From 459cbcc0dd332746bf0733f36cff6503c0067ea9 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Sun, 17 Feb 2019 19:25:23 +0100
Subject: [PATCH] keep re-use old-key setting for Let's Encrypt

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 actions/admin/settings/131.ssl.php           | 8 ++++++++
 lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php | 3 +++
 lng/english.lng.php                          | 2 ++
 lng/german.lng.php                           | 2 ++
 4 files changed, 15 insertions(+)

diff --git a/actions/admin/settings/131.ssl.php b/actions/admin/settings/131.ssl.php
index 5c37869c..80ca34f5 100644
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -199,6 +199,14 @@ return array(
 					),
 					'save_method' => 'storeSettingField'
 				),
+				'system_letsencryptreuseold' => array(
+					'label' => $lng['serversettings']['letsencryptreuseold'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptreuseold',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField'
+				),
 				'system_disable_le_selfcheck' => array(
 					'label' => $lng['serversettings']['disable_le_selfcheck'],
 					'settinggroup' => 'system',
diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
index 4caca1b7..d5e5d60f 100644
--- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
+++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -271,6 +271,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				if (Settings::Get('system.leecc') > 0) {
 					$acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc');
 				}
+				if (Settings::Get('system.letsencryptreuseold') != '1') {
+					$acmesh_cmd .= " --always-force-new-domain-key";
+				}
 
 				$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
 
diff --git a/lng/english.lng.php b/lng/english.lng.php
index ee1fed12..0ef2efda 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1842,6 +1842,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Path for Let's En
 $lng['serversettings']['letsencryptchallengepath']['description'] = "Directory where the Let's Encrypt challenges should be offered from via a global alias.";
 $lng['serversettings']['letsencryptkeysize']['title'] = "Key size for new Let's Encrypt certificates";
 $lng['serversettings']['letsencryptkeysize']['description'] = "Size of the key in Bits for new Let's Encrypt certificates.";
+$lng['serversettings']['letsencryptreuseold']['title'] = "Re-use Let's Encrypt key";
+$lng['serversettings']['letsencryptreuseold']['description'] = "If activated, the same key will be used for every renew, otherwise a new key will be generated every time.";
 $lng['serversettings']['leenabled']['title'] = "Enable Let's Encrypt";
 $lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.<br /><br />Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration.";
 $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
diff --git a/lng/german.lng.php b/lng/german.lng.php
index 800f7663..0730e292 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1494,6 +1494,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Verzeichnis für
 $lng['serversettings']['letsencryptchallengepath']['description'] = "Let's Encrypt challenges werden aus diesem Verzeichnis über einen globalen Alias ausgeliefert.";
 $lng['serversettings']['letsencryptkeysize']['title'] = "Schlüsselgröße für neue Let's Encrypt Zertifikate";
 $lng['serversettings']['letsencryptkeysize']['description'] = "Größe des Schlüssels in Bit für neue Let's Encrypt Zertifikate.";
+$lng['serversettings']['letsencryptreuseold']['title'] = "Let's Encrypt Schlüssel wiederverwenden";
+$lng['serversettings']['letsencryptreuseold']['description'] = "Wenn dies aktiviert ist, wird der alte Schlüssel bei jeder Verlängerung verwendet, andernfalls wird ein neues Paar generiert.";
 $lng['serversettings']['leenabled']['title'] = "Let's Encrypt verwenden";
 $lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/Port nutzen.<br /><br />Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt.";
 $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";