They explain that in the article (the second sentence) - as well as the regular autotrader domains, they host sites for specific dealerships too, which are presumably just a rebadged version of their main site.
Almost. The dealer websites are templated CMS's which allow dealerships to add and manage stock whilst seeing the current price around the local area for the specific vehicle that is being listed (based on condition etc).
These sites and the stock are then entered into the main database which is indexed and presented to users via the search.
This has changed and improved since.
NB: I used to work for Autotrader back in 2011 before they moved to their current home.
"we offer a product that allows customers to host a private website using this stock, under their own domain. We wanted to provide HTTPS support to all of these websites."
> we offer a product that allows customers to host a private website using this stock, under their own domain. We wanted to provide HTTPS support to all of these websites.
Please do not use codeblocks for quotes. Just put a > in front of each paragraph.
Why don't they use DNS validation, it would seem to be easier. You can run the certificate renewal process independently from your web stack and just need to deploy the certificate at the end.
[edit]: Actually stupid question, these websites are for domains they don't control.
Another thing to think about with LE at scale, especially if you plan to renew your certs around the same time (rather than staggering them), is to make sure you don't run into rate-limiting problems. In fact, if you have a REALLY major deployment (probably more than the 3,000 domains discussed here) you should work directly with the LE team to make sure that their infra is ready for you and to work out a reasonable rate of API usage between you. I know this was the experience of at least one major web hosting provider when they began offering automated LE certs for customer sites and the LE team was very accommodating.
just an FYI for people that host other people's domains dynamically, there is this Openresty ( nginx + lua + other goodies) module that does this automatically, and you can write a custom allow function to fetch "allowed" domains from Redis storage + store the certs in redis (for when you have multiple openresty instances) : https://github.com/GUI/lua-resty-auto-ssl
I was going to mention this...I've been using this setup for over a year with 6,000 domains...me thinks someone at autotrader needs to get better at Google :<
Also, using Caddy webserver in front should work. Caddy has auto-lets encrypt and a "on-demand" feature to dynamically add and verify https for domains[1].
15 comments
[ 3.1 ms ] story [ 45.3 ms ] thread"we offer a product that allows customers to host a private website using this stock, under their own domain. We wanted to provide HTTPS support to all of these websites."
> we offer a product that allows customers to host a private website using this stock, under their own domain. We wanted to provide HTTPS support to all of these websites.
Please do not use codeblocks for quotes. Just put a > in front of each paragraph.
but you are right, it wasn't on purpose and I edited it though it's now redundant
[edit]: Actually stupid question, these websites are for domains they don't control.
[1] https://caddyserver.com/docs/automatic-https#on-demand
I think we're in the ball park of 5000 domains right now.