Skip non-checkable domains in DNS/SSL crons

Filter domain lists in cron/check_dns.php and cron/check_ssl.php to only include domains with statuses 'active' or 'expiring_soon', skipping statuses like available/expired/error/redemption_period/pending_delete. Add logging and stats for domains skipped by status. In check_ssl.php, add a hostnameResolves() helper and skip endpoints whose hostnames don't resolve (incrementing skipped_unresolved). Update summary output to report skipped counts. Remove the data-migration SQL that auto-enabled SSL monitoring and propagated last-checked times from migration 028 to avoid changing monitoring flags during schema upgrade.

cron/check_dns.php

@@ -95,12 +95,27 @@ $startTime = microtime(true);
 
 logMessage("=== Starting DNS check cron job ===");
 
-$domains = $domainModel->where('is_active', 1);
-$domains = array_values(array_filter($domains, fn($d) => ($d['dns_monitoring_enabled'] ?? 1) == 1));
-logMessage("Found " . count($domains) . " domain(s) with DNS monitoring enabled");
+// Only check domains that are registered and in use (active or expiring_soon).
+// Skip available, expired, error, redemption_period, pending_delete — they typically have no DNS.
+$checkableStatuses = ['active', 'expiring_soon'];
+
+$allDnsEnabled = array_values(array_filter(
+    $domainModel->where('is_active', 1),
+    static fn($d): bool => ($d['dns_monitoring_enabled'] ?? 1) == 1
+));
+$domains = array_values(array_filter($allDnsEnabled, static function ($d) use ($checkableStatuses): bool {
+    $status = strtolower($d['status'] ?? '');
+    return in_array($status, $checkableStatuses, true);
+}));
+$skippedByStatus = count($allDnsEnabled) - count($domains);
+logMessage("Found " . count($domains) . " domain(s) with DNS monitoring enabled and checkable status (active/expiring_soon)");
+if ($skippedByStatus > 0) {
+    logMessage("Skipped " . $skippedByStatus . " domain(s) with non-checkable status (available/expired/error/redemption_period/pending_delete)");
+}
 
 $stats = [
     'checked'              => 0,
+    'skipped_by_status'    => $skippedByStatus,
     'changes_detected'     => 0,
     'records_added'        => 0,
     'records_removed'      => 0,
@@ -833,6 +848,7 @@ function printSummary(array $stats, float $startTime): void
 
     logMessage("\n=== DNS cron job completed ===");
     logMessage("Domains checked:            {$stats['checked']}");
+    logMessage("Skipped (by status):        {$stats['skipped_by_status']}");
     logMessage("Skipped (unresolved):       {$stats['skipped_unresolved']}");
     logMessage("Crt.sh fetched:             {$stats['crtsh_fetched']}");
     logMessage("Crt.sh skipped (cached):    {$stats['crtsh_skipped']}");

cron/check_ssl.php

@@ -60,13 +60,29 @@ $startTime = microtime(true);
 
 logMessage("=== Starting SSL check cron job ===");
 
-$domains = $domainModel->where('is_active', 1);
-$domains = array_values(array_filter($domains, static fn(array $domain): bool => ($domain['ssl_monitoring_enabled'] ?? 0) == 1));
-logMessage("Found " . count($domains) . " domain(s) with SSL monitoring enabled");
+// Only check domains that are registered and in use (active or expiring_soon).
+// Skip available, expired, error, redemption_period, pending_delete — they typically have no DNS/SSL.
+$checkableStatuses = ['active', 'expiring_soon'];
+
+$allSslEnabled = array_values(array_filter(
+    $domainModel->where('is_active', 1),
+    static fn(array $d): bool => ($d['ssl_monitoring_enabled'] ?? 0) == 1
+));
+$domains = array_values(array_filter($allSslEnabled, static function (array $domain) use ($checkableStatuses): bool {
+    $status = strtolower($domain['status'] ?? '');
+    return in_array($status, $checkableStatuses, true);
+}));
+$skippedByStatus = count($allSslEnabled) - count($domains);
+logMessage("Found " . count($domains) . " domain(s) with SSL monitoring enabled and checkable status (active/expiring_soon)");
+if ($skippedByStatus > 0) {
+    logMessage("Skipped " . $skippedByStatus . " domain(s) with non-checkable status (available/expired/error/redemption_period/pending_delete)");
+}
 
 $stats = [
     'checked_domains' => 0,
     'checked_hosts' => 0,
+    'skipped_by_status' => $skippedByStatus,
+    'skipped_unresolved' => 0,
     'issues_detected' => 0,
     'notifications_sent' => 0,
     'in_app_notifications' => 0,
@@ -115,6 +131,13 @@ foreach ($domains as $domain) {
             $hostname = $target['hostname'];
             $port = (int)($target['port'] ?? 443);
             $endpointLabel = $sslService->formatTargetLabel($hostname, $port);
+
+            if (!hostnameResolves($hostname)) {
+                logMessage("  {$endpointLabel}: skipped (hostname does not resolve)");
+                $stats['skipped_unresolved']++;
+                continue;
+            }
+
             $existing = $sslModel->findByDomainAndHost($domain['id'], $hostname, $port);
             $previousStatus = $existing['status'] ?? null;
 
@@ -200,6 +223,8 @@ $settingModel->setValue('last_ssl_check_run', date('Y-m-d H:i:s'));
 
 logMessage("\n=== SSL cron job completed ===");
 logMessage("Domains checked:        {$stats['checked_domains']}");
+logMessage("Domains skipped:        {$stats['skipped_by_status']} (non-checkable status)");
+logMessage("Endpoints skipped:      {$stats['skipped_unresolved']} (hostname does not resolve)");
 logMessage("Endpoints checked:      {$stats['checked_hosts']}");
 logMessage("Status changes:         {$stats['status_changes']}");
 logMessage("Issue endpoints:        {$stats['issues_detected']}");
@@ -337,6 +362,13 @@ function logTimeSince(float $since): void
     logMessage("  -> " . formatDuration(microtime(true) - $since));
 }
 
+function hostnameResolves(string $hostname): bool
+{
+    return @checkdnsrr($hostname, 'SOA')
+        || @checkdnsrr($hostname, 'A')
+        || @checkdnsrr($hostname, 'AAAA');
+}
+
 function formatDuration(float $seconds): string
 {
     if ($seconds < 60) {