api: ACME renew: handle error from revoking old cert gracefully

this normally just means that the old cert is already expired, we do
not care for that - after all: we got a new (renewed) valid cert
successfully.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
index 8eb04a7dc4f15ff4a6855e185e89e3f51a8cf4cf..33890dac55c9b08a9e3b4b8db7f0b080957f2089 100644 (file)
--- a/PVE/API2/ACME.pm
+++ b/PVE/API2/ACME.pm
@@ -301,7 +301,8 @@ __PACKAGE__->register_method ({
            die "$@\n" if $@;
 
            print "Revoking old certificate\n";
-            $acme->revoke_certificate($old_cert);
+           eval { $acme->revoke_certificate($old_cert) };
+           warn "Revoke request to CA failed: $@" if $@;
        };
 
        return $rpcenv->fork_worker("acmerenew", undef, $authuser, $realcmd);