leap cert renew: added more messages in case anything goes wrong

1 files changed, 24 insertions, 3 deletions

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index d9ffa6a4..3c5fc7d5 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -225,12 +225,25 @@ module LeapCli; module Commands
     end
   end
 
+  def assert_no_errors!(msg)
+    yield
+  rescue StandardError => exc
+    bail! :error, msg do
+      log exc.to_s
+    end
+  end
+
   def do_renew_cert(global, options, args)
     require 'leap_cli/acme'
     require 'leap_cli/ssh'
     require 'socket'
     require 'net/http'
 
+    csr = nil
+    account_key = nil
+    cert = nil
+    acme = nil
+
     #
     # sanity check the domain
     #
@@ -243,10 +256,14 @@ module LeapCli; module Commands
     #
     assert_files_exist!([:commercial_key, domain], [:commercial_csr, domain],
       :msg => 'Please create the CSR first with `leap cert csr %s`' % domain)
-    csr = Acme.load_csr(read_file!([:commercial_csr, domain]))
+    assert_no_errors!("Could not load #{path([:commercial_csr, domain])}") do
+      csr = Acme.load_csr(read_file!([:commercial_csr, domain]))
+    end
     assert_files_exist!(:acme_key,
       :msg => "Please run `leap cert register` first. This only needs to be done once.")
-    account_key = Acme.load_private_key(read_file!(:acme_key))
+    assert_no_errors!("Could not load #{path(:acme_key)}") do
+      account_key = Acme.load_private_key(read_file!(:acme_key))
+    end
 
     #
     # check authorization for this domain
@@ -272,8 +289,12 @@ module LeapCli; module Commands
     end
 
     log :fetching, "new certificate from letsencrypt.org"
-    cert = acme.get_certificate(csr)
+    assert_no_errors!("could not renew certificate") do
+      cert = acme.get_certificate(csr)
+    end
+    log 'success', color: :green, style: :bold
     write_file!([:commercial_cert, domain], cert.fullchain_to_pem)
+    log 'You should now run `leap deploy` to deploy the new certificate.'
   end
 
   #