[fix] Add missing full_clean() to VPN server auto-cert creation

AbstractVpn._auto_create_cert() was saving the server certificate
without calling full_clean(), bypassing Django model validation.
The client-side equivalent in AbstractVpnClient._auto_create_cert()
correctly calls full_clean() before save().

Also delete any stale certificate with the same common name and CA
before creating a new one, to avoid unique constraint violations
when the VPN backend is changed (e.g. from WireGuard back to OpenVPN).

Author: mn-ram

openwisp_controller/config/base/vpn.py

@@ -417,6 +417,10 @@ def _auto_create_cert(self):
             {"name": "nsCertType", "value": "server", "critical": False}
         ]
         cert_model = self.__class__.cert.field.related_model
+        # Delete any existing certificate with the same common name and CA
+        # to avoid unique constraint violations when the VPN backend is
+        # changed (e.g. from WireGuard back to OpenVPN).
+        cert_model.objects.filter(common_name=common_name, ca=self.ca).delete()
         cert = cert_model(
             name=self.name,
             ca=self.ca,
@@ -431,6 +435,7 @@ def _auto_create_cert(self):
             extensions=server_extensions,
         )
         cert = self._auto_create_cert_extra(cert)
+        cert.full_clean()
         cert.save()
         return cert