Dimitar Nestorov
Established Member
- Impact
- 10
Google Chrome refuses to visit the new .app domains without https
There will not be any parking companies that support SSL. Let's encrypt is a great idea, but you have to load every certificate on every box. Let's say you have 30 servers and 2,000,000 domains. Do you know how long apache or nginx would take to reload when a new cert is added?
We looked into it and tried. It's not worth it.
Donny
It is possible - I have done it above in a post for everyone until you guys figure it out.We've looked into supporting HTTPS across multiple domains but have not found any solution. If you guys find any way to do this, we will gladly try to implement it. It's definitely something we'd be very interested in doing.
We'd have to find a way to bind a signed SSL certificate to multiple domains. Not sure if it is possible. We can probably make the HTTPS semi-work, but you'll be given an alert in Chrome and other browsers that the SSL is not signed and have to agree to go forward to the parked page. In such a scenario, you'll lose most visitors thus it isn't ideal and the reason we haven't ever proceeded with such an implementation.
I will look into LetsEncrypt. First time I hear of them.
Check out this thread... I made a free "app" to create an SSL and forward your new app domains to a lander. Let me know if you need any landing services added that are supporting .app domains. (Sedo is not yet)
https://www.namepros.com/threads/free-app-ssl-forwarding-for-landers.1081373/
When there is a will, there is a way. I would imagine all the parking and registrars need to get this figured out for a landing page to be possible on .app without technical knowledge from domainers or an external solution they may be hesitant to use.@matt_bodis - Yeah, it's a little tough to deal with, since each of us have load balancers, you would have to put the cert on each server. And adding a single name would require you to add the new cert and reload apache or nginx, with so many certs it's really slow.
Not sure how possible this is going to be anytime soon.
Hope you are feeling better.
Donny
Thanks for keeping an open mind...@Donny - thanks. You make some great points. And yeah getting there.
@Michael M - very true indeed. The future definitely is in HTTPS. Actually, as with .app domains, even the present is now with HTTPS. So a solution is definitely required either sooner or later.
It won't hurt for us to look into it while taking all of Donny's great points into account.
@Donny@matt_bodis - Yeah, it's a little tough to deal with, since each of us have load balancers, you would have to put the cert on each server. And adding a single name would require you to add the new cert and reload apache or nginx, with so many certs it's really slow.
Not sure how possible this is going to be anytime soon.
Hope you are feeling better.
Donny
It reminds me when people were buying .tel domains to find out they couldn't park them
https://www.do.tel/faqs/do.tel/faqs/ said:If you do not wish to use the free Telhosting service, that is fine as you can use your .tel for any purpose of your choosing e.g. hosting your own website.
It does not appear to have any scaling issues that I have noticed so far. I guess we will see if no services offer SSLs for .app and thousands sign up for my forwarding service. I personally am hoping they all figure it out so I don't have to deal with any scaling issues since it's free.LetsEncrypt will be hard to scale for thousands of domains.
In fact, setting up SSL is not the problem, the problem is to gather the private certificates and automate the deployment.
...
Just need to automate the LetsEncrypt part. (emphasis added to your sentence)
.app is definitely going to be a challenge for domainers.
Yes, now you can use your own name servers but until recently you couldn't. A domain name that can't be used for a website or other Internet service like E-mail is useless right. And now domainers are stuck with plenty of .app domains that they can't host readily.That was only back in the day?
Not saying it can't be done but tedious and challenging. Of course the easy way for a parking company or hosting company would be to become a certification authority, then you can roll out certificates easily and domain validation poses no problem.Challenges arise every day as technology evolves. But this is just a first indication of the need for all services to provide SSL to appease Google and new tech.
Letsencrypt is easy to integrate in Cpanel for instance so I'd imagine it wouldn't be too hard to integrate in a custom backend.
Which means that my hosting provider has SSL setup for 785 domains just on that server. If cPanel can do it, so can you!Issued by: cPanel, Inc. Certification Authority
I have a little over 100 SSLs/sites setup in the 1 day my .app forwarding website has been online. All automated and no issues. Interested to see if it keeps going smoothly as it scales - but I see no reason why it would not.cPanel partnered with Comodo to release a feature called AutoSSL. Basically the same as LetsEncrypt but the issuer is Comodo. I used to have LetsEncrypt in my cPanel and then one day it disappeared.
I made a reverse IP lookup on my website and found 785 websites hosted on our IP address. Cool thing is that I tried a bunch of them by manually writing https in the address bar and they all resolved with
Which means that my hosting provider has SSL setup for 785 domains just on that server. If cPanel can do it, so can you!
I used to have LetsEncrypt in my cPanel and then one day it disappeared.
I made a reverse IP lookup on my website and found 785 websites hosted on our IP address. Cool thing is that I tried a bunch of them by manually writing https in the address bar and they all resolved with
Which means that my hosting provider has SSL setup for 785 domains just on that server. If cPanel can do it, so can you!
I totally understand the difference in scale. But hosting providers do manage to do this without issue.Let me know when you can add four or five million.
I'll wait...
Donny
Pay me well if i succeed at creating nameservers and web presence that can do that and forward all your domains and I will start tonight.Let me know when you can add four or five million.
I'll wait...
Donny
Let me know when you can add four or five million.
I'll wait...
Donny
That depends which of you would pay more.... Or you could split it and cut your costs. I'll program it all in your native language and OS.How about you get @matt_bodis to pay you, and then we will just copy what he does?
One of my employees does run a hosting company at night and I had him look into mass SSL certs with letsencrypt and he determined that it just wasn't possible. That doesn't mean that it won't be at some point. But the rate limits set by letsencrypt would be too high right now.
Donny