My card on file expired, and I missed the emails CF sent due to not being well for a few days.
5 days after the first payment issue, my whole (long time paid-for) Cloudflare account was downgraded to the free version and any configuration for features only available on the paid version were irretrievably reset and lost.
The auto-downgrade is somewhat understandable, though I still think 5 days is not much notice for removing a chunk of security measures from my site.
But what really annoyed me is that after sorting the payment issue, there was absolutely no way to restore my account configuration to how it was before. Every single feature that I had configured as part of my paid plan (ie. features not available in the free plan) had been turned off and/or reset to defaults.
So though I'd solved the payment issue, the configuration of my account was totally messed up, and security features were changed all over the place. I was told by the usual copy+paste canned response from "support" that there is no way around this.
I'm kind of appalled by this. This resetting of my security configuration combined with the really short 5 day period is very aggressive. One or the other would be annoying. Both together is just unacceptable.
I know, I should have the configuration stored as code somewhere. I will be doing that moving forwards (if I stick with Cloudflare at all which is now in question).
This is a $20/month account (one of multiple that I pay for) but I've also brought Cloudflare a significant amount of business over the years. Across multiple paid accounts at various levels, and numerous referrals. I'm now seriously reconsidering my heavy adoption of their services across all my client projects. (For this, and a few other reasons).
tagging a cloudflare employee that I came across on HN if they can help you look into this.
May be Cloudflare can provide a way to export settings because even I use them extensively and this issue sounds like a nightmare.
Thankfully I’ve pretty much dealt with sorting out the configuration now.
The remaining point of contention for me is more that this is a terrible way to treat customers, not to mention the security implications of automatically removing a bunch of security features after such a short notice period!
Such a lot of disruption and bad feeling for the sake of 5 days of an expired credit card.