Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What DNS provider are you using for online selling?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What DNS provider are you using for online selling?

I have a project where I am helping a local shop owner set up a small site to sell select products & gift cards from his inventory. So, of course, certificates come into play.

I was considering using Cloudflare for DNS but, the choice is to either purchase a certificate from them for $5-10/month or pay $200/month for a business account, which allows us to use our own certificate.

I am concerned about using a Cloudflare cert on a site handling online transactions, versus using a cert from another certificate authority. Also, because the business is small, shelling out $200/month just to use Cloudflare Business, which allows us to use our own cert, would be foolish, especially given the minor cost of the cert itself.

I am just wondering what DNS providers people might be using with their sites that sell online. Also, I was wondering if anyone has any feedback on the use of Cloudflare's dedicated SSL service.

Comments

  • Why don't you use Lets Encrypt!?

    Thanked by 2kkrajk vimalware
  • JordJord Moderator, Host Rep

    Cloudns.com very prem

    Thanked by 1DP
  • DPDP Administrator, The Domain Guy

    @Jord said:
    Cloudns.com very prem

    Hey I use that :D

    Thanked by 1Jord
  • JordJord Moderator, Host Rep

    @thedp said:

    @Jord said:
    Cloudns.com very prem

    Hey I use that :D

    That's why I said it was prem sir haha

  • @alilet said:
    Why don't you use Lets Encrypt!?

    I am not sure about using Let's Encrypt for a site where a client is doing online sales. However, even apart from that, it appears that Cloudflare won't allow you to use a third-party certificate without a purchasing a business plan ($200/month).

  • https://www.dnsperf.com

    Here the performance of the DNS if you need it

  • Well, you generate your cert, you control the keys, you can choose which param to use for the crypto in the config of your webserver. The issuer of the cert has little meaning, and most customers won't check that, anyway.

    Thanked by 1Chievo
  • @jaypeesmith said:

    @alilet said:
    Why don't you use Lets Encrypt!?

    I am not sure about using Let's Encrypt for a site where a client is doing online sales. However, even apart from that, it appears that Cloudflare won't allow you to use a third-party certificate without a purchasing a business plan ($200/month).

    This might help.

    https://community.cloudflare.com/t/lets-encrypt-and-cloudflare-how-to-set/66442/8

    https://www.itechlogix.com/servers/using-letsencrypt-with-cloudflare-for-a-free-full-strict-ssl/

    Thanked by 2Chievo jaypeesmith
  • jaypeesmith said: However, even apart from that, it appears that Cloudflare won't allow you to use a third-party certificate without a purchasing a business plan ($200/month).

    Only if you want to use their CDN. If you disable CDN (grey cloud) and use Cloudflare only for DNS, you can use whatever certificate you want.

    Cloudflare is both DNS provider and reverse-proxy CDN (a third-party server between your client and your own server).

    If you disable CDN, Cloudflare won't be in the play, your client will connect to your server directly. In all other scenarios, Cloudflare has access to all your client data. Installing your own certificate won't help if you don't want Cloudflare to have access to your client data. The only way to prevent that is to disable Cloudflare CDN.

    From a technical standpoint, Let's Encrypt is probably the most secure because it forces you to update it frequently and automate the process. Other certificates are usually issued for several years and there are many mistakes to make!

  • JordJord Moderator, Host Rep

    Just please don't use CF, just use any other DNS provider and install your own SSL Cert on the server. Much better.

  • @Jord said:
    Just please don't use CF, just use any other DNS provider and install your own SSL Cert on the server. Much better.

    I think that's going to be the plan. I've had good experiences with Cloudflare but, I don't think it's the best fit for this project.

  • I don't think I've seen a single retail shopper give a fuck about who the SSL vendor is.

  • You do understand that most certificates will work just as same?

    It's just encrypts the connections. Period. Using let's encrypt or Postive SSL is equally the same.

    Thanked by 1bikegremlin
  • SplitIceSplitIce Member, Host Rep
    edited November 2019

    We use Rage4.

    Why? Because they are pretty good and we are a reseller (we give out some zones and sell some with our Protection services) and get it at a good rate :)

  • JordJord Moderator, Host Rep

    @jaypeesmith said:

    @Jord said:
    Just please don't use CF, just use any other DNS provider and install your own SSL Cert on the server. Much better.

    I think that's going to be the plan. I've had good experiences with Cloudflare but, I don't think it's the best fit for this project.

    Yep, no one cares what SSL vendor you are using. LetsEncrypt will be perfectly fine for you needs. Jeez I've seen a few big ecommerce stores use it. It does what it needs to do, secures the connections.

  • DNS host has nothing to do with what SSL CA you use.

    Thanked by 1datanoise
  • I won't lie, I randomly check the SSL certificate of the websites I visit, but only so that I can get a little happy when I see a Let's Encrypt certificate (Chevrolet, DataPacket etc. use them). On the actual topic, Route53, Rage4 and ClouDNS are prem.

    Thanked by 1datanoise
  • @Abdussamad said:
    DNS host has nothing to do with what SSL CA you use.

    With Cloudflare, it can. If you want to use their protections, it will use a Cloudflare-issued cert secure traffic between the origin server and Cloudflare and, on the front-end, use a Universal (shared) Cloudflare cert to communicate between the browser and Cloudflare.

    As some mentioned, there might be some ways to work around some of this but, generally, this is how Cloudflare seems to want it to work.

    My initial queries were rooted in my concern about providers who might be able to offer some features similar to (or better than) Cloudflare without interfering with me using my own third-party certificate.

  • jsgjsg Member, Resident Benchmarker

    Get 3 VPSs, very small ones will do and shouldn't cost more than $10/mo (all together), install a DNS server of your choice and provide DNS to all your clients for a small fee.

    And Bang you can use whatever SSL CA you like, even both, commercial ones and LE, don't need to trust any corporation like CloudF%#&! but have full control. And it's not even complicated.

    Thanked by 1datanoise
  • Just use cloudflare dns only (grey cloud) and install your own ssl

  • datanoisedatanoise Member
    edited November 2019

    jaypeesmith said: As some mentioned, there might be some ways to work around some of this but, generally, this is how Cloudflare seems to want it to work.

    Well, it's your choice to use CF for DNS only or for DNS + Proxying, they don't force you to MITM your SSL traffic: if some stuff matters for you enough that you want to have full control over the crypto use the "grey cloud" and CF for DNS only, it will work just fine! Sure they could easily MITM your traffic later on but any company with control over your DNS could as well.

  • jsg said: Get 3 VPSs, very small ones will do and shouldn't cost more than $10/mo (all together), install a DNS server of your choice and provide DNS to all your clients for a small fee.

    This is probably the best solution if you want full control. The small VPSs can also be used as a secondary MX, backup boxes or whatever else you might need.

  • @jaypeesmith Let'sEncrypt and/or free CloudFlare ssl.
    DNS via Cloudflare, or Hurricane Electric, or free Porkbun or Dynadot dns, or your own.

    Thanked by 1datanoise
  • i use DO services and they are great.

  • jaypeesmith said: If you want to use their protections, it will use a Cloudflare-issued cert secure traffic between the origin server and Cloudflare and, on the front-end, use a Universal (shared) Cloudflare cert to communicate between the browser and Cloudflare.

    It's very unusual for a DNS provider to do that. Cloudflare is mainly CDN, not a DNS provider. If you want a DNS provider with "protections", Cloudflare is probably your best choice.

    jaypeesmith said: My initial queries were rooted in my concern about providers who might be able to offer some features similar to (or better than) Cloudflare without interfering with me using my own third-party certificate.

    Even when you pay for business plan, Cloudflare still has access to your communications. This is how their features work.

    I know similar services to Cloudflare which can work without decrypting HTTPS traffic, but they don't provide DNS and I doubt that's as efficient.

  • intelpentium said: Cloudflare still has access to your communications.

    ... if you choose so. Grey cloud = DNS only = no access to your communications.

    seenu said: i use DO services and they are great.

    Seems nice, can it be used even if you have no active service with them? They appear to be using cloudflare IPs for this though, so it's anycasted and probably fast, but no privacy benefits vs using CF directly.

  • no need to purchase certificate with CF, use their DNS only don't cdn your DNS record, use their full strict ssl and use your own certificate

  • @datanoise said:

    jaypeesmith said: As some mentioned, there might be some ways to work around some of this but, generally, this is how Cloudflare seems to want it to work.

    Well, it's your choice to use CF for DNS only or for DNS + Proxying, they don't force you to MITM your SSL traffic: if some stuff matters for you enough that you want to have full control over the crypto use the "grey cloud" and CF for DNS only, it will work just fine! Sure they could easily MITM your traffic later on but any company with control over your DNS could as well.

    Understood. I wasn't really concerned about MITM. I was alluding to the fact that I can't use their proxying + my own cert without a business account. I've been using Cloudflare for several years, now. So, I've liked the proxying feature. However, as you indicated I'll have to decide if it's worth it versus turning it off an using my own cert.

    Thanked by 1datanoise
Sign In or Register to comment.