From e2940f4c1b3029a0e9a07e95836d9d16d6fed72d Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Sun, 24 Feb 2019 11:26:24 +0100
Subject: [PATCH] Backport CAA record feature from 3.2 to 3.1.14 (Fixes #5249)

---
 .../sql/incremental/upd_dev_collection.sql    |  75 ++++++
 install/sql/ispconfig3.sql                    |  81 ++++++-
 .../plugin_system_config_dns_ca.inc.php       |  91 +++++++
 .../plugin_system_config_dns_ca_list.inc.php  |  81 +++++++
 .../system_config_dns_ca_plugin.inc.php       | 103 ++++++++
 .../web/admin/form/system_config.tform.php    |  16 ++
 .../web/admin/lib/lang/ar_system_config.lng   |   8 +
 .../web/admin/lib/lang/bg_system_config.lng   |   8 +
 .../web/admin/lib/lang/br_system_config.lng   |  28 ++-
 .../web/admin/lib/lang/ca_system_config.lng   |   8 +
 .../web/admin/lib/lang/cz_system_config.lng   |   8 +
 .../web/admin/lib/lang/de_system_config.lng   |  10 +
 .../web/admin/lib/lang/dk_system_config.lng   |   8 +
 .../web/admin/lib/lang/el_system_config.lng   |   8 +
 .../web/admin/lib/lang/en_system_config.lng   |   8 +
 .../web/admin/lib/lang/es_system_config.lng   |   8 +
 .../web/admin/lib/lang/fi_system_config.lng   |   8 +
 .../web/admin/lib/lang/fr_system_config.lng   |   8 +
 .../web/admin/lib/lang/hr_system_config.lng   |   8 +
 .../web/admin/lib/lang/hu_system_config.lng   |   8 +
 .../web/admin/lib/lang/id_system_config.lng   |   8 +
 .../web/admin/lib/lang/it_system_config.lng   |   8 +
 .../web/admin/lib/lang/ja_system_config.lng   |   8 +
 .../web/admin/lib/lang/nl_system_config.lng   |   8 +
 .../web/admin/lib/lang/pl_system_config.lng   |   8 +
 .../web/admin/lib/lang/pt_system_config.lng   |   8 +
 .../web/admin/lib/lang/ro_system_config.lng   |   8 +
 .../web/admin/lib/lang/ru_system_config.lng   |  13 +-
 .../web/admin/lib/lang/se_system_config.lng   |   8 +
 .../web/admin/lib/lang/sk_system_config.lng   |   8 +
 .../web/admin/lib/lang/tr_system_config.lng   |   8 +
 interface/web/dns/ajax_get_json.php           |  12 +
 interface/web/dns/dns_caa_edit.php            | 222 ++++++++++++++++++
 interface/web/dns/form/dns_caa.tform.php      | 117 +++++++++
 interface/web/dns/lib/lang/ar_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/bg_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/br_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/ca_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/cz_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/de_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/dk_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/el_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/en_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/es_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/fi_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/fr_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/hr_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/hu_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/id_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/it_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/ja_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/nl_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/pl_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/pt_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/ro_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/ru_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/se_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/sk_dns_caa.lng     |  19 ++
 interface/web/dns/lib/lang/tr_dns_caa.lng     |  19 ++
 interface/web/dns/list/dns_a.list.php         |   2 +-
 interface/web/dns/templates/dns_a_list.htm    |   1 +
 interface/web/dns/templates/dns_caa_edit.htm  |  74 ++++++
 62 files changed, 1563 insertions(+), 14 deletions(-)
 create mode 100644 interface/lib/classes/plugin_system_config_dns_ca.inc.php
 create mode 100644 interface/lib/classes/plugin_system_config_dns_ca_list.inc.php
 create mode 100644 interface/lib/plugins/system_config_dns_ca_plugin.inc.php
 create mode 100644 interface/web/dns/dns_caa_edit.php
 create mode 100644 interface/web/dns/form/dns_caa.tform.php
 create mode 100644 interface/web/dns/lib/lang/ar_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/bg_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/br_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/ca_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/cz_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/de_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/dk_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/el_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/en_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/es_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/fi_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/fr_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/hr_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/hu_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/id_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/it_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/ja_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/nl_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/pl_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/pt_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/ro_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/ru_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/se_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/sk_dns_caa.lng
 create mode 100644 interface/web/dns/lib/lang/tr_dns_caa.lng
 create mode 100644 interface/web/dns/templates/dns_caa_edit.htm

diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 98e8abdf97..45d5a2e007 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -2,3 +2,78 @@ ALTER TABLE `sys_datalog` ADD `session_id` varchar(64) NOT NULL DEFAULT '' AFTER
 ALTER TABLE `sys_user` CHANGE `sys_userid` `sys_userid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by userid';
 ALTER TABLE `sys_user` CHANGE `sys_groupid` `sys_groupid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by groupid';
 ALTER TABLE `web_domain` ADD COLUMN `php_fpm_chroot` enum('n','y') NOT NULL DEFAULT 'n' AFTER `php_fpm_use_socket`;
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
+
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'comodo.com' WHERE `ca_issue` = 'comodoca.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'geotrust.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'thawte.com';
+UPDATE `dns_ssl_ca` SET `ca_name` = 'Symantec / Thawte / GeoTrust' WHERE `ca_issue` = 'symantec.com';
+
+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+ALTER TABLE `dns_rr` CHANGE `type` `type` ENUM('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 88eff32ff0..757247392f 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -489,7 +489,7 @@ CREATE TABLE `dns_rr` (
   `server_id` int(11) NOT NULL default '1',
   `zone` int(11) unsigned NOT NULL DEFAULT '0',
   `name` varchar(255) NOT NULL DEFAULT '',
-  `type` enum('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
+  `type` enum('A','AAAA','ALIAS','CNAME','CAA','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
   `data` TEXT NOT NULL,
   `aux` int(11) unsigned NOT NULL default '0',
   `ttl` int(11) unsigned NOT NULL default '3600',
@@ -525,6 +525,85 @@ CREATE TABLE `dns_slave` (
 
 -- --------------------------------------------------------
 
+-- 
+-- Table structure for table  `dns_ssl_ca`
+-- 
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
+
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'comodo.com' WHERE `ca_issue` = 'comodoca.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'geotrust.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'thawte.com';
+UPDATE `dns_ssl_ca` SET `ca_name` = 'Symantec / Thawte / GeoTrust' WHERE `ca_issue` = 'symantec.com';
+
+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+-- --------------------------------------------------------
+
 -- 
 -- Table structure for table  `dns_soa`
 -- 
diff --git a/interface/lib/classes/plugin_system_config_dns_ca.inc.php b/interface/lib/classes/plugin_system_config_dns_ca.inc.php
new file mode 100644
index 0000000000..f53662d822
--- /dev/null
+++ b/interface/lib/classes/plugin_system_config_dns_ca.inc.php
@@ -0,0 +1,91 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+	var $error = '';
+
+	function onShow() {
+		global $app;
+
+		$pluginTpl = new tpl;
+		$pluginTpl->newTemplate('templates/system_config_dns_ca_edit.htm');
+		include 'lib/lang/'.$_SESSION['s']['language'].'_system_config.lng';
+		$pluginTpl->setVar($wb);
+		$ca_id = $app->functions->intval($_GET['id']);
+		if(isset($_GET['action']) && ($_GET['action'] == 'edit') && $ca_id > 0) {
+			$pluginTpl->setVar('edit_record', 1);
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE id = ?", $ca_id);
+			$pluginTpl->setVar('id', $rec['id']);
+			$pluginTpl->setVar('ca_name', $rec['ca_name']);
+			$pluginTpl->setVar('ca_issue', $rec['ca_issue']);
+			$pluginTpl->setVar('ca_wildcard', $rec['ca_wildcard']);
+			$pluginTpl->setVar('ca_critical', $rec['ca_critical']);
+			$pluginTpl->setVar('ca_iodef', $rec['ca_iodef']);
+			$pluginTpl->setVar('active', $rec['active']);
+		} elseif(isset($_GET['action']) && ($_GET['action'] == 'save') && $ca_id > 0) {
+			$pluginTpl->setVar('edit_record', 0);
+			$pluginTpl->setVar('id', $ca_id);
+			$pluginTpl->setVar('ca_name', $_POST['ca_name']);
+			$pluginTpl->setVar('ca_issue', $_POST['ca_issue']);
+			$pluginTpl->setVar('ca_wildcard', $_POST['ca_wildcard']);
+			$pluginTpl->setVar('ca_critical', $_POST['ca_critical']);
+			$pluginTpl->setVar('ca_iodef', $_POST['ca_iodef']);
+			$pluginTpl->setVar('active', $_POST['active']);
+		} else {
+			$pluginTpl->setVar('edit_record', 0);
+		}
+
+		return $pluginTpl->grab();
+
+	}
+
+	function onUpdate() {
+		global $app;
+
+		$ca_id = $app->functions->intval($_GET['id']);
+		if(isset($_GET['action']) && $_GET['action'] == 'save') {
+			if($ca_id > 0) {
+				$app->db->query("UPDATE dns_ssl_ca SET ca_name = ?, ca_issue = ?, ca_wildcard = ?, ca_iodef = ?, active = ? WHERE id = ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active'], $ca_id);
+			} else {
+				$app->db->query("INSERT INTO (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, ca_name, ca_issue, ca_wildcard, ca_iodef, active) VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, ?, ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active']);
+			}
+		}
+	}
+
+}
+
+?>
diff --git a/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php b/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php
new file mode 100644
index 0000000000..eb5882bd3b
--- /dev/null
+++ b/interface/lib/classes/plugin_system_config_dns_ca_list.inc.php
@@ -0,0 +1,81 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca_list extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+
+	function onShow() {
+		global $app;
+
+		$listTpl = new tpl;
+		$listTpl->newTemplate('templates/system_config_dns_ca_list.htm');
+
+		//* Loading language file
+		$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_system_config.lng';
+		include $lng_file;
+		$listTpl->setVar($wb);
+		if($_SESSION['s']['user']['typ'] == 'admin') {
+			if(isset($_GET['action'])) { 
+				$ca_id = $app->functions->intval($_GET['id']);
+				if($_GET['action'] == 'delete' && $ca_id > 0) {
+					$app->db->query("DELETE FROM dns_ssl_ca WHERE id = ?",  $ca_id);
+				}
+			}
+		}
+
+		if(isset($_GET['action']) && $_GET['action'] == 'edit' && $_GET['id'] > 0) $listTpl->setVar('edit_record', 1);
+
+		// Getting Datasets from DB
+		$ca_records = $app->db->queryAllRecords("SELECT * FROM dns_ssl_ca ORDER BY ca_name ASC");
+		$records=array();
+		if(is_array($ca_records) && count($ca_records) > 0) {
+			foreach($ca_records as $ca) {
+				$rec['ca_id'] = $ca['id'];
+				$rec['name'] = $ca['ca_name'];
+				$rec['active'] = $ca['active'];
+				$records[] = $rec;
+				unset($rec);
+			}
+			$listTpl->setLoop('ca_records', @$records);
+		} 
+		$listTpl->setVar('parent_id', $this->form->id);
+
+		return $listTpl->grab();
+	}
+
+}
+
+?>
diff --git a/interface/lib/plugins/system_config_dns_ca_plugin.inc.php b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
new file mode 100644
index 0000000000..c35934e5bf
--- /dev/null
+++ b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
@@ -0,0 +1,103 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class system_config_dns_ca_plugin {
+
+	var $plugin_name = 'system_config_dns_ca_plugin';
+	var $class_name = 'system_config_dns_ca_plugin';
+
+	function onLoad() {
+		global $app;
+
+		$app->plugin->registerEvent('dns:dns_caa:on_after_update', 'system_config_dns_ca_plugin', 'caa_update');
+		$app->plugin->registerEvent('dns:dns_caa:on_after_insert', 'system_config_dns_ca_plugin', 'caa_update');
+
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_insert', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_update', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+	}
+
+	function caa_update($event_name, $page_form) {
+		global $app;
+
+		if(trim($page_form->dataRecord['additional'] != '')) {
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE id = ?", $page_form->id);
+			unset($rec['id']);
+			$zone = $app->db->queryOneRecord("SELECT origin FROM dns_soa WHERE id = ?", $rec['zone']);
+			$host=str_replace($zone['origin'], '', $page_form->dataRecord['name']);
+			$host=rtrim($host,'.');
+			$page_form->dataRecord['additional']=str_replace($host, '', $page_form->dataRecord['additional']);
+			$additional=explode(',', $page_form->dataRecord['additional']);
+			foreach($additional as $new) {
+				if($new != '') {
+					$insert_data = $rec;
+					$insert_data['name'] = $new.'.'.$zone['origin'];
+					$app->db->datalogInsert('dns_rr', $insert_data, 'id');
+				}
+			}
+		}
+	} 
+
+	function web_vhost_domain_edit($event_name, $page_form) {
+		global $app;
+
+		if($page_form->dataRecord['ssl_letsencrypt'] == 'y') {
+			$domain = $page_form->dataRecord['domain'];
+			$subdomain = $page_form->dataRecord['subdomain'];
+			$temp=$app->db->queryAllRecords("SELECT * FROM dns_rr WHERE type = 'CAA' AND (name = ? OR name = ?) AND data like ?", $domain.'.', $subdomain.'.'.$domain.'.', '%letsencrypt%');
+			if(count($temp) == 0) {
+				$caa = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE ca_issue = 'letsencrypt.org' AND active = 'Y'");
+				$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $domain.'.');
+				if(is_array($caa) && is_array($soa)) {
+					$records = array();
+					$records[] = $domain.'.';;
+					if($subdomain != '' && $subdomain != 'www') $records[] = $subdomain.'.'.$domain;
+					foreach($records as $record) {
+						$new_rr = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ?", $soa['origin']);
+						unset($new_rr['id']);
+						$new_rr['type'] = 'CAA';
+						$new_rr['name'] = $record;
+						$new_rr['data'] = "0 issue \"$caa[ca_issue]\"";
+						$new_rr['ttl'] = $soa['ttl'];
+						$new_rr['active'] = 'Y';
+				        $new_rr['stamp'] = date('Y-m-d H:i:s');
+		        		$new_rr['serial'] = $app->validate_dns->increase_serial($new_rr['serial']);
+				        $app->db->datalogInsert('dns_rr', $new_rr, 'id', $new_rr['zone']);
+						$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);
+						$new_serial = $app->validate_dns->increase_serial($zone['serial']);
+						$app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);
+					}
+				}
+			}
+		}
+	}
+
+} // End class
+
+?>
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 449805f3c1..d718e4ef82 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -730,5 +730,21 @@ $form["tabs"]['misc'] = array (
 	)
 );
 
+$form['tabs']['dns_ca'] = array (
+	'title'  => 'DNS CAs',
+	'width'  => 100,
+	'template'  => 'templates/system_config_dns_ca.htm',
+	'fields'  => array (),
+	'plugins' => array (
+		'dns_ca' => array (
+			'class'   => 'plugin_system_config_dns_ca',
+			'options' => array()
+		),
+		'dns_ca_list' => array (
+			'class'   => 'plugin_system_config_dns_ca_list',
+			'options' => array()
+		)
+	)
+);
 
 ?>
diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng
index 45fb0fa9e9..6bebcf39ad 100644
--- a/interface/web/admin/lib/lang/ar_system_config.lng
+++ b/interface/web/admin/lib/lang/ar_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng
index 2f4eb86d3c..8c3444e9cb 100644
--- a/interface/web/admin/lib/lang/bg_system_config.lng
+++ b/interface/web/admin/lib/lang/bg_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng
index 02e3249d5f..887dffb6e3 100644
--- a/interface/web/admin/lib/lang/br_system_config.lng
+++ b/interface/web/admin/lib/lang/br_system_config.lng
@@ -1,6 +1,6 @@
 <?php
 $wb['system_config_desc_txt'] = '';
-$wb['warning'] = 'Edite estes valores com cuidado! Não remova os prefixos em um sistema com mais de um cliente!';
+$wb['warning'] = 'Edite estes valores com cuidado! Não remova os prefixos em um sistema com mais de um cliente!!';
 $wb['dbname_prefix_txt'] = 'Prefixo do banco de dados';
 $wb['dbuser_prefix_txt'] = 'Prefixo do usuário do banco de dados';
 $wb['shelluser_prefix_txt'] = 'Prefixo do usuário shell';
@@ -24,16 +24,16 @@ $wb['webdavuser_prefix_error_regex'] = 'Caractere não permitido no prefixo do u
 $wb['webftp_url_txt'] = 'URL do webFTP';
 $wb['mailmailinglist_link_txt'] = 'Link para lista de e-mails';
 $wb['mailmailinglist_url_txt'] = 'URL para lista de e-mails';
-$wb['admin_mail_txt'] = 'e-Mail do administrador';
+$wb['admin_mail_txt'] = 'E-mail do administrador';
 $wb['admin_name_txt'] = 'Nome do administrador';
 $wb['enable_custom_login_txt'] = 'Permite nome de acesso personalizado';
 $wb['monitor_key_txt'] = 'Monitorar palavra reservada';
 $wb['maintenance_mode_txt'] = 'Modo manutenção';
 $wb['smtp_enabled_txt'] = 'Usar SMPT para enviar e-mails do sistema';
-$wb['smtp_host_txt'] = 'Servidor SMTP';
-$wb['smtp_port_txt'] = 'Porta';
-$wb['smtp_user_txt'] = 'Usuário';
-$wb['smtp_pass_txt'] = 'Senha';
+$wb['smtp_host_txt'] = 'Hospedeiro SMTP';
+$wb['smtp_port_txt'] = 'Porta SMTP';
+$wb['smtp_user_txt'] = 'Usuário SMTP';
+$wb['smtp_pass_txt'] = 'Senha SMTP';
 $wb['smtp_crypt_txt'] = 'Usar criptografia SSL/TLS para conexões SMTP';
 $wb['smtp_missing_admin_mail_txt'] = 'Por favor, insira um nome e e-mail do administrador se você usar smtp para envio dos e-mails do sistema.';
 $wb['tab_change_discard_txt'] = 'Descartar modificações nesta aba';
@@ -67,7 +67,7 @@ $wb['customer_no_template_error_regex_txt'] = 'O número do gabarito do cliente
 $wb['customer_no_start_txt'] = 'Valor inicial do código do cliente';
 $wb['customer_no_counter_txt'] = 'Contador de código do cliente';
 $wb['session_timeout_txt'] = 'Duração da sessão (minutos)';
-$wb['session_allow_endless_txt'] = 'Habilitar \"Manter-me conectado\"';
+$wb['session_allow_endless_txt'] = 'Habilitar \\"manter-me conectado\\"';
 $wb['min_password_length_txt'] = 'Comprimento mínimo da senha';
 $wb['min_password_strength_txt'] = 'Dificuldade mínima da senha';
 $wb['company_name_txt'] = 'Nome da empresa no título da página';
@@ -76,9 +76,17 @@ $wb['custom_login_text_txt'] = 'Texto personalizado para página de acesso';
 $wb['custom_login_link_txt'] = 'Link personalizado para página de acesso';
 $wb['login_link_error_regex'] = 'Link personalizado para acesso inválido';
 $wb['default_mailserver_txt'] = 'Servidor de e-mails padrão';
-$wb['default_webserver_txt'] = 'Servidor web padrão';
+$wb['default_webserver_txt'] = 'Servidor de páginas padrão';
 $wb['default_dnsserver_txt'] = 'Servidor dns padrão';
 $wb['default_slave_dnsserver_txt'] = 'Servidor dns secundário padrão';
-$wb['default_dbserver_txt'] = 'Servidor de banco de dados padrão';
-$wb['No'] = 'Não';
+$wb['default_dbserver_txt'] = 'Seridor de banco de dados padrão';
+$wb['No'] = 'No';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng
index 5809cc97b2..ff46470f59 100644
--- a/interface/web/admin/lib/lang/ca_system_config.lng
+++ b/interface/web/admin/lib/lang/ca_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng
index 930e3ebbfb..4f0468833f 100644
--- a/interface/web/admin/lib/lang/cz_system_config.lng
+++ b/interface/web/admin/lib/lang/cz_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Vlastní text na přihlašovací stránce';
 $wb['custom_login_link_txt'] = 'Vlastní odkaz (URL) na přihlašovací stránce (vlastní text)';
 $wb['login_link_error_regex'] = 'Neplatný formát URL pro vlastní odkaz na přihlašovací stránce';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng
index 8620491ad4..683291b1fb 100644
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
@@ -81,4 +81,14 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+
+
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Wildcard verwenden';
+$wb['ca_critical_txt'] = 'Strikte Überprüfung'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktiv';
+$wb['btn_save_txt'] = 'Speichern';
+$wb['btn_cancel_txt'] = 'Abbrechen';
 ?>
diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng
index 2834cacad6..5e96639d2c 100644
--- a/interface/web/admin/lib/lang/dk_system_config.lng
+++ b/interface/web/admin/lib/lang/dk_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng
index 4dadc1290b..0191eb85e7 100644
--- a/interface/web/admin/lib/lang/el_system_config.lng
+++ b/interface/web/admin/lib/lang/el_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng
index 38f178f9f5..29732e4169 100644
--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
@@ -84,4 +84,12 @@ $wb["reseller_can_use_options_txt"] = "Reseller can use the option-tab for websi
 $wb["custom_login_text_txt"] = "Custom Text on Login-Page";
 $wb["custom_login_link_txt"] = "Custom Link on Login-Page";
 $wb["login_link_error_regex"] = "Invalid Link for Custom Login";
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Active';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng
index cc81939cb3..21575571f0 100755
--- a/interface/web/admin/lib/lang/es_system_config.lng
+++ b/interface/web/admin/lib/lang/es_system_config.lng
@@ -81,4 +81,12 @@ $wb['webftp_url_txt'] = 'Enlace al cliente FTP por web';
 $wb['webmail_url_error_regex'] = 'Dirección del correo web inválida';
 $wb['webmail_url_note_txt'] = 'Marcador de posición:';
 $wb['webmail_url_txt'] = 'URL de correo web';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng
index c4987d01a3..7fe364c972 100644
--- a/interface/web/admin/lib/lang/fi_system_config.lng
+++ b/interface/web/admin/lib/lang/fi_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng
index 5892e3a269..0d9d27d14f 100644
--- a/interface/web/admin/lib/lang/fr_system_config.lng
+++ b/interface/web/admin/lib/lang/fr_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng
index e02ae57a20..ba926e3a71 100644
--- a/interface/web/admin/lib/lang/hr_system_config.lng
+++ b/interface/web/admin/lib/lang/hr_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng
index d26fc5be2d..9944f68b78 100644
--- a/interface/web/admin/lib/lang/hu_system_config.lng
+++ b/interface/web/admin/lib/lang/hu_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng
index c865dff3d8..65c1768354 100644
--- a/interface/web/admin/lib/lang/id_system_config.lng
+++ b/interface/web/admin/lib/lang/id_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng
index 396503f02e..e3c4fcaae7 100644
--- a/interface/web/admin/lib/lang/it_system_config.lng
+++ b/interface/web/admin/lib/lang/it_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng
index fc32081d96..ce16ad15bb 100644
--- a/interface/web/admin/lib/lang/ja_system_config.lng
+++ b/interface/web/admin/lib/lang/ja_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng
index 5177888bb0..20df45f2bc 100644
--- a/interface/web/admin/lib/lang/nl_system_config.lng
+++ b/interface/web/admin/lib/lang/nl_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng
index cea6345e63..1c51b949a7 100644
--- a/interface/web/admin/lib/lang/pl_system_config.lng
+++ b/interface/web/admin/lib/lang/pl_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng
index 24ff94fca2..4a28e49a75 100644
--- a/interface/web/admin/lib/lang/pt_system_config.lng
+++ b/interface/web/admin/lib/lang/pt_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng
index b258ee1870..efbc6bf263 100644
--- a/interface/web/admin/lib/lang/ro_system_config.lng
+++ b/interface/web/admin/lib/lang/ro_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng
index c1909f3ba6..33f62e1161 100644
--- a/interface/web/admin/lib/lang/ru_system_config.lng
+++ b/interface/web/admin/lib/lang/ru_system_config.lng
@@ -1,4 +1,5 @@
 <?php
+$wb['System Config'] = 'Конфигурация системы';
 $wb['system_config_desc_txt'] = 'Настройка параметров по умолчанию';
 $wb['warning'] = 'Изменяйте эти значения аккуратно! Не удаляйте префиксы на системах где более одного пользователя.';
 $wb['dbname_prefix_txt'] = 'Префикс базы данных';
@@ -14,7 +15,7 @@ $wb['mailboxlist_webmail_link_txt'] = 'Ссылка на веб-почту в с
 $wb['webmail_url_txt'] = 'URL веб-почты';
 $wb['phpmyadmin_url_txt'] = 'URL PHPMyAdmin';
 $wb['use_domain_module_txt'] = 'Использовать модуль домена, чтобы добавить новые домены';
-$wb['use_domain_module_hint'] = 'При использовании этого модуля, Ваши клиенты смогут выбрать только один из доменов, созданных для них администратором. Они не могут свободно редактировать поле \"домен\". Чтобы сделать эти изменения видимыми, Вы должны выйти и повторно войти в панель после изменения этого значения.';
+$wb['use_domain_module_hint'] = 'При использовании этого модуля, Ваши клиенты смогут выбрать только один из доменов, созданных для них администратором. Они не могут свободно редактировать поле "домен". Чтобы сделать эти изменения видимыми, Вы должны выйти и повторно войти в панель после изменения этого значения.';
 $wb['new_domain_txt'] = 'HTML текст, чтобы создать новый домен';
 $wb['webdavuser_prefix_txt'] = 'Префикс пользователя WebDAV';
 $wb['webdavuser_prefix_error_regex'] = 'Некорректный символ в префиксе пользователя WebDAV.';
@@ -67,7 +68,7 @@ $wb['customer_no_template_error_regex_txt'] = 'Шаблон номера Кли
 $wb['customer_no_start_txt'] = 'Начальное значение номера Клиента';
 $wb['customer_no_counter_txt'] = 'Счётчик номера Клиента';
 $wb['session_timeout_txt'] = 'Тайм-аут сессии (в минутах)';
-$wb['session_allow_endless_txt'] = 'Включить \"оставаться в системе\"';
+$wb['session_allow_endless_txt'] = 'Включить "оставаться в системе"';
 $wb['No'] = 'Нет';
 $wb['min_password_length_txt'] = 'Минимальная длина пароля';
 $wb['min_password_strength_txt'] = 'Минимальная стойкость пароля';
@@ -81,4 +82,12 @@ $wb['default_webserver_txt'] = 'Web-сервер по умолчанию';
 $wb['default_dnsserver_txt'] = 'DNS-сервер по умолчанию';
 $wb['default_slave_dnsserver_txt'] = 'Вторичный DNS-сервер по умолчанию';
 $wb['default_dbserver_txt'] = 'Сервер базы данных по умолчанию';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng
index 285f7807e8..c9ccca89e9 100644
--- a/interface/web/admin/lib/lang/se_system_config.lng
+++ b/interface/web/admin/lib/lang/se_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng
index be8789a803..fdeb1648c4 100644
--- a/interface/web/admin/lib/lang/sk_system_config.lng
+++ b/interface/web/admin/lib/lang/sk_system_config.lng
@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng
index 8f5bef0e4d..18657743ec 100644
--- a/interface/web/admin/lib/lang/tr_system_config.lng
+++ b/interface/web/admin/lib/lang/tr_system_config.lng
@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
 $wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
 $wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
 $wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>
diff --git a/interface/web/dns/ajax_get_json.php b/interface/web/dns/ajax_get_json.php
index c2da4dce63..b2c381f3e4 100644
--- a/interface/web/dns/ajax_get_json.php
+++ b/interface/web/dns/ajax_get_json.php
@@ -35,6 +35,7 @@ require_once '../../lib/app.inc.php';
 $app->auth->check_module_permissions('dns');
 
 $type = $_GET["type"];
+$ca_id = $_GET['ca_id'];
 
 if($type == 'get_ipv4'){
 	$result = array();
@@ -54,6 +55,17 @@ if($type == 'get_ipv6'){
 	$json = $app->functions->json_encode($result);
 }
 
+if($type == 'ca_wildcard'){
+	$json = '{';
+	$json .= '"ca_wildcard":"';
+	$tmp = $app->db->queryOneRecord("SELECT ca_wildcard, ca_issue, ca_critical FROM dns_ssl_ca WHERE id = ?", $ca_id);
+	$json .= $tmp['ca_wildcard'].'"';
+	$json .= ',"ca_issue":"'.$tmp['ca_issue'].'"';
+	$json .= ',"ca_critical":"'.$tmp['ca_critical'].'"';
+	unset($tmp);
+	$json .= '}';
+}
+
 header('Content-type: application/json');
 echo $json;
 ?>
diff --git a/interface/web/dns/dns_caa_edit.php b/interface/web/dns/dns_caa_edit.php
new file mode 100644
index 0000000000..c3d8618414
--- /dev/null
+++ b/interface/web/dns/dns_caa_edit.php
@@ -0,0 +1,222 @@
+<?php
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$tform_def_file = 'form/dns_caa.tform.php';
+
+/******************************************
+* End Form configuration
+******************************************/
+
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
+
+// Loading classes
+$app->uses('tpl,tform,tform_actions,validate_dns');
+$app->load('tform_actions');
+
+class page_action extends tform_actions {
+
+	function onShowNew() {
+		global $app;
+		// we will check only users, not admins
+		if($_SESSION['s']['user']['typ'] == 'user') {
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION['s']['user']['default_group']);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another record.
+			if($client['limit_dns_record'] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp['number'] >= $client['limit_dns_record']) {
+					$app->error($app->tform->wordbook['limit_dns_record_txt']);
+				}
+			}
+		}
+
+		parent::onShowNew();
+	}
+
+	function onShowEnd() {
+		global $app;
+
+		$zone = @(!isset($this->dataRecord['zone']))?$app->functions->intval($_GET['zone']):$this->dataRecord['zone'];
+
+		// get domain-name
+		$sql = "SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
+		$soa = $app->db->queryOneRecord($sql, $zone);
+		$domain_name = rtrim($soa['origin'], '.');
+		$app->tpl->setVar('name', $domain_name);
+		if($this->id > 0) {
+			$temp = $this->dataRecord['name'];
+			$temp = str_replace($soa['origin'], '', $this->dataRecord['name']);
+			$temp = trim($temp,'.');
+			if(trim($temp != '')) $app->tpl->setVar('additional', $temp);
+			unset($temp);
+		}
+
+		//create ca-list
+		$rec = $app->db->QueryAllRecords("SELECT * FROM dns_ssl_ca WHERE active = 'Y' AND ca_issue != '' ORDER by ca_name ASC");
+		$ca_select = "<option value='0' >".$app->tform->wordbook['select_txt']."</option>";
+		if(count($rec) > 0) {
+			foreach($rec as $ca) {
+				if(strpos($this->dataRecord['data'], $ca['ca_issue']) !== FALSE) $selected = ' selected'; else $selected='';
+				$ca_select .= "<option value='$ca[id]'$selected>$ca[ca_name]</option>\r\n";
+			}
+		}
+		$app->tpl->setVar('ca_list', $ca_select);
+		$app->tpl->setVar('type', 'CAA');
+		if($this->id > 0) {
+			if(stristr($this->dataRecord['data'], 'issuewild') !== FALSE) $app->tpl->setVar('allow_wildcard', 'CHECKED'); else $app->tpl->setVar('allow_wildcard', 'UNCHECKED');
+			if(strpos($this->dataRecord['data'], '128') === 0) $app->tpl->setVar('allow_critical', 'CHECKED'); else $app->tpl->setVar('allow_critical', 'UNCHECKED');
+			$app->tpl->setVar('edit_disabled', 1);
+		} else {
+			$app->tpl->setVar('ttl', $soa['ttl']);
+		}
+
+		parent::onShowEnd();
+	}
+
+	function onSubmit() {
+		global $app;
+
+		// Check the client limits, if user is not the admin
+		if($_SESSION['s']['user']['typ'] != 'admin') { // if user is not admin
+			// Get the limits of the client
+			$client_group_id = intval($_SESSION['s']['user']['default_group']);
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+			// Check if the user may add another record.
+			if($this->id == 0 && $client['limit_dns_record'] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
+				if($tmp['number'] >= $client['limit_dns_record']) {
+					$app->error($app->tform->wordbook['limit_dns_record_txt']);
+				}
+			}
+		} // end if user is not admin
+
+		// Check CA
+		if($this->dataRecord['ca_issue'] == '') $this->error('ca_error_txt');
+
+		// Get the parent soa record of the domain
+		$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);
+		$this->dataRecord['name'] = $soa['origin'];
+
+		// Check if Domain belongs to user
+		if($soa['id'] != $_POST['zone']) $this->error('no_zone_perm');
+
+		// Set the server ID of the rr record to the same server ID as the parent record.
+        $this->dataRecord['server_id'] = $soa['server_id'];
+		
+		// Set issue
+		$critical = 0; //* To use critical > 0, uncommented "<div class="critical form-group">" in the template
+		if(isset($this->dataRecord['allow_critical']) && $this->dataRecord['allow_critical'] == 'on' && isset($this->dataRecord['ca_critical']) && $this->dataRecord['ca_critical'] == 1) $critical = 128;
+		if(isset($this->dataRecord['allow_wildcard']) && $this->dataRecord['allow_wildcard'] == "on") {
+			$this->dataRecord['data'] = $critical.' issuewild "'.$this->dataRecord['ca_issue'];
+		} else {
+			$this->dataRecord['data'] = $critical.' issue "'.$this->dataRecord['ca_issue'];
+		}
+		unset($critical);
+		if(isset($this->dataRecord['options']) && $this->dataRecord['options'] != '') {
+			$options=explode(',', $this->dataRecord['options']);
+			foreach($options as $option) {
+				if(trim($option) != '') {
+					if(preg_match('/^(\w+|d\+)=(\w+|d\+)/', $option)) {
+						$this->dataRecord['data'] = $this->dataRecord['data'] . '; '.$option;
+					} else {
+						$this->error('ca_option_error');
+					}
+				}
+			}
+		}
+		$this->dataRecord['data'] = $this->dataRecord['data'].'"';
+
+		// Set name
+		if($this->dataRecord['additional'] != '') {
+			$temp = explode(',', $this->dataRecord['additional'])[0]; // if we have more hostnames the interface-plugin will be used
+			$temp = trim($temp,'.');
+			if(trim($temp != '')) $this->dataRecord['name'] = $temp.'.'.$this->dataRecord['name'];
+			unset($temp);
+		}
+
+		// Check for duplicate
+		$temp = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE type = 'CAA' AND name = ? AND data = ? AND active = ?", $this->dataRecord['name'], $this->dataRecord['data'], $POST['active']);
+		if(is_array($temp)) $this->error('caa_exists_error');
+		unset($temp);
+		
+		// Update the serial number  and timestamp of the RR record
+		$dns_rr = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
+		$this->dataRecord['serial'] = $app->validate_dns->increase_serial($dns_rr['serial']);
+		$this->dataRecord['stamp'] = date('Y-m-d H:i:s');
+
+		parent::onSubmit();
+	}
+
+	function onAfterInsert() {
+		global $app;
+
+		//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
+		$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord['zone']);
+		$app->db->datalogUpdate('dns_rr', array('sys_groupid' => $soa['sys_groupid']), 'id', $this->id);
+
+		//* Update the serial number of the SOA record
+		$soa_id = $app->functions->intval($_POST["zone"]);
+		$serial = $app->validate_dns->increase_serial($soa['serial']);
+		$app->db->datalogUpdate('dns_soa', array('serial' => $serial), 'id', $soa_id);
+
+	}
+
+	function onAfterUpdate() {
+		global $app;
+
+		//* Update the serial number of the SOA record
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord['zone']);
+		$soa_id = $app->functions->intval($_POST['zone']);
+		$serial = $app->validate_dns->increase_serial($soa['serial']);
+		$app->db->datalogUpdate('dns_soa', array('serial' => $serial), 'id', $soa_id);
+	}
+
+	private function error($errmsg) {
+		global $app;
+		if (isset($app->tform->errorMessage)) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
+		$app->tform->errorMessage .= $app->tform->wordbook[$errmsg];
+	}
+
+}
+
+$page = new page_action;
+$page->onLoad();
+
+?>
diff --git a/interface/web/dns/form/dns_caa.tform.php b/interface/web/dns/form/dns_caa.tform.php
new file mode 100644
index 0000000000..aa297f29d7
--- /dev/null
+++ b/interface/web/dns/form/dns_caa.tform.php
@@ -0,0 +1,117 @@
+<?php
+
+global $app;
+
+$form['title'] = 'DNS CAA Record';
+$form['description'] = '';
+$form['name'] = 'dns_caa';
+$form['action'] = 'dns_caa_edit.php';
+$form['db_table'] = 'dns_rr';
+$form['db_table_idx'] = 'id';
+$form['db_history'] = 'yes';
+$form['tab_default'] = 'dns';
+$form['list_default'] = 'dns_a_list.php';
+$form['auth'] = 'yes';
+
+$form['auth_preset']['userid']  = 0;
+$form['auth_preset']['groupid'] = 0;
+$form['auth_preset']['perm_user'] = 'riud';
+$form['auth_preset']['perm_group'] = 'riud';
+$form['auth_preset']['perm_other'] = '';
+
+$form['tabs']['dns'] = array (
+	'title'  => 'DNS CAA',
+	'width'  => 100,
+	'template'  => 'templates/dns_caa_edit.htm',
+	'fields'  => array (
+		'server_id' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'SELECT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'zone' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'default' => @$app->functions->intval($_REQUEST['zone']),
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'name' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'filters'   => array( 0 => array( 'event' => 'SAVE',
+					'type' => 'IDNTOASCII'),
+				1 => array( 'event' => 'SHOW',
+					'type' => 'IDNTOUTF8'),
+				2 => array( 'event' => 'SAVE',
+					'type' => 'TOLOWER')
+			),
+			'validators' => array (  0 => array ( 'type' => 'REGEX',
+					'regex' => '/^[a-zA-Z0-9\.\-\_]{0,255}$/',
+					'errmsg'=> 'name_error_regex'),
+			),
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'type' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => 'CAA',
+			'value'  => '',
+			'width'  => '5',
+			'maxlength' => '5'
+		),
+		'data' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'ttl' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'validators' => array ( 0 => array ( 'type' => 'RANGE',
+							'range' => '60:',
+							'errmsg'=> 'ttl_range_error'),
+			),
+			'default' => '3600',
+			'value'  => '',
+			'width'  => '10',
+			'maxlength' => '10'
+		),
+		'active' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'Y',
+			'value'  => array(0 => 'N', 1 => 'Y')
+		),
+		'stamp' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '30',
+			'maxlength' => '255'
+		),
+		'serial' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'default' => '',
+			'value'  => '',
+			'width'  => '10',
+			'maxlength' => '10'
+		),
+	)
+);
+
+
+
+?>
diff --git a/interface/web/dns/lib/lang/ar_dns_caa.lng b/interface/web/dns/lib/lang/ar_dns_caa.lng
new file mode 100644
index 0000000000..1fa7dcb7d5
--- /dev/null
+++ b/interface/web/dns/lib/lang/ar_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/bg_dns_caa.lng b/interface/web/dns/lib/lang/bg_dns_caa.lng
new file mode 100644
index 0000000000..1fa7dcb7d5
--- /dev/null
+++ b/interface/web/dns/lib/lang/bg_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/br_dns_caa.lng b/interface/web/dns/lib/lang/br_dns_caa.lng
new file mode 100644
index 0000000000..1fa7dcb7d5
--- /dev/null
+++ b/interface/web/dns/lib/lang/br_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ca_dns_caa.lng b/interface/web/dns/lib/lang/ca_dns_caa.lng
new file mode 100644
index 0000000000..1fa7dcb7d5
--- /dev/null
+++ b/interface/web/dns/lib/lang/ca_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/cz_dns_caa.lng b/interface/web/dns/lib/lang/cz_dns_caa.lng
new file mode 100644
index 0000000000..1fa7dcb7d5
--- /dev/null
+++ b/interface/web/dns/lib/lang/cz_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/de_dns_caa.lng b/interface/web/dns/lib/lang/de_dns_caa.lng
new file mode 100644
index 0000000000..88dbf6e47a
--- /dev/null
+++ b/interface/web/dns/lib/lang/de_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Zertifizierungsstelle';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'zusätzliche Hostnamen';
+$wb['ca_hostname_note_txt'] = '(mit Komma getrennte Liste - leer für alle Namen)';
+$wb['ca_options_txt'] = 'zusätzliche Angaben';
+$wb['ca_options_note_txt'] = 'von der Zertifizierungsstelle vorgegeben (mit Komma getrennte Liste)';
+$wb['ca_wildcard_txt'] = 'Wildcard verwenden';
+$wb['ca_critical_txt'] = 'Strikte Überprüfung durch die Zertifizierungsstelle'; //For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Aktiv';
+$wb['select_txt'] = 'Zertifizierungstelle auswählen';
+$wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.';
+$wb['limit_dns_record_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.';
+$wb['ca_error_txt'] = 'Keine Zertifizierungsstelle gewählt';
+$wb['caa_exists_error'] = 'Eintrag bereits vorhanden';
+$wb['ca_option_error'] = 'Ungültiges Format für zusätzliche Angaben. OPTION=WERT';
+$wb['ttl_range_error'] = 'Min. TTL ist 60 Sekunden.';
+?>
diff --git a/interface/web/dns/lib/lang/dk_dns_caa.lng b/interface/web/dns/lib/lang/dk_dns_caa.lng
new file mode 100644
index 0000000000..1fa7dcb7d5
--- /dev/null
+++ b/interface/web/dns/lib/lang/dk_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/el_dns_caa.lng b/interface/web/dns/lib/lang/el_dns_caa.lng
new file mode 100644
index 0000000000..1fa7dcb7d5
--- /dev/null
+++ b/interface/web/dns/lib/lang/el_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnamen';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/en_dns_caa.lng b/interface/web/dns/lib/lang/en_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/en_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/es_dns_caa.lng b/interface/web/dns/lib/lang/es_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/es_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/fi_dns_caa.lng b/interface/web/dns/lib/lang/fi_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/fi_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/fr_dns_caa.lng b/interface/web/dns/lib/lang/fr_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/fr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/hr_dns_caa.lng b/interface/web/dns/lib/lang/hr_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/hr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/hu_dns_caa.lng b/interface/web/dns/lib/lang/hu_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/hu_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/id_dns_caa.lng b/interface/web/dns/lib/lang/id_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/id_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/it_dns_caa.lng b/interface/web/dns/lib/lang/it_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/it_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ja_dns_caa.lng b/interface/web/dns/lib/lang/ja_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/ja_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/nl_dns_caa.lng b/interface/web/dns/lib/lang/nl_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/nl_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/pl_dns_caa.lng b/interface/web/dns/lib/lang/pl_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/pl_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/pt_dns_caa.lng b/interface/web/dns/lib/lang/pt_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/pt_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ro_dns_caa.lng b/interface/web/dns/lib/lang/ro_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/ro_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/ru_dns_caa.lng b/interface/web/dns/lib/lang/ru_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/ru_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/se_dns_caa.lng b/interface/web/dns/lib/lang/se_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/se_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/sk_dns_caa.lng b/interface/web/dns/lib/lang/sk_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/sk_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/lib/lang/tr_dns_caa.lng b/interface/web/dns/lib/lang/tr_dns_caa.lng
new file mode 100644
index 0000000000..bf5b2ac8e1
--- /dev/null
+++ b/interface/web/dns/lib/lang/tr_dns_caa.lng
@@ -0,0 +1,19 @@
+<?php
+$wb['ca_list_txt'] = 'Certifiction Authority';
+$wb['ca_domain_txt'] = 'Domain';
+$wb['ca_hostname_txt'] = 'Additional Hostnames';
+$wb['ca_hostname_note_txt'] = '(Sepearated list with commas - empty for all hostnames)';
+$wb['ca_options_txt'] = 'Additional Options';
+$wb['ca_options_note_txt'] = 'requested by the CA (Sepearated list with commas)';
+$wb['ca_wildcard_txt'] = 'Use Wildcard SSL';
+$wb['ca_critical_txt'] = 'Strict check'; //For future use.  At this time, CAAs do not recognize any other flag values as described in RFC 6844
+$wb['ttl_txt'] = 'TTL';
+$wb['active_txt'] = 'Active';
+$wb['select_txt'] = 'Select Certifiction Authority';
+$wb['no_zone_perm'] = 'You do not have the permission to add a record to this DNS zone.';
+$wb['limit_dns_record_txt'] = 'The max. number of DNS records for your account is reached.';
+$wb['ca_error_txt'] = 'No Certifiction Authority selected';
+$wb['caa_exists_error'] = 'CAA Record already exists';
+$wb['ca_option_error'] = 'Invalid format for additional options; OPTION=VALUE';
+$wb['ttl_range_error'] = 'Min. TTL time is 60 seconds.';
+?>
diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php
index 748bc405d8..1c6999511d 100644
--- a/interface/web/dns/list/dns_a.list.php
+++ b/interface/web/dns/list/dns_a.list.php
@@ -132,7 +132,7 @@ $liste["item"][] = array( 'field'  => "type",
 	'prefix' => "",
 	'suffix' => "",
 	'width'  => "",
-	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'DS'=>'DS', 'HINFO'=>'HINFO', 'LOC'=>'LOC', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
+	'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CAA'=>'CAA', 'CNAME'=>'CNAME', 'DS'=>'DS', 'HINFO'=>'HINFO', 'LOC'=>'LOC', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT'));
 
 
 ?>
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index b8d57401bb..67bf8ac910 100644
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -20,6 +20,7 @@
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_a_edit.php?zone={tmpl_var name='parent_id'}">A</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_aaaa_edit.php?zone={tmpl_var name='parent_id'}">AAAA</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_alias_edit.php?zone={tmpl_var name='parent_id'}">ALIAS</button>
+            <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_caa_edit.php?zone={tmpl_var name='parent_id'}">CAA</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_cname_edit.php?zone={tmpl_var name='parent_id'}">CNAME</button>
             <button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_dkim_edit.php?zone={tmpl_var name='parent_id'}">DKIM</button>
 			<button class="btn btn-default formbutton-success" type="button" data-load-content="dns/dns_ds_edit.php?zone={tmpl_var name='parent_id'}">DS</button>
diff --git a/interface/web/dns/templates/dns_caa_edit.htm b/interface/web/dns/templates/dns_caa_edit.htm
new file mode 100644
index 0000000000..3de64818b4
--- /dev/null
+++ b/interface/web/dns/templates/dns_caa_edit.htm
@@ -0,0 +1,74 @@
+<div class='page-header'><h1><tmpl_var name="list_head_txt"></h1></div>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<div class="form-group">
+	<label for="ca_list" class="col-sm-2 control-label">{tmpl_var name='ca_list_txt'}</label>
+	<div class="col-sm-4"><select name="ca_list" id="ca_list" class="form-control">{tmpl_var name='ca_list'}</select></div>
+</div>
+
+<div class="wildcard form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='ca_wildcard_txt'}</label>
+	<div class="col-sm-4"> <input type="checkbox" id="allow_wildcard" name="allow_wildcard" {tmpl_var name='allow_wildcard'}/></div>
+</div>
+
+<!--
+For future use.  At this time, CA’s do not recognize any other flag values as described in RFC 6844
+<div class="critical form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='ca_critical_txt'}</label>
+	<div class="col-sm-4"> <input type="checkbox" id="allow_critical" name="allow_critical" {tmpl_var name='allow_critical'}/></div>
+</div>
+-->
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_domain_txt'}</label>
+	<div class="col-sm-4"><input disabled type="text" name="name" id="name" value="{tmpl_var name='name'}" class="form-control" /></div>
+</div>
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_hostname_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="additional" id="additional" value="{tmpl_var name='additional'}" class="form-control" <tmpl_if name="edit_disabled">readonly</tmpl_if> /> </div>
+	<div class="input-sm">{tmpl_var name='ca_hostname_note_txt'}</div>
+</div>
+
+<div class="form-group">
+	<label for="name" class="col-sm-2 control-label">{tmpl_var name='ca_options_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="options" id="options" value="{tmpl_var name='options'}" class="form-control" /></div>
+	<div class="input-sm">{tmpl_var name='ca_options_note_txt'}</div>
+</div>
+
+<div class="form-group">
+	<label for="ttl" class="col-sm-2 control-label">{tmpl_var name='ttl_txt'}</label>
+	<div class="col-sm-4"><input type="text" name="ttl" id="ttl" value="{tmpl_var name='ttl'}" class="form-control" /></div>
+</div>
+
+<div class="form-group">
+	<label class="col-sm-2 control-label">{tmpl_var name='active_txt'}</label>
+	<div class="col-sm-4">{tmpl_var name='active'}</div>
+</div>
+
+<input type="hidden" name="id" value="{tmpl_var name='id'}">
+<input type="hidden" name="zone" value="{tmpl_var name='zone'}" id="zone">
+<input type="hidden" name="type" value="{tmpl_var name='type'}">
+<input type="hidden" name="ca_issue" value="{tmpl_var name='ca_issue'}">
+<input type="hidden" name="ca_critical" value="{tmpl_var name='ca_critical'}">
+
+<div class="clear"><div class="right">
+	<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="dns/dns_caa_edit.php">{tmpl_var name='btn_save_txt'}</button>
+	<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='zone'}">{tmpl_var name='btn_cancel_txt'}</button>
+</div></div>
+
+<script language="JavaScript" type="text/javascript">
+	$(document).ready(function() { reloadForm(); });
+	jQuery('#ca_list').change(function(){ reloadForm(); });
+	function reloadForm(){
+		var caID = jQuery('#ca_list').val();
+		jQuery.getJSON('dns/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {ca_id : caID, type : "ca_wildcard"}, function(data) {
+			if(data.ca_wildcard == "Y"){ jQuery('.wildcard').show(); } else { jQuery('.wildcard').hide(); }
+			if(data.ca_critical == "1"){ jQuery('.critical').show(); } else { jQuery('.critical').hide(); }
+			$('input[name="ca_issue"]').val(data.ca_issue);
+			$('input[name="ca_critical"]').val(data.ca_critical);
+		});
+	}
+</script>
+
+
-- 
GitLab