Fix missing self signed certificates is some conditions.

CHANGELOG.md

@@ -27,6 +27,7 @@ TODO: for directS2S, needs a SRV records for the main host if port is not standa
 * Prosody AppImage: fix path mapping: we only map necessary /etc/ subdir, so that the AppImage can access to /etc/resolv.conf, /etc/hosts, ...
 * Prosody AppImage: hidden debug mode to disable lua-unbound, that seems broken in some docker dev environments.
 * Debug Mode: can change some parameters.
+* Fix use case where self-signed certificates are missing.
 
 ## 6.3.0
 

server/lib/prosody/certificates.ts

@@ -110,6 +110,19 @@ async function renewCheckSelfSigned (options: RegisterServerOptions, config: Pro
   await reloadProsody(options)
 }
 
+async function missingSelfSignedCertificates (options: RegisterServerOptions, config: ProsodyConfig): Promise<boolean> {
+  if (config.certificates !== 'generate-self-signed') {
+    return false
+  }
+  const filepath = _filePathToTest(options, config)
+  if (!filepath) { return false }
+  if (fs.existsSync(filepath)) {
+    options.peertubeHelpers.logger.debug('Missing certificate file: ' + filepath)
+    return false
+  }
+  return true
+}
+
 async function renewCheckFromDir (options: RegisterServerOptions, config: ProsodyConfig): Promise<void> {
   // We will browse all dir files, get the more recent file update time, and compare it to the previous call.
   const logger = options.peertubeHelpers.logger
@@ -149,5 +162,6 @@ function _filePathToTest (options: RegisterServerOptions, config: ProsodyConfig)
 export {
   ensureProsodyCertificates,
   startProsodyCertificatesRenewCheck,
-  stopProsodyCertificatesRenewCheck
+  stopProsodyCertificatesRenewCheck,
+  missingSelfSignedCertificates
 }

server/lib/prosody/ctl.ts

@@ -2,7 +2,10 @@ import type { RegisterServerOptions } from '@peertube/peertube-types'
 import { getProsodyConfig, getProsodyFilePaths, writeProsodyConfig } from './config'
 import { startProsodyLogRotate, stopProsodyLogRotate } from './logrotate'
 import {
-  ensureProsodyCertificates, startProsodyCertificatesRenewCheck, stopProsodyCertificatesRenewCheck
+  ensureProsodyCertificates,
+  startProsodyCertificatesRenewCheck,
+  stopProsodyCertificatesRenewCheck,
+  missingSelfSignedCertificates
 } from './certificates'
 import { disableProxyRoute, enableProxyRoute } from '../routers/webchat'
 import { fixRoomSubject } from './fix-room-subject'
@@ -268,6 +271,13 @@ async function testProsodyCorrectlyRunning (options: RegisterServerOptions): Pro
       result.messages.push('Prosody configuration file content is not correct.')
       return result
     }
+
+    if (!await missingSelfSignedCertificates(options, wantedConfig)) {
+      result.messages.push('No missing self signed certificates.')
+    } else {
+      result.messages.push('Missing self signed certificates.')
+      return result
+    }
   } catch (error) {
     result.messages.push('Error when requiring the prosody config file: ' + (error as string))
     return result