From 02944ee0b263b03095ebffb5f40c94fff7710d39 Mon Sep 17 00:00:00 2001
From: Anthony <tony@mightybox.io>
Date: Thu, 21 Aug 2025 01:04:14 +0800
Subject: [PATCH] SSL Fix for old and custom domain

---
 scripts/ssl-manager/ssl_manager.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/scripts/ssl-manager/ssl_manager.sh b/scripts/ssl-manager/ssl_manager.sh
index f2f50ee..5dd861b 100644
--- a/scripts/ssl-manager/ssl_manager.sh
+++ b/scripts/ssl-manager/ssl_manager.sh
@@ -28,6 +28,22 @@ DEBUG_LOG="${LOG_DIR}/ssl_manager-debug.log"
 BACKUP_FILE="${LOG_DIR}/httpd_config_backup_$(date +%Y%m%d%H%M%S).xml"
 SCRIPT_EXIT_STATUS=0
 
+UPDATE_LISTENER=0
+
+# Replace listener-level certificate with Let's Encrypt files for PRIMARY_DOMAIN
+update_listener_cert() {
+    local dom="$PRIMARY_DOMAIN"
+    local src_dir="$CERT_DIR/$dom"
+    local dst_dir="$SERVER_ROOT/ssl"
+    if [[ ! -f "$src_dir/fullchain.pem" || ! -f "$src_dir/privkey.pem" ]]; then
+        log_error "Listener update requested but LE files for '$dom' not found in $src_dir"; return 1
+    fi
+    sudo install -m600 "$src_dir/privkey.pem" "$dst_dir/litespeed.key"
+    sudo install -m644 "$src_dir/fullchain.pem" "$dst_dir/litespeed.crt"
+    log_success "Listener certificate replaced with LE cert for '$dom'"
+    return 0
+}
+
 setup_logging() {
     # Create log directory if it doesn't exist
     sudo mkdir -p "$LOG_DIR" || { echo "❌ ERROR: Cannot create log directory '$LOG_DIR'. Check permissions."; exit 1; }
@@ -340,6 +356,7 @@ main() {
             --email=*) EMAIL="${arg#*=}"; log_verbose "Set email: $EMAIL";;
             --vhost=*) VHOST_NAME="${arg#*=}"; log_verbose "Set vhost name: $VHOST_NAME";;
             --verbose) VERBOSE=1; log "Verbose mode enabled";;
+            --update-listener) UPDATE_LISTENER=1; log "Updating listener certificate to LE for $PRIMARY_DOMAIN";;
             *) log_error "Invalid argument: $arg"; SCRIPT_EXIT_STATUS=1; exit 1;;
         esac
     done
@@ -371,6 +388,10 @@ main() {
         cleanup_xml "$domain"
     done
 
+    if [[ "$UPDATE_LISTENER" -eq 1 ]]; then
+        update_listener_cert || { SCRIPT_EXIT_STATUS=1; return 1; }
+    fi
+
     restart_litespeed
 
     log_success "SSL Manager completed successfully"