Catching exceptions from acme-tiny

2024-09-03 20:06:10 +02:00 · 2016-11-22 22:24:54 -05:00 · 2016-11-22 22:24:54 -05:00 · a6353703bd
commit a6353703bd
parent 0132cf037f
2 changed files with 19 additions and 9 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -251,5 +251,7 @@
    "certmanager_cert_install_success_selfsigned" : "Successfully installed a self-signed certificate for domain {domain:s} !",
    "certmanager_cert_install_success" : "Successfully installed Let's Encrypt certificate for domain {domain:s} !",
    "certmanager_cert_renew_success" : "Successfully renewed Let's Encrypt certificate for domain {domain:s} !",
-    "certmanager_old_letsencrypt_app_detected" : "\nYunohost detected that the 'letsencrypt' app is installed, which conflits with the new built-in certificate management features in Yunohost. If you wish to use the new built-in features, please run the following commands to migrate your installation :\n\n    yunohost app remove letsencrypt\n    yunohost domain cert-install\n\nN.B. : this will attempt to re-install certificates for all domains with a Let's Encrypt certificate or self-signed certificate."
+    "certmanager_old_letsencrypt_app_detected" : "\nYunohost detected that the 'letsencrypt' app is installed, which conflits with the new built-in certificate management features in Yunohost. If you wish to use the new built-in features, please run the following commands to migrate your installation :\n\n    yunohost app remove letsencrypt\n    yunohost domain cert-install\n\nN.B. : this will attempt to re-install certificates for all domains with a Let's Encrypt certificate or self-signed certificate.",
+    "certmanager_hit_rate_limit" :"Too many certificates already issued for exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details.",
+    "certmanager_cert_signing_failed" : "Signing the new certificate failed."
 }
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -31,7 +31,6 @@ import grp
 import smtplib
 import requests
 import subprocess
-
 import dns.resolver

 from OpenSSL import crypto
@ -470,11 +469,20 @@ def _fetch_and_enable_new_certificate(domain):

    domain_csr_file = "%s/%s.csr" % (TMP_FOLDER, domain)

+    try:
        signed_certificate = sign_certificate(ACCOUNT_KEY_FILE,
                                              domain_csr_file,
                                              WEBROOT_FOLDER,
                                              log=logger,
                                              CA=CERTIFICATION_AUTHORITY)
+    except ValueError as e:
+        if ("urn:acme:error:rateLimited" in str(e)) :
+            raise MoulinetteError(errno.EINVAL,  m18n.n('certmanager_hit_rate_limit', domain=domain))
+        else :
+            raise
+    except Exception as e:
+        raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_cert_signing_failed'))
+        logger.error(str(e))

    intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL).text