Add a new subdmain in DNS. It will take some normal time for DNS propagation. Without waiting for that, immediately create a website. This isn't a problem, you know the site still will not be reachable until DNS propagates. But what happens when we attempt to create a SSL cert? If this is requested immediately, of course it will fail. So, is there anything in ISPConfig now or planned that will check to ensure that a host can be reached from outside, before the cert is requested? I'm thinking a request can be sent to a server in some other part of the world. If that comes back with a server response, rather than a DNS error, then it's safe to assume that a Let's Encrypt query will be able to HTTP:80 to get create the cert. There are sites that provide this service via API, and any of us can arrange with partners in other parts of the world to host a simple script that essentially does a reverse query to verify a site. The actual processing a cert request can be queued until the DNS resolves, and then it can be processed. I have no idea if it already somehow works like that, or (it looks like this is the case) if cert requests are processed immediately rather than being queued. The benefit of a queuing mechanism is that it allows us to do everything at once, and then just let cron test for DNS resolution, cert requests, etc. Otherwise it seems like we need a manual reminder to come back and request a cert - or create our own script to ping us when DNS has propagated. Thanks!