From e912b8e0756ae26e5207008e67bfa1b0c32f6edb Mon Sep 17 00:00:00 2001
From: Curtis Castrapel <ccastrapel@netflix.com>
Date: Thu, 14 Jun 2018 08:02:34 -0700
Subject: [PATCH] Graceful cancellation of pending cert and order details in
 log for acme failure

---
 lemur/plugins/lemur_acme/plugin.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py
index a3f9af00..712164d5 100644
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@@ -104,7 +104,11 @@ def request_certificate(acme_client, authorizations, csr, order):
             authorization_resource, _ = acme_client.poll(authz)
 
     deadline = datetime.datetime.now() + datetime.timedelta(seconds=90)
-    orderr = acme_client.finalize_order(order, deadline)
+    try:
+        orderr = acme_client.finalize_order(order, deadline)
+    except AcmeError:
+        current_app.logger.error("Unable to resolve Acme order: {}".format(order), exc_info=True)
+        raise
     pem_certificate = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                            OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                                                            orderr.fullchain_pem)).decode()
@@ -382,3 +386,7 @@ class ACMEIssuerPlugin(IssuerPlugin):
             if option.get('name') == 'certificate':
                 acme_root = option.get('value')
         return acme_root, "", [role]
+
+    def cancel_ordered_certificate(self, pending_cert, **kwargs):
+        # Needed to override issuer function.
+        pass