From faaa74c3a73deac2121776fdb4148bf16c973faa Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Thu, 14 Jan 2016 07:21:08 -0500
Subject: [PATCH] tls: hide extra reasons why domains aren't getting a new
 certificate during setup

---
 management/ssl_certificates.py | 10 +++++++---
 setup/start.sh                 |  3 ++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py
index 35379198..f486df66 100755
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -253,7 +253,7 @@ def get_certificates_to_provision(env, show_extended_problems=True, force_domain
 
 	return (domains, problems)
 
-def provision_certificates(env, agree_to_tos_url=None, logger=None, force_domains=None, jsonable=False):
+def provision_certificates(env, agree_to_tos_url=None, logger=None, show_extended_problems=True, force_domains=None, jsonable=False):
 	import requests.exceptions
 	import acme.messages
 
@@ -261,7 +261,7 @@ def provision_certificates(env, agree_to_tos_url=None, logger=None, force_domain
 
 	# What domains should we provision certificates for? And what
 	# errors prevent provisioning for other domains.
-	domains, problems = get_certificates_to_provision(env, force_domains=force_domains)
+	domains, problems = get_certificates_to_provision(env, force_domains=force_domains, show_extended_problems=show_extended_problems)
 
 	# Exit fast if there is nothing to do.
 	if len(domains) == 0:
@@ -405,12 +405,16 @@ def provision_certificates_cmdline():
 	verbose = False
 	headless = False
 	force_domains = None
+	show_extended_problems = True
 	
 	args = list(sys.argv)
 	args.pop(0) # program name
 	if args and args[0] == "-v":
 		verbose = True
 		args.pop(0)
+	if args and args[0] == "q":
+		show_extended_problems = False
+		args.pop(0)
 	if args and args[0] == "--headless":
 		headless = True
 		args.pop(0)
@@ -429,7 +433,7 @@ def provision_certificates_cmdline():
 		def my_logger(message):
 			if verbose:
 				print(">", message)
-		status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains)
+		status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
 		agree_to_tos_url = None # reset to prevent infinite looping
 
 		if not status["requests"]:
diff --git a/setup/start.sh b/setup/start.sh
index 8c174109..5612ab3f 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -117,7 +117,8 @@ tools/dns_update
 tools/web_update
 
 # If DNS is already working, try to provision TLS certficates from Let's Encrypt.
-management/ssl_certificates.py
+# Suppress extra reasons why domains aren't getting a new certificate.
+management/ssl_certificates.py -q
 
 # If there aren't any mail users yet, create one.
 source setup/firstuser.sh