Free SSL for Your Website @ CloudFlare

610

Go to Deal

LMountainSpring on 29/09/2014 - 23:02 cloudflare.com (1335 clicks)
Last edited 29/09/2014 - 23:05 by 1 other user

Long time reader, first time poster. Save yourself ~$80 a year by getting a free SSL protection from CloudFlare.

Great for small businesses who want to minimise costs!

"CloudFlare is on a mission to build a better Internet. One of the ways we’re achieving this is by bringing the tools of the Internet giants to everyone. Today, in an effort called Universal SSL, we’re enabling SSL by default for all our customers—even those on our Free plan."

The Verge did an article here: http://www.theverge.com/2014/9/29/6862695/cloudflare-just-ad…

Related Stores

CloudFlare

• 

  AlanI on 29/09/2014 - 23:40

  +4

  Damn CloudFlare is awesome.

• 

  kapone on 30/09/2014 - 00:01

  Awesome news.

  Remember however that network appliances exist that can monitor SSL traffic via certificate substitution, so SSL should never be considered a silver bullet. This is still a great step forward however. SSL by default increases the cost and effort of surveillance, and is a simple way to protect yourself from simple network monitoring.

• 

  Kugz on 30/09/2014 - 00:28

  +1

  I am setting up a storefront for a friend of mine and I figured that I would need to get an SSL Cert for it (as it'll accept payment info).

  Would this work? Or would paying the money for a cert from another company be worth it.

  The website is hosted on VentraIP (just in case that matters).

  • 

    Indomietable on 30/09/2014 - 09:52

    +1

    Yes, its worth it.

    Cloudflare host your DNS with anycast technology for free, terminate your SSL, cache static content, and filter the bad guys. Ask ventraIP to move your server to sydney so it will be within the same data centre to get better response time.

  • 

    [Deactivated] on 30/09/2014 - 12:00

    Will you be accepting payments directly or through a 3rd party? If it's through a third party they'll protect the billing information anyway, and Cloudflare will add some SSL for the store, and it's probably all good for a small project.

    If you're accepting payments information yourself (!) then you'd want a SSL cert anyway. Cloudflare will only protect the connection from the user to Cloudflare server, from there it will go back to normal HTTP and be in clear text (of course it's much harder for someone to eavesdrop at this point, but still shouldn't let a customers credit card ever be sent in clear text).

    • 

      ryang on 30/09/2014 - 12:05

      +2

      If you're accepting payments information yourself

      Considering how many payment gateways are available nowadays, I don't know why anyone would risk it.. :S

      If you are - look at offloading it to PayPal, Swipe, etc. Anything would be better than DIY!!

• 

  elusive on 30/09/2014 - 05:00

  +5

  You're not really saving $80. SSL certs can be had for $9/yr. Actually, StartSSL is free.

  That said, it's nice that CF is offering certs.

  • 

    howbazaar on 30/09/2014 - 06:10

    +3

    Isn't the added bonus that you get to use their CDN over SSL? That sort of thing usually costs a bit more.

    • 

      elusive on 01/10/2014 - 09:15

      Probably - I've never used CF before, so I'm unsure what their previous SSL plans were. I was more referring to the cost of just enabling SSL on an existing site, which is more-or-less free with most hosts.

  • 

    ryang on 30/09/2014 - 07:10

    +3

    StartSSL has an interesting track record.. I wouldn't use them for anything non-personal.

    Saying that though, SSL's are cheap - certainly not $80 for a basic one.

  • 

    scotty on 30/09/2014 - 08:46

    I have been getting my PositiveSSL for around $4 USD per year. However free beats everything, if you are fine to be on CloudFlare's ip range.

    • 

      Elijha on 30/09/2014 - 12:45

      Can you give more details on this .. positivessl.com seems to show $49/y as it price… whihc is not as good as $4

      • 

        [Deactivated] on 30/09/2014 - 12:58

        +1

        Namecheap resells them for $9/yr

        https://www.namecheap.com/security/ssl-certificates/comodo/p…

        I think every so often other resellers have better deals.

      • 

        Doggins on 30/09/2014 - 13:18

        @Buzzard:

        Thanks! just got one !

        an ozbargain within an ozbargain

      • 

        ryang on 30/09/2014 - 14:49

        @Buzzard: Namecheap have the best support IMO, so I use them regularly, but they aren't the cheapest;

        https://cheapsslsecurity.com/
        https://www.ssls.com/ (Used to be cheapssl)

        On the positive side though, Namecheap have always price matched the other guys, so if you want to support a good company and get the cheapest prices… ;)

      • 

        scotty on 30/09/2014 - 15:49

        +1

        GoGetSSL. Price in USD:

        • $5.95 1 Year
        • $4.48/Yr for 2 Years
        • $4.12/Yr for 3 Years
        • $3.94/Yr for 4 Years
        • $3.65/Yr for 5 Years

        These are Comodo PositiveSSL certificates work on all the modern browsers I've tested on. Personally I found RapidSSL is a bit easier to use but at around twice the price. These days at $4/year there's just no excuse for not having SSL on websites.

• 

  HmrW on 30/09/2014 - 09:07

  Awesome thanks OP

• 

  thydzik on 30/09/2014 - 09:39

  great!

• 

  MountainSpring on 30/09/2014 - 10:45

  Thanks for your comments about pricing for SSLs. I'm new to this as well and found cloudflare during my research.

• 

  vr4indian on 30/09/2014 - 11:28

  Hi Everyone

  I have domain from Crazydomain and Hosting from NetVirtue.

  May I know how can I get SSL from CloudFlare and Installed on my website?

  Thanks

  • 

    ryang on 30/09/2014 - 11:31

    +1

    Setup a CloudFlare account, migrate your DNS to them, then let them handle the rest. Pretty sure they have a tutorial somewhere.. Only thing it really requires is changing the name servers in your registrar.

• 

  belzecue on 30/09/2014 - 14:05

  LOL. So much for 'universal ssl' (flexible ssl default).

  Tested with a site I've got hosted on Cloudflare. Typed in https://[mysite]/ then accepted the invalid certificate then I'm at some Cafe site I've never heard of called 'Hodge Podge'. Browser address bar says it's on my own domain. Ah, no.

  So I guess Cloudflare has some kinks to work out. Enjoy your SSL siteroulette until they fix it.

  • 

    zfa on 30/09/2014 - 14:44

    +3

    I expect your service is still provisioning. You will not get an invalid certificate to accept once you're are fully up and running (what would even be the point of that?). You probably have just accepted the generic cloudflare.com one and yours will be along shortly.

    My sites are all acting perfectly and I've tested flexible, full (to a self-signed backend cert) and strict (to my normal kosher backend cert). All of them are appearing 'secure' to the user with the CF cert in place.

  • 

    pilchard on 30/09/2014 - 15:27

    Check under 'cloudflare settings' that you actually enabled SSL for your domain.

    Before turning SSL on, accessing my site via https would get an incorrect website.

    • 

      belzecue on 30/09/2014 - 15:32

      I tested before visiting CloudFlare and seeing the new SSL options.

      Still, it's odd and disturbing to think CloudFlare will, left to its own devices, direct your visitors to some random site if they mistakenly type in https://yoursite.com instead of http://yoursite.com — or they deliberately visit the SSL URL thinking they'll be more secure.

      In any case, early days. They'll get the kinks worked out in time. And props to CloudFlare for taking this initiative. Assuming, of course, the NSA isn't standing behind them whispering in their ear and giggling like schoolgirls.

      • 

        ryang on 30/09/2014 - 15:40

        +1

        I'd say more than anything it's an issue with your webhost.. SSL traditionally will only allow one host per IP address - maybe your host doesn't have SNI configured and you ended up on the first SSL enabled site?? Happens pretty frequently with shared hosting providers.

      • 

        belzecue on 30/09/2014 - 16:06

        Could be. I've put in a ticket with them to check.

      • 

        zfa on 30/09/2014 - 18:10

        Cloudflare confirmed that issuing certs taking longer than expected:

        https://blog.cloudflare.com/universal-ssl-be-just-a-bit-more…

        So if you're not yet fully provisioned and have SSL turned on in any form you'll have the wrong cert returned (just generic ssl200 CF one I would think) and getting the error you mentioned initially.

        As for the 'wrong' site being returned this almost certainly either your webhost not implementing SNI correctly or your OS/browser being old (Android 2.3? XP, IE6) and not supporting SNI properly. In either case it's possible that the first VirtualHost is returned instead of the correct one. However if this is the case I would expect this problem to continue even when you get a valid cert.

• 

  TrendyTim on 30/09/2014 - 15:59

  Just to make people aware, you will not be able to serve old browsers or anyone using windows xp or lower (if you cater to the older folk there is a good chance that they may not support the SSL certificate.

  • 

    dazweeja on 30/09/2014 - 17:31

    Chrome 6 (or later) and Firefox 2 (or later) on XP SP2 are supported.

• 

  [Deactivated] on 06/10/2014 - 09:10

  Hey guys, just letting you guys know that if you are using the new Cloudflare SSL (Flexible SSL), it might be affecting users with Bitdefender installed on their computer.
  I have one website successfully got the Cloudflare issued SSL, and as my computer has Bitdefender installed, all of my browsers show "untrusted connection" or "invalid certificate" or similar messages. The website works fine on my Android phone and iPad.