diff --git a/install/froxlor.sql b/install/froxlor.sql
index ec917791..76fe4d6d 100644
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -256,6 +256,7 @@ CREATE TABLE `panel_domains` (
`mod_fcgid_maxrequests` int(4) default '-1',
`ismainbutsubto` int(11) unsigned NOT NULL default '0',
`letsencrypt` tinyint(1) NOT NULL default '0',
+ `caa` tinyint(1) NOT NULL default '0',
`hsts` varchar(10) NOT NULL default '0',
`hsts_sub` tinyint(1) NOT NULL default '0',
`hsts_preload` tinyint(1) NOT NULL default '0',
diff --git a/install/updates/froxlor/0.10/update_0.10.inc.php b/install/updates/froxlor/0.10/update_0.10.inc.php
index 030b82a8..41dfb662 100644
--- a/install/updates/froxlor/0.10/update_0.10.inc.php
+++ b/install/updates/froxlor/0.10/update_0.10.inc.php
@@ -263,3 +263,9 @@ if (\Froxlor\Froxlor::isDatabaseVersion('201904100')) {
if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0-rc1')) {
\Froxlor\Froxlor::updateToVersion('0.10.0-rc2');
}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201904250')) {
+
+ Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `caa` TINYINT(1) NOT NULL DEFAULT '0' AFTER `letsencrypt`;");
+ \Froxlor\Froxlor::updateToDbVersion('201907270');
+}
\ No newline at end of file
diff --git a/lib/Froxlor/Dns/Dns.php b/lib/Froxlor/Dns/Dns.php
index cfc77e93..c34a5543 100644
--- a/lib/Froxlor/Dns/Dns.php
+++ b/lib/Froxlor/Dns/Dns.php
@@ -130,6 +130,12 @@ class Dns
}
}
+ // additional required records for CAA if activated
+ if ($domain['caa'] == '1') {
+ // check for CAA content later
+ self::addRequiredEntry('@', 'CAA', $required_entries);
+ }
+
// additional required records for SPF and DKIM if activated
if ($domain['isemaildomain'] == '1') {
if (Settings::Get('spf.use_spf') == '1') {
@@ -278,6 +284,11 @@ class Dns
}
}
}
+
+ // CAA
+ if (array_key_exists("CAA", $required_entries)) {
+ $zonerecords[] = new DnsEntry('@', 'CAA', '0 issue "letsencrypt.org"');
+ }
}
if (empty($primary_ns)) {
diff --git a/lib/formfields/admin/domains/formfield.domains_add.php b/lib/formfields/admin/domains/formfield.domains_add.php
index ddbb6266..b3460fae 100644
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -214,6 +214,19 @@ return array(
),
'value' => array()
),
+ 'caa' => array(
+ 'visible' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+ 'label' => $lng['admin']['caa']['title'],
+ 'desc' => $lng['admin']['caa']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array(
+ 'label' => $lng['panel']['yes'],
+ 'value' => '1'
+ )
+ ),
+ 'value' => array()
+ ),
'http2' => array(
'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',
'label' => $lng['admin']['domain_http2']['title'],
diff --git a/lib/formfields/admin/domains/formfield.domains_edit.php b/lib/formfields/admin/domains/formfield.domains_edit.php
index 4c756ec1..7fe2fe54 100644
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -250,6 +250,21 @@ return array(
$result['letsencrypt']
)
),
+ 'caa' => array(
+ 'visible' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+ 'label' => $lng['admin']['caa']['title'],
+ 'desc' => $lng['admin']['caa']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array(
+ 'label' => $lng['panel']['yes'],
+ 'value' => '1'
+ )
+ ),
+ 'value' => array(
+ $result['caa']
+ )
+ ),
'http2' => array(
'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',
'label' => $lng['admin']['domain_http2']['title'],
diff --git a/lib/formfields/customer/domains/formfield.domains_add.php b/lib/formfields/customer/domains/formfield.domains_add.php
index 00d9fca6..b620dba1 100644
--- a/lib/formfields/customer/domains/formfield.domains_add.php
+++ b/lib/formfields/customer/domains/formfield.domains_add.php
@@ -108,6 +108,19 @@ return array(
),
'value' => array()
),
+ 'caa' => array(
+ 'visible' => \Froxlor\Settings::Get('system.leenabled') == '1' ? true : false,
+ 'label' => $lng['customer']['caa']['title'],
+ 'desc' => $lng['customer']['caa']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array(
+ 'label' => $lng['panel']['yes'],
+ 'value' => '1'
+ )
+ ),
+ 'value' => array()
+ ),
'hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
diff --git a/lib/formfields/customer/domains/formfield.domains_edit.php b/lib/formfields/customer/domains/formfield.domains_edit.php
index 56a28543..c5315487 100644
--- a/lib/formfields/customer/domains/formfield.domains_edit.php
+++ b/lib/formfields/customer/domains/formfield.domains_edit.php
@@ -128,6 +128,21 @@ return array(
$result['letsencrypt']
)
),
+ 'caa' => array(
+ 'visible' => \Froxlor\Settings::Get('system.leenabled') == '1' ? true : false,
+ 'label' => $lng['customer']['caa']['title'],
+ 'desc' => $lng['customer']['caa']['description'],
+ 'type' => 'checkbox',
+ 'values' => array(
+ array(
+ 'label' => $lng['panel']['yes'],
+ 'value' => '1'
+ )
+ ),
+ 'value' => array(
+ $result['caa']
+ )
+ ),
'hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage']['title'],
'desc' => $lng['admin']['domain_hsts_maxage']['description'],
diff --git a/lng/english.lng.php b/lng/english.lng.php
index e76477c5..3ee60eeb 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1848,6 +1848,12 @@ $lng['serversettings']['leenabled']['title'] = "Enable Let's Encrypt";
$lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.
Please remember that you need to go through the webserver-configuration when enabled because this feature needs a special configuration.";
$lng['domains']['ssl_redirect_temporarilydisabled'] = "
The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
+// Added for CAA record support
+$lng['admin']['caa']['title'] = 'Use CAA DNS record';
+$lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record. Currently it only supports Let\'s Encrypt. This feature is still in beta.';
+$lng['customer']['caa']['title'] = 'Use CAA DNS record';
+$lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record. Currently it only supports Let\'s Encrypt. This feature is still in beta.';
+
// Autoupdate
$lng['admin']['autoupdate'] = 'Auto-Update';
$lng['error']['customized_version'] = 'It looks like your Froxlor installation has been modified, no support sorry.';
diff --git a/lng/german.lng.php b/lng/german.lng.php
index f1f44c27..37c3f08f 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1500,6 +1500,12 @@ $lng['serversettings']['leenabled']['title'] = "Let's Encrypt verwenden";
$lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/Port nutzen.
Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt.";
$lng['domains']['ssl_redirect_temporarilydisabled'] = "
Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";
+// Added for CAA record support
+$lng['admin']['caa']['title'] = 'CAA DNS Eintrag erstellen';
+$lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden. Im Moment wird nur Let\'s Encrypt unterstützt. Dieses Feature befindet sich noch im Test.';
+$lng['customer']['caa']['title'] = 'CAA DNS Eintrag erstellen';
+$lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden. Im Moment wird nur Let\'s Encrypt unterstützt. Dieses Feature befindet sich noch im Test.';
+
// Autoupdate
$lng['admin']['autoupdate'] = 'Auto-Update';
$lng['error']['customized_version'] = 'Es scheint als wäre die Froxlor Installation angepasst worden. Kein Support, sorry.';