All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What DNS provider are you using for online selling?
I have a project where I am helping a local shop owner set up a small site to sell select products & gift cards from his inventory. So, of course, certificates come into play.
I was considering using Cloudflare for DNS but, the choice is to either purchase a certificate from them for $5-10/month or pay $200/month for a business account, which allows us to use our own certificate.
I am concerned about using a Cloudflare cert on a site handling online transactions, versus using a cert from another certificate authority. Also, because the business is small, shelling out $200/month just to use Cloudflare Business, which allows us to use our own cert, would be foolish, especially given the minor cost of the cert itself.
I am just wondering what DNS providers people might be using with their sites that sell online. Also, I was wondering if anyone has any feedback on the use of Cloudflare's dedicated SSL service.
Comments
Why don't you use Lets Encrypt!?
CF
Cloudns.com very prem
Hey I use that
That's why I said it was prem sir haha
I am not sure about using Let's Encrypt for a site where a client is doing online sales. However, even apart from that, it appears that Cloudflare won't allow you to use a third-party certificate without a purchasing a business plan ($200/month).
https://www.dnsperf.com
Here the performance of the DNS if you need it
Well, you generate your cert, you control the keys, you can choose which param to use for the crypto in the config of your webserver. The issuer of the cert has little meaning, and most customers won't check that, anyway.
This might help.
https://community.cloudflare.com/t/lets-encrypt-and-cloudflare-how-to-set/66442/8
https://www.itechlogix.com/servers/using-letsencrypt-with-cloudflare-for-a-free-full-strict-ssl/
Only if you want to use their CDN. If you disable CDN (grey cloud) and use Cloudflare only for DNS, you can use whatever certificate you want.
Cloudflare is both DNS provider and reverse-proxy CDN (a third-party server between your client and your own server).
If you disable CDN, Cloudflare won't be in the play, your client will connect to your server directly. In all other scenarios, Cloudflare has access to all your client data. Installing your own certificate won't help if you don't want Cloudflare to have access to your client data. The only way to prevent that is to disable Cloudflare CDN.
From a technical standpoint, Let's Encrypt is probably the most secure because it forces you to update it frequently and automate the process. Other certificates are usually issued for several years and there are many mistakes to make!
Just please don't use CF, just use any other DNS provider and install your own SSL Cert on the server. Much better.
I think that's going to be the plan. I've had good experiences with Cloudflare but, I don't think it's the best fit for this project.
I don't think I've seen a single retail shopper give a fuck about who the SSL vendor is.
You do understand that most certificates will work just as same?
It's just encrypts the connections. Period. Using let's encrypt or Postive SSL is equally the same.
We use Rage4.
Why? Because they are pretty good and we are a reseller (we give out some zones and sell some with our Protection services) and get it at a good rate
Yep, no one cares what SSL vendor you are using. LetsEncrypt will be perfectly fine for you needs. Jeez I've seen a few big ecommerce stores use it. It does what it needs to do, secures the connections.
DNS host has nothing to do with what SSL CA you use.
I won't lie, I randomly check the SSL certificate of the websites I visit, but only so that I can get a little happy when I see a Let's Encrypt certificate (Chevrolet, DataPacket etc. use them). On the actual topic, Route53, Rage4 and ClouDNS are prem.
With Cloudflare, it can. If you want to use their protections, it will use a Cloudflare-issued cert secure traffic between the origin server and Cloudflare and, on the front-end, use a Universal (shared) Cloudflare cert to communicate between the browser and Cloudflare.
As some mentioned, there might be some ways to work around some of this but, generally, this is how Cloudflare seems to want it to work.
My initial queries were rooted in my concern about providers who might be able to offer some features similar to (or better than) Cloudflare without interfering with me using my own third-party certificate.
Get 3 VPSs, very small ones will do and shouldn't cost more than $10/mo (all together), install a DNS server of your choice and provide DNS to all your clients for a small fee.
And Bang you can use whatever SSL CA you like, even both, commercial ones and LE, don't need to trust any corporation like CloudF%#&! but have full control. And it's not even complicated.
Just use cloudflare dns only (grey cloud) and install your own ssl
Well, it's your choice to use CF for DNS only or for DNS + Proxying, they don't force you to MITM your SSL traffic: if some stuff matters for you enough that you want to have full control over the crypto use the "grey cloud" and CF for DNS only, it will work just fine! Sure they could easily MITM your traffic later on but any company with control over your DNS could as well.
This is probably the best solution if you want full control. The small VPSs can also be used as a secondary MX, backup boxes or whatever else you might need.
@jaypeesmith Let'sEncrypt and/or free CloudFlare ssl.
DNS via Cloudflare, or Hurricane Electric, or free Porkbun or Dynadot dns, or your own.
i use DO services and they are great.
It's very unusual for a DNS provider to do that. Cloudflare is mainly CDN, not a DNS provider. If you want a DNS provider with "protections", Cloudflare is probably your best choice.
Even when you pay for business plan, Cloudflare still has access to your communications. This is how their features work.
I know similar services to Cloudflare which can work without decrypting HTTPS traffic, but they don't provide DNS and I doubt that's as efficient.
... if you choose so. Grey cloud = DNS only = no access to your communications.
Seems nice, can it be used even if you have no active service with them? They appear to be using cloudflare IPs for this though, so it's anycasted and probably fast, but no privacy benefits vs using CF directly.
no need to purchase certificate with CF, use their DNS only don't cdn your DNS record, use their full strict ssl and use your own certificate
Understood. I wasn't really concerned about MITM. I was alluding to the fact that I can't use their proxying + my own cert without a business account. I've been using Cloudflare for several years, now. So, I've liked the proxying feature. However, as you indicated I'll have to decide if it's worth it versus turning it off an using my own cert.