diff --git a/lib/classes/ssl/class.lescript.php b/lib/classes/ssl/class.lescript.php
index 4ea258b0..3bf8b6af 100644
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -227,9 +227,7 @@ class lescript
$this->client->getLastLinks();
- if (empty($csrfile) || Settings::Get('system.letsencryptreuseold') == 0) {
- $csr = $this->generateCSR($privateDomainKey, $domains);
- }
+ $csr = $this->generateCSR($privateDomainKey, $domains);
// request certificates creation
$result = $this->signedRequest("/acme/new-cert", array(
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 6783d8a8..61849a5b 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1949,8 +1949,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Path for Let's En
$lng['serversettings']['letsencryptchallengepath']['description'] = "Directory where the Let's Encrypt challenges should be offered from via a global alias.
ATTENTION: Let's Encrypt is still in beta";
$lng['serversettings']['letsencryptkeysize']['title'] = "Key size for new Let's Encrypt certificates";
$lng['serversettings']['letsencryptkeysize']['description'] = "Size of the key in Bits for new Let's Encrypt certificates.
ATTENTION: Let's Encrypt is still in beta";
-$lng['serversettings']['letsencryptreuseold']['title'] = "Re-use Let's Encrypt key / CSR";
-$lng['serversettings']['letsencryptreuseold']['description'] = "If activated, the same key and CSR will be used for every renew, otherwise a new key / CSR will be generated every time.
ATTENTION: Let's Encrypt is still in beta";
+$lng['serversettings']['letsencryptreuseold']['title'] = "Re-use Let's Encrypt key";
+$lng['serversettings']['letsencryptreuseold']['description'] = "If activated, the same key will be used for every renew, otherwise a new key will be generated every time.
ATTENTION: Let's Encrypt is still in beta";
$lng['serversettings']['leenabled']['title'] = "Enable Let's Encrypt";
$lng['serversettings']['leenabled']['description'] = "If activated, customers are able to let froxlor automatically generate and renew Let's Encrypt ssl-certificates for domains with a ssl IP/port.
Please remember that you need to go through the webserver-configuration when eabled because this feature needs a special configuration.";
$lng['domains']['ssl_redirect_temporarilydisabled'] = "
The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
diff --git a/lng/german.lng.php b/lng/german.lng.php
index 671ce6c1..dd908b2f 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1603,8 +1603,8 @@ $lng['serversettings']['letsencryptchallengepath']['title'] = "Verzeichnis für
$lng['serversettings']['letsencryptchallengepath']['description'] = "Let's Encrypt challenges werden aus diesem Verzeichnis über einen globalen Alias ausgeliefert.
ACHTUNG: Let's Encrypt befindet sich noch im Test";
$lng['serversettings']['letsencryptkeysize']['title'] = "Schlüsselgröße für neue Let's Encrypt Zertifikate";
$lng['serversettings']['letsencryptkeysize']['description'] = "Größe des Schlüssels in Bit für neue Let's Encrypt Zertifikate.
ACHTUNG: Let's Encrypt befindet sich noch im Test";
-$lng['serversettings']['letsencryptreuseold']['title'] = "Let's Encrypt Schlüssel / CSR wiederverwenden";
-$lng['serversettings']['letsencryptreuseold']['description'] = "Wenn dies aktiviert ist, werden der alte Schlüssel und CSR bei jeder Verlängerung verwendet, andernfalls wird ein neues Paar generiert.
ACHTUNG: Let's Encrypt befindet sich noch im Test";
+$lng['serversettings']['letsencryptreuseold']['title'] = "Let's Encrypt Schlüssel wiederverwenden";
+$lng['serversettings']['letsencryptreuseold']['description'] = "Wenn dies aktiviert ist, wird der alte Schlüssel bei jeder Verlängerung verwendet, andernfalls wird ein neues Paar generiert.
ACHTUNG: Let's Encrypt befindet sich noch im Test";
$lng['serversettings']['leenabled']['title'] = "Let's Encrypt verwenden";
$lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, können Kunden durch Froxlor automatisch generierte und verlängerbare Let's Encrypt SSL-Zertifikate für Domains mit SSL IP/port nutzen.
Bitte die Webserver-Konfiguration beachten wenn aktiviert, da dieses Feature eine spezielle Konfiguration benötigt.";
$lng['domains']['ssl_redirect_temporarilydisabled'] = "
Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";
diff --git a/scripts/jobs/cron_letsencrypt.php b/scripts/jobs/cron_letsencrypt.php
index 0ee4722e..875f8ff5 100644
--- a/scripts/jobs/cron_letsencrypt.php
+++ b/scripts/jobs/cron_letsencrypt.php
@@ -92,26 +92,13 @@ foreach ($certrows as $certrow) {
if ($certrow['ssl_redirect'] != 2) {
$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
- if ($certrow['ssl_cert_file']) {
- $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt using old key / SAN for " . $certrow['domain']);
- // Parse the old certificate
- $x509data = openssl_x509_parse($certrow['ssl_cert_file']);
-
- // We are interessted in the old SAN - data
- $san = explode(', ', $x509data['extensions']['subjectAltName']);
- $domains = array();
- foreach ($san as $dnsname) {
- $domains[] = substr($dnsname, 4);
- }
- } else {
- $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt generating new key / SAN for " . $certrow['domain']);
- $domains = array(
- $certrow['domain']
- );
- // Add www. for SAN
- if ($certrow['wwwserveralias'] == 1) {
- $domains[] = 'www.' . $certrow['domain'];
- }
+ $cronlog->logAction(CRON_ACTION, LOG_DEBUG, "letsencrypt generating SAN list for " . $certrow['domain']);
+ $domains = array(
+ $certrow['domain']
+ );
+ // Add www. for SAN
+ if ($certrow['wwwserveralias'] == 1) {
+ $domains[] = 'www.' . $certrow['domain'];
}
try {