Regarding SSL certificates and Cloudflare. Now don’t get me wrong, I’m a big fan of Cloudflare and have posted quite a few articles recommending the service for a variety of reasons, one being free SSL.
But, there is one caveat. While the free SSL plan works wonderfully well,
if a curious client or customer checks your SSL certificate using any of
the free online SSL checking tools, they may find other less scrupulous
websites “sharing your Cloudflare SSL certificate“.
Below is an example of a website set to Cloudflare. Note the other domain
listed in yellow.
Agreed, it requires a tech savvy customer or client to check for domains
sharing your SSL certificate. And then there is the question of “Who
cares?” or “Does it really matter?” I would argue that security wise it
doesn’t’ really matter, but client perception wise—that’s an unpredictable
And you may ask, “Well, what about other free SSL certificates, don’t they
Answer: Yes. AutoSSL, a cPanel standard for free SSL certificates, may
likewise list other domains sharing the same IP address.
So it could be argued, that in today’s world of shared IP’s and a scarcity
of dedicated IP addresses available to shared clients that a dedicated IP
address remains a some what valid concern, “if” you are worried about
someone checking your SSL certificate and finding your website’s domain is
shared with pharmacy or more damaging website addresses as well.
This is all food for thought.
What do you think about the issue of shared SSL certificates displaying other web site addresses not associated with your business or website address?