From c458ed8b0cccd741d075713f576a1b2c794d6d84 Mon Sep 17 00:00:00 2001
From: Daniel Reichelt <hacking@nachtgeist.net>
Date: Tue, 8 Mar 2016 08:11:59 +0100
Subject: [PATCH 1/3] cron/LE: fix superfluous CSRs

Depending on the data present, the LE cronscript may cause multiple
entries per domain in domain_ssl_settings.

This is due to $updcert_stmt interfering with the outer loop
while ($certrow = $stmt->fetch()): PDO's DB cursor sees rows newly created
by $updcert_stmt within the loop. As a consequence this also leads to
superfluous CSRs, thus increasing the certificate limit counter on the LE
side.

Solution: manifest the result of @$certificates_stmt@ on the PHP side in
its entirety prior to entering the outer loop.
---
 scripts/jobs/cron_letsencrypt.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/jobs/cron_letsencrypt.php b/scripts/jobs/cron_letsencrypt.php
index 9bceea5e..720ae706 100644
--- a/scripts/jobs/cron_letsencrypt.php
+++ b/scripts/jobs/cron_letsencrypt.php
@@ -36,7 +36,8 @@ $upddom_stmt = Database::prepare("
 ");
 
 $changedetected = 0;
-while ($certrow = $certificates_stmt->fetch(PDO::FETCH_ASSOC)) {
+$certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
+foreach($certrows AS $certrow) {
 
     // set logger to corresponding loginname for the log to appear in the users system-log
     $cronlog = FroxlorLogger::getInstanceOf(array('loginname' => $certrow['loginname']));

From 291fae174406528f4c3404b692306c64432a9bbc Mon Sep 17 00:00:00 2001
From: Daniel Reichelt <hacking@nachtgeist.net>
Date: Tue, 8 Mar 2016 08:17:52 +0100
Subject: [PATCH 2/3] cron/LE: more verbose error message on token error

be more specific about what exactly went wrong when trying to assert the
challenge/response payload (like e.g. http response code, error in DNS
resolution etc.)
---
 lib/classes/ssl/class.lescript.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/classes/ssl/class.lescript.php b/lib/classes/ssl/class.lescript.php
index dbf75546..3090bcfa 100644
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -145,8 +145,14 @@ class lescript
 
             // simple self check
             if($payload !== trim(@file_get_contents($uri))) {
+		$errmsg = json_encode(error_get_last());
+		if ($errmsg != "null") {
+			$errmsg = "; PHP error: " . $errmsg;
+		} else {
+			$errmsg = "";
+		}
                 @unlink($tokenPath);
-                throw new \RuntimeException("Please check $uri - token not available");
+                throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
             }
 
             $this->log("Sending request to challenge");

From 65fd6ac191acbcc033aac34465b62cb896cf0f5c Mon Sep 17 00:00:00 2001
From: Daniel Reichelt <hacking@nachtgeist.net>
Date: Tue, 8 Mar 2016 08:20:41 +0100
Subject: [PATCH 3/3] fix wrong column name in latest DB update, fixes #1602

---
 install/updates/froxlor/0.9/update_0.9.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
index c99f9aa5..49aece4e 100644
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -3158,7 +3158,7 @@ if (isFroxlorVersion('0.9.35-rc1')) {
     showUpdateStep("Adding new setting to enable/disable Let's Encrypt");
     $enable_letsencrypt = isset($_POST['enable_letsencrypt']) ? (int)$_POST['enable_letsencrypt'] : "1";
     Settings::AddNew("system.leenabled", $enable_letsencrypt);
-    Database::query("UPDATE `".TABLE_PANEL_CRONRUNS."` SET `active` = '".$enable_letsencrypt."' WHERE `cronfile` = 'letsencrypt'");
+    Database::query("UPDATE `".TABLE_PANEL_CRONRUNS."` SET `isactive` = '".$enable_letsencrypt."' WHERE `cronfile` = 'letsencrypt'");
     lastStepStatus(0);
 
 }