Merge pull request #303 from Dstack-TEE/certbot-log

Leechael · web-flow · commit ef114eb4fa40 · 2025-08-23T12:10:16.000+08:00
certbot: Add detailed acme error info
diff --git a/certbot/src/acme_client.rs b/certbot/src/acme_client.rs
@@ -7,7 +7,7 @@ use fs_err as fs;
 use hickory_resolver::error::ResolveErrorKind;
 use instant_acme::{
     Account, AccountCredentials, AuthorizationStatus, ChallengeType, Identifier, NewAccount,
-    NewOrder, Order, OrderStatus,
+    NewOrder, Order, OrderStatus, Problem,
 };
 use rcgen::{CertificateParams, DistinguishedName, KeyPair};
 use serde::{Deserialize, Serialize};
@@ -457,7 +457,14 @@ impl AcmeClient {
                     return extract_certificate(order).await;
                 }
                 // Something went wrong
-                OrderStatus::Invalid => bail!("order is invalid"),
+                OrderStatus::Invalid => {
+                    let error = find_error(&mut order).await.unwrap_or(Problem {
+                        r#type: None,
+                        detail: None,
+                        status: None,
+                    });
+                    bail!("order is invalid: {error}");
+                }
             }
         }
     }
@@ -472,6 +479,20 @@ impl AcmeClient {
     }
 }
 
+async fn find_error(order: &mut Order) -> Option<Problem> {
+    if let Some(error) = order.state().error.as_ref() {
+        return Some(error.clone());
+    }
+    for auth in order.authorizations().await.ok()? {
+        for challenge in auth.challenges {
+            if let Some(error) = challenge.error {
+                return Some(error);
+            }
+        }
+    }
+    None
+}
+
 fn make_csr(key: &str, names: &[String]) -> Result<Vec<u8>> {
     let mut params =
         CertificateParams::new(names).context("failed to create certificate params")?;
diff --git a/certbot/src/dns01_client/cloudflare.rs b/certbot/src/dns01_client/cloudflare.rs
@@ -83,7 +83,6 @@ impl Dns01Api for CloudflareClient {
                 "type": "TXT",
                 "name": domain,
                 "content": content,
-                "ttl": 120
             }))
             .await?;
         Ok(response.result.id)
@@ -100,7 +99,6 @@ impl Dns01Api for CloudflareClient {
             .add_record(&json!({
                 "type": "CAA",
                 "name": domain,
-                "ttl": 120,
                 "data": {
                     "flags": flags,
                     "tag": tag,
