Cloud Flare and SSL

richie · May 11, 2020

A question for those of you in the know, I have a number of websites and due to Covid I have moved them all to a better server. This for one thing has allowed me to try SSL for free using cloudflare. Anyone here in the "know" can think of a reason I should not use cloudflare?
So far it works, except one site I had to remove a slider system.
My emails all seem to work too.
I just followed a simple youtube video and had it running SSL in a matter of minutes.

Too good to be true? Seeing as hosts seem to ask a fortune to turn this on..

AberdeenAngus · May 11, 2020

Remember...if it’s free, then you are the product.

er-minio · May 11, 2020

A question for those of you in the know, I have a number of websites and due to Covid I have moved them all to a better server. This for one thing has allowed me to try SSL for free using cloudflare. Anyone here in the "know" can think of a reason I should not use cloudflare?

Where are the websites hosted?
AWS or somewhere else?

There is a number of providers that will give you a free certificate.

Remember...if it’s free, then you are the product.

Nah. A decent amount of AWS services have a free tier amount before they start billing.
I use SNS notification to keep email forwarding from old email aliases I'm slowly "letting die" and I've consistently been below the threshold, so didn't pay a dime for that (I do pay for the other services I use on AWS).

richie · May 11, 2020

er-minio said:
Where are the websites hosted?
AWS or somewhere else?

There is a number of providers that will give you a free certificate.

Register365 is the host, they charge for SSL certificates, Cloudflare actually "shares them" I put that in Quotes on purpose. I am not selling anything, and I am not asking for people to give me any data, it's just annoying the Chrome message "Not secure"

er-minio · May 11, 2020

it's just annoying the Chrome message "Not secure"

That's since 2018!
Have a look at https://letsencrypt.org/

richie · May 11, 2020

I know, but it's only now I have been able to do anything about it. Yes let's encrypt saw that before, cloudflare is just so easy though. Unless someone can tell me why I should not use their system, I'm happy with that.

er-minio · May 11, 2020

I don't see any drwawbacks.
But also, I'm not a it, dev or devops person. So I'd wait for someone with more experience to chip in.

Evilsi · May 11, 2020

SSL (TLS to be technically correct) can be trusted as much as the org who signs the top level certificate (Certificate Authority), so if its Symantec or Commodo then maybe not... LetsEncrypt are ok for free, they enforce cert expiry every 3 months but for a standard site with no PPI they are ok. If you collect personal information (Cart site) then you really should have a EV cert. Cloudflare essentially add your domain to the SAN (Subject alternative Name) of their existing certs which makes your site appear that it has a certificate. In reality they are acting as a load balancer and offloading the TLS. They charge for DOS mitigation and DNS services and they work on the basis your site may need that assistance at some point.

AWS did free tiers until Covid made an appearance, now they don't do new ones.

sanufans · Jun 12, 2020

You have to update the certificate from time to time if using Let's Encrypt free SSL. I have no issue running Cloud SSL on one of my sites. However, I am using Positive SSL which is cheap ($5.99/yr).

richie · Jun 26, 2020

Had to give up on cloudflare, not their fault more my host. Anyway moved on to ZEN SSL plugin and Let's Encrypt all working fine.

Cloud Flare and SSL

richie

Well-known member

AberdeenAngus

Registered user

er-minio

Well-known member

richie

Well-known member

er-minio

Well-known member

richie

Well-known member

er-minio

Well-known member

Evilsi

Active member

sanufans

Registered user

richie

Well-known member

Similar threads