letsencrypt: Don't perform operations on apps that are not installed

Fixes: #2568. When Let's Encrypts events are fired for all applications, they happen on apps that install as well. They have not been a problem so far because seem to succeed always. However, ejabberd recently changed to having '*' for list of domains accepted and also has non-root account for certificate ownership. This combination causes a certificate operation to fail as the package 'ejabberd' is not installed and 'ejabberd' user is not available. Fix this by making limiting certificate operations to apps that have been installed. Tests: - Add a new domain name to a production FreedomBox using the Dynamic DNS 'tester' account. 'ejabberd' app should not be installed. LE events fire and a log message showing failure is noticed. All the events after the failure for other apps also succeed. The failure is a minor and contained to ejabberd. - Apply the patch and revoke the certificate. LE event is fired on all other installed apps but not on ejabberd. No error is logged. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-03-18 09:10:49 +00:00 · 2026-03-14 04:12:42 -07:00 · 2026-03-14 04:12:42 -07:00 · 009e07b232
commit 009e07b232
parent b4c6748837
1 changed files with 4 additions and 0 deletions
--- a/plinth/modules/letsencrypt/components.py
+++ b/plinth/modules/letsencrypt/components.py
@ -392,8 +392,12 @@ def on_certificate_event_sync(event, domains, lineage):
    assert event in ('obtained', 'renewed', 'revoked', 'deleted')

    for component in LetsEncrypt.list():
+        if component.app and component.app.needs_setup():
+            continue
+
        logger.info('Handling certificate event for %s: %s, %s, %s',
                    component.component_id, event, domains, lineage)
+
        try:
            getattr(component, 'on_certificate_' + event)(domains, lineage)
        except Exception as exception: