SSL and IPS Cloud Community

[VizionDev]

Hey everyone.

I'm not really one to start this kind of thing but it's kind of ridiculous to say the least, I may be wrong entirely but in over a decade of experience, this has definitely never been an experience of mine.

-----------

I purchased a $9 SSL certificate to place on my host, as you do numerous times throughout your career as a web developer with no extra charge accrued what so ever.

I requested a CSR (Certificate Signing Request) from IPS.

The response:

Hello.

 

SSL is only available on the Ultra 100 package ($70 monthly) and higher, and also requires purchase of our SSL package, which includes the SSL certificate and the necessary dedicated IP address. The price for the SSL package is $199 annually, or $299 for 2 years.

 

If you are interested, we can upgrade your hosting package to the Ultra 100, and invoice for the SSL package.

Please let us know if you'd like to do so.

 

Thank you.

 

[I removed the name]
Invision Power Services, Inc.

 

Again I may be wrong, but I think this insane jump in pricing purely because of improper flexibility on your side things should not be placed against your customers that in reality, are only requesting a very very very little and extremely common feature.

I hold my tongue here, but it almost seems strategical considering in order to use SSL you also have to "upgrade" your cloud community to a more expensive package; who in their intelligent mind would continue to have Nexus without SSL for it's customers.

I'm hoping one of the staff can throw a solid background on something that seems quite transparent as a cash grab.

My two cents.

[Skipy7]

I can understand a price on a dedicated IP address, but forcing you to use their SSL certificate and move to a more expensive package is a little unfortunate.

My opinion on this you should be able you use your own SSL Certificate and be given the option to pay for a dedicated IP or to use SNI.

[Lindy]

Thank you for your feedback and I'm sorry you consider it a cash grab. You're not necessarily wrong in terms of expected pricing in a traditional hosting environment - you're just used to said traditional and economy services that are more DIY. SSL is a premium service and in a cloud-based infrastructure, there is a bit more manual intervention involved than simply copying/pasting and it's a little trickier without SNI. Further, we are providing a software as a service solution, not outright "hosting" -- our services are all geared towards primarily towards those who want a relatively worry-free experience where they don't need to worry about CSRs, bundles, etc. We don't allow $9 certificates because, frankly, they often prove to be more hassle than they're worth with half a dozen CA chains and in some cases even browser warnings. We issue only Geotrust Premium or above SSL certificates - they work perfectly with all browsers, it secures both www and the root domain, it comes with the full seal (if that's important to you) and, of course, as part of the SSL service, we set everything up on the software side. Yes, we are more expensive than somewhere like GoDaddy - it's also a lot cheaper than others; one of our cloud community competitors doesn't even offer SSL until you're at $600 per month. We don't claim or strive to be the cheapest - we only strive to be amongst the best!

With all of that said, we have been unable to roll out platform wide SNI support as of yet due to some backwards compatibility issues with a number of clients and given we provide service to thousands of cloud clients, it's... a process. We should be able to offer lower cost SSL services early next year once SNI is available company-wide and we can streamline the process more. Note, it still won't be $9, but we may consider allowing power users to bring their own freshly issued and approved certificate.

Thanks for the feedback and again, I'm sorry for your frustration. Let us know if you have further questions or concerns. 

[VizionDev]

35 minutes ago, Lindy said:

Thanks for the feedback and again, I'm sorry for your frustration. Let us know if you have further questions or concerns. 

Hello Lindy thanks for the informed response,

It's just a bit of a catch 22, you provide Commerce/Nexus on your cheapest plan, yet your clients cannot protect the security of their customers with SSL thus statistically reducing sales if you're not willing/can't afford to dig a whole lot deeper into your wallet. Also it was a RapidSSL certificate with a reward coupon.

Sure I could go self-hosted, but the price would still be equivalent to purchasing SSL package AND paying the required 70$ per month - which brings me back to the strategic side of things. So ultimately this sheds light on a bit of redundancy.

I understand your limitations

[Lindy]

Yes, we're aware of the double edged sword aspect. Feel free to reach out via CS, I may be able to do something for you since you're already using a Geotrust cert.

[Paul.F]

@RADStudiosCan you not run your dns through something like cloudflare, where you can use their ssl for free?

You can have a look at the ssl on my site g4x1.com it is still under dev, but the cert is there. This will work for the IPS cloud, as the SSL is done via cloudflare.

[VizionDev]

16 minutes ago, Paul.F said:

This will work for the IPS cloud, as the SSL is done via cloudflare.

Haha, perfect man thanks!

[Paul.F]

44 minutes ago, RADStudios said:

Haha, perfect man thanks!

I also believe if you have an ssl already you can use it cloudflare as well. 

[VizionDev]

2 hours ago, Paul.F said:

@RADStudiosCan you not run your dns through something like cloudflare, where you can use their ssl for free?

You can have a look at the ssl on my site g4x1.com it is still under dev, but the cert is there. This will work for the IPS cloud, as the SSL is done via cloudflare.

Turns out this is has already been thought about.

No content will load of https despite you modifying your conf_global.php to include "https", it will force the url to change to HTTPS yes, but images etc will be blocked from loading or prevent yourself from getting the green SSL badge.

This could be easily adjusted by adding 

$protocol = 1; // HTTPS

to Line 107 of system\Http\Url.php, but all files have been encoded via ionCube.

[Matt]

Check your File Storage settings to ensure the URL begins with https://. There's also an image proxy setting to serve 3rd party images via your own URL to ensure they don't break the green SSL badge.

Submit a support ticket and we'll get it sorted for you.

[VizionDev]

7 minutes ago, Matt said:

Check your File Storage settings to ensure the URL begins with https://. There's also an image proxy setting to serve 3rd party images via your own URL to ensure they don't break the green SSL badge.

Submit a support ticket and we'll get it sorted for you.

Hey Matt,

I checked, they all have the absolute path of File System: /home/radstudi/public_html/uploads

I have already created a ticket, thank you.

Cheers

[Paul.F]

There is a addon which is free that fixes this.

I also made the htaccess force https.

[Matt]

Just to clarify, 4.1 offers an SSL proxy too. But I think the issue is with the file system. We'll take a look at the ticket and let you know.

[Rhett]

7 hours ago, Paul.F said:

@RADStudiosCan you not run your dns through something like cloudflare, where you can use their ssl for free?

You can have a look at the ssl on my site g4x1.com it is still under dev, but the cert is there. This will work for the IPS cloud, as the SSL is done via cloudflare.

We don't support cloudflare on our hosting I'm afraid so this won't work, when using the top level domain, you must use our name servers in this case. 

 

 

[VizionDev]

Getting a little weird now @Mark and @Rhett

Hello, we don't support cloudflare on our hosting I'm afraid, so a CF SSL cert won't work in this case.

 

You need to set your name servers back to the following please in order to use the top level domain on your community here.

 

ns1.ipslink.com
ns2.ipslink.com

 

Currently they are using the following and pointing to an A Record, in which we don't support as our IP's do change.

 

****.ns.cloudflare.com. ['173.***.58.***'] [TTL=172800]
****.ns.cloudflare.com. ['173.***.59.***'] [TTL=172800]
 

Let us know if you have any questions.


Regards,


Rhett
Hosting & Support Manager
Invision Power Services Inc

CloudFlare has adopted ns1. and ns2.ipslink therefore automatically receive any IP changes.

[Rhett]

For the best support & solution to your issues, this is best to handled this via our ticket system and not the forums, as that is our official support channel..

There is nothing "weird" going on however, and we are happy to provide you your options via our normal support ticket system as Lindy has also mentioned above. 

Thanks 

[VizionDev]

Just now, Rhett said:

For the best support & solution to your issues, this is best to handled this via our ticket system and not the forums, as that is our official support channel..

 

Thanks 

I'm not after support, you're telling me somethings not possible when beyond evidently it is.

Tell us why it is not possible please

[Rhett]

Just now, RADStudios said:

I'm not after support, you're telling me somethings not possible when beyond evidently it is.

Tell us why it is not possible please

Please see your ticket for further help with this, we are happy to assist you. 

 

 

[VizionDev]

11 minutes ago, Rhett said:

Please see your ticket for further help with this, we are happy to assist you. 

Sorry mate, close the ticket - I'm speechless at the moment.

It really seems like revenue is the cause for lack of "support" for something that very clearly works: https://www.viziongm.com/ (Green SSL badge)

CloudFlare is pointed to ns1.ipslink.com and ns2.ipslink.com and they update automatically so on that note, i'm giving up on this

 

[Paul.F]

As @RADStudios said, cloudflare will work just fine using the IPS cloud, it's just a matter of understanding how it works. I also run Full SSL, instead of Flexible SSL, and also force it in the htaccess file. Can help you tweak it if you like @RADStudios

From the reading and to be fair from what has been said, leading people to believe the only SSL solution while using your cloud is to use your cert is a little, well the best way to describe it is 'wrong'.

There are other solutions as well. But for my and in my experience cloudflare offer some great solutions, not limited to the use of their free SSL, but you can also use you own SSL with their service.

I strongly believe in offering other solutions, and believe me I will go to great measures to find them and share.

Even using a cloud service here you do not have full access to your database etc, and paying quite a premium price is a little wrong.

My solution: $5 per month for  local VPS (Sydney Australia), full control, in conjunction with a cloud for performance gains with SSL. With backups and hourly rollbacks available, that way no matter what happens, at worse we would lose 1 hours worth of data.

My 2 cents anyway

[bradl]

We're a cloud customer for the several advantages it brings, which should presumably include lower overall support costs for IPS thanks to tight environment control.   By the same token we accept that a constrained SSL solution is likely to remain part of that environment. Indeed I suspect I'd prefer SSL be managed as part of of the cloud account because it's both important and slightly above our technical comfort level anyway. 

We would just like to see what should probably become the default standard of SSL for Commerce reach realistically achievable price points for the very people who can't afford to "roll their own" and who form the low-end of the cloud customer base. 

Our tiny club looks forward to a day when an affordable SSL solution (or some security breakthrough that obviates it) might be rolled into even small-potatoes cloud accounts like ours by default. For the foreseeable future we'll continue to lob people off to PayPal and pray they make it back. 

[Paul.F]

47 minutes ago, bradl said:

We're a cloud customer for the several advantages it brings, which should presumably include lower overall support costs for IPS thanks to tight environment control.   By the same token we accept that a constrained SSL solution is likely to remain part of that environment. Indeed I suspect I'd prefer SSL be managed as part of of the cloud account because it's both important and slightly above our technical comfort level anyway. 

We would just like to see what should probably become the default standard of SSL for Commerce reach realistically achievable price points for the very people who can't afford to "roll their own" and who form the low-end of the cloud customer base. 

Our tiny club looks forward to a day when an affordable SSL solution (or some security breakthrough that obviates it) might be rolled into even small-potatoes cloud accounts like ours by default. For the foreseeable future we'll continue to lob people off to PayPal and pray they make it back. 

Cloudflare has a free plan, which also includes the FREE use of their SSL. This can be used in conjunction withe the IPS cloud service, if you have your own domain name, it's just a matter of setting up your domain properly to use the service.

[VizionDev]

2 hours ago, Paul.F said:

Cloudflare has a free plan, which also includes the FREE use of their SSL.

Don't sweat it man.

They don't want CloudFlare around because of how easy it is. It also causes the IPS SSL packages to become beyond redundant and all customers who have already purchased SSL to become extremely infuriated.

Furthermore:

You need to set your name servers back to the following please in order to use the top level domain on your community here. 

ns1.ipslink.com
ns2.ipslink.com

Currently they are using the following and pointing to an A Record, in which we don't support as our IP's do change.

 

****.ns.cloudflare.com. ['173.***.58.***'] [TTL=172800]
****.ns.cloudflare.com. ['173.***.59.***'] [TTL=172800]
 

Requested DNS: ns1.ipslink.com and ns2.ipslink.com (Dynamic Name Server)
My CloudFlare DNS: ns1.ipslink.com and ns2.ipslink.com 

The only way this can ever become an issue is if you forget to assign your new IPs to ns1.ipslink.com/ns2

 

[Paul.F]

1 hour ago, RADStudios said:

Don't sweat it man.

They don't want CloudFlare around because of how easy it is. It also causes the IPS SSL packages to become beyond redundant and all customers who have already purchased SSL to become extremely infuriated.

Furthermore:

You need to set your name servers back to the following please in order to use the top level domain on your community here. 

ns1.ipslink.com
ns2.ipslink.com

Currently they are using the following and pointing to an A Record, in which we don't support as our IP's do change.

 

****.ns.cloudflare.com. ['173.***.58.***'] [TTL=172800]
****.ns.cloudflare.com. ['173.***.59.***'] [TTL=172800]
 

Requested DNS: ns1.ipslink.com and ns2.ipslink.com (Dynamic Name Server)
My CloudFlare DNS: ns1.ipslink.com and ns2.ipslink.com 

The only way this can ever become an issue is if you forget to assign your new IPs to ns1.ipslink.com/ns2

 

That's correct.

Also as the IPS cloud does not have openssl, which a vps can have you will want to use the Flexible option for the SSL, on my vps as I have openssl to talk to cloudflare I use Full SSL. The differences are explained in cloudflare.

[ipbfuck]

in My Host i've put a free ssl cert thanks to startssl (setup in domain via cpanel) and, plus, i've add also cloudflare (strictssl and all security Like hsts, only https etc). all for free, A+ in ssl security test, all Works very well