From 22ee123ef8556a871aa9c20f6f39cb84bb31d79f Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Tue, 12 Dec 2017 22:56:00 +0100
Subject: [PATCH] Option to exclude sub/aliasdomains from LetsEncrypt,
 implements #4880

---
 install/sql/incremental/upd_dev_collection.sql         | 1 +
 install/sql/ispconfig3.sql                             | 1 +
 interface/web/sites/form/web_childdomain.tform.php     | 6 ++++++
 interface/web/sites/lib/lang/de_web_childdomain.lng    | 1 +
 interface/web/sites/lib/lang/en_web_childdomain.lng    | 1 +
 interface/web/sites/templates/web_childdomain_edit.htm | 8 ++++++++
 server/lib/classes/letsencrypt.inc.php                 | 4 ++--
 7 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index e69de29bb2..2458724d2e 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -0,0 +1 @@
+ALTER TABLE `web_domain` ADD COLUMN `ssl_letsencrypt_exclude` enum('n','y') NOT NULL DEFAULT 'n' AFTER `ssl_letsencrypt`;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 43cbc367bd..11755a34b9 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1943,6 +1943,7 @@ CREATE TABLE `web_domain` (
   `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n',
   `ssl` enum('n','y') NOT NULL default 'n',
   `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n',
+  `ssl_letsencrypt_exclude` enum('n','y') NOT NULL DEFAULT 'n',
   `ssl_state` varchar(255) NULL,
   `ssl_locality` varchar(255) NULL,
   `ssl_organisation` varchar(255) NULL,
diff --git a/interface/web/sites/form/web_childdomain.tform.php b/interface/web/sites/form/web_childdomain.tform.php
index 09145f9768..02480db428 100644
--- a/interface/web/sites/form/web_childdomain.tform.php
+++ b/interface/web/sites/form/web_childdomain.tform.php
@@ -133,6 +133,12 @@ $form["tabs"]['domain'] = array (
 			'width'  => '30',
 			'maxlength' => '255'
 		),
+		'ssl_letsencrypt_exclude' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'n',
+			'value'  => array(0 => 'n', 1 => 'y')
+		),
 		'active' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',
diff --git a/interface/web/sites/lib/lang/de_web_childdomain.lng b/interface/web/sites/lib/lang/de_web_childdomain.lng
index bb17039fbe..c30225a71e 100644
--- a/interface/web/sites/lib/lang/de_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/de_web_childdomain.lng
@@ -115,4 +115,5 @@ $wb['available_php_directive_snippets_txt'] = 'VerfÃ¼gbare PHP-Direktiven-Schnip
 $wb['available_apache_directive_snippets_txt'] = 'VerfÃ¼gbare Apache-Direktiven-Schnipsel:';
 $wb['available_nginx_directive_snippets_txt'] = 'VerfÃ¼gbare nginx-Direktiven-Schnipsel:';
 $wb['Domain'] = 'Aliasdomain';
+$wb['ssl_letsencrypt_exclude_txt'] = 'Nicht in Let\'s Encrypt Zertifikat aufnehmen';
 ?>
diff --git a/interface/web/sites/lib/lang/en_web_childdomain.lng b/interface/web/sites/lib/lang/en_web_childdomain.lng
index cd033ae573..cd9afca551 100644
--- a/interface/web/sites/lib/lang/en_web_childdomain.lng
+++ b/interface/web/sites/lib/lang/en_web_childdomain.lng
@@ -115,4 +115,5 @@ $wb['available_php_directive_snippets_txt'] = 'Available PHP Directive Snippets:
 $wb['available_apache_directive_snippets_txt'] = 'Available Apache Directive Snippets:';
 $wb['available_nginx_directive_snippets_txt'] = 'Available nginx Directive Snippets:';
 $wb['Domain'] = 'Aliasdomain';
+$wb['ssl_letsencrypt_exclude_txt'] = 'Don\'t add to Let\'s Encrypt certificate';
 ?>
diff --git a/interface/web/sites/templates/web_childdomain_edit.htm b/interface/web/sites/templates/web_childdomain_edit.htm
index 5165c32687..4836f4a65c 100644
--- a/interface/web/sites/templates/web_childdomain_edit.htm
+++ b/interface/web/sites/templates/web_childdomain_edit.htm
@@ -67,6 +67,14 @@
                 <div class="col-sm-9"><select name="seo_redirect" id="seo_redirect" class="form-control">
                     {tmpl_var name='seo_redirect'}
                 </select></div>
+            </div>
+			</tmpl_if>
+			<tmpl_if name="limit_ssl_letsencrypt" op="==" value="y">
+				<div class="form-group">
+                <label class="col-sm-3 control-label">{tmpl_var name='ssl_letsencrypt_exclude_txt'}</label>
+                <div class="col-sm-9">
+                    {tmpl_var name='ssl_letsencrypt_exclude'}
+                </div>
             </div>
 			</tmpl_if>
             <div class="form-group">
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index efd60310b4..12e43a9d5b 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -203,7 +203,7 @@ class letsencrypt {
 		}
 
 		//* then, add subdomain if we have
-		$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'");
+		$subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain' AND ssl_letsencrypt_exclude != 'y'");
 		if(is_array($subdomains)) {
 			foreach($subdomains as $subdomain) {
 				$temp_domains[] = $subdomain['domain'];
@@ -211,7 +211,7 @@ class letsencrypt {
 		}
 		
 		//* then, add alias domain if we have
-		$aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'");
+		$aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias' AND ssl_letsencrypt_exclude != 'y'");
 		if(is_array($aliasdomains)) {
 			foreach($aliasdomains as $aliasdomain) {
 				$temp_domains[] = $aliasdomain['domain'];
-- 
GitLab