Adapt ready_for_ACME check to the new dnsrecord result format...

2024-09-03 20:06:10 +02:00 · 2021-09-29 22:11:24 +02:00 · 2021-09-29 22:11:24 +02:00 · d75c1a61e8
commit d75c1a61e8
parent b8cb374a49
2 changed files with 30 additions and 14 deletions
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -851,14 +851,9 @@ def _backup_current_cert(domain):

 def _check_domain_is_ready_for_ACME(domain):

-    dnsrecords = (
-        Diagnoser.get_cached_report(
-            "dnsrecords",
-            item={"domain": domain, "category": "basic"},
-            warn_if_no_cache=False,
-        )
-        or {}
-    )
+    from yunohost.domain import _get_parent_domain_of
+    from yunohost.dns import _get_dns_zone_for_domain
+
    httpreachable = (
        Diagnoser.get_cached_report(
            "web", item={"domain": domain}, warn_if_no_cache=False
@ -866,16 +861,38 @@ def _check_domain_is_ready_for_ACME(domain):
        or {}
    )

-    if not dnsrecords or not httpreachable:
+    parent_domain = _get_parent_domain_of(domain)
+
+    dnsrecords = (
+        Diagnoser.get_cached_report(
+            "dnsrecords",
+            item={"domain": parent_domain, "category": "basic"},
+            warn_if_no_cache=False,
+        )
+        or {}
+    )
+
+    base_dns_zone = _get_dns_zone_for_domain(domain)
+    record_name = domain.replace(f".{base_dns_zone}", "") if domain != base_dns_zone else "@"
+    A_record_status = dnsrecords.get("data").get(f"A:{record_name}")
+    AAAA_record_status = dnsrecords.get("data").get(f"AAAA:{record_name}")
+
+    # Fallback to wildcard in case no result yet for the DNS name?
+    if not A_record_status:
+        A_record_status = dnsrecords.get("data").get(f"A:*")
+    if not AAAA_record_status:
+        AAAA_record_status = dnsrecords.get("data").get(f"AAAA:*")
+
+    if not httpreachable or not dnsrecords.get("data") or (A_record_status, AAAA_record_status) == (None, None):
        raise YunohostValidationError(
            "certmanager_domain_not_diagnosed_yet", domain=domain
        )

    # Check if IP from DNS matches public IP
-    if not dnsrecords.get("status") in [
-        "SUCCESS",
-        "WARNING",
-    ]:  # Warning is for missing IPv6 record which ain't critical for ACME
+    # - 'MISSING' for IPv6 ain't critical for ACME
+    # - IPv4 can be None assuming there's at least an IPv6, and viveversa
+    #    - (the case where both are None is checked before)
+    if not (A_record_status in [None, "OK"] and AAAA_record_status in [None, "OK", "MISSING"]):
        raise YunohostValidationError(
            "certmanager_domain_dns_ip_differs_from_public_ip", domain=domain
        )
--- a/src/yunohost/dns.py
+++ b/src/yunohost/dns.py
@ -40,7 +40,6 @@ from yunohost.domain import (
    domain_config_get,
    _get_domain_settings,
    _set_domain_settings,
-    _get_parent_domain_of,
    _list_subdomains_of,
 )
 from yunohost.utils.dns import dig, is_yunohost_dyndns_domain, is_special_use_tld