Graceful cancellation of pending cert and order details in log for acme failure

2018-06-14 08:02:34 -07:00 · 2018-06-14 08:02:34 -07:00 · e912b8e075
parent 4551cc11df
commit e912b8e075
1 changed files with 9 additions and 1 deletions
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@ -104,7 +104,11 @@ def request_certificate(acme_client, authorizations, csr, order):
            authorization_resource, _ = acme_client.poll(authz)

    deadline = datetime.datetime.now() + datetime.timedelta(seconds=90)
-    orderr = acme_client.finalize_order(order, deadline)
+    try:
+        orderr = acme_client.finalize_order(order, deadline)
+    except AcmeError:
+        current_app.logger.error("Unable to resolve Acme order: {}".format(order), exc_info=True)
+        raise
    pem_certificate = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                           OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                                                           orderr.fullchain_pem)).decode()
@ -382,3 +386,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
            if option.get('name') == 'certificate':
                acme_root = option.get('value')
        return acme_root, "", [role]
+
+    def cancel_ordered_certificate(self, pending_cert, **kwargs):
+        # Needed to override issuer function.
+        pass