fix(dashmate): various ZeroSSL cert verification errors (#2339)

dashpay · Nov 21, 2024 · 0d0f477 · 0d0f477
1 parent fa6e6bd
commit 0d0f477
Showing 1 changed file with 37 additions and 12 deletions.
diff --git a/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js b/packages/dashmate/src/listr/tasks/ssl/zerossl/obtainZeroSSLCertificateTaskFactory.js
@@ -173,29 +173,54 @@ export default function obtainZeroSSLCertificateTaskFactory(
         skip: (ctx) => ctx.certificate && !['pending_validation', 'draft'].includes(ctx.certificate.status),
         task: async (ctx, task) => {
           let retry;
+          let autoRetryCount = 0;
+          const MAX_AUTO_RETRIES = 3; // Adjust based on requirements
           do {
             try {
               await verifyDomain(ctx.certificate.id, ctx.apiKey);
             } catch (e) {
-              if (ctx.noRetry !== true) {
-                retry = await task.prompt({
-                  type: 'toggle',
-                  header: chalk`  An error occurred during verification: {red ${e.message}}
+              // Error: The given certificate is not ready for domain verification
+              // Sometimes this error means that certificate is already verified
+              if (e.code === 2831) {
+                const certificate = await getCertificate(ctx.apiKey, ctx.certificate.id);
+                // Just proceed on certificate download if we see it's already issued.
+                if (certificate.status === 'issued') {
+                  return;
+                }
+              }
+
+              if (e.type === 'domain_control_validation_failed') {
+                // Retry on this undocumented error whatever it means
+                if (autoRetryCount >= MAX_AUTO_RETRIES) {
+                  throw e;
+                }
+                autoRetryCount++;
+                if (process.env.DEBUG) {
+                  // eslint-disable-next-line no-console
+                  console.warn(`Retry ${autoRetryCount}/${MAX_AUTO_RETRIES} verification due to domain_control_validation_failed error`);
+                }
+                await wait(5000);
+              } else {
+                if (ctx.noRetry !== true) {
+                  retry = await task.prompt({
+                    type: 'toggle',
+                    header: chalk`  An error occurred during verification: {red ${e.message}}
 
     Please ensure that port 80 on your public IP address ${ctx.externalIp} is open
     for incoming HTTP connections. You may need to configure your firewall to
     ensure this port is accessible from the public internet. If you are using
     Network Address Translation (NAT), please enable port forwarding for port 80
     and all Dash service ports listed above.`,
-                  message: 'Try again?',
-                  enabled: 'Yes',
-                  disabled: 'No',
-                  initial: true,
-                });
-              }
+                    message: 'Try again?',
+                    enabled: 'Yes',
+                    disabled: 'No',
+                    initial: true,
+                  });
+                }
 
-              if (!retry) {
-                throw e;
+                if (!retry) {
+                  throw e;
+                }
               }
             }
           } while (retry);