mod_s2s: Improve log message about forbidding insecure connections

This new wording generator is nice.

1 files changed, 1 insertions, 1 deletions

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 7f6546e9..7700db85 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -763,8 +763,8 @@ function check_auth_policy(event)
 	end
 
 	if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
-		module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
 		local reason = friendly_cert_error(session);
+		module:log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason);
 		-- XEP-0178 recommends closing outgoing connections without warning
 		-- but does not give a rationale for this.
 		-- In practice most cases are configuration mistakes or forgotten