diff --git a/install/tpl/system.ini.master b/install/tpl/system.ini.master
index 07110c736ff6e3c1cc0b17f2a5ab3ef00d0837f6..b8e000aba22121d9c2016decb41f235cc08d2dd2 100644
--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -38,6 +38,10 @@ reseller_can_use_options=n
web_php_options=no,fast-cgi,mod,php-fpm
show_aps_menu=n
client_protection=y
+acme_dns_user=
+acme_dns_password=
+acme_dns_api=
+acme_dns_api_insecure=n
ssh_authentication=
le_caa_autocreate_options=y
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 22212b8b749eedb6fd492a21139ed3cdce10f3b6..0642f5cf13c133410a08990ef1ff5e825cbdcd95 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -148,6 +148,40 @@ $form["tabs"]['sites'] = array (
'width' => '30',
'maxlength' => '255'
),
+ 'acme_dns_user' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'acme_dns_password' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'acme_dns_api' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[0-9a-zA-Z\:\/\-\.\_\[\]\?\=\&]{0,255}$/',
+ 'errmsg'=> 'acme_dns_api_url_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'acme_dns_api_insecure' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'y',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
'client_protection' => array (
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng
index 4ae8ad3416b7d0a084dd880830c7ab17797145ee..6fc5fefc698acec3f0472751968d272b677c70b4 100644
--- a/interface/web/admin/lib/lang/ar_system_config.lng
+++ b/interface/web/admin/lib/lang/ar_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Database name prefix';
$wb['dbuser_prefix_txt'] = 'Database user prefix';
$wb['shelluser_prefix_txt'] = 'Shell user prefix';
$wb['ftpuser_prefix_txt'] = 'FTP user prefix';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.';
$wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.';
$wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.';
diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng
index 2029f38ed2299bdc44dda1fca784414558e9be5a..ad122058ffa347317ccb5f3bfa87dadac610e84d 100644
--- a/interface/web/admin/lib/lang/bg_system_config.lng
+++ b/interface/web/admin/lib/lang/bg_system_config.lng
@@ -5,6 +5,10 @@ $wb['dbname_prefix_txt'] = 'Име на префикса в базата дан
$wb['dbuser_prefix_txt'] = 'Потребителски префикс в базата данни';
$wb['shelluser_prefix_txt'] = 'Shell user prefix';
$wb['ftpuser_prefix_txt'] = 'Потребителски префикс на FTP';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Неразрешени символи в името на префикса.';
$wb['dbuser_prefix_error_regex'] = 'Неразрешени символи в името на префикса.';
$wb['ftpuser_prefix_error_regex'] = 'Неразрешени символи в името на ftp префикса.';
diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng
index 1128081d2de44f5f1d2767aa8f700e330093973d..6ddce9b689a072257b92c676006a3f5ce0a8d55f 100644
--- a/interface/web/admin/lib/lang/br_system_config.lng
+++ b/interface/web/admin/lib/lang/br_system_config.lng
@@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Adicionar subdomínios como um site';
$wb['vhost_subdomains_note_txt'] = 'Você não pode desabilitar esta configuração enquanto existirem subdomínios vhost no sistema!';
$wb['vhost_aliasdomains_txt'] = 'Adicionar alias de domínio como um site';
$wb['vhost_aliasdomains_note_txt'] = 'Você não pode desabilitar esta configuração enquanto existirem alias de domínios vhost no sistema!';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Banco de Dados.';
$wb['dbuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo de usuário do Banco de Dados.';
$wb['ftpuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo de usuário FTP.';
diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng
index 0c025306087190f150de459d187a808d4b0e1461..369f0cdd3a0c05665b958ab38fdbd3dceb5ef8be 100644
--- a/interface/web/admin/lib/lang/ca_system_config.lng
+++ b/interface/web/admin/lib/lang/ca_system_config.lng
@@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Create subdomains as web site';
$wb['vhost_subdomains_note_txt'] = 'You cannot disable this as long as vhost subdomains exist in the system!';
$wb['vhost_aliasdomains_txt'] = 'Create aliasdomains as web site';
$wb['vhost_aliasdomains_note_txt'] = 'You cannot disable this as long as vhost aliasdomains exist in the system!';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.';
$wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.';
$wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.';
diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng
index fb0e65d5e7cdc4fc1d8276d1a1a23c54212e61fd..3cc95b187c0ef59f51b604ad211ab638cfc96f6a 100644
--- a/interface/web/admin/lib/lang/cz_system_config.lng
+++ b/interface/web/admin/lib/lang/cz_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefix názvu databáze';
$wb['dbuser_prefix_txt'] = 'Prefix uživatele databáze';
$wb['shelluser_prefix_txt'] = 'Prefix shell uživatele';
$wb['ftpuser_prefix_txt'] = 'Prefix FTP uživatele';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Znak není povolen v prefixu databázovém názvu.';
$wb['dbuser_prefix_error_regex'] = 'Znak není povolen v prefixu databázového uživatele.';
$wb['ftpuser_prefix_error_regex'] = 'Znak není povolen v prefixu FTP uživatele.';
diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng
index ed4c26f61de5a9b9ac276afc12d1c9c109f150bb..2ae02e96de40d36604205105d3534e74750a550d 100644
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
@@ -14,6 +14,10 @@ $wb['vhost_subdomains_txt'] = 'Subdomains als Webseite anlegen';
$wb['vhost_subdomains_note_txt'] = 'Diese Einstellung kann nicht wieder deaktiviert werden, wenn Vhost Subdomains im System vorhanden sind!';
$wb['vhost_aliasdomains_txt'] = 'Aliasdomains als Webseite anlegen';
$wb['vhost_aliasdomains_note_txt'] = 'Diese Einstellung kann nicht wieder deaktiviert werden, wenn Vhost Aliasdomains im System vorhanden sind!';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Zeichen nicht erlaubt in Datenbank Namen Präfix.';
$wb['dbuser_prefix_error_regex'] = 'Zeichen nicht erlaubt in Datenbank Benutzer Präfix.';
$wb['ftpuser_prefix_error_regex'] = 'Zeichen nicht erlaubt in FTP Benutzer Präfix.';
diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng
index 971253aae773517e8cd56f0a0fbd1503e5508d88..61f88d4cbf8984bddb34d0fda14d4205841c9dc5 100644
--- a/interface/web/admin/lib/lang/dk_system_config.lng
+++ b/interface/web/admin/lib/lang/dk_system_config.lng
@@ -16,6 +16,10 @@ $wb['webdavuser_prefix_txt'] = 'Webdav bruger prefix';
$wb['ftpuser_prefix_txt'] = 'FTP bruger prefix';
$wb['vhost_subdomains_txt'] = 'Opret Sub-domæne som web side';
$wb['vhost_subdomains_note_txt'] = 'Du kan ikke deaktivere dette, så længe der findes vhost sub-domæner i systemet!';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char ikke tilladt i database name prefix.';
$wb['dbuser_prefix_error_regex'] = 'Char ikke tilladt i database bruger prefix.';
$wb['ftpuser_prefix_error_regex'] = 'Char ikke tilladt i ftp bruger prefix.';
diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng
index 8bfe8012de1d9c98b30a55ebdd1cc051480b31a7..d855395adcbf98b9e3a6da39435d45ff8e31f8f6 100644
--- a/interface/web/admin/lib/lang/el_system_config.lng
+++ b/interface/web/admin/lib/lang/el_system_config.lng
@@ -10,6 +10,10 @@ $wb['dbuser_prefix_txt'] = 'Πρόθεμα Χρήστη Βάσης Δεδομέ
$wb['shelluser_prefix_txt'] = 'Πρόθεμα Χρήστη Shell';
$wb['webdavuser_prefix_txt'] = 'Πρόθεμα Χρήστη Webdav';
$wb['ftpuser_prefix_txt'] = 'Πρόθεμα Χρήστη FTP';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Ονόματος της Βάσης Δεδομένων.';
$wb['dbuser_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Χρήστη της Βάσης Δεδομένων.';
$wb['ftpuser_prefix_error_regex'] = 'Δεν επιτρέπονται χαρακτήρες στο πρόθεμα του Χρήστη ftp.';
diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng
index 9cf04103bbec468911d70dcf98f79eadcd743010..e7825ee5cf29a419dc6c00cb44dda529f31fab2f 100644
--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
@@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Create subdomains as web site';
$wb['vhost_subdomains_note_txt'] = 'You cannot disable this as long as vhost subdomains exist in the system!';
$wb['vhost_aliasdomains_txt'] = 'Create aliasdomains as web site';
$wb['vhost_aliasdomains_note_txt'] = 'You cannot disable this as long as vhost aliasdomains exist in the system!';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.';
$wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.';
$wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.';
diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng
index 844c19db5884f2efbbd62eb6fc8ed40338d775f9..f1e0075ece57895594de2fdee2f0293d94aa3351 100644
--- a/interface/web/admin/lib/lang/es_system_config.lng
+++ b/interface/web/admin/lib/lang/es_system_config.lng
@@ -20,6 +20,10 @@ $wb['dashboard_atom_url_admin_txt'] = 'URL del feed atom en el panel (admin)';
$wb['dashboard_atom_url_client_txt'] = 'URL del feed atom en el panel (cliente)';
$wb['dashboard_atom_url_reseller_txt'] = 'URL del feed atom en el panel (revendedor)';
$wb['dblist_phpmyadmin_link_txt'] = 'Vínculo a phpMyAdmin en la lista de bases de datos';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Carácter no permitido en el prefijo de nombre de base de datos.';
$wb['dbname_prefix_txt'] = 'Prefijo del nombre de la base de datos';
$wb['dbuser_prefix_error_regex'] = 'Carácter no permitido en el nombre del usuario de la base datos.';
diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng
index 4b4bf32cc03589a7f93bf697bbe51af1e618d5e7..ad46d471e9457f0c0f55a0bd1d874679006a7f55 100644
--- a/interface/web/admin/lib/lang/fi_system_config.lng
+++ b/interface/web/admin/lib/lang/fi_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Tietokannan nimen etuliite';
$wb['dbuser_prefix_txt'] = 'Tietokannan käyttäjätunnuksen etuliite';
$wb['shelluser_prefix_txt'] = 'Shell-käyttäjätunnuksen etuliite';
$wb['ftpuser_prefix_txt'] = 'FTP-käyttäjätunnuksen etuliite';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Tietokannan nimen etuliite on vääränlainen.';
$wb['dbuser_prefix_error_regex'] = 'Tietokannan käyttäjätunnuksen etuliite on vääränlainen.';
$wb['ftpuser_prefix_error_regex'] = 'FTP-käyttäjätunnuksen etuliite on vääränlainen.';
diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng
index 801c27b5dfdc71104a4ed7dc09a070967b08f9bf..b151fee8f9a9d2572db619235a7771b3e72f854d 100644
--- a/interface/web/admin/lib/lang/fr_system_config.lng
+++ b/interface/web/admin/lib/lang/fr_system_config.lng
@@ -10,6 +10,10 @@ $wb['dbuser_prefix_txt'] = 'Préfixe de l’utilisateur de la BDd';
$wb['shelluser_prefix_txt'] = 'Préfixe de l’utilisateur Shell';
$wb['webdavuser_prefix_txt'] = 'Préfixe de l’utilisateur WebDAV';
$wb['ftpuser_prefix_txt'] = 'Préfixe de l’utilisateur FTP';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe du nom de la BDD.';
$wb['dbuser_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe de l’utilisateur de la BDD.';
$wb['ftpuser_prefix_error_regex'] = 'Caractère non autorisé dans le préfixe de l’utilisateur FTP.';
diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng
index 87fcfff64580e1243f284a794e102e625b15a513..fc63a6d401a232873fcb42f7ca5deffb5fa645b7 100644
--- a/interface/web/admin/lib/lang/hr_system_config.lng
+++ b/interface/web/admin/lib/lang/hr_system_config.lng
@@ -7,6 +7,10 @@ $wb['dbuser_prefix_txt'] = 'Prefiks nazivu korisnika baze';
$wb['shelluser_prefix_txt'] = 'Prefiks Shell računu';
$wb['webdavuser_prefix_txt'] = 'Prefix Webdav računu';
$wb['ftpuser_prefix_txt'] = 'Prefiks FTP računu';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu naziva baze.';
$wb['dbuser_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu naziva korisnika baze.';
$wb['ftpuser_prefix_error_regex'] = 'Nedozvoljeni znak u prefiksu FTP računa.';
diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng
index cdb31136622768878f44c3055f435975dd6be2aa..018fb8019d219cde53130a435490efd350bab12d 100644
--- a/interface/web/admin/lib/lang/hu_system_config.lng
+++ b/interface/web/admin/lib/lang/hu_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Database name prefix';
$wb['dbuser_prefix_txt'] = 'Database user prefix';
$wb['shelluser_prefix_txt'] = 'Shell user prefix';
$wb['ftpuser_prefix_txt'] = 'FTP user prefix';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.';
$wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.';
$wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.';
diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng
index f9b3f87a00f2945e355f155f7c5332a799a43438..502a3057f3ff90398ea2f77c1d0e882e5de1d7f0 100644
--- a/interface/web/admin/lib/lang/id_system_config.lng
+++ b/interface/web/admin/lib/lang/id_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefiks nama database';
$wb['dbuser_prefix_txt'] = 'Prefiks pengguna database';
$wb['shelluser_prefix_txt'] = 'Prefiks pengguna shell';
$wb['ftpuser_prefix_txt'] = 'Prefiks pengguna FTP';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks nama database.';
$wb['dbuser_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks pengguna database.';
$wb['ftpuser_prefix_error_regex'] = 'Karakter tidak diperbolehkan di prefiks pengguna ftp.';
diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng
index 2f8950d7a31245434fb140b4dfb53f02d6364490..a9732397edca90eff268a686ba44dfb3a5ff4504 100644
--- a/interface/web/admin/lib/lang/it_system_config.lng
+++ b/interface/web/admin/lib/lang/it_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefisso nome database';
$wb['dbuser_prefix_txt'] = 'Prefisso utente database';
$wb['shelluser_prefix_txt'] = 'Prefisso utente Shell';
$wb['ftpuser_prefix_txt'] = 'Prefisso utente FTP';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome database.';
$wb['dbuser_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome utente database.';
$wb['ftpuser_prefix_error_regex'] = 'Carattere non consentito nel prefisso del nome utente FTP.';
diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng
index 744d83a705615f40c5e43c8e29fb3975bddf0eee..95d403bc3819eba4798041a39b5a47ae6e68b13b 100644
--- a/interface/web/admin/lib/lang/ja_system_config.lng
+++ b/interface/web/admin/lib/lang/ja_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'データベース名のプリフィックス';
$wb['dbuser_prefix_txt'] = 'データベースユーザー名のプリフィックス';
$wb['shelluser_prefix_txt'] = 'Shellユーザー名のプリフィックス';
$wb['ftpuser_prefix_txt'] = 'FTPユーザー名のプリフィックス';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'データベースのプリフィックスとして不正な値が指定されています。';
$wb['dbuser_prefix_error_regex'] = 'データベースユーザーのプリフィックスとして不正な値が指定されています。';
$wb['ftpuser_prefix_error_regex'] = 'FTPユーザーのプリフィックスとして不正な値が指定されています。';
diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng
index b40ce962851776e9c6a918ee5fcc65c82ed9d68b..08ae1b12181411eda71b3309002b8339858239eb 100644
--- a/interface/web/admin/lib/lang/nl_system_config.lng
+++ b/interface/web/admin/lib/lang/nl_system_config.lng
@@ -10,6 +10,10 @@ $wb['dbuser_prefix_txt'] = 'Database gebruiker voorvoegsel';
$wb['shelluser_prefix_txt'] = 'Shell gebruiker voorvoegsel';
$wb['webdavuser_prefix_txt'] = 'Webdav gebruiker voorvoegsel';
$wb['ftpuser_prefix_txt'] = 'FTP gebruiker voorvoegsel';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char niet toegestaan in database naam voorvoegsel.';
$wb['dbuser_prefix_error_regex'] = 'Char niet toegestaan in database gebruiker voorvoegsel.';
$wb['ftpuser_prefix_error_regex'] = 'Char niet toegestaan in ftp gebruiker voorvoegsel.';
diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng
index 54312139770491061be918d60e0ab8b43ad5aec3..318e00dabb464fdf6b0c7155a2e973f80aec5ab2 100644
--- a/interface/web/admin/lib/lang/pl_system_config.lng
+++ b/interface/web/admin/lib/lang/pl_system_config.lng
@@ -5,6 +5,10 @@ $wb['dbname_prefix_txt'] = 'Prefiks nazwy bazy danych';
$wb['dbuser_prefix_txt'] = 'Prefiks użytkownika bazy danych';
$wb['shelluser_prefix_txt'] = 'Prefiks użytkownika shell';
$wb['ftpuser_prefix_txt'] = 'Prefiks użytkownika FTP';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy bazy danych.';
$wb['dbuser_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy użytkownika bazy danych.';
$wb['ftpuser_prefix_error_regex'] = 'Znak nie jest dozwolony w prefiksie nazwy użytkownika ftp.';
diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng
index 8c995047b4f00b45eab26d1b8d85ba810c87e977..ba82e8b8105739e4e2567a3b3a4a9805798704e8 100644
--- a/interface/web/admin/lib/lang/pt_system_config.lng
+++ b/interface/web/admin/lib/lang/pt_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefixo Nome da Base de Dados';
$wb['dbuser_prefix_txt'] = 'Prefixo Utilizador da Base de Dados';
$wb['shelluser_prefix_txt'] = 'Prefixo Utilizador de Shell';
$wb['ftpuser_prefix_txt'] = 'Prefixo Utilizador FTP';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Caractere não permitido para o prefixo do nome da Base de Dados!';
$wb['dbuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Utilizador da Base de Dados!';
$wb['ftpuser_prefix_error_regex'] = 'Caractere não permitido para o prefixo do Utilizador FTP!';
diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng
index 9fd8e4d587774a0cddee588a167634ed9f3267cb..c2e631d1517695937392cea012742c3735600c7e 100644
--- a/interface/web/admin/lib/lang/ro_system_config.lng
+++ b/interface/web/admin/lib/lang/ro_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Database name prefix';
$wb['dbuser_prefix_txt'] = 'Database user prefix';
$wb['shelluser_prefix_txt'] = 'Shell user prefix';
$wb['ftpuser_prefix_txt'] = 'FTP user prefix';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char not allowed in database name prefix.';
$wb['dbuser_prefix_error_regex'] = 'Char not allowed in database user prefix.';
$wb['ftpuser_prefix_error_regex'] = 'Char not allowed in ftp user prefix.';
diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng
index 55c87315158fe9aab11d24c8608829b9db1040cf..4fe995a697aa464e4e45d253088463b6965c4692 100644
--- a/interface/web/admin/lib/lang/ru_system_config.lng
+++ b/interface/web/admin/lib/lang/ru_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Префикс базы данных';
$wb['dbuser_prefix_txt'] = 'Префикс пользователя базы данных';
$wb['shelluser_prefix_txt'] = 'Префикс shell-пользователя';
$wb['ftpuser_prefix_txt'] = 'Префикс FTP пользователя';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Некорректный символ в префиксе базы данных';
$wb['dbuser_prefix_error_regex'] = 'Некорректный символ в префиксе пользователя базы данных';
$wb['ftpuser_prefix_error_regex'] = 'Некорректный символ в префиксе FTP пользователя';
diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng
index d3de89aa55885efa8990e9caf4c095acaf7c20d7..5bd4feece17337d921a06d4172eb7ec16b51ae3d 100644
--- a/interface/web/admin/lib/lang/se_system_config.lng
+++ b/interface/web/admin/lib/lang/se_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Prefix för databasnamn';
$wb['dbuser_prefix_txt'] = 'Prefix för databasanvändare';
$wb['shelluser_prefix_txt'] = 'Prefix för shell-användare';
$wb['ftpuser_prefix_txt'] = 'Prefix för FTP-användare';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Otillåtet tecken i prefix för databasnamn.';
$wb['dbuser_prefix_error_regex'] = 'Otillåtet tecken i prefix för databasanvändare.';
$wb['ftpuser_prefix_error_regex'] = 'Otillåtet tecken i prefix för FTP-användare.';
diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng
index 1e85adca8c12ef1437dc598ef610d33c526436ab..1403991a3433c7bb76979ca4eef0377574428fcc 100644
--- a/interface/web/admin/lib/lang/sk_system_config.lng
+++ b/interface/web/admin/lib/lang/sk_system_config.lng
@@ -6,6 +6,10 @@ $wb['dbname_prefix_txt'] = 'Predpona názvu databázy ';
$wb['dbuser_prefix_txt'] = 'Predpona databáza užívateľa';
$wb['shelluser_prefix_txt'] = 'Predpona Shell užívateľa';
$wb['ftpuser_prefix_txt'] = 'Predpona FTP užívateľ';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Char nie je povolený v prefix názov databázy.';
$wb['dbuser_prefix_error_regex'] = 'Char nie je povolené v databáze predpone user.';
$wb['ftpuser_prefix_error_regex'] = 'Char nie je povolené v ftp užívateľ predpone .';
diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng
index 6054bebc888c57cb47e6d49c0fb83ba73271ead0..89073151bd37f74430e672da1227813efedf64dc 100644
--- a/interface/web/admin/lib/lang/tr_system_config.lng
+++ b/interface/web/admin/lib/lang/tr_system_config.lng
@@ -18,6 +18,10 @@ $wb['vhost_subdomains_txt'] = 'Etki alanları web sitesi şeklinde oluşturulsun
$wb['vhost_subdomains_note_txt'] = 'Sistemde sanal sunucu alt etki alanları varken bu seçenek devre dışı bırakılamaz!';
$wb['vhost_aliasdomains_txt'] = 'Takma etki alanı web sitesi olarak eklensin';
$wb['vhost_aliasdomains_note_txt'] = 'Sistemde sanal sunucu takma etki alanları varken bu seçenek devre dışı bırakılamaz!';
+$wb['acme_dns_user_txt'] = 'Username for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_password_txt'] = 'Password for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_txt'] = 'API URL for ISPConfig API (used by acme.sh):';
+$wb['acme_dns_api_insecure_txt'] = 'Verify SSL certificate for ISPConfig API (used by acme.sh):';
$wb['dbname_prefix_error_regex'] = 'Veritabanı adı ön ekinde izin verilmeyen karakterler var';
$wb['dbuser_prefix_error_regex'] = 'Veritabanı kullanıcısı ön ekinde izin verilmeyen karakterler var';
$wb['ftpuser_prefix_error_regex'] = 'FTP kullanıcısı ön ekinde izin verilmeyen karakterler var';
diff --git a/interface/web/admin/templates/system_config_sites_edit.htm b/interface/web/admin/templates/system_config_sites_edit.htm
index 9a36e3275ee2dcf9348cc559f76e89c63171f1e3..fc3f30368161a40fa65e8bcf2d1cd4a4d2f04bd3 100644
--- a/interface/web/admin/templates/system_config_sites_edit.htm
+++ b/interface/web/admin/templates/system_config_sites_edit.htm
@@ -25,13 +25,32 @@
-
-
-
-
- {tmpl_var name='client_protection'}
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {tmpl_var name='acme_dns_api_insecure'}
+
+
+
+
+
+ {tmpl_var name='client_protection'}
+
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index bce4e7b84a9ef7916d25a9b808f96fd5d0de19a0..3d576ded806898484e7b83ba5fce6e15eb48ae25 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -56,6 +56,9 @@ class letsencrypt {
public function get_acme_command($domains, $key_file, $bundle_file, $cert_file, $server_type = 'apache') {
global $app, $conf;
+ $app->uses('getconf');
+ $global_sites_config = $app->getconf->get_global_config('sites');
+
$letsencrypt = $this->get_acme_script();
$cmd = '';
@@ -74,7 +77,39 @@ class letsencrypt {
$cert_arg = '--fullchain-file ' . escapeshellarg($bundle_file) . ' --cert-file ' . escapeshellarg($cert_file);
}
- $cmd = 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $cmd . ' -w /usr/local/ispconfig/interface/acme --always-force-new-domain-key --keylength 4096; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . ' --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . '; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi';
+ $dns = '';
+ if($global_sites_config['acme_dns_user'] != '' && (!isset($conf['powerdns']['installed']) || isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false)) {
+ $dns_ISPC_User = $global_sites_config['acme_dns_user'];
+ $dns_ISPC_Password = $global_sites_config['acme_dns_password'];
+ $dns_ISPC_Api = $global_sites_config['acme_dns_api'];
+ if ($global_sites_config['acme_dns_api_insecure'] == "y") {
+ $dns_ISPC_Api_Insecure = "1";
+ } else {
+ $dns_ISPC_Api_Insecure = "0";
+ }
+ $dns_variables = array();
+ $dns_variables[] = "ISPC_User='" . $dns_ISPC_User . "'";
+ $dns_variables[] = "ISPC_Password='" . $dns_ISPC_Password . "'";
+ $dns_variables[] = "ISPC_Api='" . $dns_ISPC_Api . "'";
+ $dns_variables[] = "ISPC_Api_Insecure='" . $dns_ISPC_Api_Insecure . "'";
+ $dns_variables_cmd = '';
+ foreach($dns_variables as $dns_variable) {
+ $dns_variables_cmd .= "export " . $dns_variable . ' ; ';
+ }
+ $dns = '--dns dns_ispconfig';
+ } else { // use HTTP-01 verification
+ $cmd .= " -w /usr/local/ispconfig/interface/acme";
+ }
+
+ if($dns == '') {
+ return false;
+ }
+
+ if($dns_variables_cmd == '') {
+ return false;
+ }
+
+ $cmd = $dns_variables_cmd . 'R=0 ; C=0 ; ' . $letsencrypt . ' --issue ' . $dns . $cmd . ' --always-force-new-domain-key --keylength 4096 --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . ' ; R=$? ; if [ $R -eq 0 -o $R -eq 2 ] ; then ' . $letsencrypt . ' --install-cert ' . $cmd . ' --key-file ' . escapeshellarg($key_file) . ' ' . $cert_arg . ' --reloadcmd ' . escapeshellarg($this->get_reload_command()) . ' --log ' . escapeshellarg($conf['ispconfig_log_dir'].'/acme.log') . '; C=$? ; fi ; if [ $C -eq 0 ] ; then exit $R ; else exit $C ; fi';
return $cmd;
}
@@ -276,9 +311,9 @@ class letsencrypt {
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
$domain = $data['new']['domain'];
- if(substr($domain, 0, 2) === '*.') {
- // wildcard domain not yet supported by letsencrypt!
- $app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
+ if(substr($domain, 0, 2) === '*.' && !$use_acme) {
+ // DNS-01 verification is needed for wildcard certificate requests, but we do not support that for Certbot.
+ $app->log('Requesting a wildcard certificate from Let\'s Encrypt is not support when using certbot, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
$domain = substr($domain, 2);
}
}
@@ -319,6 +354,7 @@ class letsencrypt {
$app->uses('getconf');
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
$server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
+ $global_sites_config = $app->getconf->get_global_config('sites');
$use_acme = false;
if($this->get_acme_script()) {
@@ -346,11 +382,19 @@ class letsencrypt {
$cli_domain_arg = '';
$subdomains = null;
$aliasdomains = null;
+ $powerdns = (isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == false);
//* be sure to have good domain
- if(substr($domain,0,4) != 'www.' && ($data['new']['subdomain'] == "www" || $data['new']['subdomain'] == "*")) {
+ if (substr($domain, 0, 4) != 'www.'
+ && ($data['new']['subdomain'] == "www"
+ || ($data['new']['subdomain'] == "*"
+ && (!$powerdns && !$use_acme || $global_sites_config['acme_dns_user'] == '')))) {
$temp_domains[] = "www." . $domain;
}
+ elseif ($data['new']['subdomain'] == "*"
+ && (!$powerdns && $use_acme && $global_sites_config['acme_dns_user'] != '')) {
+ $temp_domains[] = "*." . $domain;
+ }
//* then, add subdomain if we have
$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain' AND ssl_letsencrypt_exclude != 'y'");
@@ -365,8 +409,10 @@ class letsencrypt {
if(is_array($aliasdomains)) {
foreach($aliasdomains as $aliasdomain) {
$temp_domains[] = $aliasdomain['domain'];
- if(isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['subdomain'] == "www" OR $aliasdomain['subdomain'] == "*")) {
+ if (isset($aliasdomain['subdomain']) && substr($aliasdomain['domain'],0,4) != 'www.' && ($aliasdomain['domain']['subdomain'] == "www" || ($aliasdomain['domain']['subdomain'] == "*" && (!$use_acme || $global_sites_config['acme_dns_user'] == '' && !$powerdns)))) {
$temp_domains[] = "www." . $aliasdomain['domain'];
+ } elseif ($aliasdomain['domain']['subdomain'] == "*" && ($use_acme && $global_sites_config['acme_dns_user'] != '' && !$powerdns)) {
+ $temp_domains[] = "*." . $aliasdomain['domain'];
}
}
}
@@ -387,12 +433,36 @@ class letsencrypt {
if((isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') || (isset($server_config['migration_mode']) && $server_config['migration_mode'] == 'y')) {
$le_domains[] = $temp_domain;
} else {
- $le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
- if($le_hash_check == $le_rnd_hash) {
- $le_domains[] = $temp_domain;
- $app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
- } else {
- $app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
+ if($global_sites_config['acme_dns_user'] == '' || !$use_acme || (isset($conf['powerdns']['installed']) && $conf['powerdns']['installed'] == true)) {
+ $le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
+ if($le_hash_check == $le_rnd_hash) {
+ $le_domains[] = $temp_domain;
+ $app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
+ } else {
+ $app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
+ }
+ } else { // DNS-01 verification
+ $temp_domain_parts = preg_split("/[.]/", $temp_domain);
+ foreach ($temp_domain_parts as $temp_domain_part) {
+ $queryDomains[] = preg_replace("/.*" . preg_quote($temp_domain_parts['0']) . "\." . "/", "", $temp_domain);
+ array_shift($temp_domain_parts);
+ }
+ foreach ($queryDomains as $queryDomain) {
+ $sql = "SELECT * FROM dns_soa WHERE active = 'y' AND origin = '" . $queryDomain . ".'";
+ $soa = $app->dbmaster->queryOneRecord($sql);
+ if (is_array($soa)) {
+ $zoneExists = true;
+ $zonedomain = $queryDomain;
+ $dns_server_id = $soa['server_id'];
+ break;
+ }
+ }
+ if ($zoneExists) {
+ $le_domains[] = $temp_domain;
+ $app->log("Verified domain " . $temp_domain . " has a DNS zone in this setup for the acme (Let's Encrypt) challenge.", LOGLEVEL_DEBUG);
+ } else {
+ $app->log("Could not verify that domain " . $temp_domain . " has a DNS zone in this setup, so excluding it from Let\'s Encrypt request.", LOGLEVEL_WARN);
+ }
}
}
}
@@ -427,12 +497,49 @@ class letsencrypt {
}
$success = false;
+
+
if($letsencrypt_cmd) {
if(!isset($server_config['migration_mode']) || $server_config['migration_mode'] != 'y') {
$app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG);
$app->log("Let's Encrypt SSL Cert domains: $cli_domain_arg", LOGLEVEL_DEBUG);
- $success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes);
+ if ($use_acme && $global_sites_config['acme_dns_user'] != '' && $dns_server_id == $conf["server_id"]) {
+ $success = $app->system->_exec("(" . $letsencrypt_cmd . ") > /dev/null &", $allow_return_codes); // the code below seems not be needed, written on 13-02-2023. It can be removed if acme.sh with DNS-01 verification works well on single server setups.
+ /*$firstrun = true;
+ $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns');
+ $zonefile = $dns_config['bind_zonefiles_dir'].'/'. "pri." . $zonedomain;
+ $datalogfound = false;
+ while (!$datalogfound) {
+ if ($firstrun == true) {
+ $success = $app->system->_exec("(" . $letsencrypt_cmd . ") > /dev/null &", $allow_return_codes);
+ $firstrun = false;
+ }
+ $sql = "SELECT data FROM sys_datalog,server WHERE sys_datalog.server_id = \"1\" AND sys_datalog.datalog_id > server.updated AND sys_datalog.dbtable = 'dns_rr' AND data LIKE '%_acme-challenge%'";
+ $datalogs = $app->dbmaster->queryAllRecords($sql);
+ if (is_array($datalogs)) {
+ foreach ($datalogs as $datalog) {
+ $datalog = unserialize($datalog['data']);
+ $hostname = $datalog['new']['name'];
+ $data = $datalog['new']['data'];
+ $record = "\n" . $hostname . "." . $zonedomain . "." . " 3600 TXT \"" . $data . "\"";
+ $app->log("Found datalog for acme-challenge, appending to zonefile with record: " . $record, LOGLEVEL_DEBUG);
+ $app->system->file_put_contents($zonefile, $record);
+ }
+ $app->services->registerService('bind', 'dns_module', 'restartBind');
+ $app->services->restartService('bind', 'restart');
+ $app->log("Waiting for acme.sh script to finish.", LOGLEVEL_DEBUG);
+ sleep(60);
+ $datalogfound = true;
+ break;
+ } else {
+ $app->log("Can not find the datalog for the acme-challenge yet, waiting 20 seconds.", LOGLEVEL_DEBUG);
+ sleep(20);
+ }
+ }*/
+ } else {
+ $success = $app->system->_exec($letsencrypt_cmd, $allow_return_codes);
+ }
} else {
$app->log("Migration mode active, skipping Let's Encrypt SSL Cert creation for: $domain", LOGLEVEL_DEBUG);
$success = true;