From b51ab2a69e84b66c94fabd65580ce8254f6635b2 Mon Sep 17 00:00:00 2001
From: Aaron Gable <aaron@letsencrypt.org>
Date: Tue, 12 Sep 2023 12:59:04 -0700
Subject: [PATCH 1/2] cert-checker: only log database errors

---
 cmd/cert-checker/main.go      | 7 ++++---
 cmd/cert-checker/main_test.go | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/cmd/cert-checker/main.go b/cmd/cert-checker/main.go
index 199f4070672..bc8b1daffe0 100644
--- a/cmd/cert-checker/main.go
+++ b/cmd/cert-checker/main.go
@@ -411,13 +411,14 @@ func (c *certChecker) checkCert(ctx context.Context, cert core.Certificate, igno
 		if features.Enabled(features.CertCheckerRequiresCorrespondence) {
 			precertDER, err := c.getPrecert(ctx, cert.Serial)
 			if err != nil {
-				problems = append(problems,
-					fmt.Sprintf("fetching linting precertificate for %s: %s", cert.Serial, err))
+				// Log and continue, since we want the problems slice to only contains
+				// problems with the cert itself.
+				c.logger.Errf("fetching linting precertificate for %s: %s", cert.Serial, err)
 			} else {
 				err = precert.Correspond(precertDER, cert.DER)
 				if err != nil {
 					problems = append(problems,
-						fmt.Sprintf("checking correspondence for %s: %s", cert.Serial, err))
+						fmt.Sprintf("Certificate does not correspond to precert for %s: %s", cert.Serial, err))
 				}
 			}
 		}
diff --git a/cmd/cert-checker/main_test.go b/cmd/cert-checker/main_test.go
index cb6c5868fb9..a71e07d1bf2 100644
--- a/cmd/cert-checker/main_test.go
+++ b/cmd/cert-checker/main_test.go
@@ -647,7 +647,7 @@ func TestPrecertCorrespond(t *testing.T) {
 	}
 	// Ensure that at least one of the problems was related to checking correspondence
 	for _, p := range problems {
-		if strings.Contains(p, "checking correspondence for") {
+		if strings.Contains(p, "does not correspond to precert") {
 			return
 		}
 	}

From de030ca6326baa9a14fcde8b3e9d00182f2ec852 Mon Sep 17 00:00:00 2001
From: Aaron Gable <aaron@letsencrypt.org>
Date: Fri, 15 Sep 2023 17:12:41 -0700
Subject: [PATCH 2/2] count database errors in final report

---
 cmd/cert-checker/main.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/cert-checker/main.go b/cmd/cert-checker/main.go
index bc8b1daffe0..8be13bed66b 100644
--- a/cmd/cert-checker/main.go
+++ b/cmd/cert-checker/main.go
@@ -65,6 +65,7 @@ type report struct {
 	end       time.Time
 	GoodCerts int64                  `json:"good-certs"`
 	BadCerts  int64                  `json:"bad-certs"`
+	DbErrs    int64                  `json:"db-errs"`
 	Entries   map[string]reportEntry `json:"entries"`
 }
 
@@ -414,6 +415,7 @@ func (c *certChecker) checkCert(ctx context.Context, cert core.Certificate, igno
 				// Log and continue, since we want the problems slice to only contains
 				// problems with the cert itself.
 				c.logger.Errf("fetching linting precertificate for %s: %s", cert.Serial, err)
+				atomic.AddInt64(&c.issuedReport.DbErrs, 1)
 			} else {
 				err = precert.Correspond(precertDER, cert.DER)
 				if err != nil {