sa: improve errors from SetOrderError (#8656)

jsha · beautifulentropy · commit aa55a212cd97 · 2026-03-10T15:57:36.000-04:00
We were returning ServerInternal errors and dropping the actual error
message on the floor. Instead, return a plain error (which will get
turned into a serverInternal error higher in the stack). This avoids
losing error messages from the database layer.
diff --git a/sa/sa.go b/sa/sa.go
@@ -633,12 +633,12 @@ func (ssa *SQLStorageAuthority) SetOrderError(ctx context.Context, req *sapb.Set
 			errJSON,
 			req.Id)
 		if err != nil {
-			return nil, berrors.InternalServerError("error updating order error field")
+			return nil, fmt.Errorf("updating order error field: %s", err)
 		}
 
 		n, err := result.RowsAffected()
 		if err != nil || n == 0 {
-			return nil, berrors.InternalServerError("no order updated with new error field")
+			return nil, fmt.Errorf("no order updated with new error field: %s", err)
 		}
 
 		return nil, nil
diff --git a/test/chisel2.py b/test/chisel2.py
@@ -14,8 +14,6 @@
 import sys
 import signal
 import threading
-import time
-
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography import x509
@@ -140,21 +138,13 @@ def auth_and_issue(domains, chall_type="dns-01", email=None, cert_output=None, c
     else:
         raise Exception("invalid challenge type %s" % chall_type)
 
-    # Make up to three attempts, retrying on badNonce errors
-    for n in range(3):
-        time.sleep(0.2 * n)  # No sleep before the first attempt, then backoff
-        try:
-            order = client.poll_and_finalize(order)
-            if cert_output is not None:
-                with open(cert_output, "w") as f:
-                    f.write(order.fullchain_pem)
-        except messages.Error as e:
-            if e.typ == "urn:ietf:params:acme:error:badNonce":
-                continue
-        else:
-            break
-        finally:
-            cleanup()
+    try:
+        order = client.poll_and_finalize(order)
+        if cert_output is not None:
+            with open(cert_output, "w") as f:
+                f.write(order.fullchain_pem)
+    finally:
+        cleanup()
 
     return order
 
diff --git a/test/config-next/nonce-a.json b/test/config-next/nonce-a.json
@@ -13,7 +13,7 @@
 			"sampleratio": 1
 		},
 		"grpc": {
-			"maxConnectionAge": "30s",
+			"maxConnectionAge": "30m",
 			"services": {
 				"nonce.NonceService": {
 					"clientNames": [
diff --git a/test/config-next/nonce-b.json b/test/config-next/nonce-b.json
@@ -13,7 +13,7 @@
 			"sampleratio": 1
 		},
 		"grpc": {
-			"maxConnectionAge": "30s",
+			"maxConnectionAge": "30m",
 			"services": {
 				"nonce.NonceService": {
 					"clientNames": [
diff --git a/test/config/nonce-a.json b/test/config/nonce-a.json
@@ -10,7 +10,7 @@
 		},
 		"debugAddr": ":8111",
 		"grpc": {
-			"maxConnectionAge": "30s",
+			"maxConnectionAge": "30m",
 			"address": ":9101",
 			"services": {
 				"nonce.NonceService": {
diff --git a/test/config/nonce-b.json b/test/config/nonce-b.json
@@ -10,7 +10,7 @@
 		},
 		"debugAddr": ":8111",
 		"grpc": {
-			"maxConnectionAge": "30s",
+			"maxConnectionAge": "30m",
 			"address": ":9101",
 			"services": {
 				"nonce.NonceService": {

Original file line number	Diff line number	Diff line change
`@@ -633,12 +633,12 @@ func (ssa SQLStorageAuthority) SetOrderError(ctx context.Context, req sapb.Set`
`633`	`633`	`errJSON,`
`634`	`634`	`req.Id)`
`635`	`635`	`if err != nil {`
`636`		`- return nil, berrors.InternalServerError("error updating order error field")`
	`636`	`+ return nil, fmt.Errorf("updating order error field: %s", err)`
`637`	`637`	`}`
`638`	`638`
`639`	`639`	`n, err := result.RowsAffected()`
`640`	`640`	`if err != nil \|\| n == 0 {`
`641`		`- return nil, berrors.InternalServerError("no order updated with new error field")`
	`641`	`+ return nil, fmt.Errorf("no order updated with new error field: %s", err)`
`642`	`642`	`}`
`643`	`643`
`644`	`644`	`return nil, nil`