From 97786f4eb2fdb839c8feffbc91de2d00f8aa79ec Mon Sep 17 00:00:00 2001 From: ivanshumkov Date: Thu, 21 Nov 2024 14:58:31 +0700 Subject: [PATCH 1/2] fix(dashmate): various ZeroSSL cert verification errors --- .../obtainZeroSSLCertificateTaskFactory.js | 39 +++++++++++++------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js b/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js index 71d7b7809be..0ce85822520 100644 --- a/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js +++ b/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js @@ -177,25 +177,40 @@ export default function obtainZeroSSLCertificateTaskFactory( try { await verifyDomain(ctx.certificate.id, ctx.apiKey); } catch (e) { - if (ctx.noRetry !== true) { - retry = await task.prompt({ - type: 'toggle', - header: chalk` An error occurred during verification: {red ${e.message}} + // Error: The given certificate is not ready for domain verification + // Sometimes this error means that certificate is already verified + if (e.code === 2831) { + const certificate = await getCertificate(ctx.apiKey, ctx.certificate.id); + // Just proceed on certificate download if we see it's already issued. + if (certificate.status === 'issued') { + return; + } + } + + if (e.type === 'domain_control_validation_failed') { + // Retry on this undocumented error whatever it means + await wait(5000); + } else { + if (ctx.noRetry !== true) { + retry = await task.prompt({ + type: 'toggle', + header: chalk` An error occurred during verification: {red ${e.message}} Please ensure that port 80 on your public IP address ${ctx.externalIp} is open for incoming HTTP connections. You may need to configure your firewall to ensure this port is accessible from the public internet. If you are using Network Address Translation (NAT), please enable port forwarding for port 80 and all Dash service ports listed above.`, - message: 'Try again?', - enabled: 'Yes', - disabled: 'No', - initial: true, - }); - } + message: 'Try again?', + enabled: 'Yes', + disabled: 'No', + initial: true, + }); + } - if (!retry) { - throw e; + if (!retry) { + throw e; + } } } } while (retry); From 9f4bd60d8862cf855a7f63503fcf178fca89229a Mon Sep 17 00:00:00 2001 From: ivanshumkov Date: Thu, 21 Nov 2024 15:09:27 +0700 Subject: [PATCH 2/2] chore: add retry limit for domain_control_validation_failed --- .../ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js b/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js index 0ce85822520..0cecce0fc5a 100644 --- a/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js +++ b/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js @@ -173,6 +173,8 @@ export default function obtainZeroSSLCertificateTaskFactory( skip: (ctx) => ctx.certificate && !['pending_validation', 'draft'].includes(ctx.certificate.status), task: async (ctx, task) => { let retry; + let autoRetryCount = 0; + const MAX_AUTO_RETRIES = 3; // Adjust based on requirements do { try { await verifyDomain(ctx.certificate.id, ctx.apiKey); @@ -189,6 +191,14 @@ export default function obtainZeroSSLCertificateTaskFactory( if (e.type === 'domain_control_validation_failed') { // Retry on this undocumented error whatever it means + if (autoRetryCount >= MAX_AUTO_RETRIES) { + throw e; + } + autoRetryCount++; + if (process.env.DEBUG) { + // eslint-disable-next-line no-console + console.warn(`Retry ${autoRetryCount}/${MAX_AUTO_RETRIES} verification due to domain_control_validation_failed error`); + } await wait(5000); } else { if (ctx.noRetry !== true) {