diff --git a/app/validator.py b/app/validator.py index 7374a7d..46cecfa 100644 --- a/app/validator.py +++ b/app/validator.py @@ -108,15 +108,14 @@ async def _check_domain(domain: str) -> dict: # will too, so we don't bother retrying on timeout errors. # We DO retry https on ConnectError/RemoteProtocolError (port 80 closed or # speaking wrong protocol) because those servers are often https-only. - timeouts = { - "http": httpx.Timeout(connect=4, read=6, write=3, pool=5), - "https": httpx.Timeout(connect=6, read=10, write=3, pool=5), - } + # Use the same generous timeout for both schemes so that http→https redirects + # (followed inside the same client) also get enough time for the TLS handshake. + timeout = httpx.Timeout(connect=8, read=12, write=5, pool=8) for scheme in ("http", "https"): try: async with httpx.AsyncClient( - timeout=timeouts[scheme], + timeout=timeout, follow_redirects=True, headers=_headers(), verify=False, @@ -152,16 +151,14 @@ async def _check_domain(domain: str) -> dict: result["prescreen_status"] = "live" return result - except (httpx.ConnectError, httpx.RemoteProtocolError, httpx.ConnectTimeout) as e: - # Port refused, wrong protocol, or port 80 firewalled/timed-out - # → server may be https-only, always retry on 443 + except Exception as e: + # Any failure on http (connection refused, timeout, TLS error in redirect + # chain, etc.) → server may be https-only, always try 443 once. if scheme == "http": logger.debug("Validator %s: %s on http, trying https", domain, type(e).__name__) continue - break - except Exception as e: - # ReadTimeout or other error — connected but server too slow; mark dead - logger.debug("Validator %s (%s): %s", domain, scheme, type(e).__name__) + # Both schemes failed → dead + logger.debug("Validator %s (https): %s", domain, type(e).__name__) break result["load_time_ms"] = int((time.monotonic() - t0) * 1000)