From 713d4926c938a183c0094319b274a541065b2dcb Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Fri, 8 May 2020 21:50:23 +0200
Subject: [PATCH] Fix the way we check the A record for xmpp

---
 src/yunohost/certificate.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py
index cf11d9639..11d066ff2 100644
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@@ -610,10 +610,9 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
     # For "parent" domains, include xmpp-upload subdomain in subject alternate names
     if domain in domain_list(exclude_subdomains=True)["domains"]:
         subdomain = "xmpp-upload." + domain
-        try:
-            _dns_ip_match_public_ip(get_public_ip(), subdomain)
+        if dig(subdomain, "A", resolvers="force_external") == ("ok", [get_public_ip()]):
             csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
-        except YunohostError:
+        else:
             logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
 
     # Set the key