DigiCert order completed and uploaded to the server with the assistance of my hosting provider.
But the Cloudflare proxying means that the messages from Westpac to the site are not coming in and marking the payment as received. Westpac suggested that “Lets Encrypt” are not secure enough and why we purchased a SSL certificate from “DigiCert”.
I know that if I turn off the Proxy the website will work correctly. We are getting hit hard by LOTS of bot attacks, and I am hesitant to remove the proxy which is helping to protect the site.
"If you need to have your own certificate shown in the browser, you can only unproxy or upgrade to a Business plan where you can provide your own certificate for the proxy."
Can you give me a guide (preferably with screenshots) on how to upload my SSL certificate to the Cloudflare server?
Or offer other suggestions on how to stay safe while allowing Westpac to see the server. (Perhaps we turn off the Proxy but enable Bot protection?)
Advanced Certificate Manager does not provide for uploading certificates. That requires Custom Certificates which are only available on Business or Enterprise plans.
That plan may be billed at a rate that is no longer available. You are likely to lose access to that pricing if you change your plan.
A Business plan is a self-service change that you can activate in your Cloudflare dashboard. You would need to engage with Cloudflare sales to obtain an Enterprise agreement.
They could stand to be more verbose with that claim. There is no significant difference between any DV certificate from a publicly trusted CA. Other certificate types such as OV and EV are not going to be noticed by your visitors, and whether they add additional value is debatable.
I am unclear on what that means. I think you should spend more time working out your expected results with other members of the Community before making any changes to your plan.
The Cloudflare Proxy is what provides all of the performance and security features. You will have no access to Bot protection with it disabled.
Yes, but not phone support if that is what you are asking. It is important to understand what Cloudflare support offers. Cloudflare is very much a self-service platform at all plan levels. You have access to support on your current Pro Plan. On all plans other than possibly some Enterprise plans, the Community is often going to be a faster means of getting a response.
You’d want to contact Westpac and get them to elaborate on technically why they think Letsencrypt SSL cert isn’t secure enough from their viewpoint. It may not be the real issue other than your Cloudflare side configuration optimizations/settings needed to make it work with Westpac i.e. if PCI compliance requires minimum TLS 1.2 protocol support, you would need to ensure you set in CF settings min TLS 1.2 rather than min TLS 1.0 which would be deprecated.
