diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..2458724d2e3415095879f3661b1de0d4ce86b1d7 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -0,0 +1 @@
+ALTER TABLE `web_domain` ADD COLUMN `ssl_letsencrypt_exclude` enum('n','y') NOT NULL DEFAULT 'n' AFTER `ssl_letsencrypt`;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 43cbc367bd5c6edb4f655ae4f21937da33d688ae..11755a34b96353347ec48b9cdb61d4c3e5d65ac1 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1943,6 +1943,7 @@ CREATE TABLE `web_domain` (
`rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n',
`ssl` enum('n','y') NOT NULL default 'n',
`ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n',
+ `ssl_letsencrypt_exclude` enum('n','y') NOT NULL DEFAULT 'n',
`ssl_state` varchar(255) NULL,
`ssl_locality` varchar(255) NULL,
`ssl_organisation` varchar(255) NULL,
diff --git a/interface/web/sites/form/web_childdomain.tform.php b/interface/web/sites/form/web_childdomain.tform.php
index 09145f9768a71c4aca84ded0b96e7936743b5f10..02480db42879a97058306114b8771f7cdd0ff9b2 100644
--- a/interface/web/sites/form/web_childdomain.tform.php
+++ b/interface/web/sites/form/web_childdomain.tform.php
@@ -133,6 +133,12 @@ $form["tabs"]['domain'] = array (
'width' => '30',
'maxlength' => '255'
),
+ 'ssl_letsencrypt_exclude' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'n',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
'active' => array (
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
diff --git a/interface/web/sites/lib/lang/de_web_childdomain.lng b/interface/web/sites/lib/lang/de_web_childdomain.lng
index bb17039fbefb8885b6c1d61757c6c96642ecdde1..c30225a71e426962c8c6fb306ac2683707f3b3da 100644
--- a/interface/web/sites/lib/lang/de_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/de_web_childdomain.lng
@@ -115,4 +115,5 @@ $wb['available_php_directive_snippets_txt'] = 'Verfügbare PHP-Direktiven-Schnip
$wb['available_apache_directive_snippets_txt'] = 'Verfügbare Apache-Direktiven-Schnipsel:';
$wb['available_nginx_directive_snippets_txt'] = 'Verfügbare nginx-Direktiven-Schnipsel:';
$wb['Domain'] = 'Aliasdomain';
+$wb['ssl_letsencrypt_exclude_txt'] = 'Nicht in Let\'s Encrypt Zertifikat aufnehmen';
?>
diff --git a/interface/web/sites/lib/lang/en_web_childdomain.lng b/interface/web/sites/lib/lang/en_web_childdomain.lng
index cd033ae573697c79aa182254be333e645c7cc20b..cd9afca55126dc33515df167d4ef4629c964dd4f 100644
--- a/interface/web/sites/lib/lang/en_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/en_web_childdomain.lng
@@ -115,4 +115,5 @@ $wb['available_php_directive_snippets_txt'] = 'Available PHP Directive Snippets:
$wb['available_apache_directive_snippets_txt'] = 'Available Apache Directive Snippets:';
$wb['available_nginx_directive_snippets_txt'] = 'Available nginx Directive Snippets:';
$wb['Domain'] = 'Aliasdomain';
+$wb['ssl_letsencrypt_exclude_txt'] = 'Don\'t add to Let\'s Encrypt certificate';
?>
diff --git a/interface/web/sites/templates/web_childdomain_edit.htm b/interface/web/sites/templates/web_childdomain_edit.htm
index 5165c3268732ed1a4dfe2d9c3b7625eb5dbfeb7a..4836f4a65cd586da1e0624d34d1e2d820cccd267 100644
--- a/interface/web/sites/templates/web_childdomain_edit.htm
+++ b/interface/web/sites/templates/web_childdomain_edit.htm
@@ -67,6 +67,14 @@
<div class="col-sm-9"><select name="seo_redirect" id="seo_redirect" class="form-control">
{tmpl_var name='seo_redirect'}
</select></div>
+ </div>
+ </tmpl_if>
+ <tmpl_if name="limit_ssl_letsencrypt" op="==" value="y">
+ <div class="form-group">
+ <label class="col-sm-3 control-label">{tmpl_var name='ssl_letsencrypt_exclude_txt'}</label>
+ <div class="col-sm-9">
+ {tmpl_var name='ssl_letsencrypt_exclude'}
+ </div>
</div>
</tmpl_if>
<div class="form-group">
diff --git a/interface/web/sites/web_childdomain_edit.php b/interface/web/sites/web_childdomain_edit.php
index 465356402bbb09d8cddfd5f3126dff2f7bd172ed..6ef98f901fb864083d41b9feb64bd102edab4f67 100644
--- a/interface/web/sites/web_childdomain_edit.php
+++ b/interface/web/sites/web_childdomain_edit.php
@@ -146,7 +146,14 @@ class page_action extends tform_actions {
}
if($this->_childdomain_type == 'subdomain') $app->tpl->setVar("domain", $this->dataRecord["domain"]);
- if($_SESSION["s"]["user"]["typ"] == 'admin') {
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+ if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ $client = $app->db->queryOneRecord("SELECT client.limit_ssl_letsencrypt FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $app->tpl->setVar('limit_ssl_letsencrypt', $client['limit_ssl_letsencrypt']);
+ } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ $client = $app->db->queryOneRecord("SELECT client.limit_ssl_letsencrypt FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ $app->tpl->setVar('limit_ssl_letsencrypt', $client['limit_ssl_letsencrypt']);
+ } else {
// Directive Snippets
$proxy_directive_snippets = $app->db->queryAllRecords("SELECT * FROM directive_snippets WHERE type = 'proxy' AND active = 'y'");
$proxy_directive_snippets_txt = '';
@@ -157,6 +164,7 @@ class page_action extends tform_actions {
}
if($proxy_directive_snippets_txt == '') $proxy_directive_snippets_txt = '------';
$app->tpl->setVar("proxy_directive_snippets_txt", $proxy_directive_snippets_txt);
+ $app->tpl->setVar('limit_ssl_letsencrypt', 'y');
}
$app->tpl->setVar('childdomain_type', $this->_childdomain_type);
@@ -208,6 +216,15 @@ class page_action extends tform_actions {
$app->tform->errorMessage .= $app->tform->lng("error_proxy_requires_url")."<br />";
}
+
+ if($_SESSION["s"]["user"]["typ"] != 'admin') {
+ // Get the limits of the client
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+ $client = $app->db->queryOneRecord("SELECT limit_ssl_letsencrypt FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+ if($client['limit_ssl_letsencrypt'] != 'y') $this->dataRecord['ssl_letsencrypt_exclude'] = 'n';
+ }
+
+
// Set a few fixed values
$this->dataRecord["type"] = ($this->_childdomain_type == 'subdomain' ? 'subdomain' : 'alias');
$this->dataRecord["server_id"] = $parent_domain["server_id"];
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index efd60310b4da017c08d8ee5fa32905747581d741..12e43a9d5bd3581d05ffbd5699dbb1add26c6567 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -203,7 +203,7 @@ class letsencrypt {
}
//* then, add subdomain if we have
- $subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
+ $subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain' AND ssl_letsencrypt_exclude != 'y'");
if(is_array($subdomains)) {
foreach($subdomains as $subdomain) {
$temp_domains[] = $subdomain['domain'];
@@ -211,7 +211,7 @@ class letsencrypt {
}
//* then, add alias domain if we have
- $aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'");
+ $aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias' AND ssl_letsencrypt_exclude != 'y'");
if(is_array($aliasdomains)) {
foreach($aliasdomains as $aliasdomain) {
$temp_domains[] = $aliasdomain['domain'];