Merge pull request #804 from pcfreak30/feature/800

Add GUI support for letsencrypt

bin/v-add-letsencrypt-domain

@@ -38,7 +38,8 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
-
+is_object_value_empty 'web' 'DOMAIN' "$domain" '$LETSENCRYPT'
+get_domain_values 'web'
 
 #----------------------------------------------------------#
 #                       Action                             #
@@ -55,8 +56,8 @@ i=1
 for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
     $BIN/v-check-letsencrypt-domain $user $alias
     check_result $? "LE domain validation" >/dev/null
-    if [ "$i" -gt 6 ]; then
-        check_result $E_LIMIT "LE can't sign more than 6 domains"
+    if [ "$i" -gt 100 ]; then
+        check_result $E_LIMIT "LE can't sign more than 100 domains"
     fi
     i=$((i++))
 done
@@ -86,11 +87,23 @@ $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
 $BIN/v-add-web-domain-ssl $user $domain $ssl_dir
 check_result $? "SSL install" >/dev/null
 
+if [ -z "$LETSENCRYPT" ]; then
+   add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT' 'FTP_USER'
+fi
+
+update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
 
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 
+# Restarting web
+if [ "$restart" != 'no' ]; then
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
+fi
+
+
 # Logging
 log_event "$OK" "$ARGUMENTS"
 

bin/v-add-letsencrypt-user

@@ -41,11 +41,12 @@ fi
 #----------------------------------------------------------#
 
 api='https://acme-v01.api.letsencrypt.org'
-agreement='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
 if [ -z "$email" ]; then
     email=$(get_user_value '$CONTACT')
 fi
 
+agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
+
 # Generating key
 key="$USER_DATA/ssl/user.key"
 if [ ! -e "$key" ]; then

bin/v-delete-letsencrypt-domain

@@ -0,0 +1,60 @@
+#!/bin/bash
+# info: deleting letsencrypt ssl cetificate for domain
+# options: USER DOMAIN [RESTART]
+#
+# The function turns off letsencrypt SSL support for a domain.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+is_object_value_exist 'web' 'DOMAIN' "$domain" '$LETSENCRYPT'
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Delete SSL
+$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
+check_result $? "SSL delete" >/dev/null
+
+update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'no'
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting web
+if [ "$restart" != 'no' ]; then
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-update-letsencrypt-ssl

@@ -23,34 +23,34 @@ source $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 
 # Defining user list
-users=$(ls $VESTA/data/users/*/ssl/le.conf |cut -f 7 -d /)
+users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
 
 # Checking users
 for user in $users; do
+    USER_DATA=$VESTA/data/users/$user
     # Checking user certificates
-    for crt in $(ls $VESTA/data/users/$user/ssl/*.crt 2>/dev/null); do
+    for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
+        crt="$VESTA/data/users/$user/ssl/$domain.crt"
         # Checking certificate issuer
-        crt_data=$(openssl x509 -text -in $crt)
-        issuer=$(echo "$crt_data" |grep Issuer: |grep Encrypt)
-        if [ ! -z "$issuer" ]; then
-            expire=$(echo "$crt_data" |grep "Not After")
-            expire=$(echo "$expire" |cut -f 2,3,4 -d :)
-            expire=$(date -d "$expire" +%s)
-            now=$(date +%s)
-            expire=$((expire - now))
-            expire=$((expire / 86400))
-            domain=$(basename $crt |sed -e "s/.crt$//")
-            if [[ "$expire" -lt 31 ]]; then
-                aliases=$(echo "$crt_data" |grep DNS:)
-                aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
-                aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
-                aliases=$(echo "$aliases" |grep -v "^$domain$")
-                if [ ! -z "$aliases" ]; then
-                    aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
-                    $BIN/v-add-letsencrypt-domain $user $domain $aliases
-                else
-                    $BIN/v-add-letsencrypt-domain $user $domain
-                fi
+        crt_data=$(openssl x509 -text -in "$crt")
+
+        expire=$(echo "$crt_data" |grep "Not After")
+        expire=$(echo "$expire" |cut -f 2,3,4 -d :)
+        expire=$(date -d "$expire" +%s)
+        now=$(date +%s)
+        expire=$((expire - now))
+        expire=$((expire / 86400))
+        domain=$(basename $crt |sed -e "s/.crt$//")
+        if [[ "$expire" -lt 31 ]]; then
+            aliases=$(echo "$crt_data" |grep DNS:)
+            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
+            aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
+            aliases=$(echo "$aliases" |grep -v "^$domain$")
+            if [ ! -z "$aliases" ]; then
+                aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
+                $BIN/v-add-letsencrypt-domain $user $domain $aliases
+            else
+                $BIN/v-add-letsencrypt-domain $user $domain
             fi
         fi
     done

web/add/web/index.php

@@ -18,8 +18,8 @@ if (!empty($_POST['ok'])) {
     // Check for empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
     if (empty($_POST['v_ip'])) $errors[] = __('ip');
-    if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = __('ssl certificate');
-    if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = __('ssl key');
+    if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl certificate');
+    if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))&& (empty($_POST['v_letsencrypt']))) $errors[] = __('ssl key');
     if (!empty($errors[0])) {
         foreach ($errors as $i => $error) {
             if ( $i == 0 ) {
@@ -79,6 +79,7 @@ if (!empty($_POST['ok'])) {
     $v_ssl_key = $_POST['v_ssl_key'];
     $v_ssl_ca = $_POST['v_ssl_ca'];
     $v_ssl_home = $data[$v_domain]['SSL_HOME'];
+    $v_letsencrypt = $_POST['v_letsencrypt'];
     $v_stats = escapeshellarg($_POST['v_stats']);
     $v_stats_user = $data[$v_domain]['STATS_USER'];
     $v_stats_password = $data[$v_domain]['STATS_PASSWORD'];
@@ -96,6 +97,7 @@ if (!empty($_POST['ok'])) {
     if ((!empty($_POST['v_ssl'])) || (!empty($_POST['v_elog']))) $v_adv = 'yes';
     if ((!empty($_POST['v_ssl_crt'])) || (!empty($_POST['v_ssl_key']))) $v_adv = 'yes';
     if ((!empty($_POST['v_ssl_ca'])) || ($_POST['v_stats'] != 'none')) $v_adv = 'yes';
+    if ((!empty($_POST['v_letsencrypt']))) $v_adv = 'yes';
 
     // Check advanced features
     if (empty($_POST['v_dns'])) $v_dns = 'off';
@@ -144,42 +146,53 @@ if (!empty($_POST['ok'])) {
         unset($output);
     }
 
-    // Add SSL certificates
-    if ((!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
-        exec ('mktemp -d', $output, $return_var);
-        $tmpdir = $output[0];
-        unset($output);
-
-        // Save certificate
-        if (!empty($_POST['v_ssl_crt'])) {
-            $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
-            fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
-            fwrite($fp, "\n");
-            fclose($fp);
-        }
-
-        // Save private key
-        if (!empty($_POST['v_ssl_key'])) {
-            $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
-            fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
-            fwrite($fp, "\n");
-            fclose($fp);
-        }
+    // Add Lets Encrypt support
 
-        // Save CA bundle
-        if (!empty($_POST['v_ssl_ca'])) {
-            $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
-            fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
-            fwrite($fp, "\n");
-            fclose($fp);
-        }
-
-        $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
-        exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
+     if ((!empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
+        $data = json_decode(implode('', $output), true);
+        exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".$data['ALIAS']."' 'no'", $output, $return_var);
         check_return_code($return_var,$output);
         unset($output);
-    }
-
+     }
+     else {
+         // Add SSL certificates only if Lets Encrypt is off
+         if ((!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+             exec ('mktemp -d', $output, $return_var);
+             $tmpdir = $output[0];
+             unset($output);
+
+             // Save certificate
+             if (!empty($_POST['v_ssl_crt'])) {
+                 $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
+                 fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
+                 fwrite($fp, "\n");
+                 fclose($fp);
+             }
+
+             // Save private key
+             if (!empty($_POST['v_ssl_key'])) {
+                 $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
+                 fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
+                 fwrite($fp, "\n");
+                 fclose($fp);
+             }
+
+             // Save CA bundle
+             if (!empty($_POST['v_ssl_ca'])) {
+                 $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
+                 fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
+                 fwrite($fp, "\n");
+                 fclose($fp);
+             }
+
+             $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
+             exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
+             check_return_code($return_var,$output);
+             unset($output);
+         }
+
+     }
     // Add web stats
     if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none' ) && (empty($_SESSION['error_msg']))) {
         $v_stats = escapeshellarg($_POST['v_stats']);

web/edit/web/index.php

@@ -35,7 +35,8 @@ $v_tpl = $data[$v_domain]['IP'];
 $v_cgi = $data[$v_domain]['CGI'];
 $v_elog = $data[$v_domain]['ELOG'];
 $v_ssl = $data[$v_domain]['SSL'];
-if ( $v_ssl == 'yes' ) {
+$v_letsencrypt = $data[$v_domain]['LETSENCRYPT'];
+if ( $v_ssl == 'yes'  && ($v_letsencrypt == 'no' || empty($v_letsencrypt))) {
     exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var);
     $ssl_str = json_decode(implode('', $output), true);
     unset($output);
@@ -263,45 +264,69 @@ if (!empty($_POST['save'])) {
         $restart_proxy = 'yes';
     }
 
-    // Delete SSL certificate
-    if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var);
+    // Disable Lets Encrypt support
+
+     if (( $v_letsencrypt == 'yes' ) && (empty($_POST['v_letsencrypt'])) && (!empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '' 'no'", $output, $return_var);
         check_return_code($return_var,$output);
         unset($output);
-        $v_ssl = 'no';
+        $v_letsencrypt = 'no';
         $restart_web = 'yes';
         $restart_proxy = 'yes';
-    }
-
-    // Change SSL certificate
-    if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
-        if (( $v_ssl_crt != str_replace("\r\n", "\n",  $_POST['v_ssl_crt'])) || ( $v_ssl_key != str_replace("\r\n", "\n",  $_POST['v_ssl_key'])) || ( $v_ssl_ca != str_replace("\r\n", "\n",  $_POST['v_ssl_ca']))) {
-            exec ('mktemp -d', $mktemp_output, $return_var);
-            $tmpdir = $mktemp_output[0];
-
-            // Certificate
-            if (!empty($_POST['v_ssl_crt'])) {
-                $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
-                fwrite($fp, str_replace("\r\n", "\n",  $_POST['v_ssl_crt']));
-                fwrite($fp, "\n");
-                fclose($fp);
-            }
-
-            // Key
-            if (!empty($_POST['v_ssl_key'])) {
-                $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
-                fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
-                fwrite($fp, "\n");
-                fclose($fp);
-            }
-
-            // CA
-            if (!empty($_POST['v_ssl_ca'])) {
-                $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
-                fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
-                fwrite($fp, "\n");
-                fclose($fp);
-            }
+     }
+     else {
+        // Delete SSL certificate
+        if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+            exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
+            $data = json_decode(implode('', $output), true);
+            exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".$data['ALIAS']."' 'no'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            $v_ssl = 'no';
+            $restart_web = 'yes';
+            $restart_proxy = 'yes';
+        }
+     }
+     if (( $v_letsencrypt == 'no' || empty( $v_letsencrypt)) && (!empty($_POST['v_letsencrypt'])) && empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
+        $data = json_decode(implode('', $output), true);
+        exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '' 'no'", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_letsencrypt = 'yes';
+        $restart_web = 'yes';
+        $restart_proxy = 'yes';
+     }
+     else{
+        // Change SSL certificate
+         if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+             if (( $v_ssl_crt != str_replace("\r\n", "\n",  $_POST['v_ssl_crt'])) || ( $v_ssl_key != str_replace("\r\n", "\n",  $_POST['v_ssl_key'])) || ( $v_ssl_ca != str_replace("\r\n", "\n",  $_POST['v_ssl_ca']))) {
+                 exec ('mktemp -d', $mktemp_output, $return_var);
+                 $tmpdir = $mktemp_output[0];
+
+                 // Certificate
+                 if (!empty($_POST['v_ssl_crt'])) {
+                     $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
+                     fwrite($fp, str_replace("\r\n", "\n",  $_POST['v_ssl_crt']));
+                     fwrite($fp, "\n");
+                     fclose($fp);
+                 }
+
+                 // Key
+                 if (!empty($_POST['v_ssl_key'])) {
+                     $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
+                     fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
+                     fwrite($fp, "\n");
+                     fclose($fp);
+                 }
+
+                 // CA
+                 if (!empty($_POST['v_ssl_ca'])) {
+                     $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
+                     fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
+                     fwrite($fp, "\n");
+                     fclose($fp);
+                 }
 
             exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var);
             check_return_code($return_var,$output);
@@ -323,55 +348,55 @@ if (!empty($_POST['save'])) {
             $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY'];
             $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER'];
 
-            // Cleanup certificate tempfiles
-            if (!empty($_POST['v_ssl_crt'])) {
-                unlink($tmpdir."/".$_POST['v_domain'].".crt");
-            }
-
-            if (!empty($_POST['v_ssl_key'])) {
-                unlink($tmpdir."/".$_POST['v_domain'].".key");
-            }
-
-            if (!empty($_POST['v_ssl_ca'])) {
-                unlink($tmpdir."/".$_POST['v_domain'].".ca");
-            }
-
-            rmdir($tmpdir);
-        }
-    }
-
-    // Add SSL certificate
-    if (( $v_ssl == 'no') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
-        if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate';
-        if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key';
-        if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home';
-        $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
-        if (!empty($errors[0])) {
-            foreach ($errors as $i => $error) {
-                if ( $i == 0 ) {
-                    $error_msg = $error;
-                } else {
-                    $error_msg = $error_msg.", ".$error;
-                }
-            }
-            $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-        } else {
-            exec ('mktemp -d', $mktemp_output, $return_var);
-            $tmpdir = $mktemp_output[0];
-
-            // Certificate
-            if (!empty($_POST['v_ssl_crt'])) {
-                $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
-                fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
-                fclose($fp);
-            }
-
-            // Key
-            if (!empty($_POST['v_ssl_key'])) {
-                $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
-                fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
-                fclose($fp);
-            }
+                 // Cleanup certificate tempfiles
+                 if (!empty($_POST['v_ssl_crt'])) {
+                     unlink($tmpdir."/".$_POST['v_domain'].".crt");
+                 }
+
+                 if (!empty($_POST['v_ssl_key'])) {
+                     unlink($tmpdir."/".$_POST['v_domain'].".key");
+                 }
+
+                 if (!empty($_POST['v_ssl_ca'])) {
+                     unlink($tmpdir."/".$_POST['v_domain'].".ca");
+                 }
+
+                 rmdir($tmpdir);
+             }
+         }
+
+         // Add SSL certificate
+         if (( $v_ssl == 'no') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+             if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate';
+             if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key';
+             if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home';
+             $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
+             if (!empty($errors[0])) {
+                 foreach ($errors as $i => $error) {
+                     if ( $i == 0 ) {
+                         $error_msg = $error;
+                     } else {
+                         $error_msg = $error_msg.", ".$error;
+                     }
+                 }
+                 $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+             } else {
+                 exec ('mktemp -d', $mktemp_output, $return_var);
+                 $tmpdir = $mktemp_output[0];
+
+                 // Certificate
+                 if (!empty($_POST['v_ssl_crt'])) {
+                     $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
+                     fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
+                     fclose($fp);
+                 }
+
+                 // Key
+                 if (!empty($_POST['v_ssl_key'])) {
+                     $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
+                     fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
+                     fclose($fp);
+                 }
 
             // CA
             if (!empty($_POST['v_ssl_ca'])) {
@@ -400,23 +425,23 @@ if (!empty($_POST['save'])) {
             $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY'];
             $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER'];
 
-            // Cleanup certificate tempfiles
-            if (!empty($_POST['v_ssl_crt'])) {
-                unlink($tmpdir."/".$_POST['v_domain'].".crt");
-            }
+                 // Cleanup certificate tempfiles
+                 if (!empty($_POST['v_ssl_crt'])) {
+                     unlink($tmpdir."/".$_POST['v_domain'].".crt");
+                 }
 
-            if (!empty($_POST['v_ssl_key'])) {
-                unlink($tmpdir."/".$_POST['v_domain'].".key");
-            }
+                 if (!empty($_POST['v_ssl_key'])) {
+                     unlink($tmpdir."/".$_POST['v_domain'].".key");
+                 }
 
-            if (!empty($_POST['v_ssl_ca'])) {
-                unlink($tmpdir."/".$_POST['v_domain'].".ca");
-            }
-
-            rmdir($tmpdir);
-        }
-    }
+                 if (!empty($_POST['v_ssl_ca'])) {
+                     unlink($tmpdir."/".$_POST['v_domain'].".ca");
+                 }
 
+                 rmdir($tmpdir);
+             }
+         }
+     }
     // Change document root for ssl domain
     if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
         if ( $v_ssl_home != $_POST['v_ssl_home'] ) {

web/js/pages/add_web.js

@@ -151,6 +151,21 @@ App.Actions.WEB.toggle_additional_ftp_accounts = function(elm) {
     }
 }
 
+App.Actions.WEB.toggle_letsencrypt = function(elm) {
+    if ($(elm).attr('checked')) {
+        $('#ssltable textarea[name=v_ssl_crt],#ssltable textarea[name=v_ssl_key], #ssltable textarea[name=v_ssl_ca]').attr('disabled', 'disabled');
+        $('input[name=v_ssl]').prop('checked', true);
+        $('#ssltable').show();
+        $('#generate-csr').hide();
+    }
+    else {
+        $('#ssltable textarea[name=v_ssl_crt],#ssltable textarea[name=v_ssl_key], #ssltable textarea[name=v_ssl_ca]').removeAttr('disabled');
+        $('input[name=v_ssl]').prop('checked', false);
+        $('#ssltable').hide();
+        $('#generate-csr').show();
+    }
+}
+
 //
 // Page entry point
 App.Listeners.WEB.keypress_ftp_username();
@@ -163,6 +178,7 @@ $(function() {
         var prefix = 'www.';
         document.getElementById('v_aliases').value = prefix + document.getElementById('v_domain').value;
     });
+    App.Actions.WEB.toggle_letsencrypt($('input[name=v_letsencrypt]'))
 });
 
 function WEBrandom() {

web/js/pages/edit_web.js

@@ -132,6 +132,21 @@ App.Actions.WEB.toggle_additional_ftp_accounts = function(elm) {
     }
 }
 
+App.Actions.WEB.toggle_letsencrypt = function(elm) {
+    if ($(elm).attr('checked')) {
+        $('#ssltable textarea[name=v_ssl_crt],#ssltable textarea[name=v_ssl_key], #ssltable textarea[name=v_ssl_ca]').attr('disabled', 'disabled');
+        $('input[name=v_ssl]').prop('checked', true);
+        $('#ssltable').show();
+        $('#generate-csr').hide();
+    }
+    else {
+        $('#ssltable textarea[name=v_ssl_crt],#ssltable textarea[name=v_ssl_key], #ssltable textarea[name=v_ssl_ca]').removeAttr('disabled');
+        $('input[name=v_ssl]').prop('checked', false);
+        $('#ssltable').hide();
+        $('#generate-csr').show();
+    }
+}
+
 App.Actions.WEB.randomPasswordGenerated = function(elm) { 
     return App.Actions.WEB.passwordChanged(elm);
 }
@@ -159,11 +174,14 @@ App.Actions.WEB.passwordChanged = function(elm) {
 App.Listeners.WEB.keypress_ftp_username();
 App.Listeners.WEB.keypress_ftp_path();
 
-$('.v-ftp-user-psw').on('keypress', function(evt) {
-    var elm = $(evt.target);
-    App.Actions.WEB.passwordChanged(elm);
-});
 
+$(function() {
+    $('.v-ftp-user-psw').on('keypress', function (evt) {
+        var elm = $(evt.target);
+        App.Actions.WEB.passwordChanged(elm);
+    });
+    App.Actions.WEB.toggle_letsencrypt($('input[name=v_letsencrypt]'))
+});
 
 function WEBrandom() {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';

web/templates/admin/add_web.html

@@ -124,7 +124,7 @@
                         <tr>
                             <td class="step-top vst-text">
                                 <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl" <?php if($v_ssl == 'yes' || $v_ssl == 'on') echo "checked=yes" ?> onclick="javascript:elementHideShow('ssltable');"> <?php print __('SSL Support');?></label> /
-                                <a class="generate" target="_blank" href="/generate/ssl/"><?php print __('Generate CSR') ?></a>
+                                <a class="generate" id="generate-csr" target="_blank" href="/generate/ssl/"><?php print __('Generate CSR') ?></a>
                             </td>
                         </tr>
                         <tr>
@@ -180,6 +180,11 @@
                                 </table>
                             </td>
                         </tr>
+                        <tr>
+                            <td class="step-top vst-text">
+                                <label><input type="checkbox" size="20" class="vst-checkbox" name="v_letsencrypt" <?php if($v_letsencrypt == 'yes' || $v_letsencrypt == 'on') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_letsencrypt(this)"> <?php print __('Lets Encrypt Support');?></label>
+                            </td>
+                        </tr>
                         <tr>
                             <td class="vst-text step-top">
                                 <?php print __('Web Statistics');?>

web/templates/admin/edit_web.html

@@ -181,7 +181,7 @@
                             <tr>
                                 <td class="vst-text step-top">
                                     <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl" <?php if ($v_ssl == 'yes') echo "checked=yes" ?> onclick="javascript:elementHideShow('ssltable');"> <?php print __('SSL Support');?></label> /
-                                    <a class="generate" target="_blank" href="/generate/ssl/?domain=<?php echo $v_domain ?>"><?php print __('Generate CSR') ?></a>
+                                    <a class="generate" id="generate-csr" target="_blank" href="/generate/ssl/?domain=<?php echo $v_domain ?>"><?php print __('Generate CSR') ?></a>
                                 </td>
                             </tr>
                             <tr>
@@ -304,6 +304,11 @@
                                     </table>
                                 </td>
                             </tr>
+                            <tr>
+                                <td class="step-top vst-text">
+                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v_letsencrypt" <?php if($v_letencrypt == 'yes' || $v_letencrypt == 'on') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_letsencrypt(this)"> <?php print __('Lets Encrypt Support');?></label>
+                                </td>
+                            </tr>
                             <tr>
                                 <td class="vst-text step-top">
                                     <?php print __('Web Statistics');?>