diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 98e8abdf973a350278fe3d6539e122a9b38ddd58..45d5a2e007ab7920988fdaf748c32ffebe1a0dc7 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -2,3 +2,78 @@ ALTER TABLE `sys_datalog` ADD `session_id` varchar(64) NOT NULL DEFAULT '' AFTER
 ALTER TABLE `sys_user` CHANGE `sys_userid` `sys_userid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by userid';
 ALTER TABLE `sys_user` CHANGE `sys_groupid` `sys_groupid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by groupid';
 ALTER TABLE `web_domain` ADD COLUMN `php_fpm_chroot` enum('n','y') NOT NULL DEFAULT 'n' AFTER `php_fpm_use_socket`;
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
+
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'comodo.com' WHERE `ca_issue` = 'comodoca.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'geotrust.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'thawte.com';
+UPDATE `dns_ssl_ca` SET `ca_name` = 'Symantec / Thawte / GeoTrust' WHERE `ca_issue` = 'symantec.com';
+
+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+ALTER TABLE `dns_rr` CHANGE `type` `type` ENUM('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 88eff32ff0943390562c6a17f2d6a7a397ce5186..757247392ff3c4beff6f36263fc1eb303b5aa1d3 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -489,7 +489,7 @@ CREATE TABLE `dns_rr` (
   `server_id` int(11) NOT NULL default '1',
   `zone` int(11) unsigned NOT NULL DEFAULT '0',
   `name` varchar(255) NOT NULL DEFAULT '',
-  `type` enum('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
+  `type` enum('A','AAAA','ALIAS','CNAME','CAA','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
   `data` TEXT NOT NULL,
   `aux` int(11) unsigned NOT NULL default '0',
   `ttl` int(11) unsigned NOT NULL default '3600',
@@ -525,6 +525,85 @@ CREATE TABLE `dns_slave` (
 
 -- --------------------------------------------------------
 
+-- 
+-- Table structure for table  `dns_ssl_ca`
+-- 
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
+
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'comodo.com' WHERE `ca_issue` = 'comodoca.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'geotrust.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'thawte.com';
+UPDATE `dns_ssl_ca` SET `ca_name` = 'Symantec / Thawte / GeoTrust' WHERE `ca_issue` = 'symantec.com';
+
+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+-- --------------------------------------------------------
+
 -- 
 -- Table structure for table  `dns_soa`
 -- 
diff --git a/interface/lib/classes/plugin_system_config_dns_ca.inc.php b/interface/lib/classes/plugin_system_config_dns_ca.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..f53662d822ea63daed1030b4c4c3fce13b352262
--- /dev/null
+++ b/interface/lib/classes/plugin_system_config_dns_ca.inc.php
@@ -0,0 +1,91 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+	var $error = '';
+
+	function onShow() {
+		global $app;
+
+		$pluginTpl = new tpl;
+		$pluginTpl->newTemplate('templates/system_config_dns_ca_edit.htm');
+		include 'lib/lang/'.$_SESSION['s']['language'].'_system_config.lng';
+		$pluginTpl->setVar($wb);
+		$ca_id = $app->functions->intval($_GET['id']);
+		if(isset($_GET['action']) && ($_GET['action'] == 'edit') && $ca_id > 0) {
+			$pluginTpl->setVar('edit_record', 1);
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE id = ?", $ca_id);
+			$pluginTpl->setVar('id', $rec['id']);
+			$pluginTpl->setVar('ca_name', $rec['ca_name']);
+			$pluginTpl->setVar('ca_issue', $rec['ca_issue']);
+			$pluginTpl->setVar('ca_wildcard', $rec['ca_wildcard']);
+			$pluginTpl->setVar('ca_critical', $rec['ca_critical']);
+			$pluginTpl->setVar('ca_iodef', $rec['ca_iodef']);
+			$pluginTpl->setVar('active', $rec['active']);
+		} elseif(isset($_GET['action']) && ($_GET['action'] == 'save') && $ca_id > 0) {
+			$pluginTpl->setVar('edit_record', 0);
+			$pluginTpl->setVar('id', $ca_id);
+			$pluginTpl->setVar('ca_name', $_POST['ca_name']);
+			$pluginTpl->setVar('ca_issue', $_POST['ca_issue']);
+			$pluginTpl->setVar('ca_wildcard', $_POST['ca_wildcard']);
+			$pluginTpl->setVar('ca_critical', $_POST['ca_critical']);
+			$pluginTpl->setVar('ca_iodef', $_POST['ca_iodef']);
+			$pluginTpl->setVar('active', $_POST['active']);
+		} else {
+			$pluginTpl->setVar('edit_record', 0);
+		}
+
+		return $pluginTpl->grab();
+
+	}
+
+	function onUpdate() {
+		global $app;
+
+		$ca_id = $app->functions->intval($_GET['id']);
+		if(isset($_GET['action']) && $_GET['action'] == 'save') {
+			if($ca_id > 0) {
+				$app->db->query("UPDATE dns_ssl_ca SET ca_name = ?, ca_issue = ?, ca_wildcard = ?, ca_iodef = ?, active = ? WHERE id = ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active'], $ca_id);
+			} else {
+				$app->db->query("INSERT INTO (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, ca_name, ca_issue, ca_wildcard, ca_iodef, active) VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, ?, ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active']);
+			}
+		}
+	}
+
+}
+
+?>
diff --git a/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php b/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..eb5882bd3b5bf68ed2b42dbc6577df79d927eaa6
--- /dev/null
+++ b/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php
@@ -0,0 +1,81 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca_list extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+
+	function onShow() {
+		global $app;
+
+		$listTpl = new tpl;
+		$listTpl->newTemplate('templates/system_config_dns_ca_list.htm');
+
+		//* Loading language file
+		$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_system_config.lng';
+		include $lng_file;
+		$listTpl->setVar($wb);
+		if($_SESSION['s']['user']['typ'] == 'admin') {
+			if(isset($_GET['action'])) { 
+				$ca_id = $app->functions->intval($_GET['id']);
+				if($_GET['action'] == 'delete' && $ca_id > 0) {
+					$app->db->query("DELETE FROM dns_ssl_ca WHERE id = ?",  $ca_id);
+				}
+			}
+		}
+
+		if(isset($_GET['action']) && $_GET['action'] == 'edit' && $_GET['id'] > 0) $listTpl->setVar('edit_record', 1);
+
+		// Getting Datasets from DB
+		$ca_records = $app->db->queryAllRecords("SELECT * FROM dns_ssl_ca ORDER BY ca_name ASC");
+		$records=array();
+		if(is_array($ca_records) && count($ca_records) > 0) {
+			foreach($ca_records as $ca) {
+				$rec['ca_id'] = $ca['id'];
+				$rec['name'] = $ca['ca_name'];
+				$rec['active'] = $ca['active'];
+				$records[] = $rec;
+				unset($rec);
+			}
+			$listTpl->setLoop('ca_records', @$records);
+		} 
+		$listTpl->setVar('parent_id', $this->form->id);
+
+		return $listTpl->grab();
+	}
+
+}
+
+?>
diff --git a/interface/lib/plugins/system_config_dns_ca_plugin.inc.php b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..c35934e5bfa542b9d5540802100eec148306f74c
--- /dev/null
+++ b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
@@ -0,0 +1,103 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class system_config_dns_ca_plugin {
+
+	var $plugin_name = 'system_config_dns_ca_plugin';
+	var $class_name = 'system_config_dns_ca_plugin';
+
+	function onLoad() {
+		global $app;
+
+		$app->plugin->registerEvent('dns:dns_caa:on_after_update', 'system_config_dns_ca_plugin', 'caa_update');
+		$app->plugin->registerEvent('dns:dns_caa:on_after_insert', 'system_config_dns_ca_plugin', 'caa_update');
+
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_insert', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_update', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+	}
+
+	function caa_update($event_name, $page_form) {
+		global $app;
+
+		if(trim($page_form->dataRecord['additional'] != '')) {
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE id = ?", $page_form->id);
+			unset($rec['id']);
+			$zone = $app->db->queryOneRecord("SELECT origin FROM dns_soa WHERE id = ?", $rec['zone']);
+			$host=str_replace($zone['origin'], '', $page_form->dataRecord['name']);
+			$host=rtrim($host,'.');
+			$page_form->dataRecord['additional']=str_replace($host, '', $page_form->dataRecord['additional']);
+			$additional=explode(',', $page_form->dataRecord['additional']);
+			foreach($additional as $new) {
+				if($new != '') {
+					$insert_data = $rec;
+					$insert_data['name'] = $new.'.'.$zone['origin'];
+					$app->db->datalogInsert('dns_rr', $insert_data, 'id');
+				}
+			}
+		}
+	} 
+
+	function web_vhost_domain_edit($event_name, $page_form) {
+		global $app;
+
+		if($page_form->dataRecord['ssl_letsencrypt'] == 'y') {
+			$domain = $page_form->dataRecord['domain'];
+			$subdomain = $page_form->dataRecord['subdomain'];
+			$temp=$app->db->queryAllRecords("SELECT * FROM dns_rr WHERE type = 'CAA' AND (name = ? OR name = ?) AND data like ?", $domain.'.', $subdomain.'.'.$domain.'.', '%letsencrypt%');
+			if(count($temp) == 0) {
+				$caa = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE ca_issue = 'letsencrypt.org' AND active = 'Y'");
+				$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $domain.'.');
+				if(is_array($caa) && is_array($soa)) {
+					$records = array();
+					$records[] = $domain.'.';;
+					if($subdomain != '' && $subdomain != 'www') $records[] = $subdomain.'.'.$domain;
+					foreach($records as $record) {
+						$new_rr = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ?", $soa['origin']);
+						unset($new_rr['id']);
+						$new_rr['type'] = 'CAA';
+						$new_rr['name'] = $record;
+						$new_rr['data'] = "0 issue \"$caa[ca_issue]\"";
+						$new_rr['ttl'] = $soa['ttl'];
+						$new_rr['active'] = 'Y';
+				        $new_rr['stamp'] = date('Y-m-d H:i:s');
+		        		$new_rr['serial'] = $app->validate_dns->increase_serial($new_rr['serial']);
+				        $app->db->datalogInsert('dns_rr', $new_rr, 'id', $new_rr['zone']);
+						$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);
+						$new_serial = $app->validate_dns->increase_serial($zone['serial']);
+						$app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);
+					}
+				}
+			}
+		}
+	}
+
+} // End class
+
+?>
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 449805f3c17a179df4a468de3477fbc0336009cb..d718e4ef8221fe73788d8ab6fc2eaec82a692c75 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -730,5 +730,21 @@ $form["tabs"]['misc'] = array (
 	)
 );
 
+$form['tabs']['dns_ca'] = array (
+	'title'  => 'DNS CAs',
+	'width'  => 100,
+	'template'  => 'templates/system_config_dns_ca.htm',
+	'fields'  => array (),
+	'plugins' => array (
+		'dns_ca' => array (
+			'class'   => 'plugin_system_config_dns_ca',
+			'options' => array()
+		),
+		'dns_ca_list' => array (
+			'class'   => 'plugin_system_config_dns_ca_list',
+			'options' => array()
+		)
+	)
+);
 
 ?>
diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng
index 45fb0fa9e9a26d796f1b91a8697e84bbd4af64e7..6bebcf39ada5f9a2eac4ca9b21011f0d4eb440e2 100644
--- a/interface/web/admin/lib/lang/ar_system_config.lng
+++ b/interface/web/admin/lib/lang/ar_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng
index 2f4eb86d3c33b4dd414a8b76e97593903f11f949..8c3444e9cb8e234c6d4ac66d732e20476cffdc67 100644
--- a/interface/web/admin/lib/lang/bg_system_config.lng
+++ b/interface/web/admin/lib/lang/bg_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng
index 02e3249d5fd2a340904e10450b6086f30868e236..887dffb6e3f770787313a8a675898b26fbe45623 100644
--- a/interface/web/admin/lib/lang/br_system_config.lng
+++ b/interface/web/admin/lib/lang/br_system_config.lng
@@ -1,6 +1,6 @@
 <?php
 $wb['system_config_desc_txt'] = '';
-$wb['warning'] = 'Edite estes valores com cuidado! Não remova os prefixos em um sistema com mais de um cliente!';
+$wb['warning'] = 'Edite estes valores com cuidado! Não remova os prefixos em um sistema com mais de um cliente!!';
 $wb['dbname_prefix_txt'] = 'Prefixo do banco de dados';
 $wb['dbuser_prefix_txt'] = 'Prefixo do usuário do banco de dados';
 $wb['shelluser_prefix_txt'] = 'Prefixo do usuário shell';
@@ -24,16 +24,16 @@ $wb['webdavuser_prefix_error_regex'] = 'Caractere não permitido no prefixo do u
 $wb['webftp_url_txt'] = 'URL do webFTP';
 $wb['mailmailinglist_link_txt'] = 'Link para lista de e-mails';
 $wb['mailmailinglist_url_txt'] = 'URL para lista de e-mails';
-$wb['admin_mail_txt'] = 'e-Mail do administrador';
+$wb['admin_mail_txt'] = 'E-mail do administrador';
 $wb['admin_name_txt'] = 'Nome do administrador';
 $wb['enable_custom_login_txt'] = 'Permite nome de acesso personalizado';
 $wb['monitor_key_txt'] = 'Monitorar palavra reservada';
 $wb['maintenance_mode_txt'] = 'Modo manutenção';
 $wb['smtp_enabled_txt'] = 'Usar SMPT para enviar e-mails do sistema';
-$wb['smtp_host_txt'] = 'Servidor SMTP';
-$wb['smtp_port_txt'] = 'Porta';
-$wb['smtp_user_txt'] = 'Usuário';
-$wb['smtp_pass_txt'] = 'Senha';
+$wb['smtp_host_txt'] = 'Hospedeiro SMTP';
+$wb['smtp_port_txt'] = 'Porta SMTP';
+$wb['smtp_user_txt'] = 'Usuário SMTP';
+$wb['smtp_pass_txt'] = 'Senha SMTP';
 $wb['smtp_crypt_txt'] = 'Usar criptografia SSL/TLS para conexões SMTP';
 $wb['smtp_missing_admin_mail_txt'] = 'Por favor, insira um nome e e-mail do administrador se você usar smtp para envio dos e-mails do sistema.';
 $wb['tab_change_discard_txt'] = 'Descartar modificações nesta aba';
@@ -67,7 +67,7 @@ $wb['customer_no_template_error_regex_txt'] = 'O número do gabarito do cliente
 $wb['customer_no_start_txt'] = 'Valor inicial do código do cliente';
 $wb['customer_no_counter_txt'] = 'Contador de código do cliente';
 $wb['session_timeout_txt'] = 'Duração da sessão (minutos)';
-$wb['session_allow_endless_txt'] = 'Habilitar \"Manter-me conectado\"';
+$wb['session_allow_endless_txt'] = 'Habilitar \\"manter-me conectado\\"';
 $wb['min_password_length_txt'] = 'Comprimento mínimo da senha';
 $wb['min_password_strength_txt'] = 'Dificuldade mínima da senha';
 $wb['company_name_txt'] = 'Nome da empresa no título da página';
@@ -76,9 +76,17 @@ $wb['custom_login_text_txt'] = 'Texto personalizado para página de acesso';
 $wb['custom_login_link_txt'] = 'Link personalizado para página de acesso';
 $wb['login_link_error_regex'] = 'Link personalizado para acesso inválido';
 $wb['default_mailserver_txt'] = 'Servidor de e-mails padrão';
-$wb['default_webserver_txt'] = 'Servidor web padrão';
+$wb['default_webserver_txt'] = 'Servidor de páginas padrão';
 $wb['default_dnsserver_txt'] = 'Servidor dns padrão';
 $wb['default_slave_dnsserver_txt'] = 'Servidor dns secundário padrão';
-$wb['default_dbserver_txt'] = 'Servidor de banco de dados padrão';
-$wb['No'] = 'Não';
+$wb['default_dbserver_txt'] = 'Seridor de banco de dados padrão';
+$wb['No'] = 'No';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng
index 5809cc97b2816aca52e978689f2f7ce8176d482d..ff46470f59300e51c7cc7577e34f53c06e734227 100644
--- a/interface/web/admin/lib/lang/ca_system_config.lng
+++ b/interface/web/admin/lib/lang/ca_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng
index 930e3ebbfb6b4f56ee6f7d2a5eb8b7a8d82da21a..4f0468833f428ea2cb4691cd193f966444300e7f 100644
--- a/interface/web/admin/lib/lang/cz_system_config.lng
+++ b/interface/web/admin/lib/lang/cz_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Vlastní text na přihlašovací stránce';
 $wb['custom_login_link_txt'] = 'Vlastní odkaz (URL) na přihlašovací stránce (vlastní text)';
 $wb['login_link_error_regex'] = 'Neplatný formát URL pro vlastní odkaz na přihlašovací stránce';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng
index 8620491ad4734f4a98ebb9271583ce5904301e97..683291b1fb33b2688cdc65a2a250d7e7538af13c 100644
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
@@ -81,4 +81,14 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+
+
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Wildcard verwenden';
+$wb['ca_critical_txt'] = 'Strikte Überprüfung'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktiv';
+$wb['btn_save_txt'] = 'Speichern';
+$wb['btn_cancel_txt'] = 'Abbrechen';
 ?>
diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng
index 2834cacad6e2acc15a3647a0e5b44f1408e386a0..5e96639d2c85f05ce1f9764093f859f1759af897 100644
--- a/interface/web/admin/lib/lang/dk_system_config.lng
+++ b/interface/web/admin/lib/lang/dk_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng
index 4dadc1290bfc36a9f31fa2a9f91bc3092e1c145d..0191eb85e7207440db7af224696387e0b8e23020 100644
--- a/interface/web/admin/lib/lang/el_system_config.lng
+++ b/interface/web/admin/lib/lang/el_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng
index 38f178f9f5ba58672db59073790ca7400e9caa50..29732e4169fe04cc2ab3cba6ce6e961b2f6eb758 100644
--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
@@ -84,4 +84,12 @@ $wb["reseller_can_use_options_txt"] = "Reseller can use the option-tab for websi
 $wb["custom_login_text_txt"] = "Custom Text on Login-Page";
 $wb["custom_login_link_txt"] = "Custom Link on Login-Page";
 $wb["login_link_error_regex"] = "Invalid Link for Custom Login";
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Active';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng
index cc81939cb389078cf90fa8c14caea505c378829e..21575571f000e3c10baa7b2317652b06be78ef27 100755
--- a/interface/web/admin/lib/lang/es_system_config.lng
+++ b/interface/web/admin/lib/lang/es_system_config.lng
@@ -81,4 +81,12 @@ $wb['webftp_url_txt'] = 'Enlace al cliente FTP por web';
 $wb['webmail_url_error_regex'] = 'Dirección del correo web inválida';
 $wb['webmail_url_note_txt'] = 'Marcador de posición:';
 $wb['webmail_url_txt'] = 'URL de correo web';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng
index c4987d01a3addf5ca64cea624c56e8eaa7c37cfd..7fe364c9720d69e3f75c5a38022e4bad45c7a24e 100644
--- a/interface/web/admin/lib/lang/fi_system_config.lng
+++ b/interface/web/admin/lib/lang/fi_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng
index 5892e3a269c698417280ce398730926011cfcda4..0d9d27d14f5ca068d14c78201208f1cd0743bb47 100644
--- a/interface/web/admin/lib/lang/fr_system_config.lng
+++ b/interface/web/admin/lib/lang/fr_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng
index e02ae57a20a6cc5baa655e7c45cc7c38459ab1b9..ba926e3a71d1bef8f3f0809916ef09f03e9cf2e0 100644
--- a/interface/web/admin/lib/lang/hr_system_config.lng
+++ b/interface/web/admin/lib/lang/hr_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng
index d26fc5be2dc52df07d71ff65dba9b981c8d8d1ef..9944f68b7895f9fdc8847172d25fe81bfd4fe575 100644
--- a/interface/web/admin/lib/lang/hu_system_config.lng
+++ b/interface/web/admin/lib/lang/hu_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng
index c865dff3d81619315d566ef3ee58501485606412..65c17683542c3db64cee43301b9db8f49533fbcf 100644
--- a/interface/web/admin/lib/lang/id_system_config.lng
+++ b/interface/web/admin/lib/lang/id_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng
index 396503f02e34087ddf62f4e40f568cb4a7639191..e3c4fcaae7a887bdece82aac6fb93ba9f8edf70a 100644
--- a/interface/web/admin/lib/lang/it_system_config.lng
+++ b/interface/web/admin/lib/lang/it_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng
index fc32081d962b0c6be9e19465b4514a67d1354c9b..ce16ad15bbef7e1ce47fca87e3b6c646c01c778a 100644
--- a/interface/web/admin/lib/lang/ja_system_config.lng
+++ b/interface/web/admin/lib/lang/ja_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng
index 5177888bb06b645358090a945a5d1835804ec48f..20df45f2bce860e08a7c21194fae4ea41e1e3fd6 100644
--- a/interface/web/admin/lib/lang/nl_system_config.lng
+++ b/interface/web/admin/lib/lang/nl_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng
index cea6345e63746e2eef461e50a332438bec11df64..1c51b949a763dd68e1680f09950cfadfc0c3e01c 100644
--- a/interface/web/admin/lib/lang/pl_system_config.lng
+++ b/interface/web/admin/lib/lang/pl_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng
index 24ff94fca278da5e3366db422e69bc1a701e7950..4a28e49a7507440f7ebd723ec3630d87a4f5b7f3 100644
--- a/interface/web/admin/lib/lang/pt_system_config.lng
+++ b/interface/web/admin/lib/lang/pt_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng
index b258ee18707b95d94d77a287fdc7e59effd758c5..efbc6bf2637a09042b4fa1a037fa6c0cff507955 100644
--- a/interface/web/admin/lib/lang/ro_system_config.lng
+++ b/interface/web/admin/lib/lang/ro_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng
index c1909f3ba66f2cf9fac5187d67f25722f1907807..33f62e11619099c12e719781e7d6407a917992bc 100644
--- a/interface/web/admin/lib/lang/ru_system_config.lng
+++ b/interface/web/admin/lib/lang/ru_system_config.lng
@@ -1,4 +1,5 @@
 <?php
+$wb['System Config'] = 'Конфигурация системы';
 $wb['system_config_desc_txt'] = 'Настройка параметров по умолчанию';
 $wb['warning'] = 'Изменяйте эти значения аккуратно! Не удаляйте префиксы на системах где более одного пользователя.';
 $wb['dbname_prefix_txt'] = 'Префикс базы данных';
@@ -14,7 +15,7 @@ $wb['mailboxlist_webmail_link_txt'] = 'Ссылка на веб-почту в с
 $wb['webmail_url_txt'] = 'URL веб-почты';
 $wb['phpmyadmin_url_txt'] = 'URL PHPMyAdmin';
 $wb['use_domain_module_txt'] = 'Использовать модуль домена, чтобы добавить новые домены';
-$wb['use_domain_module_hint'] = 'При использовании этого модуля, Ваши клиенты смогут выбрать только один из доменов, созданных для них администратором. Они не могут свободно редактировать поле \"домен\". Чтобы сделать эти изменения видимыми, Вы должны выйти и повторно войти в панель после изменения этого значения.';
+$wb['use_domain_module_hint'] = 'При использовании этого модуля, Ваши клиенты смогут выбрать только один из доменов, созданных для них администратором. Они не могут свободно редактировать поле "домен". Чтобы сделать эти изменения видимыми, Вы должны выйти и повторно войти в панель после изменения этого значения.';
 $wb['new_domain_txt'] = 'HTML текст, чтобы создать новый домен';
 $wb['webdavuser_prefix_txt'] = 'Префикс пользователя WebDAV';
 $wb['webdavuser_prefix_error_regex'] = 'Некорректный символ в префиксе пользователя WebDAV.';
@@ -67,7 +68,7 @@ $wb['customer_no_template_error_regex_txt'] = 'Шаблон номера Кли
 $wb['customer_no_start_txt'] = 'Начальное значение номера Клиента';
 $wb['customer_no_counter_txt'] = 'Счётчик номера Клиента';
 $wb['session_timeout_txt'] = 'Тайм-аут сессии (в минутах)';
-$wb['session_allow_endless_txt'] = 'Включить \"оставаться в системе\"';
+$wb['session_allow_endless_txt'] = 'Включить "оставаться в системе"';
 $wb['No'] = 'Нет';
 $wb['min_password_length_txt'] = 'Минимальная длина пароля';
 $wb['min_password_strength_txt'] = 'Минимальная стойкость пароля';
@@ -81,4 +82,12 @@ $wb['default_webserver_txt'] = 'Web-сервер по умолчанию';
 $wb['default_dnsserver_txt'] = 'DNS-сервер по умолчанию';
 $wb['default_slave_dnsserver_txt'] = 'Вторичный DNS-сервер по умолчанию';
 $wb['default_dbserver_txt'] = 'Сервер базы данных по умолчанию';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng
index 285f7807e8c3f16867a4d3b2f0bfc15af7f29906..c9ccca89e996dca53e8104f12b98f03341416691 100644
--- a/interface/web/admin/lib/lang/se_system_config.lng
+++ b/interface/web/admin/lib/lang/se_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng
index be8789a80347ff34217022e783823f8f36a89719..fdeb1648c47e069b12b32533c1a0033338de5634 100644
--- a/interface/web/admin/lib/lang/sk_system_config.lng
+++ b/interface/web/admin/lib/lang/sk_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng
index 8f5bef0e4d4d2dde47393325292255a4685ed3cd..18657743ece3e2ed1d4cc1cffea4e4719c0e1e9d 100644
--- a/interface/web/admin/lib/lang/tr_system_config.lng
+++ b/interface/web/admin/lib/lang/tr_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/dns/ajax_get_json.php b/interface/web/dns/ajax_get_json.php
index c2da4dce631172dab52b487509e639da8a6988d2..b2c381f3e46820997cab0317adbeb7475e69b3c6 100644
--- a/interface/web/dns/ajax_get_json.php
+++ b/interface/web/dns/ajax_get_json.php
@@ -35,6 +35,7 @@ require_once '../../lib/app.inc.php';
 $app->auth->check_module_permissions('dns');
 
 $type = $_GET["type"];
+$ca_id = $_GET['ca_id'];
 
 if($type == 'get_ipv4'){
 	$result = array();
@@ -54,6 +55,17 @@ if($type == 'get_ipv6'){
 	$json = $app->functions->json_encode($result);
 }
 
+if($type == 'ca_wildcard'){
+	$json = '{';
+	$json .= '"ca_wildcard":"';
+	$tmp = $app->db->queryOneRecord("SELECT ca_wildcard, ca_issue, ca_critical FROM dns_ssl_ca WHERE id = ?", $ca_id);
+	$json .= $tmp['ca_wildcard'].'"';
+	$json .= ',"ca_issue":"'.$tmp['ca_issue'].'"';
+	$json .= ',"ca_critical":"'.$tmp['ca_critical'].'"';
+	unset($tmp);
+	$json .= '}';
+}
+
 header('Content-type: application/json');
 echo $json;
 ?>
diff --git a/interface/web/dns/dns_caa_edit.php b/interface/web/dns/dns_caa_edit.php
new file mode 100644
index 0000000000000000000000000000000000000000..c3d8618414a1148672c78dddb63eec23c3ee7f4c
--- /dev/null
+++ b/interface/web/dns/dns_caa_edit.php
@@ -0,0 +1,222 @@
+<?php
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$tform_def_file = 'form/dns_caa.tform.php';
+
+/******************************************
+* End Form configuration
+******************************************/
+
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
+
+// Loading classes
+$app->uses('tpl,tform,tform_actions,validate_dns');
+$app->load('tform_actions');
+
+class page_action extends tform_actions {
+
+	function onShowNew() {
+		global $app;
+		// we will check only users, not admins
+		if($_SESSION['s']['user']['typ'] == 'user') {
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION['s']['user']['default_group']);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another record.
+			if($client['limit_dns_record'] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp['number'] >= $client['limit_dns_record']) {
+					$app->error($app->tform->wordbook['limit_dns_record_txt']);
+				}
+			}
+		}
+
+		parent::onShowNew();
+	}
+
+	function onShowEnd() {
+		global $app;
+
+		$zone = @(!isset($this->dataRecord['zone']))?$app->functions->intval($_GET['zone']):$this->dataRecord['zone'];
+
+		// get domain-name
+		$sql = "SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
+		$soa = $app->db->queryOneRecord($sql, $zone);
+		$domain_name = rtrim($soa['origin'], '.');
+		$app->tpl->setVar('name', $domain_name);
+		if($this->id > 0) {
+			$temp = $this->dataRecord['name'];
+			$temp = str_replace($soa['origin'], '', $this->dataRecord['name']);
+			$temp = trim($temp,'.');
+			if(trim($temp != '')) $app->tpl->setVar('additional', $temp);
+			unset($temp);
+		}
+
+		//create ca-list
+		$rec = $app->db->QueryAllRecords("SELECT * FROM dns_ssl_ca WHERE active = 'Y' AND ca_issue != '' ORDER by ca_name ASC");
+		$ca_select = "<option value='0' >".$app->tform->wordbook['select_txt']."</option>";
+		if(count($rec) > 0) {
+			foreach($rec as $ca) {
+				if(strpos($this->dataRecord['data'], $ca['ca_issue']) !== FALSE) $selected = ' selected'; else $selected='';
+				$ca_select .= "<option value='$ca[id]'$selected>$ca[ca_name]</option>\r\n";
+			}
+		}
+		$app->tpl->setVar('ca_list', $ca_select);
+		$app->tpl->setVar('type', 'CAA');
+		if($this->id > 0) {
+			if(stristr($this->dataRecord['data'], 'issuewild') !== FALSE) $app->tpl->setVar('allow_wildcard', 'CHECKED'); else $app->tpl->setVar('allow_wildcard', 'UNCHECKED');
+			if(strpos($this->dataRecord['data'], '128') === 0) $app->tpl->setVar('allow_critical', 'CHECKED'); else $app->tpl->setVar('allow_critical', 'UNCHECKED');
+			$app->tpl->setVar('edit_disabled', 1);
+		} else {
+			$app->tpl->setVar('ttl', $soa['ttl']);
+		}
+
+		parent::onShowEnd();
+	}
+
+	function onSubmit() {
+		global $app;
+
+		// Check the client limits, if user is not the admin
+		if($_SESSION['s']['user']['typ'] != 'admin') { // if user is not admin
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION['s']['user']['default_group']);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another record.
+			if($this->id == 0 && $client['limit_dns_record'] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp['number'] >= $client['limit_dns_record']) {
+					$app->error($app->tform->wordbook['limit_dns_record_txt']);
+				}
+			}
+		} // end if user is not admin
+
+		// Check CA
+		if($this->dataRecord['ca_issue'] == '') $this->error('ca_error_txt');
+
+		// Get the parent soa record of the domain
+		$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);
+		$this->dataRecord['name'] = $soa['origin'];
+
+		// Check if Domain belongs to user
+		if($soa['id'] != $_POST['zone']) $this->error('no_zone_perm');
+
+		// Set the server ID of the rr record to the same server ID as the parent record.
+        $this->dataRecord['server_id'] = $soa['server_id'];
+		
+		// Set issue
+		$critical = 0; //* To use critical > 0, uncommented "<div class="critical form-group">" in the template
+		if(isset($this->dataRecord['allow_critical']) && $this->dataRecord['allow_critical'] == 'on' && isset($this->dataRecord['ca_critical']) && $this->dataRecord['ca_critical'] == 1) $critical = 128;
+		if(isset($this->dataRecord['allow_wildcard']) && $this->dataRecord['allow_wildcard'] == "on") {
+			$this->dataRecord['data'] = $critical.' issuewild "'.$this->dataRecord['ca_issue'];
+		} else {
+			$this->dataRecord['data'] = $critical.' issue "'.$this->dataRecord['ca_issue'];
+		}
+		unset($critical);
+		if(isset($this->dataRecord['options']) && $this->dataRecord['options'] != '') {
+			$options=explode(',', $this->dataRecord['options']);
+			foreach($options as $option) {
+				if(trim($option) != '') {
+					if(preg_match('/^(\w+|d\+)=(\w+|d\+)/', $option)) {
+						$this->dataRecord['data'] = $this->dataRecord['data'] . '; '.$option;
+					} else {
+						$this->error('ca_option_error');
+					}
+				}
+			}
+		}
+		$this->dataRecord['data'] = $this->dataRecord['data'].'"';
+
+		// Set name
+		if($this->dataRecord['additional'] != '') {
+			$temp = explode(',', $this->dataRecord['additional'])[0]; // if we have more hostnames the interface-plugin will be used
+			$temp = trim($temp,'.');
+			if(trim($temp != '')) $this->dataRecord['name'] = $temp.'.'.$this->dataRecord['name'];
+			unset($temp);
+		}
+
+		// Check for duplicate
+		$temp = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE type = 'CAA' AND name = ? AND data = ? AND active = ?", $this->dataRecord['name'], $this->dataRecord['data'], $POST['active']);
+		if(is_array($temp)) $this->error('caa_exists_error');
+		unset($temp);
+		
+		// Update the serial number  and timestamp of the RR record
+		$dns_rr = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
+		$this->dataRecord['serial'] = $app->validate_dns->increase_serial($dns_rr['serial']);
+		$this->dataRecord['stamp'] = date('Y-m-d H:i:s');
+
+		parent::onSubmit();
+	}
+
+	function onAfterInsert() {
+		global $app;
+
+		//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
+		$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord['zone']);
+		$app->db->datalogUpdate('dns_rr', array('sys_groupid' => $soa['sys_groupid']), 'id', $this->id);
+
+		//* Update the serial number of the SOA record
+		$soa_id = $app->functions->intval($_POST["zone"]);
+		$serial = $app->validate_dns->increase_serial($soa['serial']);
+		$app->db->datalogUpdate('dns_soa', array('serial' => $serial), 'id', $soa_id);
+
+	}
+
+	function onAfterUpdate() {
+		global $app;
+
+		//* Update the serial number of the SOA record
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord['zone']);
+		$soa_id = $app->functions->intval($_POST['zone']);
+		$serial = $app->validate_dns->increase_serial($soa['serial']);
+		$app->db->datalogUpdate('dns_soa', array('serial' => $serial), 'id', $soa_id);
+	}
+
+	private function error($errmsg) {
+		global $app;
+		if (isset($app->tform->errorMessage)) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
+		$app->tform->errorMessage .= $app->tform->wordbook[$errmsg];
+	}
+
+}
+
+$page = new page_action;
+$page->onLoad();
+
+?>
diff --git a/interface/web/dns/form/dns_caa.tform.php b/interface/web/dns/form/dns_caa.tform.php
new file mode 100644
index 0000000000000000000000000000000000000000..aa297f29d77bd3a8018d25027fdefae628fedeb7
--- /dev/null
+++ b/interface/web/dns/form/dns_caa.tform.php
@@ -0,0 +1,117 @@
+<?php
+
+global $app;
+
+$form['title'] = 'DNS CAA Record';
+$form['description'] = '';
+$form['name'] = 'dns_caa';
+$form['action'] = 'dns_caa_edit.php';
+$form['db_table'] = 'dns_rr';
+$form['db_table_idx'] = 'id';
+$form['db_history'] = 'yes';
+$form['tab_default'] = 'dns';
+$form['list_default'] = 'dns_a_list.php';
+$form['auth'] = 'yes';
+
+$form['auth_preset']['userid']  = 0;
+$form['auth_preset']['groupid'] = 0;
+$form['auth_preset']['perm_user'] = 'riud';
+$form['auth_preset']['perm_group'] = 'riud';
+$form['auth_preset']['perm_other'] = '';
+
+$form['tabs']['dns'] = array (
+	'title'  => 'DNS CAA',
+	'width'  => 100,
+	'template'  => 'templates/dns_caa_edit.htm',
+	'fields'  => array (
+		'server_id' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'SELECT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'zone' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'default' => @$app->functions->intval($_REQUEST['zone']),
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'name' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'filters'   => array( 0 => array( 'event' => 'SAVE',
+					'type' => 'IDNTOASCII'),
+				1 => array( 'event' => 'SHOW',
+					'type' => 'IDNTOUTF8'),
+				2 => array( 'event' => 'SAVE',
+					'type' => 'TOLOWER')
+			),
+			'validators' => array (  0 => array ( 'type' => 'REGEX',
+					'regex' => '/^[a-zA-Z0-9\.\-\_]{0,255}$/',
+					'errmsg'=> 'name_error_regex'),
+			),
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'type' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => 'CAA',
+			'value'  => '',
+			'width'  => '5',
+			'maxlength' => '5'
+		),
+		'data' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'ttl' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'validators' => array ( 0 => array ( 'type' => 'RANGE',
+							'range' => '60:',
+							'errmsg'=> 'ttl_range_error'),
+			),
+			'default' => '3600',
+			'value'  => '',
+			'width'  => '10',
+			'maxlength' => '10'
+		),
+		'active' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'Y',
+			'value'  => array(0 => 'N', 1 => 'Y')
+		),
+		'stamp' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'serial' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '10',
+			'maxlength' => '10'
+		),
+	)
+);
+
+
+
+?>
diff --git a/interface/web/dns/lib/lang/ar_dns_caa.lng b/interface/web/dns/lib/lang/ar_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/ar_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/bg_dns_caa.lng b/interface/web/dns/lib/lang/bg_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/bg_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/br_dns_caa.lng b/interface/web/dns/lib/lang/br_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/br_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ca_dns_caa.lng b/interface/web/dns/lib/lang/ca_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/ca_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/cz_dns_caa.lng b/interface/web/dns/lib/lang/cz_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/cz_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/de_dns_caa.lng b/interface/web/dns/lib/lang/de_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..88dbf6e47aa2b8490718b46defad6b761169fa1e
--- /dev/null
+++ b/interface/web/dns/lib/lang/de_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Zertifizierungsstelle';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'zusätzliche Hostnamen';
+$wb['ca_hostname_note_txt'] = '(mit Komma getrennte Liste - leer für alle Namen)';
+$wb['ca_options_txt'] = 'zusätzliche Angaben';
+$wb['ca_options_note_txt'] = 'von der Zertifizierungsstelle vorgegeben (mit Komma getrennte Liste)';
+$wb['ca_wildcard_txt'] = 'Wildcard verwenden';
+$wb['ca_critical_txt'] = 'Strikte Überprüfung durch die Zertifizierungsstelle'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Aktiv';
+$wb['select_txt'] = 'Zertifizierungstelle auswählen';
+$wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
+$wb['limit_dns_record_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
+$wb['ca_error_txt'] = 'Keine Zertifizierungsstelle gewählt';
+$wb['caa_exists_error'] = 'Eintrag bereits vorhanden';
+$wb['ca_option_error'] = 'Ungültiges Format für zusätzliche Angaben. OPTION=WERT';
+$wb['ttl_range_error'] = 'Min. TTL ist 60 Sekunden.';
+?>
diff --git a/interface/web/dns/lib/lang/dk_dns_caa.lng b/interface/web/dns/lib/lang/dk_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/dk_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/el_dns_caa.lng b/interface/web/dns/lib/lang/el_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/el_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/en_dns_caa.lng b/interface/web/dns/lib/lang/en_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/en_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/es_dns_caa.lng b/interface/web/dns/lib/lang/es_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/es_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/fi_dns_caa.lng b/interface/web/dns/lib/lang/fi_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/fi_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/fr_dns_caa.lng b/interface/web/dns/lib/lang/fr_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/fr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/hr_dns_caa.lng b/interface/web/dns/lib/lang/hr_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/hr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/hu_dns_caa.lng b/interface/web/dns/lib/lang/hu_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/hu_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/id_dns_caa.lng b/interface/web/dns/lib/lang/id_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/id_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/it_dns_caa.lng b/interface/web/dns/lib/lang/it_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/it_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ja_dns_caa.lng b/interface/web/dns/lib/lang/ja_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/ja_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/nl_dns_caa.lng b/interface/web/dns/lib/lang/nl_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/nl_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/pl_dns_caa.lng b/interface/web/dns/lib/lang/pl_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/pl_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/pt_dns_caa.lng b/interface/web/dns/lib/lang/pt_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/pt_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ro_dns_caa.lng b/interface/web/dns/lib/lang/ro_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/ro_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ru_dns_caa.lng b/interface/web/dns/lib/lang/ru_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/ru_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/se_dns_caa.lng b/interface/web/dns/lib/lang/se_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/se_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/sk_dns_caa.lng b/interface/web/dns/lib/lang/sk_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/sk_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/tr_dns_caa.lng b/interface/web/dns/lib/lang/tr_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/tr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
index 748bc405d82072d25aa4183b2259368c04f58ed2..1c6999511d1280b8c015b422bed9435a6cf5485b 100644
--- a/interface/web/dns/list/dns_a.list.php
+++ b/interface/web/dns/list/dns_a.list.php
@@ -132,7 +132,7 @@ $liste["item"][] = array( 'field'  => "type",
 	'prefix' => "",
 	'suffix' => "",
 	'width'  => "",
-	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'DS'=>'DS', 'HINFO'=>'HINFO', 'LOC'=>'LOC', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
+	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CAA'=>'CAA', 'CNAME'=>'CNAME', 'DS'=>'DS', 'HINFO'=>'HINFO', 'LOC'=>'LOC', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
 
 
 ?>
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index b8d57401bb63e78a5fd168b7297690301d6c2325..67bf8ac910ff7e2485cad9c35590e6e6684e26b3 100644
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -20,6 +20,7 @@
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_a_edit.php?zone={tmpl_var name='parent_id'}">A</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_aaaa_edit.php?zone={tmpl_var name='parent_id'}">AAAA</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_alias_edit.php?zone={tmpl_var name='parent_id'}">ALIAS</button>
+            <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_caa_edit.php?zone={tmpl_var name='parent_id'}">CAA</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_cname_edit.php?zone={tmpl_var name='parent_id'}">CNAME</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_dkim_edit.php?zone={tmpl_var name='parent_id'}">DKIM</button>
 			<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_ds_edit.php?zone={tmpl_var name='parent_id'}">DS</button>
diff --git a/interface/web/dns/templates/dns_caa_edit.htm b/interface/web/dns/templates/dns_caa_edit.htm
new file mode 100644
index 0000000000000000000000000000000000000000..3de64818b4936ae902004b53de139742c3187e81
--- /dev/null
+++ b/interface/web/dns/templates/dns_caa_edit.htm
@@ -0,0 +1,74 @@
+<div class='page-header'><h1><tmpl_var name="list_head_txt"></h1></div>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<div class="form-group">
+	<label for="ca_list" class="col-sm-2 control-label">{tmpl_var name='ca_list_txt'}</label>
+	<div class="col-sm-4"><select name="ca_list" id="ca_list" class="form-control">{tmpl_var name='ca_list'}</select></div>
+</div>
+
+<div class="wildcard form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='ca_wildcard_txt'}</label>
+	<div class="col-sm-4"> <input type="checkbox" id="allow_wildcard" name="allow_wildcard" {tmpl_var name='allow_wildcard'}/></div>
+</div>
+
+<!--
+For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+<div class="critical form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='ca_critical_txt'}</label>
+	<div class="col-sm-4"> <input type="checkbox" id="allow_critical" name="allow_critical" {tmpl_var name='allow_critical'}/></div>
+</div>
+-->
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_domain_txt'}</label>
+	<div class="col-sm-4"><input disabled type="text" name="name" id="name" value="{tmpl_var name='name'}" class="form-control" /></div>
+</div>
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_hostname_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="additional" id="additional" value="{tmpl_var name='additional'}" class="form-control" <tmpl_if name="edit_disabled">readonly</tmpl_if> /> </div>
+	<div class="input-sm">{tmpl_var name='ca_hostname_note_txt'}</div>
+</div>
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_options_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="options" id="options" value="{tmpl_var name='options'}" class="form-control" /></div>
+	<div class="input-sm">{tmpl_var name='ca_options_note_txt'}</div>
+</div>
+
+<div class="form-group">
+	<label for="ttl" class="col-sm-2 control-label">{tmpl_var name='ttl_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="ttl" id="ttl" value="{tmpl_var name='ttl'}" class="form-control" /></div>
+</div>
+
+<div class="form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='active_txt'}</label>
+	<div class="col-sm-4">{tmpl_var name='active'}</div>
+</div>
+
+<input type="hidden" name="id" value="{tmpl_var name='id'}">
+<input type="hidden" name="zone" value="{tmpl_var name='zone'}" id="zone">
+<input type="hidden" name="type" value="{tmpl_var name='type'}">
+<input type="hidden" name="ca_issue" value="{tmpl_var name='ca_issue'}">
+<input type="hidden" name="ca_critical" value="{tmpl_var name='ca_critical'}">
+
+<div class="clear"><div class="right">
+	<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="dns/dns_caa_edit.php">{tmpl_var name='btn_save_txt'}</button>
+	<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='zone'}">{tmpl_var name='btn_cancel_txt'}</button>
+</div></div>
+
+<script language="JavaScript" type="text/javascript">
+	$(document).ready(function() { reloadForm(); });
+	jQuery('#ca_list').change(function(){ reloadForm(); });
+	function reloadForm(){
+		var caID = jQuery('#ca_list').val();
+		jQuery.getJSON('dns/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {ca_id : caID, type : "ca_wildcard"}, function(data) {
+			if(data.ca_wildcard == "Y"){ jQuery('.wildcard').show(); } else { jQuery('.wildcard').hide(); }
+			if(data.ca_critical == "1"){ jQuery('.critical').show(); } else { jQuery('.critical').hide(); }
+			$('input[name="ca_issue"]').val(data.ca_issue);
+			$('input[name="ca_critical"]').val(data.ca_critical);
+		});
+	}
+</script>
+
+