From 0127f86469f5d6f6897e652dfa91689f8f6b44f3 Mon Sep 17 00:00:00 2001
From: Steffen Uhlig <Steffen.Uhlig@de.ibm.com>
Date: Sun, 17 May 2020 21:59:21 +0200
Subject: [PATCH 1/7] Update dependencies

letsencrypt is now certbot
---
 requirements.txt | 6 ++----
 run.py           | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 963f8f3..4334786 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,2 @@
-cffi >= 0.8.0
-letsencrypt >= 0.7.0
-six >= 1.7
-pyyaml >= 3.11
+certbot >= 1.4.0
+pyyaml >= 5.3.1
diff --git a/run.py b/run.py
index 65f112f..c8f93e0 100644
--- a/run.py
+++ b/run.py
@@ -3,9 +3,9 @@
 import sys
 import time
 import threading
-from http.server import SimpleHTTPRequestHandler 
+from http.server import SimpleHTTPRequestHandler
 import socketserver
-from letsencrypt import main as cli
+from certbot import main as cli
 
 cwd = os.getcwd()
 logs = cwd+"/logs"

From 9df36cda740bb5a055ab8dc59eb3263fba27f222 Mon Sep 17 00:00:00 2001
From: Steffen Uhlig <Steffen.Uhlig@de.ibm.com>
Date: Sun, 17 May 2020 22:03:31 +0200
Subject: [PATCH 2/7] Improve robustness of cert retrieval

The [`sleep(5)`](https://github.com/ibmjstart/bluemix-letsencrypt/pull/31) had been bugging me. The failure induced by [`ibmcloud --quiet`](https://github.com/ibmjstart/bluemix-letsencrypt/issues/32) triggered me to look for the exit code of the `cf ssh` command. Not the code keeps trying in a loop, but without an _initial_ sleep.

The sleep seems to be required in about 50% if the cases I tried.
---
 setup-app.py | 35 +++++++++++++++--------------------
 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/setup-app.py b/setup-app.py
index 08fcb5b..8b9312b 100644
--- a/setup-app.py
+++ b/setup-app.py
@@ -16,8 +16,9 @@ def domain_has_ssl(domain, full_host, print_info=False):
     The print_info parameter can be used to dump the certificate information
     from Bluemix to stdout.
     """
-    pipe = Popen("ibmcloud app domain-cert %s" % domain,
-                 stdout=PIPE, shell=True)
+    print("Checking weather %s already has a certificate assigned..." % primary_domain)
+
+    pipe = Popen("ibmcloud app domain-cert %s" % domain, stdout=PIPE, shell=True)
     output = pipe.stdout.read().decode("unicode_escape")
     cert_exists = "OK" in output
     if print_info and cert_exists:
@@ -109,27 +110,22 @@ def check_ssl(full_host):
 
 # Figure out which domain name to look for
 primary_domain = settings['domains'][0]['domain']
-
-domain_with_first_host = "%s.%s" % (settings['domains'][0]['hosts'][0],
-                                    primary_domain)
+domain_with_first_host = "%s.%s" % (settings['domains'][0]['hosts'][0], primary_domain)
 
 # Hostname is sometimes '.', which requires special handling
 if domain_with_first_host.startswith('..'):
     domain_with_first_host = domain_with_first_host[2:]
 
-print("\nWaiting for container to mount filesystem")
-time.sleep(5)
-
-cert1Proc = get_cert(appname, domain_with_first_host, 'cert.pem')
-cert2Proc = get_cert(appname, domain_with_first_host, 'chain.pem')
-cert3Proc = get_cert(appname, domain_with_first_host, 'fullchain.pem')
-cert4Proc = get_cert(appname, domain_with_first_host, 'privkey.pem')
-
-# wait for get_cert subprocesses to finish
-cert1Proc.wait()
-cert2Proc.wait()
-cert3Proc.wait()
-cert4Proc.wait()
+# Retrieve the certs from the letsencrypt app container
+for cert in ["cert", "chain", "privkey"]:
+  seconds_waited = 0
+  MAX_WAIT_SECONDS = 60
+  while get_cert(appname, domain_with_first_host, "%s.pem" % cert).wait() != 0:
+      if seconds_waited >= MAX_WAIT_SECONDS:
+        print("ERROR: Failed to retrieve %s" % cert)
+        sys.exit(1)
+      time.sleep(5)
+      seconds_waited = seconds_waited + 5
 
 # Check if there is already an SSL in place
 if domain_has_ssl(primary_domain, domain_with_first_host, True):
@@ -153,8 +149,7 @@ def check_ssl(full_host):
 while(failure and count < 3):
     # Upload new cert
     print("Attempting certificate upload...")
-    call("ibmcloud app domain-cert-add %s -c cert.pem -k privkey.pem -i chain.pem"
-         % primary_domain, shell=True)
+    call("ibmcloud app domain-cert-add %s --cert cert.pem --key privkey.pem --intermediate-cert chain.pem" % primary_domain, shell=True)
     failure = not domain_has_ssl(primary_domain, domain_with_first_host, True)
     count = count + 1
     time.sleep(5)

From 2132768385a4b2ccdd65f8d949e15d5eee834cb6 Mon Sep 17 00:00:00 2001
From: Steffen Uhlig <steffen@familie-uhlig.net>
Date: Sun, 11 Apr 2021 11:46:25 +0200
Subject: [PATCH 3/7] Bump certbot

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 4334786..2c12701 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,2 @@
-certbot >= 1.4.0
+certbot >= 1.14.0
 pyyaml >= 5.3.1

From bf7285234829c146070d3d2f9c7c0579da46e231 Mon Sep 17 00:00:00 2001
From: Steffen Uhlig <steffen@familie-uhlig.net>
Date: Sun, 11 Apr 2021 12:28:17 +0200
Subject: [PATCH 4/7] Use latest python buildpack

---
 manifest.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manifest.yml b/manifest.yml
index 2ee8ac9..fd4af1d 100644
--- a/manifest.yml
+++ b/manifest.yml
@@ -1,6 +1,7 @@
 applications:
   - name: letsencrypt
-    buildpack: python_buildpack
+    buildpacks:
+      - https://github.com/cloudfoundry/python-buildpack.git
     memory: 128M
     instances: 1
     no-route: true

From 985987d436aa838cd586585fe63fc3829d1d77cb Mon Sep 17 00:00:00 2001
From: Steffen Uhlig <steffen@familie-uhlig.net>
Date: Sun, 11 Apr 2021 12:28:35 +0200
Subject: [PATCH 5/7] Use latest 3.x series of Python

---
 runtime.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime.txt b/runtime.txt
index 62ce9c0..1052ccb 100644
--- a/runtime.txt
+++ b/runtime.txt
@@ -1 +1 @@
-python-3.6.x
+python-3.x

From 32e74318601fc6e80ececafdc1ba17c1f7f8d3c6 Mon Sep 17 00:00:00 2001
From: Steffen Uhlig <steffen@familie-uhlig.net>
Date: Sun, 11 Apr 2021 12:28:48 +0200
Subject: [PATCH 6/7] Fix typo

---
 setup-app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup-app.py b/setup-app.py
index 8b9312b..b61da58 100644
--- a/setup-app.py
+++ b/setup-app.py
@@ -16,7 +16,7 @@ def domain_has_ssl(domain, full_host, print_info=False):
     The print_info parameter can be used to dump the certificate information
     from Bluemix to stdout.
     """
-    print("Checking weather %s already has a certificate assigned..." % primary_domain)
+    print("Checking whether %s already has a certificate assigned..." % primary_domain)
 
     pipe = Popen("ibmcloud app domain-cert %s" % domain, stdout=PIPE, shell=True)
     output = pipe.stdout.read().decode("unicode_escape")

From 13d57ea4b2fffc8d553446b96c0c087111706db3 Mon Sep 17 00:00:00 2001
From: Steffen Uhlig <steffen@familie-uhlig.net>
Date: Sun, 11 Apr 2021 12:29:32 +0200
Subject: [PATCH 7/7] Fix installation error of cryptography package

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index 2c12701..43d56aa 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,3 @@
 certbot >= 1.14.0
 pyyaml >= 5.3.1
+wheel