Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicDomain Management
Properties
Category Domain Management
Tags AutoSSL, dns propagation, SSL

Trigger AutoSSL for domains that still don't resolve

Marcelo Pedra shared this idea 8 years ago
Open Discussion

I, as a sysadmin, wish to extend the feature request named "AutoSSL triggered at account creation time" with this idea:


You may have created an account for a domain that still don't resolve to your DNS, but it will, soon. And given that users are increasingly asking for SSL, if cPanel could check if it resolves every 1-2 hours would be a good catch to enable AutoSSL as soon as the DNS start resolving correctly. It shouldn't impact in server performance, am I right?

Obviously, if you implement this, check only the DNS of those recently created domains where AutoSSL was still unsuccessful. Also, I would advice that if a domain don't start resolving within the first 72 hs, then fallback to the current nightly checks.

17 I like this idea 1  
Best Answer
photo
cpanelnick 5 years ago

In CPANEL-25901 (version 80) we implemented an additional check. The new schedule is:

First Check - 3m20s after account creation

Second Check - 2h after account creation

Nightly Check (as per usual)

Replies (2)

photo
1
Scott Neader 8 years ago

This should have been a part of the original feature request. In nearly ZERO situations will the domain name resolve to our server IMMEDIATELY after account creation. But, usually, within minutes it will be properly resolving. There is no harm in attempting an AutoSSL install at account creation... but we really need this feature to check every hour or two, for the first day... then it can fallback to the normal once per day check.

Reply
photo
1
Terry Robertson 8 years ago

but a domain can take upto 72 hrs to propagate fully

photo
1
123host 8 years ago

Terry "up to" is the important part...more often than not it is within minutes

photo
1
Marcelo Pedra 7 years ago

@Terry Robertson: All in all, Let's Encrypt has its own DNS cache, outside cPanel. Hence, any DNS change you perform in a domain registrar to create a new account in cPanel will be detected instantly because if it's a new account, there's a 99.99% of probabilities that Let's Encrypt cache haven't visited that domain in the past 24 hours :-)

photo
1
Marcelo Pedra 7 years ago

In our use case, we use to work a lot with dot com domains and CloudFlare proxied hosts, and also set TTL our servers DNS to 600 seconds by default, so propagation is performed instantly. I know, not everyone may be working the same, but it's a good practice so users don't have to wait the standard 4 hours of TTL.

photo
1
HOSTING.CL - Jonathan Garcés 7 years ago

Scott, with respect you are wrong. I have that situation now with a domain who was pointing to another server because resolvers. I've fixed that but now I have to wait or something..


[root@10580emp ~]# dig flood.cl a

;; ANSWER SECTION:

flood.cl. 3600 IN A 200.24.13.70


[root@10580emp ~]# nano /etc/resolv.conf

[root@10580emp ~]# dig flood.cl a

;; ANSWER SECTION:

flood.cl. 14400 IN A 201.148.105.80

photo
photo
3
cpanelnick 5 years ago

In CPANEL-25901 (version 80) we implemented an additional check. The new schedule is:

First Check - 3m20s after account creation

Second Check - 2h after account creation

Nightly Check (as per usual)

Reply
photo
2
Scott Neader 5 years ago

Thanks, Nick! It's working much better these days. I just have to know... where did you come up with 3 minutes and 20 seconds? :-)

photo
1
cpanelnick 5 years ago

The 3m20s was the top end of the time (excluding outliers) it generally takes to ensure that everything is setup, dns is reloaded, apache is restarted, and HTTP DCV is able to pass. We likely will be able to reduce this over time as we get data from the efficiency improvements in 82 and 84. The results are promising for these versions as autossl run times went from over an hour to about 10 minutes on highly loaded machines in v84 with the limited data we have.

photo
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.