Describe the bug
When a CA or Certificate used by an active VPN Client is deleted from the admin panel, the associated device's configuration becomes corrupted instead of being prevented or properly handled. The configuration status incorrectly remains as "applied" even though the configuration contains unresolved context keys.
Steps To Reproduce
- Create a VPN with OpenVPN backend
- Create a CA and certificate for the VPN server
- Create a VPN Client template for the VPN server created in the previous step
- Apply the template to a device and verify that the device's config.status changes to "applied"
- Navigate to http://127.0.0.1:8000/admin/pki/cert/
- Delete the certificate that was created for the device to be used in OpenVPN configuration
- Confirm the deletion in the confirmation dialog
Expected behavior
The system should prevent deletion of CA and Certificate objects when they are actively used in a VPN Client by a device. Instead of allowing deletion, the confirmation page should direct the user to remove the template from the specific device, which will automatically delete the certificate.
Actual behavior
- The certificate and associated VPN Client are deleted
- The device's configuration status remains "applied" instead of changing to "modified"
- Cache invalidation for the Config.checksum is not triggered
- When previewing the configuration, the context keys for certificate paths and content are not resolved
- This results in a corrupted configuration with invalid placeholder values
Screenshots
OpenWISP hints that deleting the Cert object will delete the related VpnClient:

Corrupted configuration with unresolved context keys:

Describe the bug
When a CA or Certificate used by an active VPN Client is deleted from the admin panel, the associated device's configuration becomes corrupted instead of being prevented or properly handled. The configuration status incorrectly remains as "applied" even though the configuration contains unresolved context keys.
Steps To Reproduce
Expected behavior
The system should prevent deletion of CA and Certificate objects when they are actively used in a VPN Client by a device. Instead of allowing deletion, the confirmation page should direct the user to remove the template from the specific device, which will automatically delete the certificate.
Actual behavior
Screenshots
OpenWISP hints that deleting the Cert object will delete the related VpnClient:

Corrupted configuration with unresolved context keys:
