From fcefe5def6b997eec83569165d6f4d698e4cdaf8 Mon Sep 17 00:00:00 2001
From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Date: Fri, 19 Jun 2026 19:27:00 -0300
Subject: [PATCH] fix: avoid failing on transient CFSSL startup errors

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
---
 .../CertificateEngine/CfsslHandler.php        | 26 +++++++------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/lib/Handler/CertificateEngine/CfsslHandler.php b/lib/Handler/CertificateEngine/CfsslHandler.php
index be59f105b9..1413565bc0 100644
--- a/lib/Handler/CertificateEngine/CfsslHandler.php
+++ b/lib/Handler/CertificateEngine/CfsslHandler.php
@@ -281,7 +281,7 @@ private function isUp(): bool {
 		try {
 			$client = $this->getClient();
 			if (!$this->portOpen()) {
-				throw new LibresignException('CFSSL server is down', 500);
+				return false;
 			}
 			$response = $client
 				->request('get',
@@ -291,24 +291,18 @@ private function isUp(): bool {
 					]
 				)
 			;
-		} catch (RequestException|ConnectException $th) {
-			switch ($th->getCode()) {
-				case 404:
-					throw new \Exception('Endpoint /health of CFSSL server not found. Maybe you are using incompatible version of CFSSL server. Use latests version.', 1);
-				default:
-					if ($th->getHandlerContext() && $th->getHandlerContext()['error']) {
-						throw new \Exception($th->getHandlerContext()['error'], 1);
-					}
-					throw new LibresignException($th->getMessage(), 500);
+		} catch (ConnectException) {
+			// Port not yet accepting connections — server still starting
+			return false;
+		} catch (RequestException $th) {
+			if ($th->getCode() === 404) {
+				throw new \Exception('Endpoint /health of CFSSL server not found. Maybe you are using incompatible version of CFSSL server. Use latests version.', 1);
 			}
+			return false;
 		}
 
 		$responseDecoded = json_decode((string)$response->getBody(), true);
-		if (!isset($responseDecoded['success']) || !$responseDecoded['success']) {
-			throw new LibresignException('Error while check cfssl API health!', 500);
-		}
-
-		if (empty($responseDecoded['result']) || empty($responseDecoded['result']['healthy'])) {
+		if (empty($responseDecoded['result']['healthy'])) {
 			return false;
 		}
 
@@ -346,7 +340,7 @@ private function wakeUp(): void {
 		}
 
 		$loops = 0;
-		while (!$this->portOpen() && $loops <= 4) {
+		while (!$this->portOpen() && $loops <= 9) {
 			sleep(1);
 			$loops++;
 		}