question Is there a parking service that supports https?

[Dimitar Nestorov]

Google Chrome refuses to visit the new .app domains without https

 

[matt_bodis]

There will not be any parking companies that support SSL. Let's encrypt is a great idea, but you have to load every certificate on every box. Let's say you have 30 servers and 2,000,000 domains. Do you know how long apache or nginx would take to reload when a new cert is added?

We looked into it and tried. It's not worth it.

Donny

Guess I missed this post. Thanks Donny for saving us a ton of time.

 

[Michael M]

We've looked into supporting HTTPS across multiple domains but have not found any solution. If you guys find any way to do this, we will gladly try to implement it. It's definitely something we'd be very interested in doing.

We'd have to find a way to bind a signed SSL certificate to multiple domains. Not sure if it is possible. We can probably make the HTTPS semi-work, but you'll be given an alert in Chrome and other browsers that the SSL is not signed and have to agree to go forward to the parked page. In such a scenario, you'll lose most visitors thus it isn't ideal and the reason we haven't ever proceeded with such an implementation.

I will look into LetsEncrypt. First time I hear of them.

It is possible - I have done it above in a post for everyone until you guys figure it out.

Check out this thread... I made a free "app" to create an SSL and forward your new app domains to a lander. Let me know if you need any landing services added that are supporting .app domains. (Sedo is not yet)


https://www.namepros.com/threads/free-app-ssl-forwarding-for-landers.1081373/

With LetsEncrypt you can only put 100 domains per SAN certificate - so a service like yours can't solve the problem with one cert. But if you have questions I can help you guys implement something at no charge (for advice).

I probably need to add Bodis as a lander option as it is not there yet. What is the URL structure for Bodis?

 

[Donny]

@matt_bodis - Yeah, it's a little tough to deal with, since each of us have load balancers, you would have to put the cert on each server. And adding a single name would require you to add the new cert and reload apache or nginx, with so many certs it's really slow.

Not sure how possible this is going to be anytime soon.

Hope you are feeling better.

Donny

 

[Michael M]

@matt_bodis - Yeah, it's a little tough to deal with, since each of us have load balancers, you would have to put the cert on each server. And adding a single name would require you to add the new cert and reload apache or nginx, with so many certs it's really slow.

Not sure how possible this is going to be anytime soon.

Hope you are feeling better.

Donny

When there is a will, there is a way. I would imagine all the parking and registrars need to get this figured out for a landing page to be possible on .app without technical knowledge from domainers or an external solution they may be hesitant to use.

Also keep in mind the entire web is going towards SSL, so this is coming guys. Landing/Parking/Registrars need to get this figured out on their level.

 

[matt_bodis]

@Donny - thanks. You make some great points. And yeah getting there.

@Michael M - very true indeed. The future definitely is in HTTPS. Actually, as with .app domains, even the present is now with HTTPS. So a solution is definitely required either sooner or later.

It won't hurt for us to look into it while taking all of Donny's great points into account.

 

[domains21]

Maybe it would be worth looking into how Cloudflare does it with their Universal SSL ?

 

[Michael M]

@Donny - thanks. You make some great points. And yeah getting there.

@Michael M - very true indeed. The future definitely is in HTTPS. Actually, as with .app domains, even the present is now with HTTPS. So a solution is definitely required either sooner or later.

It won't hurt for us to look into it while taking all of Donny's great points into account.

Thanks for keeping an open mind...

Also, just a thought... Many hosting companies host 10s to 100s of thousands of websites with their own SSL cert without a problem. (though they generally charge the customer for the SSL cert)

It is just a new idea to the Domaining/Parking/Landing Service companies - but with SEO in mind at a minimum it is time for these companies to start working towards it.

 

[Michael M]

@matt_bodis - Yeah, it's a little tough to deal with, since each of us have load balancers, you would have to put the cert on each server. And adding a single name would require you to add the new cert and reload apache or nginx, with so many certs it's really slow.

Not sure how possible this is going to be anytime soon.

Hope you are feeling better.

Donny

@Donny
@matt_bodis

It might take adding a third server into the situation to keep the load balancing going, but only restart one webserver at a time in a sequence - if a full restart of the entire webserver is needed.

(Windows Server guy myself so would have to play with it to see how to achieve in apache or nginx)

But...

I know this seems "extreme" to make a separate site for tons of domains - but couldn't you guys:
1. Create a separate web site for each domain (which point to the same root dir on the server)
2. Systematically create an SSL for each domain using LetsEncrypt to keep it free
3. Assign the cert to that site, and restart that site
4. Renew the LetsEncrypt certificates in an automated routine

 

[matt_bodis]

That was my thought, to keep the HTTPS domains on seperate VMs/servers from the non-HTTPS. That would actually be the way we'd do it on our end.

I've assigned it to our dev for the next week to look at. I guess once we look at it we'll know what we're dealing with pretty quickly.

Right now pretty sure Donny had quite a look into it so not getting too excited.

 

[matt_bodis]

I'll be sure to post our findings then. Thanks for bringing entire idea up.

 

[Kate]

LetsEncrypt will be hard to scale for thousands of domains.
In fact, setting up SSL is not the problem, the problem is to gather the private certificates and automate the deployment.

And it also depends on the verification to be performed. For example in a simple domain validation scenario, the certificate will often be delivered to an E-mail address under the same domain like postmaster. Or it has to be fetched by the domain holder on the the certificate authority's website. So the parking company can't do that because they have no control.

If you have a server, you could host the domains yourself though. Just need to automate the LetsEncrypt part.

.app is definitely going to be a challenge for domainers.

It reminds me when people were buying .tel domains to find out they couldn't park them

 

[CamMK27]

Great info. Thanks.

 

[Dimitar Nestorov]

It reminds me when people were buying .tel domains to find out they couldn't park them

That was only back in the day? I'm currently reading do.tel's FAQ page and it says

If you do not wish to use the free Telhosting service, that is fine as you can use your .tel for any purpose of your choosing e.g. hosting your own website.

 

[Michael M]

LetsEncrypt will be hard to scale for thousands of domains.

It does not appear to have any scaling issues that I have noticed so far. I guess we will see if no services offer SSLs for .app and thousands sign up for my forwarding service. I personally am hoping they all figure it out so I don't have to deal with any scaling issues since it's free.

In fact, setting up SSL is not the problem, the problem is to gather the private certificates and automate the deployment.

...

Just need to automate the LetsEncrypt part. (emphasis added to your sentence)

.app is definitely going to be a challenge for domainers.

Challenges arise every day as technology evolves. But this is just a first indication of the need for all services to provide SSL to appease Google and new tech.

 

[Kate]

That was only back in the day?

Yes, now you can use your own name servers but until recently you couldn't. A domain name that can't be used for a website or other Internet service like E-mail is useless right. And now domainers are stuck with plenty of .app domains that they can't host readily.

Challenges arise every day as technology evolves. But this is just a first indication of the need for all services to provide SSL to appease Google and new tech.

Not saying it can't be done but tedious and challenging. Of course the easy way for a parking company or hosting company would be to become a certification authority, then you can roll out certificates easily and domain validation poses no problem.

My guess is, it's not worth the time and effort for parking companies. Not enough combined traffic, not enough sales. They have many other priorities.

 

[branding]

Lets encrypt is the way to go. Any 'real' hosting company is offering that for free already. Letsencrypt is easy to integrate in Cpanel for instance so I'd imagine it wouldn't be too hard to integrate in a custom backend.

You can just automate the process so when someone adds a domain a certificate will be issued and configured instantly. I'm not sure if it's still the case but they (letsencrypt) did have a maximum request per day(?) per ip requesting it. Also, the domain should already be using the correct nameservers.

The huge number of domains shouldn't be an issue either. You'd be surprised how many domains are running on a single server anyway and introducing SSL to the config shouldn't add too much additional overhead.

Like mentioned before, cloudflare would also be a viable solution. Not free however and overall less trusted because of the way their encryption chain works. Anyhow, you could integrate cloudflare (using their API) in your backend and you'll be done. Best to reach out to them if you'd want to go that option. Big plus might be their DDOS protection, not sure if that's a thing for parking services.

Anyway, It can easily be done and it definitely is something that should be tackled in this industry in the near future.

 

[Dimitar Nestorov]

Letsencrypt is easy to integrate in Cpanel for instance so I'd imagine it wouldn't be too hard to integrate in a custom backend.

cPanel partnered with Comodo to release a feature called AutoSSL. Basically the same as LetsEncrypt but the issuer is Comodo. I used to have LetsEncrypt in my cPanel and then one day it disappeared.

I made a reverse IP lookup on my website and found 785 websites hosted on our IP address. Cool thing is that I tried a bunch of them by manually writing https in the address bar and they all resolved with

Issued by: cPanel, Inc. Certification Authority

Which means that my hosting provider has SSL setup for 785 domains just on that server. If cPanel can do it, so can you!

 

[Michael M]

cPanel partnered with Comodo to release a feature called AutoSSL. Basically the same as LetsEncrypt but the issuer is Comodo. I used to have LetsEncrypt in my cPanel and then one day it disappeared.

I made a reverse IP lookup on my website and found 785 websites hosted on our IP address. Cool thing is that I tried a bunch of them by manually writing https in the address bar and they all resolved with

Which means that my hosting provider has SSL setup for 785 domains just on that server. If cPanel can do it, so can you!

I have a little over 100 SSLs/sites setup in the 1 day my .app forwarding website has been online. All automated and no issues. Interested to see if it keeps going smoothly as it scales - but I see no reason why it would not.

I think the big players will catch up soon.

 

[branding]

I used to have LetsEncrypt in my cPanel and then one day it disappeared.

Most hosts used a plugin for this but there were some minor issues if I recall correctly, then AutoSSL came around. Great solution as well. More important, certificates become freely available to the general public which means the web got just a tiny bit safer

I made a reverse IP lookup on my website and found 785 websites hosted on our IP address. Cool thing is that I tried a bunch of them by manually writing https in the address bar and they all resolved with

Which means that my hosting provider has SSL setup for 785 domains just on that server. If cPanel can do it, so can you!

785 is nothing really depends on the host ofcourse but I'm usually using at least 5 ips per node(although these are beast in terms of resources) so do your math.

Anyway, I'm kinda surprised the 'parking business' is this far behind whereas the overall hosting industry has adopted SSL pretty much as a standard nowadays.

When there's a will, there's a way. I'm sure they'll figure it out.

 

[Donny]

Let me know when you can add four or five million.

I'll wait...

Donny

 

[Michael M]

Let me know when you can add four or five million.

I'll wait...

Donny

I totally understand the difference in scale. But hosting providers do manage to do this without issue.

I'm not trying to give you a hard time - but I would bet that in the next year or two you will have to do something about an SSL per domain to stay relevant. Big G has a lot of weight, not to mention forward progress.

 

[Michael M]

Let me know when you can add four or five million.

I'll wait...

Donny

Pay me well if i succeed at creating nameservers and web presence that can do that and forward all your domains and I will start tonight.

 

[Donny]

How about you get @matt_bodis to pay you, and then we will just copy what he does?

One of my employees does run a hosting company at night and I had him look into mass SSL certs with letsencrypt and he determined that it just wasn't possible. That doesn't mean that it won't be at some point. But the rate limits set by letsencrypt would be too high right now.

Donny

 

[branding]

Let me know when you can add four or five million.

I'll wait...

Donny

It's doable I'd say. Look at cloudflare But seriously, I understand scaling things up doesn't always work.

Keep in mind though that you gotta get this done as in less than a few years everyone will be doing it.

 

[Michael M]

How about you get @matt_bodis to pay you, and then we will just copy what he does?

One of my employees does run a hosting company at night and I had him look into mass SSL certs with letsencrypt and he determined that it just wasn't possible. That doesn't mean that it won't be at some point. But the rate limits set by letsencrypt would be too high right now.

Donny

That depends which of you would pay more.... Or you could split it and cut your costs. I'll program it all in your native language and OS.

LetsEncrypt wouldnt be your only solution, but they do allow bigger organizations to raise the rate limit as needed.

https://letsencrypt.org/docs/rate-limits/ and then Rate Limit Form