GitLab Pages: Handle LetsEncrypt errors on ssl renewal

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do and why?

• Handling LetsEncrypt errors when renewing a domain SSL certificate that were not handled before
• Setting status "failed" on domain when LetsEncrypt error occurs
• Sending notification to user when LetsEncrypt error occurs
• Related to issue #467235

🛠 with ❤ at Siemens

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

MR Checklist (@gerardo-navarro)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

Screenshots or screen recordings

With this MR, the user will receive an error notification email when a LetsEncrypt error is raised.

Before

When the user input causes a LetsEncrypt error then the worker terminates with an error and the error is not handled. No email notification is sent. Have a look at the console output.

Console output

[2] pry(main)> PagesDomainSslRenewalWorker.new.perform(5)
  PagesDomain Load (0.5ms)  SELECT "pages_domains".* FROM "pages_domains" WHERE "pages_domains"."id" = 5 LIMIT 1 /*application:console,db_config_name:main,console_hostname:Gerardos-MacBook-Pro.local,console_username:client-siemens,line:/app/workers/pages_domain_ssl_renewal_worker.rb:13:in `perform'*/
  PagesDomainAcmeOrder Delete All (1.0ms)  DELETE FROM "pages_domain_acme_orders" WHERE "pages_domain_acme_orders"."pages_domain_id" = 5 AND (expires_at < '2024-08-12 15:54:05.436442') /*application:console,db_config_name:main,console_hostname:Gerardos-MacBook-Pro.local,console_username:client-siemens,line:/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb:20:in `execute'*/
  PagesDomainAcmeOrder Load (0.3ms)  SELECT "pages_domain_acme_orders".* FROM "pages_domain_acme_orders" WHERE "pages_domain_acme_orders"."pages_domain_id" = 5 ORDER BY "pages_domain_acme_orders"."id" ASC LIMIT 1 /*application:console,db_config_name:main,console_hostname:Gerardos-MacBook-Pro.local,console_username:client-siemens,line:/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb:21:in `execute'*/
Acme::Client::Error::RejectedIdentifier: Invalid identifiers requested :: Cannot issue for "local": Domain name needs at least one dot
from /Users/client-siemens/.asdf/installs/ruby/3.2.4/lib/ruby/gems/3.2.0/gems/acme-client-2.0.18/lib/acme/client/http_client.rb:104:in `raise_on_error!'

After

When the user input causes a LetsEncrypt error then the worker handles the error gracefully. The user will receive an email notification containing the error.

How to set up and validate locally

1. On your gdk instance, enable custom domain for GitLab pages
2. On your gdk instance, enable LetsEncrypt integration
3. Open your test project
4. Go to Deploy -> Pages => New domain
5. In the domain non-existing domain (<= the top level domain non-existing-domain does not exist) in the field "Domain" and ensure that the field "Automatic certificate management using Let's Encrypt" is checked
6. You can now wait for approx. 15 minutes until the PagesDomainSslRenewalCronWorker 😉 or you can trigger the PagesDomainSslRenewalWorker
7. Open letter_opener and assess the sent emails; you should see an email similar to this.; you should not see an error in the console (when you are on this MR branch)

Related to #467235