ref: Subdomain robustness

api/subdomains.js

@@ -45,10 +45,15 @@ const subdomainsHandler = async (url) => {
       params: { q: `%.${domain}`, output: 'json' },
       headers: { Accept: 'application/json' },
     });
-    const rows = Array.isArray(res.data) ? res.data : [];
-    const all = collectSubdomains(rows, domain);
+    if (!Array.isArray(res.data)) {
+      return { error: 'Certificate Transparency lookup returned unexpected data, please retry' };
+    }
+    const all = collectSubdomains(res.data, domain);
     if (!all.length) {
-      return { skipped: `No subdomains found for ${domain} in Certificate Transparency logs` };
+      return {
+        skipped: `No subdomains found for ${domain} in Certificate Transparency logs`,
+        retryable: true,
+      };
     }
     return {
       domain,

src/client/jobs/registry.ts

@@ -102,11 +102,11 @@ const fetchAndPoll = (path: string) =>
     }),
   );
 
-// Re-run on transient errors, returning the last error if all attempts fail
+// Re-run on transient errors or when the server hints `retryable: true`
 const fetchAndRetry = (path: string) =>
   retrying(
     path,
-    (r) => !!r?.error,
+    (r) => !!r?.error || !!r?.retryable,
     3,
     2000,
     (last) => last,
@@ -207,7 +207,6 @@ export const jobs: JobSpec[] = [
   {
     id: 'tls-labs',
     expectedAddressTypes: [...URL_ONLY],
-    noClientTimeout: true,
     cards: [
       card('tls-security-audit', 'TLS Security Audit', ['security'], TlsSecurityAuditCard),
       card('tls-client-compat', 'TLS Client Compatibility', ['security'], TlsClientCompatCard),