Check that the DNS A record matches the global IP now using dnspython and FDN's DNS

locales/en.json

@@ -245,10 +245,8 @@
     "certmanager_attempt_to_renew_nonLE_cert" : "The certificate of domain {domain:s} is not issued by Let's Encrypt. Cannot renew it automatically !",
     "certmanager_attempt_to_renew_valid_cert"  : "The certificate of domain {domain:s} is not about to expire ! Use --force to bypass",
     "certmanager_domain_http_not_working": "It seems that the domain {domain:s} cannot be accessed through HTTP. Please check your DNS and nginx configuration is okay.",
-    "certmanager_error_contacting_dns_api" : "Error contacting the DNS API ({api:s}), reason: {reason:s}. Use --no-checks to disable checks.",
-    "certmanager_error_parsing_dns" : "Error parsing the return value from the DNS API : {value:s}. Please verify your DNS configuration for domain {domain:s}. Use --no-checks to disable checks.",
-    "certmanager_domain_dns_ip_differs_from_public_ip" : "The DNS 'A' record for domain {domain:s} is different from this server IP. Give some time for the DNS to refresh, or use --no-checks to disable checks.",
-    "certmanager_no_A_dns_record" : "No DNS record of type A found for {domain:s}. You need to configure the DNS for your domain before installing a certificate !",
+    "certmanager_error_no_A_record" : "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate ! (If you know what you are doing, use --no-checks to disable those checks.)",
+    "certmanager_domain_dns_ip_differs_from_public_ip" : "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)",
     "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file : {file:s}), reason: {reason:s}",
     "certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !",
     "certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !",

src/yunohost/certificate.py

@@ -31,6 +31,8 @@ import grp
 import smtplib
 import requests
 
+import dns.resolver
+
 from OpenSSL import crypto
 from datetime import datetime
 from yunohost.vendor.acme_tiny.acme_tiny import get_crt as sign_certificate
@@ -656,29 +658,14 @@ def _check_domain_is_correctly_configured(domain):
 
 def _dns_ip_match_public_ip(public_ip, domain):
     try:
-        result = requests.get("https://dns-api.org/A/" + domain)
-    except Exception as exception:
-        import traceback
-        traceback.print_exc(file=sys.stdout)
-        raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_error_contacting_dns_api', api="dns-api.org", reason=exception))
+        resolver = dns.resolver.Resolver()
+        # These are FDN's DNS
+        resolver.nameservers = [ "80.67.169.12", "80.67.169.40" ]
+        answers = resolver.query(domain, "A")
+    except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN) :
+        raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_error_no_A_record', domain=domain))
 
-    try:
-        dns_ip = result.json()
-    except Exception as exception:
-        raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_error_parsing_dns', domain=domain, value=result.text))
-
-    if len(dns_ip) == 0:
-        raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_error_parsing_dns', domain=domain, value=result.text))
-
-    dns_ip = dns_ip[0]
-
-    if dns_ip.get("error") == "NXDOMAIN":
-        raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_no_A_dns_record', domain=domain))
-
-    if "value" not in dns_ip:
-        raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_error_parsing_dns', domain=domain, value=result.text))
-
-    dns_ip = dns_ip["value"]
+    dns_ip = answers[0]
 
     return dns_ip == public_ip