diff --git a/src/routes/domains.js b/src/routes/domains.js
index c42933752..506c98bb2 100644
--- a/src/routes/domains.js
+++ b/src/routes/domains.js
@@ -29,6 +29,9 @@ function add(req, res, next) {
     if ('tlsConfig' in req.body && typeof req.body.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be a object with a provider string property'));
     if (req.body.tlsConfig && (!req.body.tlsConfig.provider || typeof req.body.tlsConfig.provider !== 'string')) return next(new HttpError(400, 'tlsConfig.provider must be a string'));
 
+    // some DNS providers like DigitalOcean take a really long time to verify credentials (https://github.com/expressjs/timeout/issues/26)
+    req.clearTimeout();
+
     domains.add(req.body.domain, req.body.zoneName || '', req.body.provider, req.body.config, req.body.fallbackCertificate || null, req.body.tlsConfig || { provider: 'letsencrypt-prod' }, function (error) {
         if (error && error.reason === DomainError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
         if (error && error.reason === DomainError.BAD_FIELD) return next(new HttpError(400, error.message));
@@ -72,6 +75,9 @@ function update(req, res, next) {
     if ('tlsConfig' in req.body && typeof req.body.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be a object with a provider string property'));
     if (req.body.tlsConfig && (!req.body.tlsConfig.provider || typeof req.body.tlsConfig.provider !== 'string')) return next(new HttpError(400, 'tlsConfig.provider must be a string'));
 
+    // some DNS providers like DigitalOcean take a really long time to verify credentials (https://github.com/expressjs/timeout/issues/26)
+    req.clearTimeout();
+
     domains.update(req.params.domain, req.body.provider, req.body.config, req.body.fallbackCertificate || null, req.body.tlsConfig || { provider: 'letsencrypt-prod' }, function (error) {
         if (error && error.reason === DomainError.NOT_FOUND) return next(new HttpError(404, error.message));
         if (error && error.reason === DomainError.BAD_FIELD) return next(new HttpError(400, error.message));
diff --git a/src/server.js b/src/server.js
index d98730e02..d76ff3758 100644
--- a/src/server.js
+++ b/src/server.js
@@ -60,7 +60,9 @@ function initializeExpressSync() {
     router.del = router.delete; // amend router.del for readability further on
 
     app
-        .use(middleware.timeout(REQUEST_TIMEOUT))
+        // the timeout middleware will respond with a 503. the request itself cannot be 'aborted' and will continue
+        // search for req.clearTimeout in route handlers to see places where this timeout is reset
+        .use(middleware.timeout(REQUEST_TIMEOUT, { respond: true }))
         .use(json)
         .use(urlencoded)
         .use(middleware.cookieParser())