diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index d232f125574b44e4c4d6363b07928d5d7b3c38e3..e753a98c23707ba9d94e5e1550993276af3b2a34 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -239,6 +239,12 @@ $form["tabs"]['domain'] = array (
'default' => 'n',
'value' => array(0 => 'n', 1 => 'y')
),
+ 'ssl_letsencrypt' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'n',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
'php' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
diff --git a/interface/web/sites/lib/lang/ar_web_vhost_domain.lng b/interface/web/sites/lib/lang/ar_web_vhost_domain.lng
index 37fdba60467e194733be0c3415c6a9c11d794562..c19d470b33b7033835ea6961d32b71166b8df7fb 100644
--- a/interface/web/sites/lib/lang/ar_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/ar_web_vhost_domain.lng
@@ -28,6 +28,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Own Error-Documents';
$wb['subdomain_txt'] = 'Auto-Subdomain';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Client';
diff --git a/interface/web/sites/lib/lang/bg_web_vhost_domain.lng b/interface/web/sites/lib/lang/bg_web_vhost_domain.lng
index 3b151fdecd95e16a9460f694a9544a8394320e03..5f9075035e6ea3c677f25e5cae809cfd551a8e25 100644
--- a/interface/web/sites/lib/lang/bg_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/bg_web_vhost_domain.lng
@@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'СобÑтвени Ñтраници за грешки';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Клиент';
diff --git a/interface/web/sites/lib/lang/br_web_vhost_domain.lng b/interface/web/sites/lib/lang/br_web_vhost_domain.lng
index aec6e8bccc488116b20e29c159c75e14420126c8..9f4f1f9c1e430d772e8f1f9162fa73f9797daddc 100644
--- a/interface/web/sites/lib/lang/br_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/br_web_vhost_domain.lng
@@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Suas Páginas de Erro';
$wb['subdomain_txt'] = 'Auto-SubdomÃnio';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Cliente';
diff --git a/interface/web/sites/lib/lang/cz_web_domain.lng b/interface/web/sites/lib/lang/cz_web_domain.lng
index 64eccd2dcdc5707096cda4094e8e4f3c7421ec49..7c1e910975541299b83e1a73fd1d7d5e24307f1a 100644
--- a/interface/web/sites/lib/lang/cz_web_domain.lng
+++ b/interface/web/sites/lib/lang/cz_web_domain.lng
@@ -27,6 +27,7 @@ $wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['subdomain_txt'] = 'Automatická subdoména';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Klient';
diff --git a/interface/web/sites/lib/lang/de_web_vhost_domain.lng b/interface/web/sites/lib/lang/de_web_vhost_domain.lng
index c8c6355b57d06354767fb8d53d019bb283a25867..f2ccf66c6d052771278fdf3c2194f40710c8c2d4 100644
--- a/interface/web/sites/lib/lang/de_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/de_web_vhost_domain.lng
@@ -27,6 +27,7 @@ $wb['traffic_quota_txt'] = 'Transfervolumenbeschränkung';
$wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Kunde';
diff --git a/interface/web/sites/lib/lang/el_web_vhost_domain.lng b/interface/web/sites/lib/lang/el_web_vhost_domain.lng
index e5bb4aedd7ec9ac695962d46b21e3b93ad3a4324..e97fcb63c7fc7d876cf158978204c4254a56a39a 100644
--- a/interface/web/sites/lib/lang/el_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/el_web_vhost_domain.lng
@@ -30,6 +30,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Î Ïοσωπικά ÎγγÏαφα σφάλματος';
$wb['subdomain_txt'] = 'Auto-Subdomain';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Πελάτης';
diff --git a/interface/web/sites/lib/lang/fi_web_vhost_domain.lng b/interface/web/sites/lib/lang/fi_web_vhost_domain.lng
index 5c9a9658a1445fabf0e49ad2610826e0f076290d..23b69737dae0d64c766d37c99b88548ce80fb5e1 100644
--- a/interface/web/sites/lib/lang/fi_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/fi_web_vhost_domain.lng
@@ -25,6 +25,7 @@ $wb['traffic_quota_txt'] = 'Liikenneraja';
$wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Asiakas';
diff --git a/interface/web/sites/lib/lang/fr_web_vhost_domain.lng b/interface/web/sites/lib/lang/fr_web_vhost_domain.lng
index 7d96c79e75f833770b285ebea5768b300a8b3f3b..bb472b01d095f897497f8066c0b04305e87711af 100644
--- a/interface/web/sites/lib/lang/fr_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/fr_web_vhost_domain.lng
@@ -25,6 +25,7 @@ $wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Pages derreurs personnalisées';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Client';
diff --git a/interface/web/sites/lib/lang/hr_web_vhost_domain.lng b/interface/web/sites/lib/lang/hr_web_vhost_domain.lng
index 0bc966cd8f708af81e5a92c9507145c7f98d358a..85f97dbedb40b72d0d4a6c3cc53b76dfd0541af2 100644
--- a/interface/web/sites/lib/lang/hr_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/hr_web_vhost_domain.lng
@@ -30,6 +30,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Vlastite error stranice';
$wb['subdomain_txt'] = 'Automatska poddomena';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Klijent';
diff --git a/interface/web/sites/lib/lang/hu_web_vhost_domain.lng b/interface/web/sites/lib/lang/hu_web_vhost_domain.lng
index 58d99e21628172cb34a87a8968b66efc66df1326..19c0832f1febb86e729d389068d78c955fcac744 100644
--- a/interface/web/sites/lib/lang/hu_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/hu_web_vhost_domain.lng
@@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Saját hibaoldal';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['disabled_txt'] = 'Letiltva';
diff --git a/interface/web/sites/lib/lang/id_web_vhost_domain.lng b/interface/web/sites/lib/lang/id_web_vhost_domain.lng
index fc54166fe1661a5233209f5f0b5b0771125937b6..382bfa19fb4d6c748b1bb9c22acf9099519010cd 100644
--- a/interface/web/sites/lib/lang/id_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/id_web_vhost_domain.lng
@@ -28,6 +28,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Dokumen-Kesalahan Pribadi';
$wb['subdomain_txt'] = 'Subdomain Otomatis';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Klien';
diff --git a/interface/web/sites/lib/lang/it_web_vhost_domain.lng b/interface/web/sites/lib/lang/it_web_vhost_domain.lng
index 018310b996830d7935ccf74dcd80b1e2fdd59e67..f74d74ffba60f6e1dba062f853a30fcd4d1f7cad 100644
--- a/interface/web/sites/lib/lang/it_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/it_web_vhost_domain.lng
@@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Errori personalizzati';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Cliente';
diff --git a/interface/web/sites/lib/lang/ja_web_vhost_domain.lng b/interface/web/sites/lib/lang/ja_web_vhost_domain.lng
index 0508dcb90ed9df0942ead61b3f9dee728e34afb1..91a0d9a0d7516365b6f829d93451d372d8f31759 100644
--- a/interface/web/sites/lib/lang/ja_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/ja_web_vhost_domain.lng
@@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = '独自ã®ã‚¨ãƒ©ãƒ¼ãƒšãƒ¼ã‚¸ã‚’使ã†';
$wb['subdomain_txt'] = '自動サブドメイン';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'クライアント';
diff --git a/interface/web/sites/lib/lang/nl_web_vhost_domain.lng b/interface/web/sites/lib/lang/nl_web_vhost_domain.lng
index 0cc80e6e13c251ff4cdee34b328d3fb8051f6f85..af7619531766a3799a8a3204fa83286e85b84b1c 100644
--- a/interface/web/sites/lib/lang/nl_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/nl_web_vhost_domain.lng
@@ -30,6 +30,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Own Error-documenten';
$wb['subdomain_txt'] = 'Auto-subdomein';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Klant';
diff --git a/interface/web/sites/lib/lang/pl_web_vhost_domain.lng b/interface/web/sites/lib/lang/pl_web_vhost_domain.lng
index 5f8455b68e08346d0d918e426f01c14c7f2b141e..57ec8958ebd35428bc489424dd751119640d5379 100644
--- a/interface/web/sites/lib/lang/pl_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/pl_web_vhost_domain.lng
@@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Własne strony błędów';
$wb['subdomain_txt'] = 'Automatyczna subdomena';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Klient';
diff --git a/interface/web/sites/lib/lang/pt_web_vhost_domain.lng b/interface/web/sites/lib/lang/pt_web_vhost_domain.lng
index 82f2ea7ca3eb458bd183363e12d1e1a3c5679018..60718d0f355813d0d3ffa5d3bf2f3ec658b1cc12 100644
--- a/interface/web/sites/lib/lang/pt_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/pt_web_vhost_domain.lng
@@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Páginas de Erro';
$wb['subdomain_txt'] = 'Auto-SubdomÃnio';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Cliente';
diff --git a/interface/web/sites/lib/lang/ro_web_vhost_domain.lng b/interface/web/sites/lib/lang/ro_web_vhost_domain.lng
index d0a52d92e481f27b3e00f75f969ebf09af14157e..893bf45fb4d007f2f9b5ec86f1e511e356ee0f53 100644
--- a/interface/web/sites/lib/lang/ro_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/ro_web_vhost_domain.lng
@@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Own Error-Documents';
$wb['subdomain_txt'] = 'Auto-Subdomain';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Client';
diff --git a/interface/web/sites/lib/lang/ru_web_vhost_domain.lng b/interface/web/sites/lib/lang/ru_web_vhost_domain.lng
index d5de443a9fe182c609a71fd1c96d847f8517f903..b395dfdb34cdacc6eb6d75c1b83bd39d0939256f 100644
--- a/interface/web/sites/lib/lang/ru_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/ru_web_vhost_domain.lng
@@ -25,6 +25,7 @@ $wb['traffic_quota_txt'] = 'Квота трафика';
$wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Клиент';
diff --git a/interface/web/sites/lib/lang/se_web_vhost_domain.lng b/interface/web/sites/lib/lang/se_web_vhost_domain.lng
index 2f76ef9e13f55e7a8ba95f7862559e1e1b656195..862635eff07025d987367b452034bdac1250f177 100644
--- a/interface/web/sites/lib/lang/se_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/se_web_vhost_domain.lng
@@ -26,6 +26,7 @@ $wb['cgi_txt'] = 'CGI';
$wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Own Error-Documents';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Client';
diff --git a/interface/web/sites/lib/lang/sk_web_vhost_domain.lng b/interface/web/sites/lib/lang/sk_web_vhost_domain.lng
index f3ee50b26ff3746a2f1bd6bf891b513c75038085..9d1c82504816e94297ea46d5a03e2012845ef302 100644
--- a/interface/web/sites/lib/lang/sk_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/sk_web_vhost_domain.lng
@@ -27,6 +27,7 @@ $wb['ssi_txt'] = 'SSI';
$wb['errordocs_txt'] = 'Vlastné Error-Dokumenty';
$wb['subdomain_txt'] = 'Auto-Subdomény';
$wb['ssl_txt'] = 'SSL';
+$wb['ssl_letsencrypt_txt'] = 'Let\'s Encrypt';
$wb['suexec_txt'] = 'SuEXEC';
$wb['php_txt'] = 'PHP';
$wb['client_txt'] = 'Klient';
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 1b5a4c282ca133a4d0c1e822ab745a68d254077c..4e26c546bbf26ff9b8359c464c93e071b71c4cc8 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1111,6 +1111,92 @@ class apache2_plugin {
}
*/
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+ $data['new']['ssl_domain'] = $domain;
+ $vhost_data['ssl_domain'] = $domain;
+
+ //* be sure to have good domain
+ $lddomain = (string) "$domain";
+ if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
+ $lddomain .= (string) " --domains www." . $domain;
+ }
+
+ $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/cert.pem";
+ $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
+ $bundle_tmp_file = "/etc/letsencrypt/live/".$domain."/chain.pem";
+ $webroot = $data['new']['document_root']."/web";
+
+ //* check if we have already a Let's Encrypt cert
+ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
+ $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
+
+ if(is_dir($webroot . "/.well-known/")) {
+ $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+ $this->_exec("rm -rf " . $webroot . "/.well-known/");
+ }
+
+ $app->log("Create challenge directory", LOGLEVEL_DEBUG);
+ $app->system->mkdirpath($webroot . "/.well-known/");
+ $app->system->chown($webroot . "/.well-known/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+ $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+ $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+ $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot");
+ };
+
+ //* check is been correctly created
+ if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
+ $date = date("YmdHis");
+ if(is_file($key_file)) {
+ $app->system->copy($key_file, $key_file.'.old'.$date);
+ $app->system->chmod($key_file.'.old.'.$date, 0400);
+ $app->system->unlink($key_file);
+ }
+
+ if ($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
+ }
+
+ if(is_file($crt_file)) {
+ $app->system->copy($crt_file, $crt_file.'.old.'.$date);
+ $app->system->chmod($crt_file.'.old.'.$date, 0400);
+ $app->system->unlink($crt_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
+ }
+
+ if(is_file($bundle_file)) {
+ $app->system->copy($bundle_file, $bundle_file.'.old.'.$date);
+ $app->system->chmod($bundle_file.'.old.'.$date, 0400);
+ $app->system->unlink($bundle_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($bundle_tmp_file), escapeshellcmd($bundle_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($bundle_tmp_file)." ".escapeshellcmd($bundle_file));
+ }
+
+ /* we don't need to store it.
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ }
+ };
+
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
//$vhost_data['document_root'] = $data['new']['document_root'].'/' . $web_folder;
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 7bb4f8ca606096faafb9f257b32b5835a8387938..9c688d208e171ab5630867d6d4f6888cb4bfc117 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1142,10 +1142,87 @@ class nginx_plugin {
// Check if a SSL cert exists
$ssl_dir = $data['new']['document_root'].'/ssl';
+ if(!isset($data['new']['ssl_domain']) OR empty($data['new']['ssl_domain'])) { $data['new']['ssl_domain'] = $data['new']['domain']; }
$domain = $data['new']['ssl_domain'];
+ $tpl->setVar('ssl_domain', $domain);
$key_file = $ssl_dir.'/'.$domain.'.key';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
+
+ $tpl->setVar('ssl_letsencrypt', "n");
+ //* Generate Let's Encrypt SSL certificat
+ if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
+ //* be sure to have good domain
+ $lddomain = (string) "$domain";
+ if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") {
+ $lddomain .= (string) " --domains www." . $domain;
+ }
+
+ $tpl->setVar('ssl_letsencrypt', "y");
+ //* TODO: check dns entry is correct
+ $crt_tmp_file = "/etc/letsencrypt/live/".$domain."/fullchain.pem";
+ $key_tmp_file = "/etc/letsencrypt/live/".$domain."/privkey.pem";
+ $webroot = $data['new']['document_root']."/web";
+
+ //* check if we have already a Let's Encrypt cert
+ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) {
+ $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
+
+ if(is_dir($webroot . "/.well-known/")) {
+ $app->log("Remove old challenge directory", LOGLEVEL_DEBUG);
+ $this->_exec("rm -rf " . $webroot . "/.well-known/");
+ }
+
+ $app->log("Create challenge directory", LOGLEVEL_DEBUG);
+ $app->system->mkdirpath($webroot . "/.well-known/");
+ $app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']);
+ $app->system->mkdirpath($webroot . "/.well-known/acme-challenge");
+ $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']);
+ $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']);
+ $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s");
+
+ $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth -a webroot --email postmaster@$domain --domains $lddomain --webroot-path $webroot");
+ };
+
+ //* check is been correctly created
+ if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) {
+ $date = date("YmdHis");
+//* TODO: check if is a symlink, if target same keep it, either remove it
+ if(is_file($key_file)) {
+ $app->system->copy($key_file, $key_file.'.old'.$date);
+ $app->system->chmod($key_file.'.old.'.$date, 0400);
+ $app->system->unlink($key_file);
+ }
+
+ if ($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($key_tmp_file), escapeshellcmd($key_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($key_tmp_file)." ".escapeshellcmd($key_file));
+ }
+
+ if(is_file($crt_file)) {
+ $app->system->copy($crt_file, $crt_file.'.old.'.$date);
+ $app->system->chmod($crt_file.'.old.'.$date, 0400);
+ $app->system->unlink($crt_file);
+ }
+
+ if($web_config["website_symlinks_rel"] == 'y') {
+ $this->create_relative_link(escapeshellcmd($crt_tmp_file), escapeshellcmd($crt_file));
+ } else {
+ exec("ln -s ".escapeshellcmd($crt_tmp_file)." ".escapeshellcmd($crt_file));
+ }
+
+ /* we don't need to store it.
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ }
+ };
+
if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) {
$vhost_data['ssl_enabled'] = 1;
$app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG);