Imrpove var names, logs

app/config/locale/translations/en.json

@@ -29,8 +29,8 @@
     "emails.invitation.signature": "{{project}} team",
     "emails.certificate.subject": "Certificate failure for %s",
     "emails.certificate.hello": "Hello",
-    "emails.certificate.body": "Certificate for your domain '{{domain}}' could not be renewed. This is attempt no. {{attempt}}, and the failure was caused by: {{error}}",
-    "emails.certificate.footer": "Certificate will still be valid for 30 days since first failure. We highly recommend investigating the case, otherwise your domain will end up without a secure certificate.",
+    "emails.certificate.body": "Certificate for your domain '{{domain}}' could not be generated. This is attempt no. {{attempt}}, and the failure was caused by: {{error}}",
+    "emails.certificate.footer": "Your previous certificate willl be valid for 30 days since the first failure. We highly recommend investigating this case, otherwise your domain will end up without a valid SSL communication.",
     "emails.certificate.thanks": "Thanks",
     "emails.certificate.signature": "{{project}} team",
     "locale.country.unknown": "Unknown",

app/tasks/ssl.php

@@ -17,6 +17,6 @@ $cli
         // Scheduje a job
         Resque::enqueue(Event::CERTIFICATES_QUEUE_NAME, Event::CERTIFICATES_CLASS_NAME, [
             'domain' => $domain,
-            'skipRenewCheck' => true
+            'skipCheck' => true
         ]);
     });

app/workers/certificates.php

@@ -74,7 +74,7 @@ class CertificatesV1 extends Worker
         try {
             // Read arguments
             $domain = $this->args['domain']; // String of domain (hostname)
-            $skipRenewCheck = $this->args['skipRenewCheck'] ?? false; // If true, we won't double-check expiry from cert file
+            $skipCheck = $this->args['skipCheck'] ?? false; // If true, we won't double-check expiry from cert file
 
             $domain = new Domain((!empty($domain)) ? $domain : '');
 
@@ -93,13 +93,15 @@ class CertificatesV1 extends Worker
                 throw new Exception('You must set a valid security email address (_APP_SYSTEM_SECURITY_EMAIL_ADDRESS) to issue an SSL certificate.');
             }
             
-            $mainDomain = $this->getMainDomain();
-            $isMainDomain = !isset($mainDomain) || $domain->get() === $mainDomain;
-            $this->validateDomain($domain, $isMainDomain);
+            // Validate domain and DNS records. Skip if job is forced
+            if(!$skipCheck) {
+                $mainDomain = $this->getMainDomain();
+                $isMainDomain = !isset($mainDomain) || $domain->get() === $mainDomain;
+                $this->validateDomain($domain, $isMainDomain);
+            }
 
-            // If certificate exists already, double-check expiry date
-            // If asked to skip, we won't
-            if(!$skipRenewCheck && !$this->isRenewRequired($domain->get())) {
+            // If certificate exists already, double-check expiry date. Skip if job is forced
+            if(!$skipCheck && !$this->isRenewRequired($domain->get())) {
                 throw new Exception('Renew isn\'t required.');
             }
 
@@ -114,7 +116,7 @@ class CertificatesV1 extends Worker
             ]));
     
             // Give certificates to Traefik
-            $this->applyCertificateFiles($domain->get());
+            $this->applyCertificateFiles($domain->get(), $letsEncryptData);
             
             // Update certificate info stored in database
             $certificate->setAttribute('renewDate', $this->getRenewDate($domain->get()));
@@ -305,10 +307,11 @@ class CertificatesV1 extends Worker
      * Method to take files from Let's Encrypt, and put it into Traefik.
      *
      * @param string $domain Domain which certificate was generated for
+     * @param array $letsEncryptData Let's Encrypt logs to use for additional info when throwing error
      *
      * @return void
      */
-    private function applyCertificateFiles(string $domain): void {
+    private function applyCertificateFiles(string $domain, array $letsEncryptData): void {
         // Prepare folder in storage for domain
         $path = APP_STORAGE_CERTIFICATES . '/' . $domain;
         if (!\is_readable($path)) {
@@ -318,20 +321,20 @@ class CertificatesV1 extends Worker
         }
 
         // Move generated files from certbot into our storage
-        if(!@\rename('/etc/letsencrypt/live/'.$domain.'/cert.pem', APP_STORAGE_CERTIFICATES.'/'.$domain.'/cert.pem')) {
-            throw new Exception('Failed to rename certificate cert.pem.');
+        if(!@\rename('/etc/letsencrypt/live/'.$domain.'/cert.pem', APP_STORAGE_CERTIFICATES . '/' . $domain . '/cert.pem')) {
+            throw new Exception('Failed to rename certificate cert.pem. Let\'s Encrypt log: ' . $letsEncryptData['stderr']);
         }
 
         if (!@\rename('/etc/letsencrypt/live/' . $domain . '/chain.pem', APP_STORAGE_CERTIFICATES . '/' . $domain . '/chain.pem')) {
-            throw new Exception('Failed to rename certificate chain.pem.');
+            throw new Exception('Failed to rename certificate chain.pem. Let\'s Encrypt log: ' . $letsEncryptData['stderr']);
         }
 
         if (!@\rename('/etc/letsencrypt/live/' . $domain . '/fullchain.pem', APP_STORAGE_CERTIFICATES . '/' . $domain . '/fullchain.pem')) {
-            throw new Exception('Failed to rename certificate fullchain.pem.');
+            throw new Exception('Failed to rename certificate fullchain.pem. Let\'s Encrypt log: ' . $letsEncryptData['stderr']);
         }
 
         if (!@\rename('/etc/letsencrypt/live/' . $domain . '/privkey.pem', APP_STORAGE_CERTIFICATES . '/' . $domain . '/privkey.pem')) {
-            throw new Exception('Failed to rename certificate privkey.pem.');
+            throw new Exception('Failed to rename certificate privkey.pem. Let\'s Encrypt log: ' . $letsEncryptData['stderr']);
         }
 
         $config = \implode(PHP_EOL, [