diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 98e8abdf973a350278fe3d6539e122a9b38ddd58..ea0011b5a0cfa670a255486243b7a0804319d2b8 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -2,3 +2,79 @@ ALTER TABLE `sys_datalog` ADD `session_id` varchar(64) NOT NULL DEFAULT '' AFTER
 ALTER TABLE `sys_user` CHANGE `sys_userid` `sys_userid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by userid';
 ALTER TABLE `sys_user` CHANGE `sys_groupid` `sys_groupid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by groupid';
 ALTER TABLE `web_domain` ADD COLUMN `php_fpm_chroot` enum('n','y') NOT NULL DEFAULT 'n' AFTER `php_fpm_use_socket`;
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
+
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'comodo.com' WHERE `ca_issue` = 'comodoca.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'geotrust.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'thawte.com';
+UPDATE `dns_ssl_ca` SET `ca_name` = 'Symantec / Thawte / GeoTrust' WHERE `ca_issue` = 'symantec.com';
+
+ALTER TABLE `dns_rr` CHANGE `type` `type` ENUM('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
+ALTER TABLE `dns_rr` CHANGE `data` `data` TEXT NOT NULL;
+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 88eff32ff0943390562c6a17f2d6a7a397ce5186..c5212450399ce8496d7e22cf714095698b2a26f2 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -478,7 +478,6 @@ CREATE TABLE IF NOT EXISTS `directive_snippets` (
 -- 
 -- Table structure for table  `dns_rr`
 -- 
-
 CREATE TABLE `dns_rr` (
   `id` int(11) unsigned NOT NULL auto_increment,
   `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
@@ -489,7 +488,7 @@ CREATE TABLE `dns_rr` (
   `server_id` int(11) NOT NULL default '1',
   `zone` int(11) unsigned NOT NULL DEFAULT '0',
   `name` varchar(255) NOT NULL DEFAULT '',
-  `type` enum('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
+  `type` enum('A','AAAA','ALIAS','CNAME','CAA','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
   `data` TEXT NOT NULL,
   `aux` int(11) unsigned NOT NULL default '0',
   `ttl` int(11) unsigned NOT NULL default '3600',
@@ -525,6 +524,80 @@ CREATE TABLE `dns_slave` (
 
 -- --------------------------------------------------------
 
+-- 
+-- Table structure for table  `dns_ssl_ca`
+-- 
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
+
+INSERT INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+-- --------------------------------------------------------
+
 -- 
 -- Table structure for table  `dns_soa`
 -- 
diff --git a/interface/lib/classes/plugin_system_config_dns_ca.inc.php b/interface/lib/classes/plugin_system_config_dns_ca.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..d9a99496550d82e92e1663c0c383401edf3d45e8
--- /dev/null
+++ b/interface/lib/classes/plugin_system_config_dns_ca.inc.php
@@ -0,0 +1,91 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+	var $error = '';
+
+	function onShow() {
+		global $app;
+
+		$pluginTpl = new tpl;
+		$pluginTpl->newTemplate('templates/system_config_dns_ca_edit.htm');
+		include 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_system_config.lng';
+		$pluginTpl->setVar($wb);
+		$ca_id = $app->functions->intval($_GET['id']);
+		if(isset($_GET['action']) && ($_GET['action'] == 'edit') && $ca_id > 0) {
+			$pluginTpl->setVar('edit_record', 1);
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE id = ?", $ca_id);
+			$pluginTpl->setVar('id', $rec['id']);
+			$pluginTpl->setVar('ca_name', $rec['ca_name']);
+			$pluginTpl->setVar('ca_issue', $rec['ca_issue']);
+			$pluginTpl->setVar('ca_wildcard', $rec['ca_wildcard']);
+			$pluginTpl->setVar('ca_critical', $rec['ca_critical']);
+			$pluginTpl->setVar('ca_iodef', $rec['ca_iodef']);
+			$pluginTpl->setVar('active', $rec['active']);
+		} elseif(isset($_GET['action']) && ($_GET['action'] == 'save') && $ca_id > 0) {
+			$pluginTpl->setVar('edit_record', 0);
+			$pluginTpl->setVar('id', $ca_id);
+			$pluginTpl->setVar('ca_name', $app->functions->htmlentities($_POST['ca_name']));
+			$pluginTpl->setVar('ca_issue', $app->functions->htmlentities($_POST['ca_issue']));
+			$pluginTpl->setVar('ca_wildcard', $app->functions->htmlentities($_POST['ca_wildcard']));
+			$pluginTpl->setVar('ca_critical', $app->functions->htmlentities($_POST['ca_critical']));
+			$pluginTpl->setVar('ca_iodef', $app->functions->htmlentities($_POST['ca_iodef']));
+			$pluginTpl->setVar('active', $app->functions->htmlentities($_POST['active']));
+		} else {
+			$pluginTpl->setVar('edit_record', 0);
+		}
+
+		return $pluginTpl->grab();
+
+	}
+
+	function onUpdate() {
+		global $app;
+
+		$ca_id = $app->functions->intval($_GET['id']);
+		if(isset($_GET['action']) && $_GET['action'] == 'save') {
+			if($ca_id > 0) {
+				$app->db->query("UPDATE dns_ssl_ca SET ca_name = ?, ca_issue = ?, ca_wildcard = ?, ca_iodef = ?, active = ? WHERE id = ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active'], $ca_id);
+			} else {
+				$app->db->query("INSERT INTO (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, ca_name, ca_issue, ca_wildcard, ca_iodef, active) VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, ?, ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active']);
+			}
+		}
+	}
+
+}
+
+?>
diff --git a/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php b/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..6b82c06043bcb4942b9d03ad394675d9339690d1
--- /dev/null
+++ b/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php
@@ -0,0 +1,81 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca_list extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+
+	function onShow() {
+		global $app;
+
+		$listTpl = new tpl;
+		$listTpl->newTemplate('templates/system_config_dns_ca_list.htm');
+
+		//* Loading language file
+		$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_system_config.lng';
+		include $lng_file;
+		$listTpl->setVar($wb);
+		if($_SESSION['s']['user']['typ'] == 'admin') {
+			if(isset($_GET['action'])) { 
+				$ca_id = $app->functions->intval($_GET['id']);
+				if($_GET['action'] == 'delete' && $ca_id > 0) {
+					$app->db->query("DELETE FROM dns_ssl_ca WHERE id = ?",  $ca_id);
+				}
+			}
+		}
+
+		if(isset($_GET['action']) && $_GET['action'] == 'edit' && $_GET['id'] > 0) $listTpl->setVar('edit_record', 1);
+
+		// Getting Datasets from DB
+		$ca_records = $app->db->queryAllRecords("SELECT * FROM dns_ssl_ca ORDER BY ca_name ASC");
+		$records=array();
+		if(is_array($ca_records) && count($ca_records) > 0) {
+			foreach($ca_records as $ca) {
+				$rec['ca_id'] = $ca['id'];
+				$rec['name'] = $ca['ca_name'];
+				$rec['active'] = $ca['active'];
+				$records[] = $rec;
+				unset($rec);
+			}
+			$listTpl->setLoop('ca_records', @$records);
+		} 
+		$listTpl->setVar('parent_id', $this->form->id);
+
+		return $listTpl->grab();
+	}
+
+}
+
+?>
diff --git a/interface/lib/plugins/system_config_dns_ca_plugin.inc.php b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
new file mode 100644
index 0000000000000000000000000000000000000000..c35934e5bfa542b9d5540802100eec148306f74c
--- /dev/null
+++ b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
@@ -0,0 +1,103 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class system_config_dns_ca_plugin {
+
+	var $plugin_name = 'system_config_dns_ca_plugin';
+	var $class_name = 'system_config_dns_ca_plugin';
+
+	function onLoad() {
+		global $app;
+
+		$app->plugin->registerEvent('dns:dns_caa:on_after_update', 'system_config_dns_ca_plugin', 'caa_update');
+		$app->plugin->registerEvent('dns:dns_caa:on_after_insert', 'system_config_dns_ca_plugin', 'caa_update');
+
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_insert', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_update', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+	}
+
+	function caa_update($event_name, $page_form) {
+		global $app;
+
+		if(trim($page_form->dataRecord['additional'] != '')) {
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE id = ?", $page_form->id);
+			unset($rec['id']);
+			$zone = $app->db->queryOneRecord("SELECT origin FROM dns_soa WHERE id = ?", $rec['zone']);
+			$host=str_replace($zone['origin'], '', $page_form->dataRecord['name']);
+			$host=rtrim($host,'.');
+			$page_form->dataRecord['additional']=str_replace($host, '', $page_form->dataRecord['additional']);
+			$additional=explode(',', $page_form->dataRecord['additional']);
+			foreach($additional as $new) {
+				if($new != '') {
+					$insert_data = $rec;
+					$insert_data['name'] = $new.'.'.$zone['origin'];
+					$app->db->datalogInsert('dns_rr', $insert_data, 'id');
+				}
+			}
+		}
+	} 
+
+	function web_vhost_domain_edit($event_name, $page_form) {
+		global $app;
+
+		if($page_form->dataRecord['ssl_letsencrypt'] == 'y') {
+			$domain = $page_form->dataRecord['domain'];
+			$subdomain = $page_form->dataRecord['subdomain'];
+			$temp=$app->db->queryAllRecords("SELECT * FROM dns_rr WHERE type = 'CAA' AND (name = ? OR name = ?) AND data like ?", $domain.'.', $subdomain.'.'.$domain.'.', '%letsencrypt%');
+			if(count($temp) == 0) {
+				$caa = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE ca_issue = 'letsencrypt.org' AND active = 'Y'");
+				$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $domain.'.');
+				if(is_array($caa) && is_array($soa)) {
+					$records = array();
+					$records[] = $domain.'.';;
+					if($subdomain != '' && $subdomain != 'www') $records[] = $subdomain.'.'.$domain;
+					foreach($records as $record) {
+						$new_rr = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ?", $soa['origin']);
+						unset($new_rr['id']);
+						$new_rr['type'] = 'CAA';
+						$new_rr['name'] = $record;
+						$new_rr['data'] = "0 issue \"$caa[ca_issue]\"";
+						$new_rr['ttl'] = $soa['ttl'];
+						$new_rr['active'] = 'Y';
+				        $new_rr['stamp'] = date('Y-m-d H:i:s');
+		        		$new_rr['serial'] = $app->validate_dns->increase_serial($new_rr['serial']);
+				        $app->db->datalogInsert('dns_rr', $new_rr, 'id', $new_rr['zone']);
+						$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);
+						$new_serial = $app->validate_dns->increase_serial($zone['serial']);
+						$app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);
+					}
+				}
+			}
+		}
+	}
+
+} // End class
+
+?>
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 449805f3c17a179df4a468de3477fbc0336009cb..d718e4ef8221fe73788d8ab6fc2eaec82a692c75 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -730,5 +730,21 @@ $form["tabs"]['misc'] = array (
 	)
 );
 
+$form['tabs']['dns_ca'] = array (
+	'title'  => 'DNS CAs',
+	'width'  => 100,
+	'template'  => 'templates/system_config_dns_ca.htm',
+	'fields'  => array (),
+	'plugins' => array (
+		'dns_ca' => array (
+			'class'   => 'plugin_system_config_dns_ca',
+			'options' => array()
+		),
+		'dns_ca_list' => array (
+			'class'   => 'plugin_system_config_dns_ca_list',
+			'options' => array()
+		)
+	)
+);
 
 ?>
diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng
index 45fb0fa9e9a26d796f1b91a8697e84bbd4af64e7..6bebcf39ada5f9a2eac4ca9b21011f0d4eb440e2 100644
--- a/interface/web/admin/lib/lang/ar_system_config.lng
+++ b/interface/web/admin/lib/lang/ar_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng
index 2f4eb86d3c33b4dd414a8b76e97593903f11f949..8c3444e9cb8e234c6d4ac66d732e20476cffdc67 100644
--- a/interface/web/admin/lib/lang/bg_system_config.lng
+++ b/interface/web/admin/lib/lang/bg_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng
index 02e3249d5fd2a340904e10450b6086f30868e236..8b5b6d01648fc4aa82f28b6ca7854f933a0a26b8 100644
--- a/interface/web/admin/lib/lang/br_system_config.lng
+++ b/interface/web/admin/lib/lang/br_system_config.lng
@@ -79,6 +79,22 @@ $wb['default_mailserver_txt'] = 'Servidor de e-mails padrão';
 $wb['default_webserver_txt'] = 'Servidor web padrão';
 $wb['default_dnsserver_txt'] = 'Servidor dns padrão';
 $wb['default_slave_dnsserver_txt'] = 'Servidor dns secundário padrão';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA<E2><80><99>s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 $wb['default_dbserver_txt'] = 'Servidor de banco de dados padrão';
 $wb['No'] = 'Não';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng
index 5809cc97b2816aca52e978689f2f7ce8176d482d..ff46470f59300e51c7cc7577e34f53c06e734227 100644
--- a/interface/web/admin/lib/lang/ca_system_config.lng
+++ b/interface/web/admin/lib/lang/ca_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng
index 930e3ebbfb6b4f56ee6f7d2a5eb8b7a8d82da21a..4f0468833f428ea2cb4691cd193f966444300e7f 100644
--- a/interface/web/admin/lib/lang/cz_system_config.lng
+++ b/interface/web/admin/lib/lang/cz_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Vlastní text na přihlašovací stránce';
 $wb['custom_login_link_txt'] = 'Vlastní odkaz (URL) na přihlašovací stránce (vlastní text)';
 $wb['login_link_error_regex'] = 'Neplatný formát URL pro vlastní odkaz na přihlašovací stránce';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng
index 8620491ad4734f4a98ebb9271583ce5904301e97..0771322ef951a228046a932c1bdaa45875e34dfc 100644
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Wildcard verwenden';
+$wb['ca_critical_txt'] = 'Strikte Überprüfung'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktiv';
+$wb['btn_save_txt'] = 'Speichern';
+$wb['btn_cancel_txt'] = 'Abbrechen';
 ?>
diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng
index 2834cacad6e2acc15a3647a0e5b44f1408e386a0..5e96639d2c85f05ce1f9764093f859f1759af897 100644
--- a/interface/web/admin/lib/lang/dk_system_config.lng
+++ b/interface/web/admin/lib/lang/dk_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng
index 4dadc1290bfc36a9f31fa2a9f91bc3092e1c145d..0191eb85e7207440db7af224696387e0b8e23020 100644
--- a/interface/web/admin/lib/lang/el_system_config.lng
+++ b/interface/web/admin/lib/lang/el_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng
index 38f178f9f5ba58672db59073790ca7400e9caa50..29732e4169fe04cc2ab3cba6ce6e961b2f6eb758 100644
--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
@@ -84,4 +84,12 @@ $wb["reseller_can_use_options_txt"] = "Reseller can use the option-tab for websi
 $wb["custom_login_text_txt"] = "Custom Text on Login-Page";
 $wb["custom_login_link_txt"] = "Custom Link on Login-Page";
 $wb["login_link_error_regex"] = "Invalid Link for Custom Login";
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Active';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng
index cc81939cb389078cf90fa8c14caea505c378829e..21575571f000e3c10baa7b2317652b06be78ef27 100755
--- a/interface/web/admin/lib/lang/es_system_config.lng
+++ b/interface/web/admin/lib/lang/es_system_config.lng
@@ -81,4 +81,12 @@ $wb['webftp_url_txt'] = 'Enlace al cliente FTP por web';
 $wb['webmail_url_error_regex'] = 'Dirección del correo web inválida';
 $wb['webmail_url_note_txt'] = 'Marcador de posición:';
 $wb['webmail_url_txt'] = 'URL de correo web';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng
index c4987d01a3addf5ca64cea624c56e8eaa7c37cfd..7fe364c9720d69e3f75c5a38022e4bad45c7a24e 100644
--- a/interface/web/admin/lib/lang/fi_system_config.lng
+++ b/interface/web/admin/lib/lang/fi_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng
index 5892e3a269c698417280ce398730926011cfcda4..0d9d27d14f5ca068d14c78201208f1cd0743bb47 100644
--- a/interface/web/admin/lib/lang/fr_system_config.lng
+++ b/interface/web/admin/lib/lang/fr_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng
index e02ae57a20a6cc5baa655e7c45cc7c38459ab1b9..ba926e3a71d1bef8f3f0809916ef09f03e9cf2e0 100644
--- a/interface/web/admin/lib/lang/hr_system_config.lng
+++ b/interface/web/admin/lib/lang/hr_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng
index d26fc5be2dc52df07d71ff65dba9b981c8d8d1ef..9944f68b7895f9fdc8847172d25fe81bfd4fe575 100644
--- a/interface/web/admin/lib/lang/hu_system_config.lng
+++ b/interface/web/admin/lib/lang/hu_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng
index c865dff3d81619315d566ef3ee58501485606412..65c17683542c3db64cee43301b9db8f49533fbcf 100644
--- a/interface/web/admin/lib/lang/id_system_config.lng
+++ b/interface/web/admin/lib/lang/id_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng
index 396503f02e34087ddf62f4e40f568cb4a7639191..e3c4fcaae7a887bdece82aac6fb93ba9f8edf70a 100644
--- a/interface/web/admin/lib/lang/it_system_config.lng
+++ b/interface/web/admin/lib/lang/it_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng
index fc32081d962b0c6be9e19465b4514a67d1354c9b..ce16ad15bbef7e1ce47fca87e3b6c646c01c778a 100644
--- a/interface/web/admin/lib/lang/ja_system_config.lng
+++ b/interface/web/admin/lib/lang/ja_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng
index 5177888bb06b645358090a945a5d1835804ec48f..20df45f2bce860e08a7c21194fae4ea41e1e3fd6 100644
--- a/interface/web/admin/lib/lang/nl_system_config.lng
+++ b/interface/web/admin/lib/lang/nl_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng
index cea6345e63746e2eef461e50a332438bec11df64..1c51b949a763dd68e1680f09950cfadfc0c3e01c 100644
--- a/interface/web/admin/lib/lang/pl_system_config.lng
+++ b/interface/web/admin/lib/lang/pl_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng
index 24ff94fca278da5e3366db422e69bc1a701e7950..4a28e49a7507440f7ebd723ec3630d87a4f5b7f3 100644
--- a/interface/web/admin/lib/lang/pt_system_config.lng
+++ b/interface/web/admin/lib/lang/pt_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng
index b258ee18707b95d94d77a287fdc7e59effd758c5..efbc6bf2637a09042b4fa1a037fa6c0cff507955 100644
--- a/interface/web/admin/lib/lang/ro_system_config.lng
+++ b/interface/web/admin/lib/lang/ro_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng
index c1909f3ba66f2cf9fac5187d67f25722f1907807..301827893e4237e6014dd0be51537defbad8ea80 100644
--- a/interface/web/admin/lib/lang/ru_system_config.lng
+++ b/interface/web/admin/lib/lang/ru_system_config.lng
@@ -81,4 +81,20 @@ $wb['default_webserver_txt'] = 'Web-сервер по умолчанию';
 $wb['default_dnsserver_txt'] = 'DNS-сервер по умолчанию';
 $wb['default_slave_dnsserver_txt'] = 'Вторичный DNS-сервер по умолчанию';
 $wb['default_dbserver_txt'] = 'Сервер базы данных по умолчанию';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA<E2><80><99>s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng
index 285f7807e8c3f16867a4d3b2f0bfc15af7f29906..c9ccca89e996dca53e8104f12b98f03341416691 100644
--- a/interface/web/admin/lib/lang/se_system_config.lng
+++ b/interface/web/admin/lib/lang/se_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng
index be8789a80347ff34217022e783823f8f36a89719..fdeb1648c47e069b12b32533c1a0033338de5634 100644
--- a/interface/web/admin/lib/lang/sk_system_config.lng
+++ b/interface/web/admin/lib/lang/sk_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng
index 8f5bef0e4d4d2dde47393325292255a4685ed3cd..18657743ece3e2ed1d4cc1cffea4e4719c0e1e9d 100644
--- a/interface/web/admin/lib/lang/tr_system_config.lng
+++ b/interface/web/admin/lib/lang/tr_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/templates/system_config_dns_ca.htm b/interface/web/admin/templates/system_config_dns_ca.htm
new file mode 100644
index 0000000000000000000000000000000000000000..7f430a85e393b8b06b5ba120a9c2828211b85447
--- /dev/null
+++ b/interface/web/admin/templates/system_config_dns_ca.htm
@@ -0,0 +1,15 @@
+<h2><tmpl_var name="list_head_txt"></h2>
+<p><tmpl_var name="list_desc_txt"></p>
+<!--
+<div class="clear">
+	<div class="left">
+		<div class="buttonHolder buttons">
+			<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_new_txt'}" onClick="ISPConfig.changeTab('dns_ca','admin/system_config_edit.php?action=edit&id={tmpl_var name='id'}', true);">{tmpl_var name='btn_new_txt'}</button>
+		</div>
+	</div>
+</div>
+<br>
+-->
+{tmpl_var name='dns_ca'}
+{tmpl_var name='dns_ca_list'}
+<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/admin/templates/system_config_dns_ca_edit.htm b/interface/web/admin/templates/system_config_dns_ca_edit.htm
new file mode 100644
index 0000000000000000000000000000000000000000..739c3f93fea5c3dac21b9e902d6f9d02d7aa0de2
--- /dev/null
+++ b/interface/web/admin/templates/system_config_dns_ca_edit.htm
@@ -0,0 +1,41 @@
+<tmpl_if name="edit_record">
+<tmpl_if name="error">
+    <div style="background: #ffdfdf; border: 1px solid #df7d7d; border-width: 1px 0; margin: 1.5em 0 1.5em 0; padding: 7px;">{tmpl_var name='error'}</div>
+</tmpl_if>
+<input type="hidden" name="id" value="{tmpl_var name='id'}">
+<div class="form-group">
+	<label for="ca_name" class="col-sm-2 control-label">{tmpl_var name='ca_name_txt'}</label>
+	<div class='col-sm-6'><input type='text' class="form-control" name="ca_name" id="ca_name" value="{tmpl_var name='ca_name'}"/></div>
+</div>
+
+<div class="form-group">
+	<label for="ca_issue" class="col-sm-2 control-label">{tmpl_var name='ca_issue_txt'}</label>
+	<div class="col-sm-6"><input name="ca_issue" id="ca_issue" value="{tmpl_var name='ca_issue'}" size="" maxlength="" type="text" class="form-control" /></div>
+</div>
+
+<div class="form-group">
+    <label class="col-sm-2 control-label">{tmpl_var name='ca_wildcard_txt'}</label>
+	<div class="col-sm-6"><input type="checkbox" value="{tmpl_var name='ca_wildcard'}" id="ca_wildcard" name="ca_wildcard" <tmpl_if name='ca_wildcard' op='==' value='Y'>checked</tmpl_if> /></div>
+</div>
+
+<div class="form-group">
+    <label class="col-sm-2 control-label">{tmpl_var name='ca_critical_txt'}</label>
+	<div class="col-sm-6"><input type="checkbox" value="{tmpl_var name='ca_critical'}" id="ca_critical" name="ca_critical" <tmpl_if name='ca_critical'>checked</tmpl_if> /></div>
+</div>
+<!--
+<div class="form-group">
+	<label for="ca_iodef" class="col-sm-2 control-label">{tmpl_var name='ca_iodef_txt'}</label>
+	<div class="col-sm-6"><textarea class="form-control" name="ca_iodef" id="ca_iodef" rows='5' cols='30'>{tmpl_var name='ca_iodef'}</textarea></div>
+</div>
+-->
+<div class="form-group">
+    <label class="col-sm-2 control-label">{tmpl_var name='active_txt'}</label>
+	<div class="col-sm-6"><input type="checkbox" value="{tmpl_var name='active'}" id="active" name="active" <tmpl_if name='active' op='==' value='Y'>checked</tmpl_if> /></div>
+</div>
+
+</div>
+<div class="clear"><div class="right">
+	<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" onClick="ISPConfig.changeTab('dns_ca','admin/system_config_edit.php?action=save&id={tmpl_var name='id'}', true);"><span class="icon icon-edit"></span>{tmpl_var name='btn_save_txt'}</button>
+	<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="admin/users_list.php">{tmpl_var name='btn_cancel_txt'}</button>
+</div></div>
+</tmpl_if>
diff --git a/interface/web/admin/templates/system_config_dns_ca_list.htm b/interface/web/admin/templates/system_config_dns_ca_list.htm
new file mode 100644
index 0000000000000000000000000000000000000000..7af2b78d13c74bcc038bfda70c01deef34ecfce8
--- /dev/null
+++ b/interface/web/admin/templates/system_config_dns_ca_list.htm
@@ -0,0 +1,25 @@
+<tmpl_if name="edit_record">
+<tmpl_else>
+<table class="table">
+	<thead class="dark form-group-sm">
+		<tr>
+			<th data-column="active"><tmpl_var name="active_txt"></th>
+			<th data-column="name"><tmpl_var name="ca_name_txt"></th>
+			<th></th>
+		</tr>
+
+	</thead>
+	<tbody>
+		<tmpl_loop name="ca_records">
+			<tr>
+				<td>{tmpl_var name="active"}</td>
+				<td>{tmpl_var name="name"}</td>
+				<td class="text-right">
+ 					<button class="btn btn-default formbutton-default formbutton-narrow" type="button" onClick="ISPConfig.changeTab('dns_ca','admin/system_config_edit.php?action=edit&id={tmpl_var name='ca_id'}', true);"><span class="icon icon-edit"></span></button>
+					<button class="btn btn-default formbutton-danger formbutton-narrow" type="button" onClick="ISPConfig.changeTab('dns_ca','admin/system_config_edit.php?action=delete&id={tmpl_var name='ca_id'}', true);"><span class="icon icon-delete"></span></button>
+				</td>
+			</tr>
+		</tmpl_loop>
+	</tbody>
+</table>
+</tmpl_if>
diff --git a/interface/web/dns/ajax_get_json.php b/interface/web/dns/ajax_get_json.php
index c2da4dce631172dab52b487509e639da8a6988d2..1dd9c518f9480b3d54359f6bc57bdc7b07d81586 100644
--- a/interface/web/dns/ajax_get_json.php
+++ b/interface/web/dns/ajax_get_json.php
@@ -35,6 +35,7 @@ require_once '../../lib/app.inc.php';
 $app->auth->check_module_permissions('dns');
 
 $type = $_GET["type"];
+$ca_id = $app->functions->intval($_GET['ca_id']);
 
 if($type == 'get_ipv4'){
 	$result = array();
@@ -54,6 +55,17 @@ if($type == 'get_ipv6'){
 	$json = $app->functions->json_encode($result);
 }
 
+if($type == 'ca_wildcard'){
+	$json = '{';
+	$json .= '"ca_wildcard":"';
+	$tmp = $app->db->queryOneRecord("SELECT ca_wildcard, ca_issue, ca_critical FROM dns_ssl_ca WHERE id = ?", $ca_id);
+	$json .= $tmp['ca_wildcard'].'"';
+	$json .= ',"ca_issue":"'.$tmp['ca_issue'].'"';
+	$json .= ',"ca_critical":"'.$tmp['ca_critical'].'"';
+	unset($tmp);
+	$json .= '}';
+}
+
 header('Content-type: application/json');
 echo $json;
 ?>
diff --git a/interface/web/dns/dns_caa_edit.php b/interface/web/dns/dns_caa_edit.php
new file mode 100644
index 0000000000000000000000000000000000000000..c3d8618414a1148672c78dddb63eec23c3ee7f4c
--- /dev/null
+++ b/interface/web/dns/dns_caa_edit.php
@@ -0,0 +1,222 @@
+<?php
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$tform_def_file = 'form/dns_caa.tform.php';
+
+/******************************************
+* End Form configuration
+******************************************/
+
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
+
+// Loading classes
+$app->uses('tpl,tform,tform_actions,validate_dns');
+$app->load('tform_actions');
+
+class page_action extends tform_actions {
+
+	function onShowNew() {
+		global $app;
+		// we will check only users, not admins
+		if($_SESSION['s']['user']['typ'] == 'user') {
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION['s']['user']['default_group']);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another record.
+			if($client['limit_dns_record'] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp['number'] >= $client['limit_dns_record']) {
+					$app->error($app->tform->wordbook['limit_dns_record_txt']);
+				}
+			}
+		}
+
+		parent::onShowNew();
+	}
+
+	function onShowEnd() {
+		global $app;
+
+		$zone = @(!isset($this->dataRecord['zone']))?$app->functions->intval($_GET['zone']):$this->dataRecord['zone'];
+
+		// get domain-name
+		$sql = "SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
+		$soa = $app->db->queryOneRecord($sql, $zone);
+		$domain_name = rtrim($soa['origin'], '.');
+		$app->tpl->setVar('name', $domain_name);
+		if($this->id > 0) {
+			$temp = $this->dataRecord['name'];
+			$temp = str_replace($soa['origin'], '', $this->dataRecord['name']);
+			$temp = trim($temp,'.');
+			if(trim($temp != '')) $app->tpl->setVar('additional', $temp);
+			unset($temp);
+		}
+
+		//create ca-list
+		$rec = $app->db->QueryAllRecords("SELECT * FROM dns_ssl_ca WHERE active = 'Y' AND ca_issue != '' ORDER by ca_name ASC");
+		$ca_select = "<option value='0' >".$app->tform->wordbook['select_txt']."</option>";
+		if(count($rec) > 0) {
+			foreach($rec as $ca) {
+				if(strpos($this->dataRecord['data'], $ca['ca_issue']) !== FALSE) $selected = ' selected'; else $selected='';
+				$ca_select .= "<option value='$ca[id]'$selected>$ca[ca_name]</option>\r\n";
+			}
+		}
+		$app->tpl->setVar('ca_list', $ca_select);
+		$app->tpl->setVar('type', 'CAA');
+		if($this->id > 0) {
+			if(stristr($this->dataRecord['data'], 'issuewild') !== FALSE) $app->tpl->setVar('allow_wildcard', 'CHECKED'); else $app->tpl->setVar('allow_wildcard', 'UNCHECKED');
+			if(strpos($this->dataRecord['data'], '128') === 0) $app->tpl->setVar('allow_critical', 'CHECKED'); else $app->tpl->setVar('allow_critical', 'UNCHECKED');
+			$app->tpl->setVar('edit_disabled', 1);
+		} else {
+			$app->tpl->setVar('ttl', $soa['ttl']);
+		}
+
+		parent::onShowEnd();
+	}
+
+	function onSubmit() {
+		global $app;
+
+		// Check the client limits, if user is not the admin
+		if($_SESSION['s']['user']['typ'] != 'admin') { // if user is not admin
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION['s']['user']['default_group']);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another record.
+			if($this->id == 0 && $client['limit_dns_record'] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp['number'] >= $client['limit_dns_record']) {
+					$app->error($app->tform->wordbook['limit_dns_record_txt']);
+				}
+			}
+		} // end if user is not admin
+
+		// Check CA
+		if($this->dataRecord['ca_issue'] == '') $this->error('ca_error_txt');
+
+		// Get the parent soa record of the domain
+		$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);
+		$this->dataRecord['name'] = $soa['origin'];
+
+		// Check if Domain belongs to user
+		if($soa['id'] != $_POST['zone']) $this->error('no_zone_perm');
+
+		// Set the server ID of the rr record to the same server ID as the parent record.
+        $this->dataRecord['server_id'] = $soa['server_id'];
+		
+		// Set issue
+		$critical = 0; //* To use critical > 0, uncommented "<div class="critical form-group">" in the template
+		if(isset($this->dataRecord['allow_critical']) && $this->dataRecord['allow_critical'] == 'on' && isset($this->dataRecord['ca_critical']) && $this->dataRecord['ca_critical'] == 1) $critical = 128;
+		if(isset($this->dataRecord['allow_wildcard']) && $this->dataRecord['allow_wildcard'] == "on") {
+			$this->dataRecord['data'] = $critical.' issuewild "'.$this->dataRecord['ca_issue'];
+		} else {
+			$this->dataRecord['data'] = $critical.' issue "'.$this->dataRecord['ca_issue'];
+		}
+		unset($critical);
+		if(isset($this->dataRecord['options']) && $this->dataRecord['options'] != '') {
+			$options=explode(',', $this->dataRecord['options']);
+			foreach($options as $option) {
+				if(trim($option) != '') {
+					if(preg_match('/^(\w+|d\+)=(\w+|d\+)/', $option)) {
+						$this->dataRecord['data'] = $this->dataRecord['data'] . '; '.$option;
+					} else {
+						$this->error('ca_option_error');
+					}
+				}
+			}
+		}
+		$this->dataRecord['data'] = $this->dataRecord['data'].'"';
+
+		// Set name
+		if($this->dataRecord['additional'] != '') {
+			$temp = explode(',', $this->dataRecord['additional'])[0]; // if we have more hostnames the interface-plugin will be used
+			$temp = trim($temp,'.');
+			if(trim($temp != '')) $this->dataRecord['name'] = $temp.'.'.$this->dataRecord['name'];
+			unset($temp);
+		}
+
+		// Check for duplicate
+		$temp = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE type = 'CAA' AND name = ? AND data = ? AND active = ?", $this->dataRecord['name'], $this->dataRecord['data'], $POST['active']);
+		if(is_array($temp)) $this->error('caa_exists_error');
+		unset($temp);
+		
+		// Update the serial number  and timestamp of the RR record
+		$dns_rr = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
+		$this->dataRecord['serial'] = $app->validate_dns->increase_serial($dns_rr['serial']);
+		$this->dataRecord['stamp'] = date('Y-m-d H:i:s');
+
+		parent::onSubmit();
+	}
+
+	function onAfterInsert() {
+		global $app;
+
+		//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
+		$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord['zone']);
+		$app->db->datalogUpdate('dns_rr', array('sys_groupid' => $soa['sys_groupid']), 'id', $this->id);
+
+		//* Update the serial number of the SOA record
+		$soa_id = $app->functions->intval($_POST["zone"]);
+		$serial = $app->validate_dns->increase_serial($soa['serial']);
+		$app->db->datalogUpdate('dns_soa', array('serial' => $serial), 'id', $soa_id);
+
+	}
+
+	function onAfterUpdate() {
+		global $app;
+
+		//* Update the serial number of the SOA record
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord['zone']);
+		$soa_id = $app->functions->intval($_POST['zone']);
+		$serial = $app->validate_dns->increase_serial($soa['serial']);
+		$app->db->datalogUpdate('dns_soa', array('serial' => $serial), 'id', $soa_id);
+	}
+
+	private function error($errmsg) {
+		global $app;
+		if (isset($app->tform->errorMessage)) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
+		$app->tform->errorMessage .= $app->tform->wordbook[$errmsg];
+	}
+
+}
+
+$page = new page_action;
+$page->onLoad();
+
+?>
diff --git a/interface/web/dns/form/dns_caa.tform.php b/interface/web/dns/form/dns_caa.tform.php
new file mode 100644
index 0000000000000000000000000000000000000000..aa297f29d77bd3a8018d25027fdefae628fedeb7
--- /dev/null
+++ b/interface/web/dns/form/dns_caa.tform.php
@@ -0,0 +1,117 @@
+<?php
+
+global $app;
+
+$form['title'] = 'DNS CAA Record';
+$form['description'] = '';
+$form['name'] = 'dns_caa';
+$form['action'] = 'dns_caa_edit.php';
+$form['db_table'] = 'dns_rr';
+$form['db_table_idx'] = 'id';
+$form['db_history'] = 'yes';
+$form['tab_default'] = 'dns';
+$form['list_default'] = 'dns_a_list.php';
+$form['auth'] = 'yes';
+
+$form['auth_preset']['userid']  = 0;
+$form['auth_preset']['groupid'] = 0;
+$form['auth_preset']['perm_user'] = 'riud';
+$form['auth_preset']['perm_group'] = 'riud';
+$form['auth_preset']['perm_other'] = '';
+
+$form['tabs']['dns'] = array (
+	'title'  => 'DNS CAA',
+	'width'  => 100,
+	'template'  => 'templates/dns_caa_edit.htm',
+	'fields'  => array (
+		'server_id' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'SELECT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'zone' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'default' => @$app->functions->intval($_REQUEST['zone']),
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'name' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'filters'   => array( 0 => array( 'event' => 'SAVE',
+					'type' => 'IDNTOASCII'),
+				1 => array( 'event' => 'SHOW',
+					'type' => 'IDNTOUTF8'),
+				2 => array( 'event' => 'SAVE',
+					'type' => 'TOLOWER')
+			),
+			'validators' => array (  0 => array ( 'type' => 'REGEX',
+					'regex' => '/^[a-zA-Z0-9\.\-\_]{0,255}$/',
+					'errmsg'=> 'name_error_regex'),
+			),
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'type' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => 'CAA',
+			'value'  => '',
+			'width'  => '5',
+			'maxlength' => '5'
+		),
+		'data' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'ttl' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'validators' => array ( 0 => array ( 'type' => 'RANGE',
+							'range' => '60:',
+							'errmsg'=> 'ttl_range_error'),
+			),
+			'default' => '3600',
+			'value'  => '',
+			'width'  => '10',
+			'maxlength' => '10'
+		),
+		'active' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'Y',
+			'value'  => array(0 => 'N', 1 => 'Y')
+		),
+		'stamp' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'serial' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '10',
+			'maxlength' => '10'
+		),
+	)
+);
+
+
+
+?>
diff --git a/interface/web/dns/lib/lang/ar_dns_caa.lng b/interface/web/dns/lib/lang/ar_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/ar_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/bg_dns_caa.lng b/interface/web/dns/lib/lang/bg_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/bg_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/br_dns_caa.lng b/interface/web/dns/lib/lang/br_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/br_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ca_dns_caa.lng b/interface/web/dns/lib/lang/ca_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/ca_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/cz_dns_caa.lng b/interface/web/dns/lib/lang/cz_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/cz_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/de_dns_caa.lng b/interface/web/dns/lib/lang/de_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..88dbf6e47aa2b8490718b46defad6b761169fa1e
--- /dev/null
+++ b/interface/web/dns/lib/lang/de_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Zertifizierungsstelle';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'zusätzliche Hostnamen';
+$wb['ca_hostname_note_txt'] = '(mit Komma getrennte Liste - leer für alle Namen)';
+$wb['ca_options_txt'] = 'zusätzliche Angaben';
+$wb['ca_options_note_txt'] = 'von der Zertifizierungsstelle vorgegeben (mit Komma getrennte Liste)';
+$wb['ca_wildcard_txt'] = 'Wildcard verwenden';
+$wb['ca_critical_txt'] = 'Strikte Überprüfung durch die Zertifizierungsstelle'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Aktiv';
+$wb['select_txt'] = 'Zertifizierungstelle auswählen';
+$wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
+$wb['limit_dns_record_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
+$wb['ca_error_txt'] = 'Keine Zertifizierungsstelle gewählt';
+$wb['caa_exists_error'] = 'Eintrag bereits vorhanden';
+$wb['ca_option_error'] = 'Ungültiges Format für zusätzliche Angaben. OPTION=WERT';
+$wb['ttl_range_error'] = 'Min. TTL ist 60 Sekunden.';
+?>
diff --git a/interface/web/dns/lib/lang/dk_dns_caa.lng b/interface/web/dns/lib/lang/dk_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/dk_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/el_dns_caa.lng b/interface/web/dns/lib/lang/el_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..1fa7dcb7d579d3913038504ed9dff698bb747402
--- /dev/null
+++ b/interface/web/dns/lib/lang/el_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/en_dns_caa.lng b/interface/web/dns/lib/lang/en_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/en_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/es_dns_caa.lng b/interface/web/dns/lib/lang/es_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/es_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/fi_dns_caa.lng b/interface/web/dns/lib/lang/fi_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/fi_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/fr_dns_caa.lng b/interface/web/dns/lib/lang/fr_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/fr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/hr_dns_caa.lng b/interface/web/dns/lib/lang/hr_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/hr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/hu_dns_caa.lng b/interface/web/dns/lib/lang/hu_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/hu_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/id_dns_caa.lng b/interface/web/dns/lib/lang/id_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/id_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/it_dns_caa.lng b/interface/web/dns/lib/lang/it_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/it_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ja_dns_caa.lng b/interface/web/dns/lib/lang/ja_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/ja_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/nl_dns_caa.lng b/interface/web/dns/lib/lang/nl_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/nl_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/pl_dns_caa.lng b/interface/web/dns/lib/lang/pl_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/pl_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/pt_dns_caa.lng b/interface/web/dns/lib/lang/pt_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/pt_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ro_dns_caa.lng b/interface/web/dns/lib/lang/ro_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/ro_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ru_dns_caa.lng b/interface/web/dns/lib/lang/ru_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/ru_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/se_dns_caa.lng b/interface/web/dns/lib/lang/se_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/se_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/sk_dns_caa.lng b/interface/web/dns/lib/lang/sk_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/sk_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/tr_dns_caa.lng b/interface/web/dns/lib/lang/tr_dns_caa.lng
new file mode 100644
index 0000000000000000000000000000000000000000..bf5b2ac8e1a8a4c34a001ffc843e1338bf54d3ce
--- /dev/null
+++ b/interface/web/dns/lib/lang/tr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
index 748bc405d82072d25aa4183b2259368c04f58ed2..1c6999511d1280b8c015b422bed9435a6cf5485b 100644
--- a/interface/web/dns/list/dns_a.list.php
+++ b/interface/web/dns/list/dns_a.list.php
@@ -132,7 +132,7 @@ $liste["item"][] = array( 'field'  => "type",
 	'prefix' => "",
 	'suffix' => "",
 	'width'  => "",
-	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'DS'=>'DS', 'HINFO'=>'HINFO', 'LOC'=>'LOC', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
+	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CAA'=>'CAA', 'CNAME'=>'CNAME', 'DS'=>'DS', 'HINFO'=>'HINFO', 'LOC'=>'LOC', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
 
 
 ?>
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index b8d57401bb63e78a5fd168b7297690301d6c2325..67bf8ac910ff7e2485cad9c35590e6e6684e26b3 100644
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -20,6 +20,7 @@
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_a_edit.php?zone={tmpl_var name='parent_id'}">A</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_aaaa_edit.php?zone={tmpl_var name='parent_id'}">AAAA</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_alias_edit.php?zone={tmpl_var name='parent_id'}">ALIAS</button>
+            <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_caa_edit.php?zone={tmpl_var name='parent_id'}">CAA</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_cname_edit.php?zone={tmpl_var name='parent_id'}">CNAME</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_dkim_edit.php?zone={tmpl_var name='parent_id'}">DKIM</button>
 			<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_ds_edit.php?zone={tmpl_var name='parent_id'}">DS</button>
diff --git a/interface/web/dns/templates/dns_caa_edit.htm b/interface/web/dns/templates/dns_caa_edit.htm
new file mode 100644
index 0000000000000000000000000000000000000000..3de64818b4936ae902004b53de139742c3187e81
--- /dev/null
+++ b/interface/web/dns/templates/dns_caa_edit.htm
@@ -0,0 +1,74 @@
+<div class='page-header'><h1><tmpl_var name="list_head_txt"></h1></div>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<div class="form-group">
+	<label for="ca_list" class="col-sm-2 control-label">{tmpl_var name='ca_list_txt'}</label>
+	<div class="col-sm-4"><select name="ca_list" id="ca_list" class="form-control">{tmpl_var name='ca_list'}</select></div>
+</div>
+
+<div class="wildcard form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='ca_wildcard_txt'}</label>
+	<div class="col-sm-4"> <input type="checkbox" id="allow_wildcard" name="allow_wildcard" {tmpl_var name='allow_wildcard'}/></div>
+</div>
+
+<!--
+For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+<div class="critical form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='ca_critical_txt'}</label>
+	<div class="col-sm-4"> <input type="checkbox" id="allow_critical" name="allow_critical" {tmpl_var name='allow_critical'}/></div>
+</div>
+-->
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_domain_txt'}</label>
+	<div class="col-sm-4"><input disabled type="text" name="name" id="name" value="{tmpl_var name='name'}" class="form-control" /></div>
+</div>
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_hostname_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="additional" id="additional" value="{tmpl_var name='additional'}" class="form-control" <tmpl_if name="edit_disabled">readonly</tmpl_if> /> </div>
+	<div class="input-sm">{tmpl_var name='ca_hostname_note_txt'}</div>
+</div>
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_options_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="options" id="options" value="{tmpl_var name='options'}" class="form-control" /></div>
+	<div class="input-sm">{tmpl_var name='ca_options_note_txt'}</div>
+</div>
+
+<div class="form-group">
+	<label for="ttl" class="col-sm-2 control-label">{tmpl_var name='ttl_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="ttl" id="ttl" value="{tmpl_var name='ttl'}" class="form-control" /></div>
+</div>
+
+<div class="form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='active_txt'}</label>
+	<div class="col-sm-4">{tmpl_var name='active'}</div>
+</div>
+
+<input type="hidden" name="id" value="{tmpl_var name='id'}">
+<input type="hidden" name="zone" value="{tmpl_var name='zone'}" id="zone">
+<input type="hidden" name="type" value="{tmpl_var name='type'}">
+<input type="hidden" name="ca_issue" value="{tmpl_var name='ca_issue'}">
+<input type="hidden" name="ca_critical" value="{tmpl_var name='ca_critical'}">
+
+<div class="clear"><div class="right">
+	<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="dns/dns_caa_edit.php">{tmpl_var name='btn_save_txt'}</button>
+	<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='zone'}">{tmpl_var name='btn_cancel_txt'}</button>
+</div></div>
+
+<script language="JavaScript" type="text/javascript">
+	$(document).ready(function() { reloadForm(); });
+	jQuery('#ca_list').change(function(){ reloadForm(); });
+	function reloadForm(){
+		var caID = jQuery('#ca_list').val();
+		jQuery.getJSON('dns/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {ca_id : caID, type : "ca_wildcard"}, function(data) {
+			if(data.ca_wildcard == "Y"){ jQuery('.wildcard').show(); } else { jQuery('.wildcard').hide(); }
+			if(data.ca_critical == "1"){ jQuery('.critical').show(); } else { jQuery('.critical').hide(); }
+			$('input[name="ca_issue"]').val(data.ca_issue);
+			$('input[name="ca_critical"]').val(data.ca_critical);
+		});
+	}
+</script>
+
+
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 19e4c4c23b69f9bc259843ed241a691622a9854b..8d43e21fad758459d3013ecb9e90b6005e010711 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -275,7 +275,6 @@ class page_action extends tform_actions {
 			// add limits to template to be able to hide settings
 			foreach($read_limits as $limit) $app->tpl->setVar($limit, $client[$limit]);
 
-
 			//* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
 		} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
 
@@ -940,6 +939,13 @@ class page_action extends tform_actions {
 			}
 		}
 		$app->tpl->setLoop('folder_directive_snippets', $folder_directive_snippets);
+		if(is_array($web_config[$server_id])) {
+			$app->tpl->setVar('is_spdy_enabled', ($web_config[$server_id]['enable_spdy'] === 'y'));
+			$app->tpl->setVar('is_pagespeed_enabled', ($web_config[$server_id]['nginx_enable_pagespeed']));
+		} else {
+			$app->tpl->setVar('is_spdy_enabled', ($web_config['enable_spdy'] === 'y'));
+			$app->tpl->setVar('is_pagespeed_enabled', ($web_config['nginx_enable_pagespeed']));
+		}
 
 		parent::onShowEnd();
 	}
diff --git a/server/conf/bind_pri.domain.master b/server/conf/bind_pri.domain.master
index ed395064af5490be0a11aafeac61a67a9ef99d2e..fb867901dc2848506db0790c5ce076e92d2326ab 100644
--- a/server/conf/bind_pri.domain.master
+++ b/server/conf/bind_pri.domain.master
@@ -20,6 +20,9 @@ $TTL        {tmpl_var name='ttl'}
 <tmpl_if name="type" op='==' value='ALIAS'>
 {tmpl_var name='name'} {tmpl_var name='ttl'}      CNAME        {tmpl_var name='data'}
 </tmpl_if>
+<tmpl_if name="type" op='==' value='CAA'>
+{tmpl_var name='name'} {tmpl_var name='ttl'}      CAA       {tmpl_var name='data'}
+</tmpl_if>
 <tmpl_if name="type" op='==' value='CNAME'>
 {tmpl_var name='name'} {tmpl_var name='ttl'}      CNAME        {tmpl_var name='data'}
 </tmpl_if>
@@ -53,5 +56,9 @@ $TTL        {tmpl_var name='ttl'}
 <tmpl_if name="type" op='==' value='TXT'>
 {tmpl_var name='name'} {tmpl_var name='ttl'}      TXT        "{tmpl_var name='data'}"
 </tmpl_if>
+<tmpl_if name="type" op='==' value='TYPE257'>
+{tmpl_var name='name'} {tmpl_var name='ttl'}      TYPE257        {tmpl_var name='data'}
+</tmpl_if>
 </tmpl_loop>
 
+
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index 23856f0c8661f3317f4beaa91f2fb20c92ac93c2..edf7b93d9f1ea62f8b314a62b73c77f15e5ca678 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -236,6 +236,17 @@ class bind_plugin {
 		//* load the server configuration options
 		$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns');
 
+		//* Get the bind version
+		$bind_caa = false;
+        $bind = explode("\n", shell_exec('which named bind'));
+        $bind = reset($bind);
+        if(is_executable($bind)) {
+			exec($bind . ' -v 2>&1', $tmp);
+			$bind_caa = @(version_compare($tmp[0],"BIND 9.9.6", '>='))?true:false;
+			unset($tmp);
+		}
+		unset($bind);
+
 		//* Write the domain file
 		if(!empty($data['new']['id'])) {
 			$tpl = new tpl();
@@ -253,6 +264,19 @@ class bind_plugin {
 					if($records[$i]['type'] == 'TXT' && strlen($records[$i]['data']) > 255) {
 						$records[$i]['data'] = implode('" "',str_split( $records[$i]['data'], 255));
 					}
+					//* CAA-Records - Type257 for older bind-versions
+					if($records[$i]['type'] == 'CAA' && !$bind_caa) {
+						$records[$i]['type'] = 'TYPE257';
+						$temp = explode(' ', $records[$i]['data']);
+						unset($temp[0]);
+						$records[$i]['data'] = implode(' ', $temp);
+						$data_new = str_replace(array('"', ' '), '', $records[$i]['data']);
+						$hex = unpack('H*', $data_new);
+						$hex[1] = '0005'.strtoupper($hex[1]);
+						$length = strlen($hex[1])/2;
+						$data_new = "\# $length $hex[1]";
+						$records[$i]['data'] = $data_new;
+					}
 				}
 			}
 			$tpl->setLoop('zones', $records);