From 056d0808f51d36396dda3d7d7d3d8978136a315d Mon Sep 17 00:00:00 2001
From: sonicaj <waqarahmedjoyia@live.com>
Date: Wed, 12 Feb 2025 22:28:32 +0500
Subject: [PATCH] Only validate certificate if it has changed (#15676)

This commit adds changes to only validate cert if it has changed because we have seen a case where user's cert had expired and he had http to https redirect enabled and could not unset the redirect because of the cert still being validated.
---
 .../plugins/system_general/update.py          | 38 ++++++++++---------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/src/middlewared/middlewared/plugins/system_general/update.py b/src/middlewared/middlewared/plugins/system_general/update.py
index 709db78cb5ea3..71b99d582b341 100644
--- a/src/middlewared/middlewared/plugins/system_general/update.py
+++ b/src/middlewared/middlewared/plugins/system_general/update.py
@@ -171,26 +171,28 @@ async def validate_general_settings(self, data, old_config, schema):
 
         tnc_config = await self.middleware.call('tn_connect.config')
         certificate_id = data.get('ui_certificate')
-        cert = await self.middleware.call(
-            'certificate.query',
-            [["id", "=", certificate_id]]
-        )
-        if not cert:
-            verrors.add(
-                f'{schema}.ui_certificate',
-                'Please specify a valid certificate which exists in the system'
+        if certificate_id != old_config['ui_certificate']:
+            # Only validate cert if it has been changed
+            cert = await self.middleware.call(
+                'certificate.query',
+                [["id", "=", certificate_id]]
             )
-        elif tnc_config['certificate'] and tnc_config['certificate'] != certificate_id:
-            verrors.add(
-                f'{schema}.ui_certificate',
-                'Certificate cannot be changed when TrueNAS Connect has been configured'
-            )
-        else:
-            verrors.extend(
-                await self.middleware.call(
-                    'certificate.cert_services_validation', certificate_id, f'{schema}.ui_certificate', False
+            if not cert:
+                verrors.add(
+                    f'{schema}.ui_certificate',
+                    'Please specify a valid certificate which exists in the system'
+                )
+            elif tnc_config['certificate'] and tnc_config['certificate'] != certificate_id:
+                verrors.add(
+                    f'{schema}.ui_certificate',
+                    'Certificate cannot be changed when TrueNAS Connect has been configured'
+                )
+            else:
+                verrors.extend(
+                    await self.middleware.call(
+                        'certificate.cert_services_validation', certificate_id, f'{schema}.ui_certificate', False
+                    )
                 )
-            )
 
         return verrors