Managed Challenges: report failed update attempts back to client

webprofusion-chrisc · webprofusion-chrisc · commit 9b9472b2950f · 2025-07-11T17:26:57.000+08:00
diff --git a/src/Certify.Providers/DNS/CertifyManaged/DnsProviderCertifyManaged.cs b/src/Certify.Providers/DNS/CertifyManaged/DnsProviderCertifyManaged.cs
@@ -7,6 +7,7 @@
 using Certify.Models.Hub;
 using Certify.Models.Plugins;
 using Certify.Models.Providers;
+using Certify.Models.Util;
 using Certify.Plugins;
 using Certify.SharedUtils;
 using Newtonsoft.Json;
@@ -147,7 +148,36 @@ public async Task<ActionResult> CreateRecord(DnsRecord request)
                 }
                 else
                 {
-                    return new ActionResult { IsSuccess = false, Message = $"Update failed [{result.StatusCode}] : check API URL is valid [{apiUri}], auth credentials are correct and authorised for a matching managed challenge." };
+                    var responseJson = await result.Content.ReadAsStringAsync();
+
+                    // Try to parse as ActionResult first (if API returns structured error)
+                    try
+                    {
+                        var errorResult = JsonConvert.DeserializeObject<ProblemDetails>(responseJson);
+                        if (errorResult != null && !string.IsNullOrWhiteSpace(errorResult.Detail))
+                        {
+                            return new ActionResult
+                            {
+                                IsSuccess = false,
+                                Message = $"Update failed [{result.StatusCode}]: {errorResult.Detail}"
+                            };
+                        }
+                    }
+                    catch
+                    {
+                        // If JSON parsing fails, fall back to raw response
+                    }
+
+                    // Fallback to including raw response content
+                    var errorMessage = string.IsNullOrWhiteSpace(responseJson)
+                        ? "No additional error details available"
+                        : responseJson;
+
+                    return new ActionResult
+                    {
+                        IsSuccess = false,
+                        Message = $"Update failed [{result.StatusCode}]: {errorMessage}. Check API URL is valid [{apiUri}], auth credentials are correct and authorised for a matching managed challenge."
+                    };
                 }
             }
             catch (Exception exp)
diff --git a/src/Certify.Server/Certify.Server.Hub.Api/Controllers/v1/ManagedChallengeController.cs b/src/Certify.Server/Certify.Server.Hub.Api/Controllers/v1/ManagedChallengeController.cs
@@ -36,10 +36,22 @@ public ManagedChallengeController(ILogger<ManagedChallengeController> logger, IC
         [Route("request")]
         [AllowAnonymous]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Certify.Models.Config.ActionResult))]
+        [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status502BadGateway)]
         public async Task<IActionResult> PerformManagedChallenge(ManagedChallengeRequest request)
         {
             var result = await _client.PerformManagedChallenge(request, null);
-            return new OkObjectResult(result);
+
+            if (result.IsSuccess)
+            {
+                return new OkObjectResult(result);
+            }
+            else
+            {
+                return Problem(
+                    detail: result.Message,
+                    statusCode: StatusCodes.Status502BadGateway
+                );
+            }
         }
 
         /// <summary>
