Commit f9acf0ad authored by Joshua Tauberer's avatar Joshua Tauberer

better errors for ssl certificates

parent 8b65c11c
...@@ -514,6 +514,9 @@ def check_certificate(domain, ssl_certificate, ssl_private_key): ...@@ -514,6 +514,9 @@ def check_certificate(domain, ssl_certificate, ssl_private_key):
# Certificate is self-signed. # Certificate is self-signed.
return ("SELF-SIGNED", None) return ("SELF-SIGNED", None)
elif retcode != 0: elif retcode != 0:
if "unable to get local issuer certificate" in verifyoutput:
return ("The certificate is missing an intermediate chain or the intermediate chain is incorrect or incomplete.", None)
# There is some unknown problem. Return the `openssl verify` raw output. # There is some unknown problem. Return the `openssl verify` raw output.
return ("There is a problem with the SSL certificate.", verifyoutput.strip()) return ("There is a problem with the SSL certificate.", verifyoutput.strip())
else: else:
......
...@@ -229,6 +229,8 @@ def install_cert(domain, ssl_cert, ssl_chain, env): ...@@ -229,6 +229,8 @@ def install_cert(domain, ssl_cert, ssl_chain, env):
if cert_status == "SELF-SIGNED": if cert_status == "SELF-SIGNED":
cert_status = "This is a self-signed certificate. I can't install that." cert_status = "This is a self-signed certificate. I can't install that."
os.unlink(fn) os.unlink(fn)
if cert_status_details is not None:
cert_status += " " + cert_status_details
return cert_status return cert_status
# Copy the certificate to its expected location. # Copy the certificate to its expected location.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment