Merge branch 'fix_renewal' into 'main'

L2SS-2098: Fix various issues happening during renewal Closes L2SS-2098 See merge request !4

Merge branch 'fix_renewal' into 'main'
db619244 · Hannes Feldt · 1f95f89a · ab21a757 · db619244 · db619244
Commit db619244 authored 7 months ago by Hannes Feldt
--- a/lofar_cryptocoryne/cli.py
+++ b/lofar_cryptocoryne/cli.py
@@ -3,6 +3,7 @@

 """ Cryptocoryne certbot cli entrypoint """

+import acme.errors
 import hvac

 import lofar_cryptocoryne.dns_client as desec
@@ -37,14 +38,17 @@ def main():
            print("Waiting for DNS to propagate...")
            if client.check_dns_propagation(timeout=1200):
                print("Succeed. Request certificate")
-                client.request_certificate()
-                certificate.fullchain = client.certificate.decode()
+                client.request_certificate(wait=10)
+                certificate.fullchain = client.certificate
+                certificate.key = client.private_key
                vault_store.put_certificate(certificate)
                print("Done")
            else:
                print("Failed to issue certificate for " + str(client.domains))

+        except acme.errors.ValidationError as ve:
+            print(f"ValidationError: {ve.failed_authzrs}")
        except Exception as e:  # pylint: disable=broad-exception-caught
-            print(e)
+            print(f"{type(e)}: {e}")
        finally:
            dns_client.cleanup()
--- a/lofar_cryptocoryne/client.py
+++ b/lofar_cryptocoryne/client.py
@@ -3,12 +3,15 @@

 """ Various clients """

+import socket
 from urllib.parse import urlparse
+
+import consul
+import josepy as jose
+import simple_acme_dns
 from acme import client as acme_client
 from acme import messages
-import simple_acme_dns
-import josepy as jose
-import consul
+
 import lofar_cryptocoryne.dns_client as desec


@@ -27,7 +30,10 @@ def get_service_certificates() -> [(str, [str])]:
 class DnsClient:
    """DNS client"""

-    DNS_SERVERS = ["ns1.desec.io", "ns2.desec.org"]
+    DNS_SERVERS = [
+        socket.gethostbyname("ns1.desec.io"),
+        socket.gethostbyname("ns2.desec.org"),
+    ]
    """ Client to access the dns providers API """

    def __init__(self, desec_client: desec.APIClient):
@@ -38,8 +44,8 @@ class DnsClient:
        """Setup DNS TXT records to verify given domain with given tokens"""
        zone = self.desec_client.get_authoritative_domain(verify_domain)
        subname = verify_domain.rsplit(zone["name"], 1)[0].rstrip(".")
-        self.desec_client.change_record(
-            zone["name"], "TXT", subname, [f'"{tokens[0]}"']
+        self.desec_client.add_record(
+            zone["name"], "TXT", subname, [f'"{tokens[0]}"'], 3600
        )
        self.cleanups.append(
            lambda d=zone["name"], sn=subname: self.desec_client.delete_record(

--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -39,8 +39,8 @@ class TestDnsClient(TestCase):
        desec_client_mock.get_authoritative_domain.assert_called_once_with(
            "verify.lofar.net"
        )
-        desec_client_mock.change_record.assert_called_once_with(
-            "lofar.net", "TXT", "verify", ['"token"']
+        desec_client_mock.add_record.assert_called_once_with(
+            "lofar.net", "TXT", "verify", ['"token"'], 3600
        )

        assert len(dns_client.cleanups) == 1