cert-checker: only log database errors (#7077)

Fixes https://github.com/letsencrypt/boulder/issues/7040
2023-09-18 15:46:51 -07:00 · 2023-09-18 15:46:51 -07:00 · cad7266d86
parent 6ce2ee3efd
commit cad7266d86
2 changed files with 7 additions and 4 deletions
--- a/cmd/cert-checker/main.go
+++ b/cmd/cert-checker/main.go
@ -65,6 +65,7 @@ type report struct {
 	end       time.Time
 	GoodCerts int64                  `json:"good-certs"`
 	BadCerts  int64                  `json:"bad-certs"`
+	DbErrs    int64                  `json:"db-errs"`
 	Entries   map[string]reportEntry `json:"entries"`
 }

@ -411,13 +412,15 @@ func (c *certChecker) checkCert(ctx context.Context, cert core.Certificate, igno
 		if features.Enabled(features.CertCheckerRequiresCorrespondence) {
 			precertDER, err := c.getPrecert(ctx, cert.Serial)
 			if err != nil {
-				problems = append(problems,
-					fmt.Sprintf("fetching linting precertificate for %s: %s", cert.Serial, err))
+				// Log and continue, since we want the problems slice to only contains
+				// problems with the cert itself.
+				c.logger.Errf("fetching linting precertificate for %s: %s", cert.Serial, err)
+				atomic.AddInt64(&c.issuedReport.DbErrs, 1)
 			} else {
 				err = precert.Correspond(precertDER, cert.DER)
 				if err != nil {
 					problems = append(problems,
-						fmt.Sprintf("checking correspondence for %s: %s", cert.Serial, err))
+						fmt.Sprintf("Certificate does not correspond to precert for %s: %s", cert.Serial, err))
 				}
 			}
 		}
--- a/cmd/cert-checker/main_test.go
+++ b/cmd/cert-checker/main_test.go
@ -647,7 +647,7 @@ func TestPrecertCorrespond(t *testing.T) {
 	}
 	// Ensure that at least one of the problems was related to checking correspondence
 	for _, p := range problems {
-		if strings.Contains(p, "checking correspondence for") {
+		if strings.Contains(p, "does not correspond to precert") {
 			return
 		}
 	}