Why I have to pay $200/Month to be able to use my own SSL?

I thought it was outrage that Cloudflare wouldn’t provide free CDN for their movie piracy site?

Same on you/us/me/them!

1 Like

I thought it was a valid question. Why can’t any user upload its own SSL certificate? Why it need a business plan to start having own certificate?

I understand high earning business needs to pay more. But having own SSL Certificate doesn’t means it is a very high paying business. There may be some other requirement which need own SSL certificate rather than using cloudflare universal/paid certificate.

As with all features at Cloudflare, they’re on various plans as a business decision. They don’t want to cannibalize Business Plan features just because they can bump it down to a plan where it’s not as natural of a fit.

This always makes me think of Tesla: Their autopilot hardware is already built in to the car, but enabling it through software is a $4,000 option. You’d think it’s an outrage…except R&D is really expensive and needs to be covered through sales. Yet it’s cheaper to install it in every car than it is to custom-build on the assembly line, or retrofit it later. And it’s a dirt-cheap upgrade if an owner decides later they want it. As a business decision, it totally makes sense.

I am little confused. MVP supposed to be customers like us instead they are defending cloudflare business practices.

Again let me reiterate. What kind of money cloudflare looses if it allowed own SSL certificate lets say for pro plans?

You’re correct. MVPs are customers. Some on free plans only. Some whose Businesses pay for Pro, Business, and Enterprise level plans and understand the pros and cons of business decisions.

The kind of money that they’d lose when potential Business level plans buyers can’t understand why they need to pay $200 for that one valuable feature because Cloudflare bumped every other Business Plan feature down to Pro and Free plans.

Congratulations. That’s you, and you’re costing Cloudflare $200/month.

1 Like

The question is valid, the attitude is not.

However the answer is equally simple and straightforward, because of which the question itself is a bit pointless. It simply is a business decision just like your local supermarket is selling milk for X and not Y.

Plus, there is a perfectly fine certificate provided anyhow, so the whole question is moot in the first place.

Yes, MVPs are regular users. Because of that they are not allowed to voice their opinion and are obliged to jump on the free-beer bandwagon too?

Sure, $200 is not a small amount but Cloudflare can set their pricing to whatever they want. If people don’t like it, they simply walk away. Secondly, there’s not even a need for that feature as a perfectly fine certificate is issued by default and for free. So what exactly are we discussing here?

Shaming the company and accusing it of theft (someone did not look up that word’s definition) is just plain ridiculous.

3 Likes

That is debatable.

Shaming and stealing, I give u an example.

ARGO is a service which double charge the user thats stealing.
It optimize path between server and edge location. and charges for that and charges for edge to user as well for which user is already paying… thats stealing.

Not really. The universal certificate is working perfectly fine and secures the connection.

You might also want to read the definition of that word :wink:

Theft is the taking of another person’s property or services or scrap money without that person’s permission or consent

But we are really getting off-topic here as the topic is not Argo but certificates.

4 Likes

Just one thing in a jiffy came into my mind - OCSP Support?

Cloudflare already supports OCSP stapling, though it’s admittedly a bit shaky. And a custom certificate would not improve that situation either.

1 Like

I can say 10+ thing like that and all answer would be like that only.

Theft is the taking of another person’s property or services or scrap money without that person’s permission or consent

Thats why i used word STEALING.

Naturally, as long as there are no good arguments for why it should be a problem.

And that changes things how?

stealing - (uncountable) The action of the verb to steal, theft.

1 Like

If you do not like it, try making it yourself work without Cloudflare.
Do not use Cloudflare.
Setup your caching at your origin, setup firewall, pay others, and that would cost more than a 200$ per month of all the available options the Cloudflare offers.
Or, use Cloudflare on the “Full SSL” option. Or even use some other CDN which would also need an SSL to connect to your origin host if it is used as a proxy server or load balancer, whatever.

Kindly, can someone close this topic?

So double charging in terms of ARGO not stealing? Yes, close this topic, no negative thing about cloudflare on its own forum. Brand Safety at its best.

I missed up something, but may I ask where did the Argo come by in this topic?

Once more, we are not talking about Argo here but about certificates. If you have concerns about different topics you are more than welcome to open another thread but don’t derail this one.

The certificate issue has been addressed and I believe clarified at this point.

(Apologies for long reply)

I’m honestly interested in what this requirement is? Can you explain what the use-case is for Custom certificates?

What do you mean here? OCSP Responders? OCSP Must Staple? OCSP Expect Staple? OCSP Stapling?

I know CF have had issues with Stapling at scale, but I just created a Freenom domain on a CF Free plan, and it is correctly Stapled. I don’t think the world is ready for Must Staple yet, but I can see that Cloudflare were involved in research on the topic. All CF managed certs list OCSP responders, and you can add Expect Staple headers if you want, to start gathering your own data.

In my day job I have a very particular requirement which requires a custom CA, but it is truly a niche requirement that not many people would have. All of my work domains except for one use Universal certificates, and as soon as I can get rid of the need for a custom certificate I’ll stop using it, and use Universal instead. It is just easier to not have to touch the config, and I do not have the risk of compromising the keys. If I need multi-level subdomains, ACM is cheaper and easier than manually managing certs.

I suspect that offering Custom SSL creates a whole world of pain for Cloudflare, and they want to minimise that pain.

I can safely assume that if it was offered on Free Plans that there would be millions of expired Let’s Encrypt certificates sitting on Cloudflares network where users forgot to update the certs, but didn’t really care as the domains are inactive anyway. The amount of support tickets it generated would dwarf the tickets associated with Flexible. By constraining Custom certs to the highest tier of paid plan there is a reasonable expectation that the customer/admin has some level of professional knowledge and skills, and can manage Custom certs without allowing them to expire.

With Cloudflare managed certs (Universal, ACM, Dedicated) if the keys are suspected of being compromised, Cloudflare can roll the keys and reissue the certs quickly and easily on their own. That obviously cannot be done with Custom certs, which would create a significant support overhead as Cloudflare would have to contact every Custom cert owner and work with them to get the certs rolled manually. Again, minimising the support overhead is important.

Where Cloudflare does not manage the certificate, there is a security risk. If the customer loses the keys to a Custom certificate (leaves them on Github for example) the cost of the discussion, lawyers etc. to figure out who was at fault will dwarf the ARUP on the $200 plan, let alone on the $20 plan. Yet again, minimising that pain is important.

I’m sure Custom certs generate a support overhead in the normal course of activation and use. I needed to open a ticket the first time I uploaded a Custom cert, and I’m relatively familiar with using Cloudflare. Once more, minimise that support cost where you can.

Any business that thinks the $200 a month Cloudflare plan is expensive is unlikely to pay the ~$699 annual cost of an EV cert, so the cohort of likely users here is tiny. But pricing is a complicated business, and in an ideal world Cloudflare would offer everything for free, and be out of business by the end of the week. But that would not really be an ideal world.

When Universal SSL was launched in 2014 it was a total game changer in the CDN market. For comparison, Akamai were charging me over €1,000 per month to use a certificate with my own domain name, and about 10% extra per GB delivered. And I still had to pay the $200 per year that certs cost back then. Let’s Encrypt had not been publicly announced at that stage, and would not issue a cert for about 18 months. Since then, through Cloudflare’s offering and Let’s Encrypt we have seen TLS become the norm, and everybody expects to use TLS for no extra cost. But you still pay a premium with the likes of Cloudfront for HTTPS!

And Argo is not double billed. You pay for data in, and you pay for data out. This is normal in CDNs. If you use CenturyLink with multi-tier caching, you pay data in/out of each tier. If you run 99.9999% hit rate, you reduce your cost versus a user who has 0% hit rate. Argo is no different. And as with all Cloudflare subscriptions, everything is optional. You are free to not use any Cloudflare services, and pay nothing. Stealing would be if Cloudflare came to your house, picked the locks, and took your teddy bear without permission!

2 Likes

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.