From fa152adee6e3bb67cf5e599c37e097a58508c70a Mon Sep 17 00:00:00 2001
From: Bram <cortex@worlddomination.be>
Date: Tue, 17 Apr 2018 17:23:04 +0200
Subject: [PATCH] [enh] Display debug information on cert-install/renew failure
 (#447)

* [mod] split function to add _get_dns_ip
* [enh] display debug information on cert-install/renew failure
---
 src/yunohost/certificate.py | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py
index d4ddeff36..2ea9b682a 100644
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@@ -296,6 +296,7 @@ def _certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=F
                 m18n.n("certmanager_cert_install_success", domain=domain))
 
         except Exception as e:
+            _display_debug_information(domain)
             logger.error("Certificate installation for %s failed !\nException: %s", domain, e)
 
 
@@ -564,6 +565,7 @@ def _fetch_and_enable_new_certificate(domain, staging=False):
                 'certmanager_hit_rate_limit', domain=domain))
         else:
             logger.error(str(e))
+            _display_debug_information(domain)
             raise MoulinetteError(errno.EINVAL, m18n.n(
                 'certmanager_cert_signing_failed'))
 
@@ -823,7 +825,7 @@ def _check_domain_is_ready_for_ACME(domain):
             'certmanager_domain_http_not_working', domain=domain))
 
 
-def _dns_ip_match_public_ip(public_ip, domain):
+def _get_dns_ip(domain):
     try:
         resolver = dns.resolver.Resolver()
         resolver.nameservers = DNS_RESOLVERS
@@ -832,9 +834,11 @@ def _dns_ip_match_public_ip(public_ip, domain):
         raise MoulinetteError(errno.EINVAL, m18n.n(
             'certmanager_error_no_A_record', domain=domain))
 
-    dns_ip = str(answers[0])
+    return str(answers[0])
 
-    return dns_ip == public_ip
+
+def _dns_ip_match_public_ip(public_ip, domain):
+    return _get_dns_ip(domain) == public_ip
 
 
 def _domain_is_accessible_through_HTTP(ip, domain):
@@ -850,6 +854,30 @@ def _domain_is_accessible_through_HTTP(ip, domain):
     return True
 
 
+def _get_local_dns_ip(domain):
+    try:
+        resolver = dns.resolver.Resolver()
+        answers = resolver.query(domain, "A")
+    except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN):
+        logger.warning("Failed to resolved domain '%s' locally", domain)
+        return None
+
+    return str(answers[0])
+
+
+def _display_debug_information(domain):
+    dns_ip = _get_dns_ip(domain)
+    public_ip = get_public_ip()
+    local_dns_ip = _get_local_dns_ip(domain)
+
+    logger.warning("""\
+Debug information:
+ - domain ip from DNS        %s
+ - domain ip from local DNS  %s
+ - public ip of the server   %s
+""", dns_ip, local_dns_ip, public_ip)
+
+
 # FIXME / TODO : ideally this should not be needed. There should be a proper
 # mechanism to regularly check the value of the public IP and trigger
 # corresponding hooks (e.g. dyndns update and dnsmasq regen-conf)