diff --git a/install/install.php b/install/install.php
index 4437bd8fa387e0407271c4c79df27fb1282e1ec7..cdf6806092be0f2d5f81db3468a4e9e8bdb702b8 100644
--- a/install/install.php
+++ b/install/install.php
@@ -536,7 +536,16 @@ if($force) {
$inst->configure_fail2ban();
}
+// create acme vhost
+if($conf['nginx']['installed'] == true) {
+ $inst->make_acme_vhost('nginx'); // we need this config file but we don't want nginx to be restarted at this point
+}
+if($conf['apache']['installed'] == true) {
+ $inst->make_acme_vhost('apache'); // we need this config file but we don't want apache to be restarted at this point
+}
+
//** Configure ISPConfig :-)
+$issue_tried = false;
$install_ispconfig_interface_default = ($conf['mysql']['master_slave_setup'] == 'y')?'n':'y';
if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPConfig Web Interface', array('y', 'n'), $install_ispconfig_interface_default,'install_ispconfig_web_interface')) == 'y') {
swriteln('Installing ISPConfig');
@@ -563,6 +572,7 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPCon
if(strtolower($inst->simple_query('Do you want a secure (SSL) connection to the ISPConfig web interface', array('y', 'n'), 'y','ispconfig_use_ssl')) == 'y') {
$inst->make_ispconfig_ssl_cert();
+ $issue_tried = true;
}
$inst->install_ispconfig_interface = true;
@@ -572,8 +582,9 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPCon
// Create SSL certs for non-webserver(s)?
if(!file_exists('/usr/local/ispconfig/interface/ssl/ispserver.crt')) {
- if(strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y')
+ if(!$issue_tried && strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y') {
$inst->make_ispconfig_ssl_cert();
+ }
} else {
swriteln('Certificate exists. Not creating a new one.');
}
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 9ac5c788f0f7169527c6b096e757a40738e607b8..5d0a78cdf6c4bf5d3812d670759f01c8ab3748f1 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2721,9 +2721,15 @@ class installer_base {
return $response;
}
- private function make_acme_vhost($server_name, $server = 'apache', $restart = true) {
+ public function make_acme_vhost($server = 'apache') {
global $conf;
+ if($conf['hostname'] !== 'localhost' && $conf['hostname'] !== '') {
+ $server_name = $conf['hostname'];
+ } else {
+ $server_name = exec('hostname -f');
+ }
+
$use_template = 'apache_acme.conf.master';
$use_symlink = '999-acme.conf';
$use_name = 'acme.conf';
@@ -2759,15 +2765,6 @@ class installer_base {
if(!@is_link($vhost_conf_enabled_dir.'' . $use_symlink)) {
symlink($vhost_conf_dir.'/' . $use_name, $vhost_conf_enabled_dir.'/' . $use_symlink);
}
- if($restart === true) {
- if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {
- if($this->is_update) {
- system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
- } else {
- system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
- }
- }
- }
}
public function make_ispconfig_ssl_cert() {
@@ -2838,12 +2835,18 @@ class installer_base {
}
swriteln('Using certificate path ' . $acme_cert_dir);
+ $ip_address_match = false;
if(!(($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips)))) {
swriteln('Server\'s public ip(s) (' . $svr_ip4 . ($svr_ip6 ? ', ' . $svr_ip6 : '') . ') not found in A/AAAA records for ' . $hostname . ': ' . implode(', ', $dns_ips));
+ if(strtolower($inst->simple_query('Ignore DNS check and continue to request certificate?', array('y', 'n') , 'n','ignore_hostname_dns')) == 'y') {
+ $ip_address_match = true;
+ }
+ } else {
+ $ip_address_match = true;
}
- if ((!@is_dir($acme_cert_dir) || !@file_exists($check_acme_file) || !@file_exists($ssl_crt_file) || md5_file($check_acme_file) != md5_file($ssl_crt_file)) && (($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips)))) {
+ if ((!@is_dir($acme_cert_dir) || !@file_exists($check_acme_file) || !@file_exists($ssl_crt_file) || md5_file($check_acme_file) != md5_file($ssl_crt_file)) && $ip_address_match == true) {
// This script is needed earlier to check and open http port 80 or standalone might fail
// Make executable and temporary symlink latest letsencrypt pre, post and renew hook script before install
@@ -2893,15 +2896,22 @@ class installer_base {
// first of all create the acme vhosts if not existing
if($conf['nginx']['installed'] == true) {
swriteln('Using nginx for certificate validation');
- $this->make_acme_vhost($hostname, 'nginx');
+ $server = 'nginx';
} elseif($conf['apache']['installed'] == true) {
swriteln('Using apache for certificate validation');
if($this->is_update == false && @is_link($vhost_conf_enabled_dir.'/000-ispconfig.conf')) {
$restore_conf_symlink = true;
unlink($vhost_conf_enabled_dir.'/000-ispconfig.conf');
}
+ $server = 'apache';
+ }
- $this->make_acme_vhost($hostname, 'apache');
+ if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {
+ if($this->is_update) {
+ system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+ } else {
+ system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+ }
}
$issued_successfully = false;
@@ -2934,6 +2944,8 @@ class installer_base {
rename($ssl_pem_file, $ssl_pem_file . '-' . $date->format('YmdHis') . '.bak');
}
+ $check_acme_file = $ssl_crt_file;
+
// Define LE certs name and path, then install them
//$acme_cert = "--cert-file $acme_cert_dir/cert.pem";
$acme_key = "--key-file " . escapeshellarg($ssl_key_file);
@@ -2999,10 +3011,7 @@ class installer_base {
}
}
} else {
- if($conf['apache']['installed'] == true) {
- $this->make_acme_vhost($hostname, 'apache', false); // we need this config file but we don't want apache to be restarted at this point
- }
- if(($svr_ip4 && in_array($svr_ip4, $dns_ips)) || ($svr_ip6 && in_array($svr_ip6, $dns_ips))) {
+ if($ip_address_match) {
// the directory already exists so we have to assume that it was created previously
$issued_successfully = true;
}
diff --git a/install/update.php b/install/update.php
index 1b6331f7da289babdf0115aab4c8405a3291a942..75be8a46ccaf72fef45e4b87890b68d3e371899a 100644
--- a/install/update.php
+++ b/install/update.php
@@ -519,6 +519,15 @@ if($reconfigure_services_answer == 'yes' || $reconfigure_services_answer == 'sel
//** Configure ISPConfig
swriteln('Updating ISPConfig');
+$issue_tried = false;
+// create acme vhost
+if($conf['nginx']['installed'] == true) {
+ $inst->make_acme_vhost('nginx'); // we need this config file but we don't want nginx to be restarted at this point
+}
+if($conf['apache']['installed'] == true) {
+ $inst->make_acme_vhost('apache'); // we need this config file but we don't want apache to be restarted at this point
+}
+
if ($inst->install_ispconfig_interface) {
//** Customise the port ISPConfig runs on
$ispconfig_port_number = get_ispconfig_port_number();
@@ -533,13 +542,15 @@ if ($inst->install_ispconfig_interface) {
// $ispconfig_ssl_default = (is_ispconfig_ssl_enabled() == true)?'y':'n';
if(strtolower($inst->simple_query('Create new ISPConfig SSL certificate', array('yes', 'no'), 'no','create_new_ispconfig_ssl_cert')) == 'yes') {
$inst->make_ispconfig_ssl_cert();
+ $issue_tried = true;
}
}
// Create SSL certs for non-webserver(s)?
if(!file_exists('/usr/local/ispconfig/interface/ssl/ispserver.crt')) {
- if(strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y')
+ if(!$issue_tried && strtolower($inst->simple_query('Do you want to create SSL certs for your server?', array('y', 'n'), 'y')) == 'y') {
$inst->make_ispconfig_ssl_cert();
+ }
} else {
swriteln('Certificate exists. Not creating a new one.');
}
diff --git a/server/conf/sieve_filter.master b/server/conf/sieve_filter.master
index b5dedebf293706ea67fd7a2aff107186663ccbb4..51d8eeee149193a99fc3d0a7d51f5d17208d0c93 100644
--- a/server/conf/sieve_filter.master
+++ b/server/conf/sieve_filter.master
@@ -29,6 +29,8 @@ redirect "<tmpl_var name='address'>";
# You can create and activate a per-user sieve script (manually or via managesieve),
# which will execute before this.
+require ["fileinto", "mailbox", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"];
+
<tmpl_if name="move_junk" op="==" value="a">
# Move spam to spam folder
if anyof (header :contains "X-Spam-Flag" "YES", header :contains "X-Spam" "Yes", header :contains "subject" "*** SPAM ***", header :contains "subject" "***SPAM***") {
diff --git a/server/plugins-available/powerdns_plugin.inc.php b/server/plugins-available/powerdns_plugin.inc.php
index 7ab23ec5494cd57d6f877e8a1afcbd864f48926f..82240f106dd157ffac5cff394752d787d94b4276 100644
--- a/server/plugins-available/powerdns_plugin.inc.php
+++ b/server/plugins-available/powerdns_plugin.inc.php
@@ -449,7 +449,7 @@ class powerdns_plugin {
function notifySlave($data) {
global $app;
-
+
$pdns_control = $this->find_pdns_control();
if ( $pdns_control != false ) {
$app->system->exec_safe($pdns_control . ' notify ?', rtrim($data["new"]["origin"],"."));
@@ -458,7 +458,7 @@ class powerdns_plugin {
function fetchFromMaster($data) {
global $app;
-
+
$pdns_control = $this->find_pdns_control();
if ( $pdns_control != false ) {
$app->system->exec_safe($pdns_control . ' retrieve ?', rtrim($data["new"]["origin"],"."));
@@ -502,7 +502,7 @@ class powerdns_plugin {
}
// If DNSSEC is wanted, enable it
- if ($data['new']['dnssec_wanted'] === 'Y' && $data['old']['dnssec_wanted'] === 'N') {
+ if ($data['new']['dnssec_wanted'] === 'Y' && (is_null($data['old']['dnssec_wanted']) || $data['old']['dnssec_wanted'] === 'N')) {
$this->soa_dnssec_create($data);
}
}