cert: raise errors for cert install/renew

2024-09-03 20:06:10 +02:00 · 2022-10-04 18:12:10 +02:00 · 2022-10-04 18:12:10 +02:00 · e4df838d9d
commit e4df838d9d
parent 85b6d8554d
2 changed files with 27 additions and 0 deletions
--- a/locales/en.json
+++ b/locales/en.json
@ -125,8 +125,11 @@
    "certmanager_attempt_to_renew_valid_cert": "The certificate for the domain '{domain}' is not about to expire! (You may use --force if you know what you're doing)",
    "certmanager_attempt_to_replace_valid_cert": "You are attempting to overwrite a good and valid certificate for domain {domain}! (Use --force to bypass)",
    "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain} (file: {file}), reason: {reason}",
+    "certmanager_cert_install_failed": "Let's Encrypt certificate install failed for {domains}",
+    "certmanager_cert_install_failed_selfsigned": "Self-signed certificate install failed for {domains}",
    "certmanager_cert_install_success": "Let's Encrypt certificate now installed for the domain '{domain}'",
    "certmanager_cert_install_success_selfsigned": "Self-signed certificate now installed for the domain '{domain}'",
+    "certmanager_cert_renew_failed": "Let's Encrypt certificate renew failed for {domains}",
    "certmanager_cert_renew_success": "Let's Encrypt certificate renewed for the domain '{domain}'",
    "certmanager_cert_signing_failed": "Could not sign the new certificate",
    "certmanager_certificate_fetching_or_enabling_failed": "Trying to use the new certificate for {domain} did not work...",
--- a/src/certificate.py
+++ b/src/certificate.py
@ -129,6 +129,7 @@ def certificate_install(domain_list, force=False, no_checks=False, self_signed=F

 def _certificate_install_selfsigned(domain_list, force=False):

+    failed_cert_install = []
    for domain in domain_list:

        operation_logger = OperationLogger(
@ -223,9 +224,16 @@ def _certificate_install_selfsigned(domain_list, force=False):
            operation_logger.success()
        else:
            msg = f"Installation of self-signed certificate installation for {domain} failed !"
+            failed_cert_install.append(domain)
            logger.error(msg)
            operation_logger.error(msg)

+    if failed_cert_install:
+        raise YunohostError(
+            "certmanager_cert_install_failed_selfsigned",
+            domains=",".join(failed_cert_install)
+        )
+

 def _certificate_install_letsencrypt(domains, force=False, no_checks=False):
    from yunohost.domain import domain_list, _assert_domain_exists
@ -257,6 +265,7 @@ def _certificate_install_letsencrypt(domains, force=False, no_checks=False):
                )

    # Actual install steps
+    failed_cert_install = []
    for domain in domains:

        if not no_checks:
@ -285,11 +294,18 @@ def _certificate_install_letsencrypt(domains, force=False, no_checks=False):
                logger.error(
                    f"Please consider checking the 'DNS records' (basic) and 'Web' categories of the diagnosis to check for possible issues that may prevent installing a Let's Encrypt certificate on domain {domain}."
                )
+            failed_cert_install.append(domain)
        else:
            logger.success(m18n.n("certmanager_cert_install_success", domain=domain))

            operation_logger.success()

+    if failed_cert_install:
+        raise YunohostError(
+            "certmanager_cert_install_failed",
+            domains=",".join(failed_cert_install)
+        )
+

 def certificate_renew(domains, force=False, no_checks=False, email=False):
    """
@ -359,6 +375,7 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
                )

    # Actual renew steps
+    failed_cert_install = []
    for domain in domains:

        if not no_checks:
@ -400,6 +417,8 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
            logger.error(stack.getvalue())
            logger.error(str(e))

+            failed_cert_install.append(domain)
+
            if email:
                logger.error("Sending email with details to root ...")
                _email_renewing_failed(domain, msg + "\n" + str(e), stack.getvalue())
@ -407,6 +426,11 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
            logger.success(m18n.n("certmanager_cert_renew_success", domain=domain))
            operation_logger.success()

+    if failed_cert_install:
+        raise YunohostError(
+            "certmanager_cert_renew_failed",
+            domains=",".join(failed_cert_install)
+        )

 #
 # Back-end stuff                                                            #