moodle-mod_customcert icon indicating copy to clipboard operation
moodle-mod_customcert copied to clipboard

Published 20 hours ago verified publisher icon mdjnelson

All certificates are reissued and sent after Moodle upgrade

Open adrijanb opened this issue 8 months ago • 2 comments

Hello everyone,

we are currently facing a critical problem with the customcert plugin in connection with a Moodle core update.

After performing a Moodle upgrade, we have observed that all previously issued certificates are suddenly reissued and even automatically sent out to participants again. This occurs regardless of how long ago the certificates were originally issued. This is particularly problematic for us because we are using this plugin in an official, state-level context where certificates are official documents. Certificates that have been issued once are valid records and must not be reissued with a new date, as this changes the official timestamp and could cause serious legal and procedural issues.

In addition to certificates being reissued, we have also seen instances where some participants receive certificates for courses they never attended or completed. This raises major concerns regarding the integrity of the certification process and trust in the system.

I have found a couple of forum discussions reporting similar issues: • https://moodle.org/mod/forum/discuss.php?d=466805&lang=de_wp • https://moodle.org/mod/forum/discuss.php?d=463525&lang=de_wp

However, it still remains unclear to me why certificates that have already been issued and stored in the database are triggered for reissue after an upgrade.

In summary, the main problems we face: 1. All previously issued certificates are being regenerated after a Moodle update. 2. These reissued certificates are also being resent via email, with new issue dates. 3. Some participants even receive certificates for courses they never took or completed. 4. This creates legal and procedural problems for us as a state-level institution that relies on stable and immutable certification records.

Expected behavior: • Certificates should only ever be issued once and must not be regenerated or resent, regardless of system updates. • Only users who have met the required completion criteria should receive certificates. • Certificates must remain static and verifiable long-term

My main questions: • What could be the root cause of this behavior? • Is this a known issue in connection with core updates or plugin updates? • Why does the system not respect the historical issuance state and instead re-triggers issuance after an update? • Is there a way to prevent this behavior, either through configuration or a patch? • Are there any recommended workarounds or fixes to ensure that certificates that have been issued once remain untouched, and that no new emails are triggered for past records?

We would be extremely grateful for any support, guidance, or technical insights on how to solve or mitigate this issue. This is of utmost importance for our organization due to the legal validity of these certificates.

Thank you in advance!

adrijanb avatar Mar 18 '25 09:03 adrijanb

While we are reviewing this, is it possible for you to reproduce this behavior using a test system?

FYI I have some notes here about how to set up a system on your own computer for testing https://github.com/fulldecent/moodle-local_plugin_template?tab=readme-ov-file#quick-start-playground

This will allow you to live the old system as a CERT plug-in issue certificate and then perform an upgrade to see if it is reproducible.

If possible, I recommend that you record your screen during the entire process. This might be helpful to go back in time to get screenshots when needed after the problem is found.

Hi myself have gone through an upgrade and not seen this problem. So we will need to isolate which specific other plug-ins or configuration you have that is causing this.

fulldecent avatar Apr 02 '25 19:04 fulldecent

I am unable to reproduce this. There was an issue that was fixed in https://github.com/mdjnelson/moodle-mod_customcert/commit/94cfd4b130392e1a204844a0074c8938d09bf642 but seems you already have that patch,

mdjnelson avatar Apr 07 '25 15:04 mdjnelson

We've experienced the same problem after upgrading to v4.4.4 2024042208 (Moodle version: 4.5 (Build: 20241007). This is very unfortunate since plugin issued certificates for random users that even haven't been enrolled on the course containing the certificate module.

CognitaDev avatar Jul 18 '25 12:07 CognitaDev

I had the same issue after updating to the latest 4.3 version (4.3.5) from a version that had issue on MSSQL with a GROUP BY clause. It issued and emailed certificates to users who did not meet the requirements of getting the certificate in the first place. Is there any way to audit the certificates and remove from those who should not have it?

sheetmetaliti avatar Jul 22 '25 17:07 sheetmetaliti

I looked into this more and think I know what is going on. Will work on a fix now if I get to that stage.

mdjnelson avatar Aug 24 '25 14:08 mdjnelson

I pushed a fix for this. Closing.

mdjnelson avatar Aug 25 '25 10:08 mdjnelson