From 79920a753510b9663d4cfb1aea1936d0529452d1 Mon Sep 17 00:00:00 2001
From: "alexey.lazarenko" <dzotic9@gmail.com>
Date: Mon, 11 Oct 2021 09:42:35 +0300
Subject: [PATCH 1/3] JE-60186 [LE] Check https protocol while invalid response
 from custom domain

---
 scripts/generate-ssl-cert.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generate-ssl-cert.sh b/scripts/generate-ssl-cert.sh
index 1388bb3a..4c541948 100644
--- a/scripts/generate-ssl-cert.sh
+++ b/scripts/generate-ssl-cert.sh
@@ -73,7 +73,7 @@ do
 
     [[ -z $error ]] && {
       error=$(sed -rn 's/.*\s(.*)(Invalid response from http:\/\/.*)\\\"".*/\2/p' $LOG_FILE | sed '$!d')
-      [[ ! -z $error ]] && invalid_domain=$(echo $error | sed -rn 's/Invalid response from http:\/\/([^/]*)\/\.well-known.*/\1/p')
+      [[ ! -z $error ]] && invalid_domain=$(echo $error | sed -rn 's/Invalid response from https:\/\/([^/]*)\/\.well-known.*/\1/p')
     }
 
     [[ -z $error ]] && {

From 2eb152410c1da97a2d3ea953dab44a5b99b0e6da Mon Sep 17 00:00:00 2001
From: "alexey.lazarenko" <dzotic9@gmail.com>
Date: Mon, 11 Oct 2021 09:44:00 +0300
Subject: [PATCH 2/3] JE-60186 [LE] Check https protocol while invalid response
 from custom domain

---
 scripts/generate-ssl-cert.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generate-ssl-cert.sh b/scripts/generate-ssl-cert.sh
index 4c541948..222f5cde 100644
--- a/scripts/generate-ssl-cert.sh
+++ b/scripts/generate-ssl-cert.sh
@@ -73,7 +73,7 @@ do
 
     [[ -z $error ]] && {
       error=$(sed -rn 's/.*\s(.*)(Invalid response from http:\/\/.*)\\\"".*/\2/p' $LOG_FILE | sed '$!d')
-      [[ ! -z $error ]] && invalid_domain=$(echo $error | sed -rn 's/Invalid response from https:\/\/([^/]*)\/\.well-known.*/\1/p')
+      [[ ! -z $error ]] && invalid_domain=$(echo $error | sed -rn 's/Invalid response from https?:\/\/([^/]*)\/\.well-known.*/\1/p')
     }
 
     [[ -z $error ]] && {

From 347bfb251178ac2dd10e72bdc624fad9a901736b Mon Sep 17 00:00:00 2001
From: "alexey.lazarenko" <dzotic9@gmail.com>
Date: Fri, 10 Dec 2021 17:43:35 +0200
Subject: [PATCH 3/3] JE-54389 [Let's Encrypt] New certificate is added into
 database instead of updating existed in case SSL certificates bound to SLB

---
 scripts/ssl-manager.js | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/scripts/ssl-manager.js b/scripts/ssl-manager.js
index 490e09af..741bf2f8 100644
--- a/scripts/ssl-manager.js
+++ b/scripts/ssl-manager.js
@@ -60,6 +60,7 @@ function SSLManager(config) {
         LB = "lb",
         CP = "cp",
         isValidToken = false,
+        isLEUpdate = false,
         patchBuild = 1,
         debug = [],
         nodeManager,
@@ -135,6 +136,8 @@ function SSLManager(config) {
             [ me.generateSslCerts ]
         ]);
 
+        isLEUpdate = isUpdate;
+
         if (resp.result == 0) {
             me.exec(me.scheduleAutoUpdate);
             resp = me.exec(me.deploy);
@@ -1322,17 +1325,19 @@ function SSLManager(config) {
         return resp.response || resp
     };
 
-    me.bindSSLCerts = function bindSSLCerts() {
+    me.bindSSLCerts = function bindSSLCerts(certId) {
         var SLB = "SLB",
             resp;
 
-        resp = jelastic.env.binder.GetSSLCerts(config.envName, session);
-        if (resp.result != 0) return resp;
+        if (!certId) {
+            resp = jelastic.env.binder.GetSSLCerts(config.envName, session);
+            if (resp.result != 0) return resp;
+        }
 
         return jelastic.env.binder.BindSSLCert({
             envName: config.envName,
             session: session,
-            certId: resp.responses[resp.responses.length - 1].id,
+            certId: certId || resp.responses[resp.responses.length - 1].id,
             entryPoint: SLB,
             extDomains: me.formatDomains(config.customDomains).replace(/ /g, "")
         });
@@ -1346,7 +1351,6 @@ function SSLManager(config) {
 
         if (cert_key.body && chain.body && cert.body) {
             if (config.withExtIp) {
-
                 if (nodeManager.isExtraLayer(config.nodeGroup)) {
                     resp = me.exec(me.bindSSLOnExtraNode, cert_key.body, cert.body, chain.body);
                 } else {
@@ -1359,6 +1363,11 @@ function SSLManager(config) {
                     });
                 }
             } else {
+                if (isLEUpdate) {
+                    resp = me.exec(me.removeSSLCert);
+                    if (resp.result != 0) return resp;
+                }
+
                 resp = jelastic.env.binder.AddSSLCert({
                     envName: config.envName,
                     session: session,
@@ -1366,7 +1375,10 @@ function SSLManager(config) {
                     cert: cert.body,
                     interm: chain.body
                 });
-                me.exec(me.bindSSLCerts);
+                if (resp.result != 0) return resp;
+
+                resp = me.exec(me.bindSSLCerts, resp.id);
+                if (resp.result != 0) return resp;
             }
         } else {
             resp = error(Response.ERROR_UNKNOWN, "Can't read SSL certificate: key=%(key) cert=%(cert) chain=%(chain)", {