From e973e39be9d623d3c12d57f11501fc4b191f8b5c Mon Sep 17 00:00:00 2001
From: Nick Sardo <nicksardo@google.com>
Date: Fri, 21 Apr 2017 11:41:34 -0700
Subject: [PATCH] Do not delete non-controller-created certificates (pre-shared
 certs)

---
 controllers/gce/loadbalancers/loadbalancers.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/controllers/gce/loadbalancers/loadbalancers.go b/controllers/gce/loadbalancers/loadbalancers.go
index 10754bc8b..6ab8902f2 100644
--- a/controllers/gce/loadbalancers/loadbalancers.go
+++ b/controllers/gce/loadbalancers/loadbalancers.go
@@ -339,7 +339,8 @@ func (l *L7) checkProxy() (err error) {
 }
 
 func (l *L7) deleteOldSSLCert() (err error) {
-	if l.oldSSLCert == nil || l.sslCert == nil || l.oldSSLCert.Name == l.sslCert.Name {
+	if l.oldSSLCert == nil || l.sslCert == nil ||
+		l.oldSSLCert.Name == l.sslCert.Name || !strings.HasPrefix(l.oldSSLCert.Name, sslCertPrefix) {
 		return nil
 	}
 	glog.Infof("Cleaning up old SSL Certificate %v, current name %v", l.oldSSLCert.Name, l.sslCert.Name)