purchase a basic SSL from your if they can get 1 free.
Basic steps;
Get a cloudflare account
If on Apache, verify mod_cloudflare is installed
If on Ngix, there's other options needed, BUT
If the client uses WordPress on Ngix, install cloudflare plugin and it takes care of things.
Set cloudflare to use Flexible SSL
Enable HTTPS redirects
I also use HSTS, but that many not be necessary for others
and that's really about it. There are really limited steps to get it up and running.
From a browser end of things, it redirects to HTTPS and says "Secure" in the browser bar. While not branded with company information, it gets the job done.
My site with Cloudflare SSL - https://www.conortreacy.com
Business Site (EV SSL) - https://www.bigredseo.com
You'll see the difference in the browser address bar listing the company information on our business account. Any clients we work with for marketing, we strongly recommend using an EV SSL for further branding and security reinforcement.
Licensecart
New member
Nothing can beat LetsEncrypt it's free and easy to set-up the only downside is it's only valid for 30 days to a year. Then you have to renew it. I've never recommended CloudFlare as it looks too good to be true but it's a pain in the arse.
easyhostmedia
Well-known member
with WHM/cpanel 60 LetsEncrypt is dead in the water as cpanel provide autoSSL which once enabled will give all accounts on the server a free DV SSL certificate unless an account already has an SSL and this will autorenew these without any need on your part.
Here's my thoughts on it;
You can use a self-encrypted certificate, and it *DOES* encrypt the session. There are the free/recurring ones and they're perfectly fine too.
For Cloudflare, the big thing that it has going for it is that not only do you get the SSL, but you also get the CDN, and this is HUGE. I've always run CDN's on websites, whether it's MaxCDN, Akami or AmazonWS. Speed is critical on websites.
The only time I don't use a CDN is when I'm targeting a specific area and the servers are located in that area. CDN's are all about decreasing the response times, but kick in CloudFlare's FREE SSL, and FREE CDN, and you have a winner on your hands.
You can use a self-encrypted certificate, and it *DOES* encrypt the session. There are the free/recurring ones and they're perfectly fine too.
For Cloudflare, the big thing that it has going for it is that not only do you get the SSL, but you also get the CDN, and this is HUGE. I've always run CDN's on websites, whether it's MaxCDN, Akami or AmazonWS. Speed is critical on websites.
The only time I don't use a CDN is when I'm targeting a specific area and the servers are located in that area. CDN's are all about decreasing the response times, but kick in CloudFlare's FREE SSL, and FREE CDN, and you have a winner on your hands.
We thought long and hard about whether to use LetsEncrypt and starting using it before our C'Panel supported it.
As easyhostmedia states, it is a loss of revenue for the host. We haven't sold any SSL certificates in ages, but I wonder how many customers we might have lost to our competitors if we hadn't started using it.
I know for certain that several of our customers came specifically for LetsEncrypt when we first started.
I think an EV certificate is always a worthwhile edition to any online retail site where the goods have any value, purely as it shows that the certificate issuer has taken the time to verify who the site owner is.
At this point, however, I have no plans to offer them myself.
As easyhostmedia states, it is a loss of revenue for the host. We haven't sold any SSL certificates in ages, but I wonder how many customers we might have lost to our competitors if we hadn't started using it.
I know for certain that several of our customers came specifically for LetsEncrypt when we first started.
I think an EV certificate is always a worthwhile edition to any online retail site where the goods have any value, purely as it shows that the certificate issuer has taken the time to verify who the site owner is.
At this point, however, I have no plans to offer them myself.
easyhostmedia
Well-known member
I sell many Comodo Positive and RapidSSL certificates which these sales have reduced since cpanel brought in their AutoSSL feature which is set as enabled by default.
You have just got to try and convince users that a paid SSL is far better than the free DV SSLs
You have just got to try and convince users that a paid SSL is far better than the free DV SSLs
HosterDaddy
New member
I have used CF ssl before and found un useful because in terms of security cf's ssl is not up to the mark. Cpanel's Let's and encrypt is much better option. I wouldn't recommend cloudflare's ssl
easyhostmedia
Well-known member
letsencrypt is not cPanels, they are a different company that has a cPanel plugin which with WHM version 60 you don't need as cPanel have their own system AUTOSSL
HostaPolis
Member
I've been using CloudFlare SSL for years now with no problems at all. It doesn't expire for 15 years either.
Aside from EV SSL certs, there's really no point in paying anymore.
Aside from EV SSL certs, there's really no point in paying anymore.
easyhostmedia
Well-known member
what rubbish
As a host that is running a business and offer SSL services, why should we encourage users to use free SSL which reduces our revenue
whmcsguru
Active member
Here's the thing with these 'free SSL' setups
If you run something like a blog, app, game, whatever, they're just fine. There's no need to actually identify that you own the certificate, that you purchased the certificate, that's great and good.
If, however, you actually intend on getting money from someone, you need to have a real certificate, purchased from a vendor, not issued by cloudflare, cpanel, etc. It's quite easy to tell the difference, and if you're going to cheap out on getting a certificate, why should someone pay you any $$$ in the first place?
If you run something like a blog, app, game, whatever, they're just fine. There's no need to actually identify that you own the certificate, that you purchased the certificate, that's great and good.
If, however, you actually intend on getting money from someone, you need to have a real certificate, purchased from a vendor, not issued by cloudflare, cpanel, etc. It's quite easy to tell the difference, and if you're going to cheap out on getting a certificate, why should someone pay you any $$$ in the first place?
ScopeHosts
Account Disabled
Yes! cloudflare provides good addon service for secure access between client and website. I recommend to install cloudflare SSL on your site to secure the access. It is best service.
One thing I did notice the other day that they don't support the (not very secure) leftover encryption in Chrome/IE on XP with their default certs. While one would say that it wouldn't be the best idea to support this either way I've seen statistics say up to 7% are still using XP now. :/
easyhostmedia
Well-known member
why should they support XP when Microsoft stopped XP support in 2014.
This is the result of using XP
http://www.wired.co.uk/article/nhs-cyberattack-ransomware-security
Latest posts
-
-
Docker Containers vs. Traditional VMs for Development
- Latest: ScrumMeeting
-
-
What are tasteful ways to promote a dedicated hosting service?- Latest: Greenhost.cloud
-
Forum supporters
Save 37% Off Plesk License
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Up to 30% Off on KVM VPS
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com