Hacker News new | comments | show | ask | jobs | submit login

So, http://www.cloudflare.com/plans shows that to get your custom SSL, you need a "Business" plan at $200/month... so about 20x more expensive than GAE in this case.

$20 a month for basic ssl. I have 2 criticisims of cloudflare and im a paying customer, which arent even close to making me look for alternatives. 1. They have had a few outages (but everybody does, amazon included). 2. Ive made their page rules engine do what i need but i felt their docs were not deep / technical enough about how their engine works. I had to play a bit to get exactly what i wanted. I have largely been happy though. Im not affiliated with them in any other way.

Also, though cloudflare allows it specifically for this purpose, cnaming a naked domain isnt technically in spec for dns. Every device / browser ive tried deals with it just fine though. If you are a stickler for rules go with a www. subdomain.

I've had problems with email delivery on a domain with a CNAME'd root. I'd avoid it if you can.

You read that page wrong. It's only the Pro plan that you need for custom SSL, which is $20/month. I use it with 5 different HTTPS-enabled domains on CloudFlare.

Well, my requirement is to have SSL on my own domain... and GAE offers that for $9. I think you did not read (right or wrong) the blog post :p

CloudFlare provides an SSL certificate if you subscribe to their Pro plan, and it does work on your own domain (www and root). That way, you don't have to use StartSSL.

are you certain about needing a business plan, it looks to me that pro for $20/month also supports SSL? perhaps I'm missing an important bullet?

[update]: i am guessing from the language on the "SSL encryption type" bullet:

"CloudFlare-issued" vs "CloudFlare-issued or custom"

or custom must be what's required to host your own domain ssl cert?

From my understanding, CloudFlare issued means they use their partner CA to generate you a certificate, while custom means you can source your own certificate and provide it to them.

They've already done as much checking for domain ownership as StartCom do, so they're free to issue you a certificate safely, especially as it will never leave their infrastructure.

I think, yes, that the "CloudFlare-issued" means you have to use a CloudFlare subdomain... But again I did not test. Even if it works, it's still twice as expensive as GAE, doesn't seem to cache the HTML files (as per above comment)...

It is a cloudflare subdomain but it doesn't show that way in the URL, I dont know how that works though. Can anybody explain why this works? I dont have a naked domain with ssl with them but you can check this one out to see what it looks like https://www.luckybolt.com (also thats my brothers startup, if you are in SF, check it out). As you point out though, GAE is $10 / Mo. cheaper. I'll check that out for new projects.

They basically generate the SSL certificate for your domain for you. Their SSL CA partner (GlobalSign IIRC) is basically trusting them with it since they manage their certificate and the domain owner is trusting Cloudflare (this can also be checked in Whois). So you just activate SSL in the options and bam, your site works with SSL within a couple of minutes.

BTW: they use certificates with multiple SANs, so many different domains in the same certificate (and without SNI). This allows to terminate SSL on a single box for many different domains/customers. If you look at certificates details, you will see many unrelated domains in the SAN list.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact