.editorconfig

+; top-most EditorConfig file
+root = true
+
+; Unix-style newlines
+[*]
+charset = utf-8
+end_of_line = LF
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = tab
+
+[*.{htm,html}]
+indent_style = space
+indent_size = 4

.git-scripts/syntax.sh

+#!/bin/bash
+
+IFS=$'\n'
+EX=0
+ERRS="" ;
+WARNS="" ;
+ERRCNT=0 ;
+WARNCNT=0 ;
+
+OUTCNT=0 ;
+FILECNT=0 ;
+DONECNT=0 ;
+
+CMD="find . -type f \( -name \"*.php\" -o -name \"*.lng\" \) -print" ;
+
+if [[ "$1" == "commit" ]] ; then
+	CMD="git diff-tree --no-commit-id --name-only -r ${CI_COMMIT_SHA} | grep -E '\.(php|lng)$'" ;
+fi
+
+FILECNT=$(eval "${CMD} | wc -l") ;
+
+for F in $(eval "$CMD") ; do
+	if [[ ! -e "${F}" || ! -f "${F}" ]] ; then
+		continue ;
+	fi
+	R=$(php -d error_reporting=E_ALL -d display_errors=On -l "$F" 2>/dev/null) ;
+	RET=$? ;
+	R=$(echo "${R}" | sed "/^$/d")
+	if [ $RET -gt 0 ] ; then
+		EX=1 ;
+		echo -n "E" ;
+		ERRS="${ERRS}${F}:"$'\n'"${R}"$'\n\n' ;
+		ERRCNT=$((ERRCNT + 1)) ;
+	else
+		if [[ "$R" == "Deprecated: "* ]] ; then
+			echo -n "W" ;
+			WARNS="${WARNS}${F}:"$'\n'"${R}"$'\n\n' ;
+			WARNCNT=$((WARNCNT + 1)) ;
+		else 
+			echo -n "." ;
+		fi
+	fi
+	OUTCNT=$((OUTCNT + 1)) ;
+	DONECNT=$((DONECNT + 1)) ;
+	if [ $OUTCNT -ge 40 ] ; then
+		OUTCNT=0 ;
+		echo "[${DONECNT}/${FILECNT}]" ;
+	fi
+done
+
+echo ""
+echo "--------------------------";
+echo "${DONECNT} Files done"
+echo "${ERRCNT} Errors"
+if [ $ERRCNT -gt 0 ] ; then
+	echo "${ERRS}"
+	echo ""
+fi
+
+echo "${WARNCNT} Warnings"
+if [ $WARNCNT -gt 0 ] ; then
+	echo ""
+	echo "${WARNS}"
+	echo ""
+fi
+
+exit $EX

.gitattributes

+* text=auto
+*.php text eol=lf
\ No newline at end of file

.gitignore

+.idea
+/nbproject/private/
+.phplint-cache
+
+# Vim and patch specific excludes
+*.swp
+*.orig
+*.rej
+
+# macOS-specific things to exclude
+
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+Icon?
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Configuration for the Nova editor
+.nova
+
+# VS Code files for those working on multiple tools
+.vscode/*
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# Visual Studio IDE cache/options directory
+.vs/
+
+# do not version control generated config files
+/server/lib/mysql_clientdb.conf
+/server/lib/config.inc.php
+/server/lib/config.inc.local.php
+/interface/lib/config.inc.local.php
+/install/existing_db.sql

.gitlab-ci.yml

+# Defines stages which are to be executed
+stages:
+  - syntax
+  - syntax_diff
+  - test
+  - build
+
+#
+### Stage syntax
+#
+
+syntax:lint:
+  stage: syntax
+  image: edbizarro/gitlab-ci-pipeline-php:7.2
+  allow_failure: false
+  only:
+    - schedules
+    - web
+    - merge_requests
+    - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+
+  script:
+    - echo "Syntax checking PHP files"
+    - bash ./.git-scripts/syntax.sh
+
+
+syntax_diff:lint:
+  stage: syntax
+  image: edbizarro/gitlab-ci-pipeline-php:7.2
+  allow_failure: false
+  only:
+    - web
+    - pushes
+    - branches
+
+  except:
+    - schedules
+    - web
+    - merge_requests
+    - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+
+  script:
+    - echo "Syntax checking PHP files"
+    - bash ./.git-scripts/syntax.sh commit
+
+#syntax:lint:
+#  stage: syntax
+#  image: edbizarro/gitlab-ci-pipeline-php:7.2
+#  allow_failure: false
+#  only:
+#    - schedules
+#    - web
+#    - merge_requests
+#
+#  script:
+#    - composer require overtrue/phplint
+#    - echo "Syntax checking PHP files"
+#    - echo "For more information http://www.icosaedro.it/phplint/"
+#    - vendor/bin/phplint
+
+
+#test:install:
+#  stage: test
+#  image: jerob/docker-ispconfig
+#  only:
+#    - schedules
+#    - web
+#    - /^\d+\.\d+\.\d+$/
+#  
+#  script:
+#    - $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
+#    - apt-get update
+#    - apt-get --yes install curl
+#    - curl --insecure https://127.0.0.1:8080/login/
+#    - ps xaf
+#    
+#  needs: ["syntax:lint"]
+
+build:package:
+    stage: build
+    image: edbizarro/gitlab-ci-pipeline-php:7.2
+    only:
+        refs:
+            - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+            - web
+
+    script:
+        - echo "Building release."
+        - if [[ "$VER" == "" ]] ; then VER="$CI_COMMIT_TAG" ; fi
+        - if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
+        - if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
+        - RET=0
+        - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' --mode='0775' ./* || RET=$?
+        - if [[ $RET > 1 ]] ; then exit $RET ; fi
+        - echo "Listing tar contents for verification"
+        - tar -tvf ISPConfig-${VER}.tar.gz
+        - echo "Uploading file to download server"
+        - curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/
+        - if [[ "$VER" =~ ^[0-9]+\.[0-9]+\.[0-9]+(p[0-9]+)?$ ]] ; then echo "Stable release ${VER}" ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/ISPConfig-3-stable.tar.gz ; echo -n "${VER}" > ispconfig3_version.txt ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ispconfig3_version.txt ftp://${DEPLOY_FTP_SERVER}/web/ ; else echo "Dev release ${VER}" ; fi
+        - rm ISPConfig-${VER}.tar.gz
+        - echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
+        
+    needs: ["syntax:lint"]
+    allow_failure: false

.gitlab/issue_templates/Bug.md

+<!-- Before creating a bug report, please:
+- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
+- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
+- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
+-->
+
+## Summary
+<!-- What is happening and what is wrong with that? -->
+
+## Steps to reproduce
+1. [First step]
+2. [Second step]
+3. [and so on...]
+
+## Correct behaviour
+<!-- What should happen instead? -->
+
+## Environment
+Server OS + version: (Debian 10/Ubuntu 20.04/CentOS 8/...) \
+ISPConfig version: (3.1.15p3/3.2.3/3.2dev/...)
+<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
+Software version of the related software:
+<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
+```
+Output of the command
+```
+
+## Proposed fix
+optional, of course.  
+if you want to post code snippets, please use
+```  
+your code  
+```
+or attach a code file. Best is to create a merge request of course.
+
+## References
+if you know of related bugs or feature requests, please reference them by using `#<issuenumber>`, e. g. #6105
+if you have done a merge request already, please reference it by using `!<mergenumber>`, e. g. !1444 
+if you know of a forum post on howtoforge.com that deals with this topic, just add the link to the forum topic here
+
+## Screenshots
+optional, of course.  
+Add screenshots of the problem by clicking "Attach a file" on the bottom right.
+
+## Related log entries

.phplint.yml

+path: ./
+jobs: 5
+cache: .phplint-cache
+extensions:
+  - php
+  - lng
+exclude:
+  - vendor
+

CODING_NOTES.php.txt

-Some guidelines for web development with php.
------------------------------------------------------
-* Unix Line Breaks Only, NO windows breaks please.
-* Tabs set at 4 spaces either as tabs or spaces.
-* no accidental _<?php space before, within or after a file
-* every php file starts and end with <?php ?> no spaces before or after
-* error_reporting(E_ALL|E_STRICT) , yep php5
-* Magic quotes is gone in php6, get used to it now. config = magic_quotes_gpc() Everything must be quoted
-* Don't use ereg,split and other old function -> gone in php 5.4 or 6 (different information on php.net) http://www.php.net/manual/en/migration53.deprecated.php
-* Don't use shorttags. A Shorttag is <? and that is confusing with <?xml -> always <?php
-* Column names in database tables and database table names are in lowercase
-* Classes for the interface are located in interface/lib/classes/ and loaded with $app->uses() or $app->load() functions.
-* Classes for the server are located in server/lib/classes/ and loaded with $app->uses() or $app->load() functions.
-
-please mark any section that need review or work on with
-// TODO 
-* Add documentation about access levels (public, private, protected).
-* Make function / var names on the following way, first word lower, next word(s) first letter upper like. getFirstResult();
-
-Pear coding guidelines
-
-//*****************************************************************************
-// Commenting style
-//*****************************************************************************
-phpdoc is used for creating and autogenerating the documentation, this means that
-some of the comments can be formatted to be included in documentation.
-ie the source files are scanned then processed and html docs are created. 
-
-The comments break down into the following types
-// is uses for removing lines and debug dev etc
-//** and //* are used as "sub comments"
-/* 
-    is used to comment out blocks
-*/
-/** is used to create documentaion
-* thats over 
-* lines
-*/
-
-If you need to block out a section then use
-/*
-function redundant_code(){
-    something here
-}
-*/
-
-To block out single lines use // and all // are assumed to be redundant test code and NOT comments
-
-// print_r($foo);
-
-For inline comment use //** and //* eg
-
-//** Decide what do do
-switch($decide){
-    //* blow it up
-    case 'baloon':
-        $foo->gas(+1);
-        // test_pressure(); << inline comment
-        break;
-
-    //* Do default action
-    default:
-        do_land();
-        get_gps();
-        //* following grant greaceful exit
-        //basket_exit_crash();
-        basket_exit();
-
-}
-
-Do not use the phpdoc on every function, eg 
-
-/**
-* Login a user
-* @param string user  username
-* @param string password of user
-*/
->>
-function login($user, $pass){
-.......
-}
-<<
-as this function explains its self, the following clean code will suffice
->>
-function login($user, $pass){
-.......
-}
-
-If you do need to explain a function then put un the summary syntax eg
-
-/** Pass an array of values where third param is bar
-* $foo['bar'] = 1; // allow a user
-* $foo['bar'] = 2; // destroy user
-* $foo['bar'] = -1; // recreate
-*/
-public function do_something($x, $y, $foo){
-... do something interesting    
-}
-
-//*****************************************************************************
-// Where to store custom settings
-//*****************************************************************************
-
--- Interface settings
-
-The recommended place to store global interface settings is the ini style global config system 
-(see system.ini.master file in install/tpl/ to set defaults). The settings file 
-gets stored inside the ispconfig database. Settings can be accessed with the function:
-
-$app->uses('ini_parser,getconf');
-$interface_settings = $app->getconf->get_global_config('modulename');
-
-where modulename corresponds to the config section in the system.ini.master file.
-To make the settings editable under System > interface config, add the new configuration
-fields to the file interface/web/admin/form/system_config.tform.php and the corresponding
-tempalte file in the templates subfolder of the admin module.
-
--- Server settings
-
-Server settings are stored in the ini style server config system (see server.ini.master template file)
-The settings file gets stored inside the ispconfig database in the server table. Settings can be 
-accessed with the function $app->getconf->get_server_config(....)
-
-Example to access the web configuration:
-
-$app->uses('ini_parser,getconf');
-$web_config = $app->getconf->get_server_config($server_id,'web');
-
-
-//*****************************************************************************
-// Learn about the form validators
-//*****************************************************************************
-There are form validators in interface/lib/classes/tform.inc.php to make validating forms easier.
-Read about: REGEX,UNIQUE,NOTEMPTY,ISEMAIL,ISINT,ISPOSITIVE,ISIPV4,CUSTOM
-

CONTRIBUTING.md

+# Contributing to ISPConfig
+ISPConfig is a open source project and community contributions are very welcome. To contribute, please stick to the guidelines.
+
+This document is under development and will be continuously improved.
+
+Please do not refactor existing code and do not change the signature or the behaviour of central functions or libraries. Such changes may only be made by the core development team. We have had many bad experiences with such changes affecting the stability of ISPConfig, so we no longer accept submissions containing such changes. Merge requests containing such changes will be closed and not merged.
+
+# Issues
+* Before opening a new issue, use the search function to check if there isn't a bug report / feature request already.
+* If you are reporting a bug, please share your OS and PHP (CLI) version.
+* If you want to report several bugs or request several features, open a separate issue for each one of them.
+* Do note re-open issues that were closed by the core dev team unless something new and important that is not mentioned in the original issue needs to be added. Permanently re-opening issues that we commented on and closed will get your account banned. You may add comments to issues without re-opening them though.
+
+# Branches
+* If you are a new user, please send an email to: dev [at] ispconfig [dot] org to receive rights to fork the project.
+* Please create an issue for each contribution you want to make.
+* Do not put multiple contributions into a single branch and merge request. Each contribution should have it's own branch.
+* Do not use the develop branch in your forked project for your contribution. Create a separate branch for each issue.
+* Give your branch a name, e. g. `6049-update-the-contributing-doc ` where 6049 is the issue number.
+
+# Merge requests
+Please give your merge request a description that shortly states what it is about. Merge requests without a good title or with missing description will get delayed because it is more effort for us to check the meaning of the changes made.
+Once again: Do not put multiple things into a single merge request. If you for example fix two issues where one affects apache and one mail users, use separate issues and separate merge requests.
+You can group multiple issues in a single merge request if they have the same specific topic, e. g. if you have one issue stating that a language entry in mail users is missing and a second issue that a language entry for server config is missing, you can put both issues into a single branch and merge request. Be sure to include all issue ids (if multiple) into the merge request's description in this case.
+* Open a issue for the bug you want to fix / the feature you want to implement
+* After opening the issue, commit your changes to your branch
+* Note the issue # in every commit
+* Update the documentation (New devs will not have access to this. Please send a email to docs@ispconfig.org)
+* Add translations for every language
+* Use a short title
+* Write a clear description - for example, when updating the contributing guidelines with issue #6049: \
+"Update of our contributing guidelines \
+Closes #6049"
+* Please be aware that we are not able to accept merge request that do not stick to the coding guidelines. We need to insist on that to keep the code clean and maintainable.
+
+# Some guidelines for web development with php.
+-----------------------------------------------------
+* Don't use features that are not supported in PHP 5.4, for compatibility with LTS OS releases, ISPConfig must support PHP 5.4+
+* Don't use shorttags. A Shorttag is `<?` and that is confusing with `<?xml` -> always use `<?php`
+* Don't use namespaces
+* Column names in database tables and database table names are in lowercase
+* Classes for the interface are located in interface/lib/classes/ and loaded with $app->uses() or $app->load() functions.
+* Classes for the server are located in server/lib/classes/ and loaded with $app->uses() or $app->load() functions.
+
+### Indentations
+
+Indentations are always done with tabs. Do **not** use spaces.
+It is recommended to set your IDE to display tabs with a width of 4 spaces.
+
+### Variable and method / function names
+
+Methods and functions should always be written in camel-case. Variables and properties should always be lowercase instead.
+
+**Correct:**
+```php
+class MyClass {
+    private $issue_list = [];
+
+    private function getMyValue() {
+
+    }
+}
+```
+
+**Wrong:**
+```php
+class my_class {
+    private $IssueList = [];
+
+    private function get_my_value() {
+
+    }
+}
+```
+
+### Blocks
+
+#### Curly braces
+
+Opening curly braces always have to be in the same line as the preceding condition. They are separated by a single space from the closing paranthesis.
+Closing curly braces are always on a separate line after the last statement in the block. The only exception is a do-while block where the logic is inverted.
+
+Curly braces are **always** to be used. Do not leave them out, even if there is only a single statement in the corresponding block.
+
+**Correct:**
+```php
+if($variable === true) {
+
+}
+
+while($condition) {
+
+}
+
+do {
+
+} while($condition);
+```
+
+**Wrong:**
+```php
+if($variable === true){
+
+}
+
+if($variable === true)
+{
+
+}
+
+if($variable === true)
+   $x = 'no braces';
+
+while($condition) { }
+```
+
+#### Short style
+
+The short style of conditional assignments is allowed to be used, but it must not affect readability, e. g. they shall not be nested.
+
+**Allowed:**
+```php
+$a = 0;
+if($condition === true) {
+    $a = 1;
+}
+
+$a = ($condition === true ? 1 : 0);
+```
+
+**Disallowed:**
+```php
+$x = ($condition === true ? ($further == 'foo' ? true : false) : true);
+```
+
+
+#### Spaces and paranthesis
+
+The rules for using spaces are:
+- no space after `if`/`while` etc. and the following opening paranthesis
+- single space after closing paranthesis and before opening curly brace
+- no spaces at the end of a line
+- no spaces after opening paranthesis and before closing paranthesis
+- single space before and after comparators
+
+**Correct:**
+```php
+if($variable === $condition) {
+
+}
+
+while(($condition !== false || $condition2 === true) && $n <= 15) {
+    $n++;
+}
+```
+
+**Wrong:**
+```php
+if ($variable===$condition) {
+
+}
+
+while(($condition!==false||$condition2===true))&&$n<=15){
+
+}
+```
+
+#### Newlines inside of conditions
+
+Breaking up conditions into separate lines can be done if it positively affects readability.
+
+```php
+if($condition === true && ($state === 'completed' || $state === 'pending') && ($processed_by !== null || $process_time < time())) {
+
+}
+```
+can also be written as
+```php
+if($condition === true
+    && ($state === 'completed' || $state === 'pending')
+    && ($processed_by !== null || $process_time < time())
+    ) {
+
+}
+```
+This must not be abused, e. g. the following is not allowed:
+
+```php
+if($a == 1
+    || $b == 2) {
+
+    }
+```
+
+### Arrays
+
+#### Short syntax
+
+Please **do** use short array syntax. We have deprecated the old-style array syntax.
+
+**Correct**:
+```php
+$var = [];
+
+$var2 = [
+    'conf' => [
+        'setting1' => 'value1'
+    ]
+];
+```
+
+**Wrong:**
+```php
+$var = array();
+
+$var2 = array(
+    'conf' => array(
+        'setting1' => 'value1'
+    )
+);
+```
+
+#### Spaces and newlines
+
+When defining an empty array, both brackets shall be on the same line. When defining an array with values, the style depends on the values you are going to assign.
+
+##### List of values
+
+When defining an array with a list of values, e. g. numbers or names, they should be on the same line as the brackets without using new lines, as long as the line does not exceed a total number of characters of about 90. After each comma there has to be a single space.
+
+##### Nested array
+
+When defining a nested array onle the opening bracket is to be on the same line. The closing bracket has to be on a separate line indented by `tabs * level of array`.
+
+##### Examples
+
+```php
+// empty array
+$a = [];
+
+// array with list of values
+$array = [4, 3, 76, 12];
+
+// array with long list of values
+$array = [
+    'This is one entry', 'This is a second one', 'Another one', 'Further entries', 'foo', 'bar', 34, 42, $variable, // newline here for better readability
+    'Next entry', 'the last entry'
+];
+
+// nested array
+$array = [
+    'conf' => [
+        'level' => 1,
+        'settings' => [
+            'window' => 'open',
+            'door' => 'closed
+        ]
+    ]
+];
+```
+
+**Not-to-dos:**
+```php
+$array=[
+];
+
+$array = [
+    1,
+    4,
+    35,
+    23,
+    345,
+    11,
+    221,
+    'further',
+    '...'
+];
+
+$array=['conf'=>['settings'=>['window' => 'open', 'door' => 'closed]]];
+```
+
+### Strings 
+
+Whenever possible use single quotes `'` instead of double qoutes `"`. Try not to embedd variables in string. Concatenate them instead.
+
+**Correct:**
+```php
+// simple text
+$var = 'This is a text';
+
+// array index
+$array['index'] = 'value';
+
+// text with variables
+$var = 'This is a text with ' . $value . ' values inside and at the end: ' . $sum_value;
+
+// dynamic array index
+$idx = 'index' . $key;
+$value = $array[$idx];
+```
+
+**Wrong:**
+```php
+// simple text
+$var = "This is a text";
+
+// array index
+$array["index"] = 'value';
+
+// text with variables
+$var = "This is a text with $value values inside and at the end: {$sum_value}";
+
+// dynamic array index
+$value = $array['index' . $key];
+$value = $array["index{$key}"];
+```
+
+# Where to store custom settings
+## Interface settings
+The recommended place to store global interface settings is the ini style global config system 
+(see system.ini.master file in install/tpl/ to set defaults). The settings file 
+gets stored inside the ispconfig database. Settings can be accessed with the function:
+
+```
+$app->uses('ini_parser,getconf');
+$interface_settings = $app->getconf->get_global_config('modulename');
+```
+
+where modulename corresponds to the config section in the system.ini.master file.
+To make the settings editable under System > interface config, add the new configuration
+fields to the file interface/web/admin/form/system_config.tform.php and the corresponding
+tempalte file in the templates subfolder of the admin module.
+
+## Server settings
+Server settings are stored in the ini style server config system (see server.ini.master template file)
+The settings file gets stored inside the ispconfig database in the server table. Settings can be 
+accessed with the function $app->getconf->get_server_config(....)
+
+Example to access the web configuration:
+
+```
+$app->uses('ini_parser,getconf');
+$web_config = $app->getconf->get_server_config($server_id,'web');
+```
+
+# Learn about the form validators
+There are form validators in interface/lib/classes/tform.inc.php to make validating forms easier.
+Read about: REGEX,UNIQUE,NOTEMPTY,ISEMAIL,ISINT,ISPOSITIVE,ISIPV4,ISIPV6,ISIP,CUSTOM

LICENSE

-Copyright (c) 2007-2016, Till Brehm, ISPConfig UG
+Copyright (c) 2007-2020, Till Brehm, ISPConfig UG
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -22,4 +22,4 @@ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

 # ISPConfig - Hosting Control Panel
+![ISPConfig logo](https://www.ispconfig.org/wp-content/themes/ispconfig/images/ispconfig_logo.png "") \
+Development branch: [![pipeline status](https://git.ispconfig.org/ispconfig/ispconfig3/badges/develop/pipeline.svg)](https://git.ispconfig.org/ispconfig/ispconfig3/commits/develop)
 
+## Functions
 - Manage multiple servers from one control panel
-- Web server management (Apache2 and nginx)
-- Mail server management (with virtual mail users)
-- DNS server management (BIND and MyDNS)
+- Single server, multiserver and mirrored clusters.
+- Webserver management
+- Mailserver management
+- DNS server management
 - Virtualization (OpenVZ)
-- Administrator, reseller and client login
-- Configuration mirroring and clusters
-- Open Source software (BSD license)
\ No newline at end of file
+- Administrator, reseller, client and mailuser login
+- Open Source software ([BSD license](LICENSE))
+
+## Supported daemons
+- HTTP: Apache2 and NGINX
+- HTTP stats: Webalizer, GoAccess and AWStats
+- Let's Encrypt: Acme.sh and certbot
+- SMTP: Postfix
+- POP3/IMAP: Dovecot
+- Spamfilter: Rspamd and Amavis
+- FTP: PureFTPD
+- DNS: BIND9 and PowerDNS[^1]
+- Database: MariaDB and MySQL
+
+[^1]: not actively tested
+
+## Supported operating systems
+- Debian 9 - 12, and testing
+- Ubuntu 16.04 - 22.04
+- CentOS 7 and 8
+
+## Auto-install script
+You can install the "Perfect Server" with ISPConfig using [our official autoinstaller](https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/)
+
+## Migration tool
+The Migration Tool helps you to import data from other control panels (currently ISPConfig 2 and 3 – 3.2, Plesk 10 – 12.5, Plesk Onyx, CPanel[^2] and Confixx 3). For more information, see https://www.ispconfig.org/add-ons/ispconfig-migration-tool/
+
+[^2]: The Migration Toolkit now contains beta support for migrating CPanel to ISPConfig.
+
+## Documentation
+You can support ISPConfig development by buying the manual: https://www.ispconfig.org/documentation/
+
+## Contributing
+If you like to contribute to the ISPConfig development, please read the contributing guidelines: [CONTRIBUTING.MD](CONTRIBUTING.md)
+

TODO.txt

+Please see our GitLab issues for feature requests and bug reports.
 
----------------------------------------
-- ISPConfig 3 ToDo list
----------------------------------------
-
-Please feel free to edit this file, add new tasks,
-remove done tasks or assign yourself to a task.
-
-Form Validators
---------------------------------------
-
-Installer
---------------------------------------
-
-- Add a function to let a server join a existing installation.
-- Add Package haveged to requirements (at least if entropy is low) as it raises available entropy significantly which is very needed for DNSSEC Key-generation
-	If it is not installed and entropy is low generating dnssec-keys lasts minutes (and would time out the server thus is not done) and new signing keys are not generated.
-	If there are no keys the zones can not be signed and will only be availableas a unsigned copy.
-
-Uninstaller
---------------------------------------
-
-- Add a function to remove ispconfig user
-
-Server
---------------------------------------
-
-
-Mail module
---------------------------------------
-
-
-Administration module
---------------------------------------
-
-
-- Firewall Solution -- Andrew lathama Latham lathama@gmail.com
-	* Monitor existing IPTABLES rules is done and in the monitor page.
-	* Add IPTABLES rules
-		semi-functional and in development also functional in multiserver
-	* Delete IPTABLES rules
-		semi-functional and in development also functional in multiserver
-	* Merge IPTABLES rules made from the CLI with those made from ISPConfig3
-		Interesting topic about merging control with with the GUI and the CLI
-		interface for a systems adminitstrator who might add a rule during an
-		attack or for trouble shooting and forget to remove it.
-	* Fail2Ban
-		Add configuration for fail2ban on certian systems.  Imagine an admin
-		wishes to use fail2ban on one service but not others. Rare but an issue
-		when a large number of clients use a single NAT for all users and failed
-		logins and traffic looks like an attack.  Maybe a whitelist configuration
-		as an optional setting.
-	* Remoting
-		Enable remoting hooks for updating IPTABLES
-	* Service Checks
-		Adding saftey checks to make sure that the admin does not lock his/herself
-		out of the system by accident.  We all make mistakes.
-
--- Note: I'd love a pure iptables firewall as well. I've made such a script for
-   my work, which uses a simple config file to open/close ports and support for 
-   ip exclusions. I think we could use it as a base to start with, it's up on the dev forum
-   url: http://www.howtoforge.com/forums/showthread.php?p=261311 (Mark_NL)
-
-Clients module
---------------------------------------
-
-
-Sites (web) module
---------------------------------------
-
-
-BE-Designer module
---------------------------------------
-
-WARNING: Please do not use the BE Designer at the moment, the serializing
- function of the module editor may break some of the existing modules.
-
-
-Remoting framework
---------------------------------------
-- Add more connections to other data.  Remoting hooks for FS and Email Quota
-
-Interface
---------------------------------------
-- Enhance the paging in lists (e.g. like this: [1 2 3 4 ... 10])
-- DNS: Add Checkbox to switch dnssec_wanted between Y and N to templates and/or wizard. I recommend doing it in the wizard though.
-
-General tasks
---------------------------------------
-
-- Add, extend or modify comments in PEAR syntax so that they can be read with
-  phpdocumentor.
-
-- Doxygen might be a good idea (phpdocumentor looks nice but no active development)
--- http://drupal.org/node/1354 may have some good ideas.
--- http://engineeredweb.com/blog/10/9/4-reasons-consider-doxygen-over-phpdocumentor
+https://git.ispconfig.org/ispconfig/ispconfig3/issues

docs/INSTALL.txt

 
 The installation instructions for ISPConfig can be found here:
 
-http://www.ispconfig.org/page/en/documentation.html
+https://www.ispconfig.org/page/en/documentation.html
 
 

docs/autoinstall_samples/autoinstall.conf_sample.php

@@ -4,6 +4,7 @@ $autoinstall['install_mode'] = 'standard'; // standard (default), expert
 
 $autoinstall['hostname'] = 'server1.example.com'; // default
 $autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
+$autoinstall['mysql_port'] = '3306'; // default: 3306
 $autoinstall['mysql_root_user'] = 'root'; // default: root
 $autoinstall['mysql_root_password'] = 'howtoforge';
 $autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
@@ -11,6 +12,11 @@ $autoinstall['mysql_charset'] = 'utf8'; // default: utf8
 $autoinstall['http_server'] = 'nginx'; // apache (default), nginx
 $autoinstall['ispconfig_port'] = '8080'; // default: 8080
 $autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
+$autoinstall['ispconfig_admin_password'] = 'admin'; // default: admin
+$autoinstall['create_ssl_server_certs'] = 'y';
+$autoinstall['ignore_hostname_dns'] = 'n';
+$autoinstall['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoinstall['ispconfig_pureftpd_ssl_symlink'] = 'y';
 
 /* SSL Settings */
 $autoinstall['ssl_cert_country'] = 'AU';
@@ -19,10 +25,11 @@ $autoinstall['ssl_cert_locality'] = 'Chicago';
 $autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
 $autoinstall['ssl_cert_organisation_unit'] = 'IT department';
 $autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
+$autoinstall['ssl_cert_email'] = 'hostmaster@'.$autoinstall['hostname'];
 
 /* optional expert mode settings, needed only for expert mode */
 $autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
-$autoinstall['mysql_ispconfig_password'] = md5(uniqid(rand()));
+$autoinstall['mysql_ispconfig_password'] = bin2hex(random_bytes(20));
 $autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
 $autoinstall['mysql_master_hostname'] = 'master.example.com';
 $autoinstall['mysql_master_root_user'] = 'root';
@@ -49,4 +56,18 @@ $autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
 $autoupdate['ispconfig_port'] = '8080'; // default: 8080
 $autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
 $autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
-?>
\ No newline at end of file
+$autoupdate['create_ssl_server_certs'] = 'y';
+$autoupdate['ignore_hostname_dns'] = 'n';
+$autoupdate['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoupdate['ispconfig_pureftpd_ssl_symlink'] = 'y';
+
+/* These are for service-detection (defaulting to old behaviour where all changes were automatically accepted) */
+$autoupdate['svc_detect_change_mail_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_web_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_dns_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_xmpp_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_firewall_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_vserver_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_db_server'] = 'yes'; // yes (default), no
+
+?>

docs/autoinstall_samples/autoinstall.ini.sample

@@ -3,6 +3,7 @@ language=en
 install_mode=standard
 hostname=server1.example.com
 mysql_hostname=localhost
+mysql_port=3306
 mysql_root_user=root
 mysql_root_password=ispconfig
 mysql_database=dbispconfig
@@ -10,6 +11,11 @@ mysql_charset=utf8
 http_server=apache
 ispconfig_port=8080
 ispconfig_use_ssl=y
+ispconfig_admin_password=admin
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
 
 [ssl_cert]
 ssl_cert_country=AU
@@ -18,6 +24,7 @@ ssl_cert_locality=Chicago
 ssl_cert_organisation=Internet Widgits Pty Ltd
 ssl_cert_organisation_unit=IT department
 ssl_cert_common_name=server1.example.com
+ssl_cert_email=hostmaster@example.com
 
 [expert]
 mysql_ispconfig_user=ispconfig
@@ -47,4 +54,17 @@ reconfigure_permissions_in_master_database=no
 reconfigure_services=yes
 ispconfig_port=8080
 create_new_ispconfig_ssl_cert=no
-reconfigure_crontab=yes
\ No newline at end of file
+reconfigure_crontab=yes
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
+
+; These are for service-detection (defaulting to old behaviour where all changes were automatically accepted)
+svc_detect_change_mail_server=yes
+svc_detect_change_web_server=yes
+svc_detect_change_dns_server=yes
+svc_detect_change_xmpp_server=yes
+svc_detect_change_firewall_server=yes
+svc_detect_change_vserver_server=yes
+svc_detect_change_db_server=yes

server/plugins-available/nginx_reverseproxy_plugin.inc.php → docs/old_server_plugins/nginx_reverseproxy_plugin.inc.php

@@ -111,7 +111,9 @@ class nginx_reverseproxy_plugin {
 		$crt_file = $ssl_dir.'/'.$domain.'.crt';
 		$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
 
-		$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
+		if($vhost_data['nginx_directives']) {
+			$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
+		}
 
 
 		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
@@ -176,7 +178,7 @@ class nginx_reverseproxy_plugin {
 		}
 
 
-		$vhost_file = escapeshellcmd($nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost');
+		$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost';
 		//* Make a backup copy of vhost file
 		copy($vhost_file, $vhost_file.'~');
 
@@ -187,7 +189,7 @@ class nginx_reverseproxy_plugin {
 
 
 		// Set the symlink to enable the vhost
-		$vhost_symlink = escapeshellcmd($nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost');
+		$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost';
 		if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
 			symlink($vhost_file, $vhost_symlink);
 			$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
@@ -199,18 +201,18 @@ class nginx_reverseproxy_plugin {
 			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
 		}
 
-		if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) exec('mkdir -p /var/log/ispconfig/nginx/'.$data['new']['domain']);
+		if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) $app->system->exec_safe('mkdir -p ?', '/var/log/ispconfig/nginx/'.$data['new']['domain']);
 
 		// remove old symlink and vhost file, if domain name of the site has changed
 		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
-			$vhost_symlink = escapeshellcmd($nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
 			unlink($vhost_symlink);
 			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
-			$vhost_file = escapeshellcmd($nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
 			unlink($vhost_file);
 			$app->log('Removing file: '.$vhost_file, LOGLEVEL_DEBUG);
 
-			if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) exec('rm -rf /var/log/ispconfig/nginx/'.$data['old']['domain']);
+			if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/nginx/'.$data['old']['domain']);
 		}
 
 		// request a httpd reload when all records have been processed
@@ -232,7 +234,7 @@ class nginx_reverseproxy_plugin {
 	function ssl($event_name, $data) {
 		global $app, $conf;
 
-		if(!is_dir($conf['nginx']['config_dir'].'/ssl')) exec('mkdir -p '.$conf['nginx']['config_dir'].'/ssl');
+		if(!is_dir($conf['nginx']['config_dir'].'/ssl')) $app->system->exec_safe('mkdir -p ?', $conf['nginx']['config_dir'].'/ssl');
 		$ssl_dir = $conf['nginx']['config_dir'].'/ssl';
 		$domain = $data['new']['ssl_domain'];
 		$key_file = $ssl_dir.'/'.$domain.'.key.org';
@@ -250,7 +252,7 @@ class nginx_reverseproxy_plugin {
 			//$csr_file = $ssl_dir.'/'.$domain.".csr";
 			//$crt_file = $ssl_dir.'/'.$domain.".crt";
 			//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
-			$this->_exec('rsync -v -e ssh root@'.$web['ip_address'].':~/$src_ssl_dir '.$ssl_dir);
+			$app->system->exec_safe('rsync -v -e ssh root@?:? ?', $web['ip_address'], '~/'.$src_ssl_dir, $ssl_dir);
 
 			$app->log('Syncing SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
 		}
@@ -284,31 +286,24 @@ class nginx_reverseproxy_plugin {
 
 			//* This is a website
 			// Deleting the vhost file, symlink and the data directory
-			$vhost_symlink = escapeshellcmd($nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
 			unlink($vhost_symlink);
 			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
 
-			$vhost_file = escapeshellcmd($nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
 			unlink($vhost_file);
 			$app->log('Removing vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
 
 
 
 			// Delete the log file directory
-			$vhost_logfile_dir = escapeshellcmd('/var/log/ispconfig/nginx/'.$data['old']['domain']);
-			if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) exec('rm -rf '.$vhost_logfile_dir);
+			$vhost_logfile_dir = '/var/log/ispconfig/nginx/'.$data['old']['domain'];
+			if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) $app->system->exec_safe('rm -rf ?', $vhost_logfile_dir);
 			$app->log('Removing website logfile directory: '.$vhost_logfile_dir, LOGLEVEL_DEBUG);
 
 		}
 	}
 
-	//* Wrapper for exec function for easier debugging
-	private function _exec($command) {
-		global $app;
-		$app->log('exec: '.$command, LOGLEVEL_DEBUG);
-		exec($command);
-	}
-
 	function rewrite_insert($event_name, $data) {
 		global $app, $conf;
 
@@ -329,7 +324,7 @@ class nginx_reverseproxy_plugin {
 		$tpl->newTemplate("nginx_reverseproxy_rewrites.conf.master");
 		if (!empty($rules))$tpl->setLoop('nginx_rewrite_rules', $rules);
 
-		$rewrites_file = escapeshellcmd($nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf');
+		$rewrites_file = $nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf';
 		//* Make a backup copy of vhost file
 		copy($rewrites_file, $rewrites_file.'~');
 
@@ -340,7 +335,7 @@ class nginx_reverseproxy_plugin {
 
 
 		// Set the symlink to enable the vhost
-		$rewrite_symlink = escapeshellcmd($nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf');
+		$rewrite_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf';
 
 		if(!is_link($rewrite_symlink)) {
 			symlink($rewrites_file, $rewrite_symlink);

docs/under_development/DEV_CHROOTED_DEBIAN_5.0.txt

@@ -96,7 +96,7 @@ echo "ChrootDir /var/www" > /etc/apache2/conf.d/mod_chroot.conf
 # Install ISPConfig
 
 cd /tmp
-wget http://www.ispconfig.org/downloads/ISPConfig-3.0.1.4-beta-2.tar.gz
+wget https://www.ispconfig.org/downloads/ISPConfig-3.0.1.4-beta-2.tar.gz
 tar xvfz ISPConfig-3.0.1.4-beta-2.tar.gz
 cd ispconfig3_install/install/
 php -q install.php

helper_scripts/cert_check.sh

+#!/bin/bash
+
+chkdata() {
+	F=$1
+	CRT=$2
+	KEY=$3
+	if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
+		if [[ ! -f "$CRT" ]] ; then
+			echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
+		else 
+			echo -n "Checking ${CRT}" ;
+			CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		if [[ ! -f "$KEY" ]] ; then
+			echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
+		else
+			echo -n "Checking ${KEY}" ;
+			CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+	
+		if [[ -f "$CRT" && -f "$KEY" ]] ; then
+			echo -n "Checking that key and certificate match";
+			MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
+			MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
+			if [[ "$MDCRT" != "$MDKEY" ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		echo "---" ;
+	elif [[ "$CRT" != ""  || "$KEY" != "" ]] ; then
+		echo "[WARN] Check SSL config of ${F}";
+		echo "---" ;
+	fi
+}
+
+if [[ -d /etc/apache2/sites-enabled ]] ; then
+	echo "Checking enabled apache vhosts" ;
+	for FIL in /etc/apache2/sites-enabled/* ; do
+		CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
+
+if [[ -d /etc/nginx/sites-enabled ]] ; then
+	echo "Checking enabled nginx vhosts" ;
+	for FIL in /etc/nginx/sites-enabled/* ; do
+		CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		CRT=${CRT%;}
+		KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=${KEY%;}
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
\ No newline at end of file

helper_scripts/fixcerts

+ #!/bin/bash
+#####################################################################################
+#                                                                                   #
+# Syntax: fixcerts DOMAIN                                                           #
+#                                                                                   #
+# Use: Extend Letsencrypt SSl certificates for commonly grouped services such as    #
+#       Apache,Postfix,Dovecot using Certbot. Useful for keeping all client         #
+#       applications referencing the same virtual domain name, such as auto-config  #
+#       email clients on phones, i.e. mailuser@mydomain.TLD smtp.mydomain.TLD       #
+#       imaps.mydomain.TLD instead of mailuser@mydomain.TLD mail.ISPmaildomain.TLD  #
+#       Also useful when sending mail through services like Gmail that will         #
+#       validate sender through a negotiated TLS encrypted connection.              #
+#                                                                                   #
+#       Ex: sh fixcerts myhosteddomain.com                                          #
+#                                                                                   #
+# Prerequisites:                                                                    #
+#   - A Letsencrypt certificate for the DOMAIN must already exist                   #
+#   - A seperate certificate each for Dovecot and Postfix were previously generated #
+#   - All new host names to add MUST  already exist in DNS at least as a CNAME      #
+#   - Edit the Dovecot/Postfix conf to use the alternate certificate                #
+#   - Set the variable wr_file to a directory that certbot can read and write from  #
+#   - Set the dom_cert=,dv_cert=,pf_cert=,dv_file=, and pf_file= variables          #
+#                                                                                   #
+# In my case, I ran:                                                                #
+#   certbot certonly -webroot /usr/local/ispconfig/interface/acme -d dc.hrst.xyz    #
+#   certbot certonly -webroot /usr/local/ispconfig/interface/acme -d pf.hrst.xyz    #
+#   to create the separate Dovecot and Postscript certificates, then edited and     #
+#   ran the script to extend those certificate, once per hosted domain              #
+#                                                                                   #
+# If you use only one alternate certifcate for both mail services, set both dv_file #
+#     and pf_file to the same file name and set one of  _cert files=""  and         #
+#     use the other. If you don't wish to add to a particular certificate, set the  #
+#     variable ="", such as dom_cert                                                #
+# TODO: Pre-validate desired additions as already existing in DNS                   #
+#       Generate SRV Records and add to DNS to autoconfig clients                   #
+#                                                                                   #
+# Author: tad.hasse@gmail.com                                                       #
+#                                                                                   #
+#####################################################################################
+
+#bail out on error
+set -e
+
+# Hostnames to add to the main domain certificate
+dom_cert="webmail"
+
+# Hostnames to add to the Dovecot domain certificate
+dv_cert="pop3s imap"
+
+# Hostnames to add to the Postfix domain certificate
+pf_cert="mail smtp smtps"
+
+# Name of the certificate file that handles Dovecot
+dv_file="dc.hrst.xyz"
+
+# Name of the certificate file that handles Postfix
+pf_file="pf.hrst.xyz"
+
+# Writeable webroot for certbot (I use ISPConfig,
+wr_file="/usr/local/ispconfig/interface/acme"
+
+new_cert=""
+nanobot=""
+affected_services=""
+
+if [ -z "$1" ]                           # Is parameter #1 zero length?
+   then
+     echo "-No DOMAIN specified"          # Or no parameter passed.
+     exit 1
+   fi
+
+#live_check='/etc/letsencrypt/live/'$1
+if [[ ! -d '/etc/letsencrypt/live/'$1 ]]; then
+    echo "- DOMAIN certificate for \"$1\" not found -"
+    exit 1
+   fi
+
+if [[ ! -d '/etc/letsencrypt/live/'${dv_file} ]]; then
+    echo "- Dovecot/postoffice certificate" ${dv_file}" for \"$1\" not found -"
+    exit 1
+   fi
+
+if [[ ! -d '/etc/letsencrypt/live/'${pf_file} ]]; then
+    echo "- Postfix/mail certificate" ${pf_file}" for \"$1\" not found -"
+    exit 1
+   fi
+
+# Have certbot generate its current certificate list for use as input
+certbot certificates >~/certfile
+
+# Extend base domain certificate which typically only contains the domain.TLD and www.domain.TLD
+if [[ ! -z "${dom_cert}" ]]; then
+    echo
+    new_cert=$(echo $dom_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to "$1
+    nanobot=$(grep -A1 "Certificate Name: "$1 certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"A"
+else
+    echo "Domain Certificate unaffected"
+  fi
+
+# Extend the Dovecot certificate
+if [[ ! -z "${dv_cert}" ]]; then
+    echo
+    new_cert=$(echo $dv_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to "${dv_file}
+    nanobot=$(grep -A1 "Certificate Name: "${dv_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"D"
+else
+    echo "Dovecot Certificate unaffected"
+  fi
+
+# Extend the Postscript certificate
+if [[ ! -z "{$pf_cert}" ]]; then
+    echo
+    new_cert=$(echo $pf_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to " ${pf_file}
+    nanobot=$(grep -A1 "Certificate Name: "${pf_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"P"
+else
+    echo "Postfix Certificate unaffected"
+  fi
+
+  if [[ $affected_services == *"A"* ]]; then
+     echo "Remember to restart the httpd service"
+   fi
+  if [[ $affected_services == *"D"* ]]; then
+    echo "Remember to restart the dovecot/postoffice service"
+   fi
+  if [[ $affected_services == *"P"* ]]; then
+    echo "Remember to restart the postfix/sendmail  service"
+   fi
+
+echo
+echo
+echo "Add the following SRV records to DNS for client setup for "$1
+  if [[ $affected_services == *"D"* ]]; then
+    echo "_imaps._tcp."$1 "SRV 3600  4 60 993 imaps"
+    echo "_pop3s._tcp."$1 "SRV 3600  6 60 995 pop3s"
+    echo "_imap._tcp."$1 " SRV 3600  8 60 143 imap"
+  fi
+if [[ $affected_services == *"P"* ]]; then
+    echo "_smtps._tcp."$1 "SRV 3600  8 60 465 smtps"
+    echo "_smtp._tcp."$1 " SRV 3600 10 60 587 smtp"
+  fi
\ No newline at end of file