set version to 0.10.16 for upcoming release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

.travis.yml

@@ -58,7 +58,7 @@ after_success:
   - bash <(curl -s https://codecov.io/bash) -f "build/logs/clover.xml"
 
 notifications:
-  irc: "irc.freenode.org#froxlor"
+  irc: "chat.freenode.net#froxlor"
   webhooks:
     urls:
       - https://webhooks.gitter.im/e/bdf91d1c3f745e51f796

2fa.php

@@ -38,7 +38,7 @@ if (AREA == 'admin') {
 }
 $success_message = "";
 
-$tfa = new \Froxlor\FroxlorTwoFactorAuth('Froxlor');
+$tfa = new \Froxlor\FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
 
 // do the delete and then just show a success-message
 if ($action == 'delete') {

actions/admin/settings/131.ssl.php

@@ -122,10 +122,7 @@ return array(
 					'type' => 'bool',
 					'default' => true,
 					'save_method' => 'storeSettingField',
-					'visible' => \Froxlor\Settings::Get('system.use_ssl') && (\Froxlor\Settings::Get('system.webserver') == "nginx" || (\Froxlor\Settings::Get('system.webserver') == "apache2" && \Froxlor\Settings::Get('system.apache24') == 1)) && call_user_func(array(
-						'\Froxlor\Settings\FroxlorVhostSettings',
-						'hasVhostContainerEnabled'
-					), true)
+					'visible' => \Froxlor\Settings::Get('system.use_ssl') && (\Froxlor\Settings::Get('system.webserver') == "nginx" || (\Froxlor\Settings::Get('system.webserver') == "apache2" && \Froxlor\Settings::Get('system.apache24') == 1))
 				),
 				'system_leenabled' => array(
 					'label' => $lng['serversettings']['leenabled'],
@@ -217,11 +214,11 @@ return array(
 					'save_method' => 'storeSettingField'
 				),
 				'system_disable_le_selfcheck' => array(
-					'label' => $lng['serversettings']['disable_le_selfcheck'],
+					'label' => $lng['serversettings']['le_domain_dnscheck'],
 					'settinggroup' => 'system',
-					'varname' => 'disable_le_selfcheck',
+					'varname' => 'le_domain_dnscheck',
 					'type' => 'bool',
-					'default' => false,
+					'default' => true,
 					'save_method' => 'storeSettingField'
 				)
 			)

admin_domains.php

@@ -39,7 +39,7 @@ if ($page == 'domains' || $page == 'overview') {
 
 		$log->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_NOTICE, "viewed admin_domains");
 		$fields = array(
-			'd.domain' => $lng['domains']['domainname'],
+			'd.domain_ace' => $lng['domains']['domainname'],
 			'c.name' => $lng['customer']['name'],
 			'c.firstname' => $lng['customer']['firstname'],
 			'c.company' => $lng['customer']['company'],

admin_ipsandports.php

@@ -160,5 +160,14 @@ if ($page == 'ipsandports' || $page == 'overview') {
 				eval("echo \"" . \Froxlor\UI\Template::getTemplate("ipsandports/ipsandports_edit") . "\";");
 			}
 		}
+	} elseif ($action == 'jqCheckIP') {
+		$ip = $_POST['ip'] ?? "";
+		if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE) == false) {
+			// returns notice if private network detected so we can display it
+			echo json_encode($lng['admin']['ipsandports']['ipnote']);
+		} else {
+			echo 0;
+		}
+		exit();
 	}
 }

customer_domains.php

@@ -42,7 +42,7 @@ if ($page == 'overview') {
 	if ($action == '') {
 		$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains");
 		$fields = array(
-			'd.domain' => $lng['domains']['domainname'],
+			'd.domain_ace' => $lng['domains']['domainname'],
 			'd.aliasdomain' => $lng['domains']['aliasdomain']
 		);
 		try {

customer_email.php

@@ -19,7 +19,6 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
-use Froxlor\Api\Commands\SubDomains;
 use Froxlor\Database\Database;
 use Froxlor\Settings;
 use Froxlor\Api\Commands\Emails as Emails;
@@ -44,7 +43,7 @@ if ($page == 'overview') {
 	if ($action == '') {
 		$log->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_email::emails");
 		$fields = array(
-			'd.domain' => $lng['domains']['domainname'],
+			'd.domain_ace' => $lng['domains']['domainname'],
 			'm.email_full' => $lng['emails']['emailaddress'],
 			'm.destination' => $lng['emails']['forwarders']
 		);
@@ -76,7 +75,7 @@ if ($page == 'overview') {
 			$emails[$row['domain']][$row['email_full']] = $row;
 		}
 
-		if ($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') {
+		if ($paging->sortfield == 'd.domain_ace' && $paging->sortorder == 'desc') {
 			krsort($emails);
 		} else {
 			ksort($emails);
@@ -129,16 +128,15 @@ if ($page == 'overview') {
 			}
 		}
 
-		$json_result = SubDomains::getLocal($userinfo, [
-			'sql_search' => [
-				'd.isemaildomain' => [
-					'value' => 1,
-					'op' => '='
-				]
-			]
-		])->listing();
-		$result = json_decode($json_result, true)['data'];
-		$emaildomains_count = $result['count'];
+		$result_stmt = Database::prepare("
+			SELECT COUNT(`id`) as emaildomains
+			FROM `" . TABLE_PANEL_DOMAINS . "`
+			WHERE `customerid`= :cid AND `isemaildomain` = '1'
+		");
+		$result = Database::pexecute_first($result_stmt, array(
+			"cid" => $userinfo['customerid']
+		));
+		$emaildomains_count = $result['emaildomains'];
 
 		eval("echo \"" . \Froxlor\UI\Template::getTemplate("email/emails") . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
@@ -196,7 +194,7 @@ if ($page == 'overview') {
 				$result_stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `customerid`= :cid
 					AND `isemaildomain`='1'
-					ORDER BY `domain` ASC");
+					ORDER BY `domain_ace` ASC");
 				Database::pexecute($result_stmt, array(
 					"cid" => $userinfo['customerid']
 				));

index.php

@@ -393,7 +393,7 @@ if ($action == 'forgotpwd') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$loginname = \Froxlor\Validate\Validate::validate($_POST['loginname'], 'loginname');
 		$email = \Froxlor\Validate\Validate::validateEmail($_POST['loginemail'], 'email');
-		$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+		$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
 			WHERE `loginname`= :loginname
 			AND `email`= :email");
 		Database::pexecute($result_stmt, array(
@@ -481,6 +481,10 @@ if ($action == 'forgotpwd') {
 
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($user),
+						'NAME' => $user['name'],
+						'FIRSTNAME' => $user['firstname'] ?? "",
+						'COMPANY' => $user['company'] ?? "",
+						'CUSTOMER_NO' => $user['customernumber'] ?? 0,
 						'USERNAME' => $loginname,
 						'LINK' => $activationlink
 					);
@@ -598,21 +602,18 @@ if ($action == 'resetpwd') {
 				));
 
 				if ($result !== false) {
-					if ($result['admin'] == 1) {
-						$new_password = \Froxlor\Validate\Validate::validate($_POST['new_password'], 'new password');
-						$new_password_confirm = \Froxlor\Validate\Validate::validate($_POST['new_password_confirm'], 'new password confirm');
-					} else {
-						$new_password = \Froxlor\System\Crypt::validatePassword($_POST['new_password'], 'new password');
-						$new_password_confirm = \Froxlor\System\Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
+					try {
+						$new_password = \Froxlor\System\Crypt::validatePassword($_POST['new_password'], true);
+						$new_password_confirm = \Froxlor\System\Crypt::validatePassword($_POST['new_password_confirm'], true);
+					} catch (Exception $e) {
+						$message = $e->getMessage();
 					}
 
-					if ($new_password == '') {
-						$message = $new_password;
-					} elseif ($new_password_confirm == '') {
-						$message = $new_password_confirm;
-					} elseif ($new_password != $new_password_confirm) {
-						$message = $new_password . " != " . $new_password_confirm;
-					} else {
+					if (empty($message) && (empty($new_password) || $new_password != $new_password_confirm)) {
+						$message = $lng['error']['newpasswordconfirmerror'];
+					}
+
+					if (empty($message)) {
 						// Update user password
 						if ($result['admin'] == 1) {
 							$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_ADMINS . "`

install/froxlor.sql

@@ -84,7 +84,7 @@ CREATE TABLE `panel_activation` (
   `creation` int(11) unsigned NOT NULL default '0',
   `activationcode` varchar(50) default NULL,
   PRIMARY KEY (id)
-) ENGINE=InnoDB  CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
 
 
 DROP TABLE IF EXISTS `panel_admins`;
@@ -224,6 +224,7 @@ DROP TABLE IF EXISTS `panel_domains`;
 CREATE TABLE `panel_domains` (
   `id` int(11) unsigned NOT NULL auto_increment,
   `domain` varchar(255) NOT NULL default '',
+  `domain_ace` varchar(255) NOT NULL default '',
   `adminid` int(11) unsigned NOT NULL default '0',
   `customerid` int(11) unsigned NOT NULL default '0',
   `aliasdomain` int(11) unsigned NULL,
@@ -653,7 +654,7 @@ opcache.interned_strings_buffer'),
 	('system', 'leregistered', '0'),
 	('system', 'leaccount', ''),
 	('system', 'nssextrausers', '0'),
-	('system', 'disable_le_selfcheck', '0'),
+	('system', 'le_domain_dnscheck', '1'),
 	('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
 	('system', 'tlsv13_cipher_list', ''),
 	('system', 'honorcipherorder', '0'),
@@ -703,8 +704,8 @@ opcache.interned_strings_buffer'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'is_configured', '0'),
-	('panel', 'version', '0.10.13'),
-	('panel', 'db_version', '201912313');
+	('panel', 'version', '0.10.16'),
+	('panel', 'db_version', '202004140');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/lib/class.FroxlorInstall.php

@@ -332,22 +332,29 @@ class FroxlorInstall
 		$userdata .= "?>";
 
 		// test if we can store the userdata.inc.php in ../lib
+		$umask = @umask(077);
 		$userdata_file = dirname(dirname(dirname(__FILE__))) . '/lib/userdata.inc.php';
-		if ($fp = @fopen($userdata_file, 'w')) {
-			$result = @fputs($fp, $userdata, strlen($userdata));
+		if (@touch($userdata_file) && @is_writable($userdata_file)) {
+			$fp = @fopen($userdata_file, 'w');
+			@fputs($fp, $userdata, strlen($userdata));
 			@fclose($fp);
 			$content .= $this->_status_message('green', 'OK');
-			chmod($userdata_file, 0440);
-		} elseif ($fp = @fopen('/tmp/userdata.inc.php', 'w')) {
-			$result = @fputs($fp, $userdata, strlen($userdata));
-			@fclose($fp);
-			$content .= $this->_status_message('orange', $this->_lng['install']['creating_configfile_temp']);
-			chmod('/tmp/userdata.inc.php', 0440);
 		} else {
-			$content .= $this->_status_message('red', $this->_lng['install']['creating_configfile_failed']);
-			$escpduserdata = nl2br(htmlspecialchars($userdata));
-			eval("\$content .= \"" . $this->_getTemplate("textarea") . "\";");
+			@unlink($userdata_file);
+			// try creating it in a temporary file
+			$temp_file = @tempnam(sys_get_temp_dir(), 'fx');
+			if ($temp_file) {
+				$fp = @fopen($temp_file, 'w');
+				@fputs($fp, $userdata, strlen($userdata));
+				@fclose($fp);
+				$content .= $this->_status_message('orange', sprintf($this->_lng['install']['creating_configfile_temp'], $temp_file));
+			} else {
+				$content .= $this->_status_message('red', $this->_lng['install']['creating_configfile_failed']);
+				$escpduserdata = nl2br(htmlspecialchars($userdata));
+				eval("\$content .= \"" . $this->_getTemplate("textarea") . "\";");
+			}
 		}
+		@umask($umask);
 
 		return $content;
 	}
@@ -563,7 +570,7 @@ class FroxlorInstall
 			for ($i = 0; $i < sizeof($sql_query); $i ++) {
 				if (trim($sql_query[$i]) != '') {
 					try {
-						$result = $db->query($sql_query[$i]);
+						$db->query($sql_query[$i]);
 					} catch (\PDOException $e) {
 						$content .= $this->_status_message('red', $e->getMessage());
 						$fatal_fail = true;
@@ -730,7 +737,7 @@ class FroxlorInstall
 			}
 
 			if ($do_backup) {
-				$command = $mysql_dump . " " . $this->_data['mysql_database'] . " -u " . $this->_data['mysql_root_user'] . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
+				$command = $mysql_dump . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --password='" . escapeshellarg($this->_data['mysql_root_pass']) . "' --result-file=" . $filename;
 				$output = exec($command);
 				if (stristr($output, "error")) {
 					$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);

install/lng/english.lng.php

@@ -86,7 +86,7 @@ $lng['install']['changing_data'] = 'Adjusting settings...';
 $lng['install']['creating_entries'] = 'Inserting new values...';
 $lng['install']['adding_admin_user'] = 'Creating admin-account...';
 $lng['install']['creating_configfile'] = 'Creating configfile...';
-$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to ' . dirname(dirname(__DIR__)) . '/lib/.';
+$lng['install']['creating_configfile_temp'] = 'File was saved in %s, please move to ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php';
 $lng['install']['creating_configfile_failed'] = 'Could not create ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php, please create it manually with the following content:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor was installed successfully.';
 

install/lng/french.lng.php

@@ -76,7 +76,7 @@ $lng['install']['changing_data'] = 'Ajustement des paramètres...';
 $lng['install']['creating_entries'] = 'Insertion des nouvelles valeurs...';
 $lng['install']['adding_admin_user'] = 'Création du compte administrateur...';
 $lng['install']['creating_configfile'] = 'Création du fichier de configuration...';
-$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans ' . dirname(dirname(__DIR__)) . '/lib/.';
+$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans %s, merci de le déplacer dans ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php';
 $lng['install']['creating_configfile_failed'] = 'Impossible de créer ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor a été installé avec succès.';
 

install/lng/german.lng.php

@@ -86,7 +86,7 @@ $lng['install']['changing_data'] = 'Einstellungen anpassen...';
 $lng['install']['creating_entries'] = 'Trage neue Werte ein...';
 $lng['install']['adding_admin_user'] = 'Erstelle Admin-Benutzer...';
 $lng['install']['creating_configfile'] = 'Erstelle Konfigurationsdatei...';
-$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach ' . dirname(dirname(__DIR__)) . '/lib/ verschieben.';
+$lng['install']['creating_configfile_temp'] = 'Datei wurde in %s gespeichert, bitte nach ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php verschieben.';
 $lng['install']['creating_configfile_failed'] = 'Konnte ' . dirname(dirname(__DIR__)) . '/lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor wurde erfolgreich installiert.';
 

install/updates/froxlor/0.10/update_0.10.inc.php

@@ -546,7 +546,7 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.10')) {
 if (\Froxlor\Froxlor::isDatabaseVersion('201912311')) {
 	showUpdateStep("Migrate logfiles_format setting");
 	$current_format = Settings::Set('system.logfiles_format');
-	if (!empty($current_format)) {
+	if (! empty($current_format)) {
 		Settings::Set('system.logfiles_format', '"' . Settings::Get('system.logfiles_format') . '"');
 		lastStepStatus(0);
 	} else {
@@ -571,3 +571,49 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.12')) {
 	showUpdateStep("Updating from 0.10.12 to 0.10.13", false);
 	\Froxlor\Froxlor::updateToVersion('0.10.13');
 }
+
+if (\Froxlor\Froxlor::isDatabaseVersion('201912313')) {
+	showUpdateStep("Adding new field to domains table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `domain_ace` varchar(255) NOT NULL default '' AFTER `domain`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Updating domain entries");
+	$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `domain_ace` = :ace WHERE `id` = :domainid");
+	$sel_stmt = Database::prepare("SELECT id, domain FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY id ASC");
+	Database::pexecute($sel_stmt);
+	$idna_convert = new \Froxlor\Idna\IdnaWrapper();
+	while ($domain = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
+		Database::pexecute($upd_stmt, [
+			'ace' => $idna_convert->decode($domain['domain']),
+			'domainid' => $domain['id']
+		]);
+	}
+	lastStepStatus(0);
+
+	\Froxlor\Froxlor::updateToDbVersion('202002290');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.13')) {
+	showUpdateStep("Updating from 0.10.13 to 0.10.14", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.14');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.14')) {
+	showUpdateStep("Updating from 0.10.14 to 0.10.15", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.15');
+}
+
+if (\Froxlor\Froxlor::isDatabaseVersion('202002290')) {
+	showUpdateStep("Adding new setting to validate DNS when using Let's Encrypt");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'disable_le_selfcheck'");
+	$le_domain_dnscheck = isset($_POST['system_le_domain_dnscheck']) ? (int) $_POST['system_le_domain_dnscheck'] : '1';
+	Settings::AddNew("system.le_domain_dnscheck", $le_domain_dnscheck);
+	lastStepStatus(0);
+
+	\Froxlor\Froxlor::updateToDbVersion('202004140');
+}
+
+if (\Froxlor\Froxlor::isFroxlorVersion('0.10.15')) {
+	showUpdateStep("Updating from 0.10.15 to 0.10.16", false);
+	\Froxlor\Froxlor::updateToVersion('0.10.16');
+}

install/updates/preconfig.php

@@ -34,6 +34,9 @@ function getPreConfig($current_version, $current_db_version)
 	include_once \Froxlor\FileDir::makeCorrectFile(dirname(__FILE__) . '/preconfig/0.9/preconfig_0.9.inc.php');
 	parseAndOutputPreconfig($has_preconfig, $return, $current_version, $current_db_version);
 
+	include_once \Froxlor\FileDir::makeCorrectFile(dirname(__FILE__) . '/preconfig/0.10/preconfig_0.10.inc.php');
+	parseAndOutputPreconfig2($has_preconfig, $return, $current_version, $current_db_version);
+
 	$return .= '<br /><br />' . \Froxlor\UI\HTML::makecheckbox('update_changesagreed', '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>', '1', true, '0', true);
 	$return .= '</div>';
 	$return .= '<input type="hidden" name="update_preconfig" value="1" />';

install/updates/preconfig/0.10/preconfig_0.10.inc.php

@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Updater
+ *
+ */
+
+/**
+ * checks if the new-version has some updating to do
+ *
+ * @param boolean $has_preconfig
+ *        	pointer to check if any preconfig has to be output
+ * @param string $return
+ *        	pointer to output string
+ * @param string $current_version
+ *        	current froxlor version
+ *        	
+ * @return null
+ */
+function parseAndOutputPreconfig2(&$has_preconfig, &$return, $current_version, $current_db_version)
+{
+	global $lng;
+
+	if (versionInUpdate($current_db_version, '202004140')) {
+		$has_preconfig = true;
+		$description = 'Froxlor can now optionally validate the dns entries of domains that request Lets Encrypt certificates to reduce dns-related problems (e.g. freshly registered domain or updated a-record).<br />';
+		$question = '<strong>Validate DNS of domains when using Lets Encrypt&nbsp;';
+		$question .= \Froxlor\UI\HTML::makeyesno('system_le_domain_dnscheck', '1', '0', '1');
+
+		eval("\$return.=\"" . \Froxlor\UI\Template::getTemplate("update/preconfigitem") . "\";");
+	}
+}

lib/Froxlor/Api/Commands/Customers.php

@@ -689,6 +689,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 								'name' => $name,
 								'company' => $company
 							)),
+							'CUSTOMER_NO' => $customernumber,
 							'USERNAME' => $loginname,
 							'PASSWORD' => $password,
 							'SERVER_HOSTNAME' => $srv_hostname,
@@ -1409,7 +1410,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				'id' => $id
 			), true, true);
 
-			// first gather all domain-id's to clean up panel_domaintoip and dns-entries accordingly
+			// first gather all domain-id's to clean up panel_domaintoip, dns-entries and certificates accordingly
 			$did_stmt = Database::prepare("SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");
 			Database::pexecute($did_stmt, array(
 				'id' => $id
@@ -1425,6 +1426,11 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
 				Database::pexecute($stmt, array(
 					'did' => $row['id']
 				), true, true);
+				// remove domain->certificates entries
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :did");
+				Database::pexecute($stmt, array(
+					'did' => $row['id']
+				), true, true);
 			}
 			// remove customer domains
 			$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id");

lib/Froxlor/Api/Commands/Domains.php

@@ -684,6 +684,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 
 					$ins_data = array(
 						'domain' => $domain,
+						'domain_ace' => $idna_convert->decode($domain),
 						'customerid' => $customerid,
 						'adminid' => $adminid,
 						'documentroot' => $documentroot,
@@ -732,6 +733,7 @@ class Domains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEn
 					$ins_stmt = Database::prepare("
 						INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 						`domain` = :domain,
+						`domain_ace` = :domain_ace,
 						`customerid` = :customerid,
 						`adminid` = :adminid,
 						`documentroot` = :documentroot,

lib/Froxlor/Api/Commands/EmailAccounts.php

@@ -100,8 +100,8 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 			// alternative email address to send info to
 			if (Settings::Get('panel.sendalternativemail') == 1) {
 				$alternative_email = $idna_convert->encode(\Froxlor\Validate\Validate::validate($alternative_email, 'alternative_email', '', '', array(), true));
-				if (! \Froxlor\Validate\Validate::validateEmail($alternative_email)) {
-					\Froxlor\UI\Response::standard_error('emailiswrong', $alternative_email, true);
+				if (!empty($alternative_email) && ! \Froxlor\Validate\Validate::validateEmail($alternative_email)) {
+					\Froxlor\UI\Response::standard_error('alternativeemailiswrong', $alternative_email, true);
 				}
 			} else {
 				$alternative_email = '';
@@ -192,7 +192,12 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 				$replace_arr = array(
 					'EMAIL' => $email_full,
 					'USERNAME' => $username,
-					'PASSWORD' => $password
+					'PASSWORD' => $password,
+					'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($customer),
+					'NAME' => $customer['name'],
+					'FIRSTNAME' => $customer['firstname'],
+					'COMPANY' => $customer['company'],
+					'CUSTOMER_NO' => $customer['customernumber']
 				);
 
 				// get the customers admin
@@ -231,7 +236,7 @@ class EmailAccounts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Reso
 				$this->mailer()->clearAddresses();
 
 				// customer wants to send the e-mail to an alternative email address too
-				if (Settings::Get('panel.sendalternativemail') == 1) {
+				if (Settings::Get('panel.sendalternativemail') == 1 && !empty($alternative_email)) {
 					// get template for mail subject
 					$mail_subject = $this->getMailTemplate($customer, 'mails', 'pop_success_alternative_subject', $replace_arr, $this->lng['mails']['pop_success_alternative']['subject']);
 					// get template for mail body

lib/Froxlor/Api/Commands/Froxlor.php

@@ -243,6 +243,26 @@ class Froxlor extends \Froxlor\Api\ApiCommand
 		return $this->response(200, "successfull", \Froxlor\System\Crypt::generatePassword());
 	}
 
+	/**
+	 * can be used to remotely run the integritiy checks froxlor implements
+	 *
+	 * @access admin
+	 * @throws \Exception
+	 * @return string
+	 */
+	public function integrityCheck()
+	{
+		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
+			$integrity = new \Froxlor\Database\IntegrityCheck();
+			$result = $integrity->checkAll();
+			if ($result) {
+				return $this->response(200, "successfull", "OK");
+			}
+			throw new \Exception("Some checks failed.", 406);
+		}
+		throw new \Exception("Not allowed to execute given command.", 403);
+	}
+
 	/**
 	 * returns a list of all available api functions
 	 *

lib/Froxlor/Api/Commands/Ftps.php

@@ -227,6 +227,10 @@ class Ftps extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEntit
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($customer),
 						'CUST_NAME' => \Froxlor\User::getCorrectUserSalutation($customer), // < keep this for compatibility
+						'NAME' => $customer['name'],
+						'FIRSTNAME' => $customer['firstname'],
+						'COMPANY' => $customer['company'],
+						'CUSTOMER_NO' => $customer['customernumber'],
 						'USR_NAME' => $username,
 						'USR_PASS' => $password,
 						'USR_PATH' => \Froxlor\FileDir::makeCorrectDir(str_replace($customer['documentroot'], "/", $path))

lib/Froxlor/Api/Commands/IpsAndPorts.php

@@ -170,7 +170,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 	{
 		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
 
-			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip'), false, 'invalidip', false, false, false, false, true);
+			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip'), false, 'invalidip', false, true, false, false, true);
 			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, 80), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(
 				'stringisempty',
 				'myport'
@@ -367,7 +367,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				'id' => $id
 			));
 
-			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip', true, $result['ip']), false, 'invalidip', false, false, false, false, true);
+			$ip = \Froxlor\Validate\Validate::validate_ip2($this->getParam('ip', true, $result['ip']), false, 'invalidip', false, true, false, false, true);
 			$port = \Froxlor\Validate\Validate::validate($this->getParam('port', true, $result['port']), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(
 				'stringisempty',
 				'myport'
@@ -560,7 +560,7 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 						'ip' => $result['ip']
 					));
 
-					if (($result['ip'] != Settings::Get('system.ipaddress')) || ($result['ip'] == Settings::Get('system.ipaddress') && $result_sameipotherport == false)) {
+					if (($result['ip'] != Settings::Get('system.ipaddress')) || ($result['ip'] == Settings::Get('system.ipaddress') && $result_sameipotherport != false)) {
 
 						$del_stmt = Database::prepare("
 							DELETE FROM `" . TABLE_PANEL_IPSANDPORTS . "`

lib/Froxlor/Api/Commands/Mysqls.php

@@ -125,6 +125,10 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 			$replace_arr = array(
 				'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($userinfo),
 				'CUST_NAME' => \Froxlor\User::getCorrectUserSalutation($userinfo), // < keep this for compatibility
+				'NAME' => $userinfo['name'],
+				'FIRSTNAME' => $userinfo['firstname'],
+				'COMPANY' => $userinfo['company'],
+				'CUSTOMER_NO' => $userinfo['customernumber'],
 				'DB_NAME' => $username,
 				'DB_PASS' => $password,
 				'DB_DESC' => $databasedescription,

lib/Froxlor/Api/Commands/SubDomains.php

@@ -256,6 +256,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				`customerid` = :customerid,
 				`adminid` = :adminid,
 				`domain` = :domain,
+				`domain_ace` = :domain_ace,
 				`documentroot` = :documentroot,
 				`aliasdomain` = :aliasdomain,
 				`parentdomainid` = :parentdomainid,
@@ -287,6 +288,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				"customerid" => $customer['customerid'],
 				"adminid" => $customer['adminid'],
 				"domain" => $completedomain,
+				"domain_ace" => $idna_convert->decode($completedomain),
 				"documentroot" => $path,
 				"aliasdomain" => $aliasdomain != 0 ? $aliasdomain : null,
 				"parentdomainid" => $domain_check['id'],
@@ -765,6 +767,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 				'`d`.`id`',
 				'`d`.`customerid`',
 				'`d`.`domain`',
+				'`d`.`domain_ace`',
 				'`d`.`documentroot`',
 				'`d`.`isbinddomain`',
 				'`d`.`isemaildomain`',
@@ -780,7 +783,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc
 
 		// prepare select statement
 		$domains_stmt = Database::prepare("
-			SELECT " . implode(",", $select_fields) . ", IF(`d`.`parentdomainid` > 0, `pd`.`domain`, `d`.`domain`) AS `parentdomainname`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias`
+			SELECT " . implode(",", $select_fields) . ", IF(`d`.`parentdomainid` > 0, `pd`.`domain_ace`, `d`.`domain_ace`) AS `parentdomainname`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`

lib/Froxlor/Api/FroxlorRPC.php

@@ -56,7 +56,7 @@ class FroxlorRPC
 	private static function validateAuth($key, $secret)
 	{
 		$sel_stmt = \Froxlor\Database\Database::prepare("
-			SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed
+			SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed, c.deactivated
 			FROM `api_keys` ak
 			LEFT JOIN `panel_admins` a ON a.adminid = ak.adminid
 			LEFT JOIN `panel_customers` c ON c.customerid = ak.customerid
@@ -67,7 +67,7 @@ class FroxlorRPC
 			'as' => $secret
 		), true, true);
 		if ($result) {
-			if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1))) {
+			if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1 && $result['deactivated'] == 0))) {
 				// get user to check whether api call is allowed
 				if (! empty($result['allowed_from'])) {
 					// @todo allow specification and validating of whole subnets later

lib/Froxlor/Cron/CronConfig.php

@@ -99,7 +99,7 @@ class CronConfig
 					$binpath = Settings::Get("system.croncmdline");
 					// fallback as it is important
 					if ($binpath === null) {
-						$binpath = "/usr/bin/nice -n 5 /usr/bin/php5 -q";
+						$binpath = "/usr/bin/nice -n 5 /usr/bin/php -q";
 					}
 
 					$cronfile .= "root " . $binpath . " " . \Froxlor\FileDir::makeCorrectFile(\Froxlor\Froxlor::getInstallDir() . "/scripts/froxlor_master_cronjob.php") . " --" . $row_cronentry['cronfile'] . " 1> /dev/null\n";

lib/Froxlor/Cron/Http/Apache.php

@@ -172,7 +172,7 @@ class Apache extends HttpConfigBase
 
 				$mypath = $this->getMyPath($row_ipsandports);
 
-				$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . $mypath . '"' . "\n";
+				$this->virtualhosts_data[$vhosts_filename] .= 'DocumentRoot "' . rtrim($mypath, "/") . '"' . "\n";
 
 				if ($row_ipsandports['vhostcontainer_servername_statement'] == '1') {
 					$this->virtualhosts_data[$vhosts_filename] .= ' ServerName ' . Settings::Get('system.hostname') . "\n";
@@ -661,7 +661,7 @@ class Apache extends HttpConfigBase
 
 		if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
 			$webroot_text .= '  # Using docroot for deactivated users...' . "\n";
-			$webroot_text .= '  DocumentRoot "' . \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n";
+			$webroot_text .= '  DocumentRoot "' . rtrim(\Froxlor\FileDir::makeCorrectDir(Settings::Get('system.deactivateddocroot')), "/") . "\"\n";
 			$webroot_text .= '  <Directory "' . \Froxlor\FileDir::makeCorrectDir(Settings::Get('system.deactivateddocroot')) . '">' . "\n";
 			// >=apache-2.4 enabled?
 			if (Settings::Get('system.apache24') == '1') {
@@ -674,7 +674,7 @@ class Apache extends HttpConfigBase
 			$webroot_text .= '  </Directory>' . "\n";
 			$this->deactivated = true;
 		} else {
-			$webroot_text .= '  DocumentRoot "' . $domain['documentroot'] . "\"\n";
+			$webroot_text .= '  DocumentRoot "' . rtrim($domain['documentroot'], "/") . "\"\n";
 			$this->deactivated = false;
 		}
 

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -4,6 +4,8 @@ namespace Froxlor\Cron\Http\LetsEncrypt;
 use Froxlor\FroxlorLogger;
 use Froxlor\Settings;
 use Froxlor\Database\Database;
+use Froxlor\PhpHelper;
+use Froxlor\Domain\Domain;
 
 /**
  * This file is part of the Froxlor project.
@@ -45,7 +47,409 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
 	public static $no_inserttask = false;
 
-	private static function needRenew()
+	/**
+	 * run the task
+	 *
+	 * @param boolean $internal
+	 * @return number
+	 */
+	public static function run($internal = false)
+	{
+		// usually, this is action is called from within the tasks-jobs
+		if (! defined('CRON_IS_FORCED') && ! defined('CRON_DEBUG_FLAG') && $internal == false) {
+			// Let's Encrypt cronjob is combined with regeneration of webserver configuration files.
+			// For debugging purposes you can use the --debug switch and the --force switch to run the cron manually.
+			// check whether we MIGHT need to run although there is no task to regenerate config-files
+			$needRenew = self::issueDomains();
+			if ($needRenew || self::issueFroxlorVhost()) {
+				// insert task to generate certificates and vhost-configs
+				\Froxlor\System\Cronjob::inserttask(1);
+			}
+			return 0;
+		}
+
+		// set server according to settings
+		self::$apiserver = 'https://acme-' . (Settings::Get('system.letsencryptca') == 'testing' ? 'staging-' : '') . 'v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
+
+		// validate acme.sh installation
+		if (! self::checkInstall()) {
+			return - 1;
+		}
+
+		// flag for re-generation of vhost files
+		$changedetected = 0;
+
+		// prepare update sql
+		self::$updcert_stmt = Database::prepare("
+			REPLACE INTO
+				`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+			SET
+				`id` = :id,
+				`domainid` = :domainid,
+				`ssl_cert_file` = :crt,
+				`ssl_key_file` = :key,
+				`ssl_ca_file` = :ca,
+				`ssl_cert_chainfile` = :chain,
+				`ssl_csr_file` = :csr,
+				`ssl_fullchain_file` = :fullchain,
+				`expirationdate` = :expirationdate
+		");
+
+		// prepare domain update sql
+		self::$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
+
+		// check whether there are certificates to issue
+		$issue_froxlor = self::issueFroxlorVhost();
+		$issue_domains = self::issueDomains();
+
+		// first - generate LE for system-vhost if enabled
+		if ($issue_froxlor) {
+			// build row
+			$certrow = array(
+				'loginname' => 'froxlor.panel',
+				'domain' => Settings::Get('system.hostname'),
+				'domainid' => 0,
+				'documentroot' => \Froxlor\Froxlor::getInstallDir(),
+				'leprivatekey' => Settings::Get('system.leprivatekey'),
+				'lepublickey' => Settings::Get('system.lepublickey'),
+				'leregistered' => Settings::Get('system.leregistered'),
+				'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
+				'expirationdate' => null,
+				'ssl_cert_file' => null,
+				'ssl_key_file' => null,
+				'ssl_ca_file' => null,
+				'ssl_csr_file' => null,
+				'id' => null
+			);
+
+			// add to queue
+			$issue_domains[] = $certrow;
+		}
+
+		if (count($issue_domains)) {
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting " . count($issue_domains) . " new Let's Encrypt certificates");
+			self::runIssueFor($issue_domains);
+			$changedetected = 1;
+		}
+
+		// compare file-system certificates with the ones in our database
+		// and update if needed
+		$renew_froxlor = self::renewFroxlorVhost();
+		$renew_domains = self::renewDomains();
+
+		if ($renew_froxlor) {
+			// build row
+			$certrow = array(
+				'loginname' => 'froxlor.panel',
+				'domain' => Settings::Get('system.hostname'),
+				'domainid' => 0,
+				'documentroot' => \Froxlor\Froxlor::getInstallDir(),
+				'leprivatekey' => Settings::Get('system.leprivatekey'),
+				'lepublickey' => Settings::Get('system.lepublickey'),
+				'leregistered' => Settings::Get('system.leregistered'),
+				'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
+				'expirationdate' => is_array($renew_froxlor) ? $renew_froxlor['expirationdate'] : date('Y-m-d H:i:s', 0),
+				'ssl_cert_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_cert_file'] : null,
+				'ssl_key_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_key_file'] : null,
+				'ssl_ca_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_ca_file'] : null,
+				'ssl_csr_file' => is_array($renew_froxlor) ? $renew_froxlor['ssl_csr_file'] : null,
+				'id' => is_array($renew_froxlor) ? $renew_froxlor['id'] : null
+			);
+			$renew_domains[] = $certrow;
+		}
+
+		foreach ($renew_domains as $domain) {
+			$cronlog = FroxlorLogger::getInstanceOf(array(
+				'loginname' => $domain['loginname'],
+				'adminsession' => 0
+			));
+			if (defined('CRON_IS_FORCED') || self::checkFsFilesAreNewer($domain['domain'], $domain['expirationdate'])) {
+				self::certToDb($domain, $cronlog, array());
+				$changedetected = 1;
+			}
+		}
+
+		// If we have a change in a certificate, we need to update the webserver - configs
+		// This is easiest done by just creating a new task ;)
+		if ($changedetected) {
+			if (self::$no_inserttask == false) {
+				\Froxlor\System\Cronjob::inserttask(1);
+			}
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
+		} else {
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "No new certificates or certificate updates found");
+		}
+	}
+
+	/**
+	 * issue certificates for a list of domains
+	 */
+	private static function runIssueFor($certrows = array())
+	{
+		// prepare aliasdomain-check
+		$aliasdomains_stmt = Database::prepare("
+			SELECT
+				dom.`id` as domainid,
+				dom.`domain`,
+				dom.`wwwserveralias`
+			FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
+			WHERE
+				dom.`aliasdomain` = :id
+				AND dom.`letsencrypt` = 1
+				AND dom.`iswildcarddomain` = 0
+		");
+		// iterate through all domains
+		foreach ($certrows as $certrow) {
+			// set logger to corresponding loginname for the log to appear in the users system-log
+			$cronlog = FroxlorLogger::getInstanceOf(array(
+				'loginname' => $certrow['loginname'],
+				'adminsession' => 0
+			));
+			// Only issue let's encrypt certificate if no broken ssl_redirect is enabled
+			if ($certrow['ssl_redirect'] != 2) {
+				$do_force = false;
+				if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) {
+					// domain changed (SAN or similar)
+					$do_force = true;
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']);
+				} else {
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
+				}
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding common-name: " . $certrow['domain']);
+				$domains = array(
+					strtolower($certrow['domain'])
+				);
+				// add www.<domain> to SAN list
+				if ($certrow['wwwserveralias'] == 1) {
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
+					$domains[] = strtolower('www.' . $certrow['domain']);
+				}
+				if ($certrow['domainid'] == 0) {
+					$froxlor_aliases = Settings::Get('system.froxloraliases');
+					if (! empty($froxlor_aliases)) {
+						$froxlor_aliases = explode(",", $froxlor_aliases);
+						foreach ($froxlor_aliases as $falias) {
+							if (\Froxlor\Validate\Validate::validateDomain(trim($falias))) {
+								$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . strtolower(trim($falias)));
+								$domains[] = strtolower(trim($falias));
+							}
+						}
+					}
+				} else {
+					// add alias domains (and possibly www.<aliasdomain>) to SAN list
+					Database::pexecute($aliasdomains_stmt, array(
+						'id' => $certrow['domainid']
+					));
+					$aliasdomains = $aliasdomains_stmt->fetchAll(\PDO::FETCH_ASSOC);
+					foreach ($aliasdomains as $aliasdomain) {
+						$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
+						$domains[] = strtolower($aliasdomain['domain']);
+						if ($aliasdomain['wwwserveralias'] == 1) {
+							$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
+							$domains[] = strtolower('www.' . $aliasdomain['domain']);
+						}
+					}
+				}
+
+				self::validateDns($domains, $certrow['domainid'], $cronlog);
+
+				self::runAcmeSh($certrow, $domains, $cronlog, $do_force);
+			} else {
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+			}
+		}
+	}
+
+	/**
+	 * validate dns (A / AAAA record) of domain against known system ips
+	 *
+	 * @param array $domains
+	 * @param int $domain_id
+	 * @param FroxlorLogger $cronlog
+	 */
+	private static function validateDns(&$domains = array(), $domain_id, &$cronlog)
+	{
+		if (Settings::Get('system.le_domain_dnscheck') == '1' && ! empty($domains)) {
+			$loop_domains = $domains;
+			// ips according to our system
+			$our_ips = Domain::getIpsOfDomain($domain_id);
+			foreach ($loop_domains as $idx => $domain) {
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Validating DNS of " . $domain);
+				// ips accordint to NS
+				$domain_ips = PhpHelper::gethostbynamel6($domain);
+				if (count(array_intersect($our_ips, $domain_ips)) <= 0) {
+					// no common ips...
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $domain . " due to no system known IP address via DNS check");
+					unset($domains[$idx]);
+				}
+			}
+		}
+	}
+
+	private static function runAcmeSh($certrow = array(), $domains = array(), &$cronlog = null, $force = false)
+	{
+		if (! empty($domains)) {
+
+			if (self::$do_update) {
+				self::checkUpgrade();
+				self::$do_update = false;
+			}
+
+			$acmesh_cmd = self::$acmesh . " --auto-upgrade 0 --server " . self::$apiserver . " --issue -d " . implode(" -d ", $domains);
+			// challenge path
+			$acmesh_cmd .= " -w " . Settings::Get('system.letsencryptchallengepath');
+			if (Settings::Get('system.leecc') > 0) {
+				// ecc certificate
+				$acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc');
+			} else {
+				$acmesh_cmd .= " --keylength " . Settings::Get('system.letsencryptkeysize');
+			}
+			if (Settings::Get('system.letsencryptreuseold') != '1') {
+				$acmesh_cmd .= " --always-force-new-domain-key";
+			}
+			if (Settings::Get('system.letsencryptca') == 'testing') {
+				$acmesh_cmd .= " --staging";
+			}
+			if ($force) {
+				$acmesh_cmd .= " --force";
+			}
+			if (defined('CRON_DEBUG_FLAG')) {
+				$acmesh_cmd .= " --debug";
+			}
+
+			$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
+			// debug output of acme.sh run
+			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, implode("\n", $acme_result));
+
+			self::certToDb($certrow, $cronlog, $acme_result);
+		}
+	}
+
+	private static function certToDb($certrow, &$cronlog, $acme_result)
+	{
+		$return = array();
+		self::readCertificateToVar($certrow['domain'], $return, $cronlog);
+
+		if (! empty($return['crt'])) {
+
+			$newcert = openssl_x509_parse($return['crt']);
+
+			if ($newcert) {
+				// Store the new data
+				Database::pexecute(self::$updcert_stmt, array(
+					'id' => $certrow['id'],
+					'domainid' => $certrow['domainid'],
+					'crt' => $return['crt'],
+					'key' => $return['key'],
+					'ca' => $return['chain'],
+					'chain' => $return['chain'],
+					'csr' => $return['csr'],
+					'fullchain' => $return['fullchain'],
+					'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
+				));
+
+				if ($certrow['ssl_redirect'] == 3) {
+					Database::pexecute(self::$upddom_stmt, array(
+						'domainid' => $certrow['domainid']
+					));
+				}
+
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
+			} else {
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Got non-successful Let's Encrypt response for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
+			}
+		} else {
+			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
+		}
+	}
+
+	/**
+	 * check whether we need to issue a new certificate for froxlor itself
+	 *
+	 * @return boolean
+	 */
+	private static function issueFroxlorVhost()
+	{
+		if (Settings::Get('system.le_froxlor_enabled') == '1') {
+			// let's encrypt is enabled, now check whether we have a certificate
+			$froxlor_ssl_settings_stmt = Database::prepare("
+				SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+				WHERE `domainid` = '0'
+			");
+			$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+			// also check for possible existing certificate
+			if (! $froxlor_ssl && ! self::checkFsFilesAreNewer(Settings::Get('system.hostname'), date('Y-m-d H:i:s'))) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * check whether we need to renew-check the certificate for froxlor itself
+	 *
+	 * @return boolean
+	 */
+	private static function renewFroxlorVhost()
+	{
+		if (Settings::Get('system.le_froxlor_enabled') == '1') {
+			// let's encrypt is enabled, now check whether we have a certificate
+			$froxlor_ssl_settings_stmt = Database::prepare("
+				SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+				WHERE `domainid` = '0'
+			");
+			$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+			// also check for possible existing certificate
+			if ($froxlor_ssl || (! $froxlor_ssl && ! self::checkFsFilesAreNewer(Settings::Get('system.hostname'), date('Y-m-d H:i:s', 0)))) {
+				return ($froxlor_ssl ? $froxlor_ssl : true);
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * get a list of domains that have a lets encrypt certificate (possible renew)
+	 */
+	private static function renewDomains()
+	{
+		$certificates_stmt = Database::query("
+			SELECT
+				domssl.`id`,
+				domssl.`domainid`,
+				domssl.`expirationdate`,
+				domssl.`ssl_cert_file`,
+				domssl.`ssl_key_file`,
+				dom.`domain`,
+				dom.`id` AS 'domainid',
+				dom.`ssl_redirect`,
+				cust.`loginname`
+			FROM
+				`" . TABLE_PANEL_CUSTOMERS . "` AS cust,
+				`" . TABLE_PANEL_DOMAINS . "` AS dom
+			LEFT JOIN
+				`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` AS domssl ON
+					dom.`id` = domssl.`domainid`
+			WHERE
+				dom.`customerid` = cust.`customerid`
+				AND cust.deactivated = 0
+				AND dom.`letsencrypt` = 1
+				AND dom.`aliasdomain` IS NULL
+				AND dom.`iswildcarddomain` = 0
+		");
+		$renew_certs = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC);
+		if (self::renewFroxlorVhost()) {
+			// add froxlor to the list of renews
+		}
+		if ($renew_certs) {
+			return $renew_certs;
+		}
+		return array();
+	}
+
+	/**
+	 * get a list of domains that require a new certificate (issue)
+	 */
+	private static function issueDomains()
 	{
 		$certificates_stmt = Database::query("
 			SELECT
@@ -78,322 +482,51 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				AND dom.`letsencrypt` = 1
 				AND dom.`aliasdomain` IS NULL
 				AND dom.`iswildcarddomain` = 0
-				AND (
-					domssl.`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY)
-					OR domssl.`expirationdate` IS NULL
-				)
+				AND domssl.`expirationdate` IS NULL
 		");
 		$customer_ssl = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC);
-		if (! $customer_ssl) {
-			$customer_ssl = array();
+		if ($customer_ssl) {
+			return $customer_ssl;
 		}
-
-		$froxlor_ssl = array();
-		if (Settings::Get('system.le_froxlor_enabled') == '1') {
-			$froxlor_ssl_settings_stmt = Database::prepare("
-				SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
-				WHERE `domainid` = '0' AND
-				(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
-			");
-			$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
-			if (! $froxlor_ssl) {
-				$froxlor_ssl = array();
-			}
-		}
-
-		if (count($customer_ssl) > 0 || count($froxlor_ssl) > 0) {
-			return array(
-				'customer_ssl' => $customer_ssl,
-				'froxlor_ssl' => $froxlor_ssl
-			);
-		}
-		return false;
+		return array();
 	}
 
-	public static function run($internal = false)
-	{
-		if (! defined('CRON_IS_FORCED') && ! defined('CRON_DEBUG_FLAG') && $internal == false) {
-			// Let's Encrypt cronjob is combined with regeneration of webserver configuration files.
-			// For debugging purposes you can use the --debug switch and the --force switch to run the cron manually.
-			// check whether we MIGHT need to run although there is no task to regenerate config-files
-			$needRenew = self::needRenew();
-			if ($needRenew) {
-				// insert task to generate certificates and vhost-configs
-				\Froxlor\System\Cronjob::inserttask(1);
-			}
-			return 0;
-		}
-
-		self::checkInstall();
-
-		self::$apiserver = 'https://acme-'.(Settings::Get('system.letsencryptca') == 'testing' ? 'staging-' : '').'v0' . \Froxlor\Settings::Get('system.leapiversion') . '.api.letsencrypt.org/directory';
-
-		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Requesting/renewing Let's Encrypt certificates");
-
-		$aliasdomains_stmt = Database::prepare("
-			SELECT
-				dom.`id` as domainid,
-				dom.`domain`,
-				dom.`wwwserveralias`
-			FROM `" . TABLE_PANEL_DOMAINS . "` AS dom
-			WHERE
-				dom.`aliasdomain` = :id
-				AND dom.`letsencrypt` = 1
-				AND dom.`iswildcarddomain` = 0
-		");
-
-		self::$updcert_stmt = Database::prepare("
-			REPLACE INTO
-				`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
-			SET
-				`id` = :id,
-				`domainid` = :domainid,
-				`ssl_cert_file` = :crt,
-				`ssl_key_file` = :key,
-				`ssl_ca_file` = :ca,
-				`ssl_cert_chainfile` = :chain,
-				`ssl_csr_file` = :csr,
-				`ssl_fullchain_file` = :fullchain,
-				`expirationdate` = :expirationdate
-		");
-
-		self::$upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
-
-		// flag for re-generation of vhost files
-		$changedetected = 0;
-
-		$needRenew = self::needRenew();
-
-		// first - generate LE for system-vhost if enabled
-		if (Settings::Get('system.le_froxlor_enabled') == '1') {
-
-			$certrow = array(
-				'loginname' => 'froxlor.panel',
-				'domain' => Settings::Get('system.hostname'),
-				'domainid' => 0,
-				'documentroot' => \Froxlor\Froxlor::getInstallDir(),
-				'leprivatekey' => Settings::Get('system.leprivatekey'),
-				'lepublickey' => Settings::Get('system.lepublickey'),
-				'leregistered' => Settings::Get('system.leregistered'),
-				'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
-				'expirationdate' => null,
-				'ssl_cert_file' => null,
-				'ssl_key_file' => null,
-				'ssl_ca_file' => null,
-				'ssl_csr_file' => null,
-				'id' => null
-			);
-
-			$froxlor_ssl = $needRenew ? $needRenew['froxlor_ssl'] : array();
-
-			$cert_mode = 'issue';
-			if (count($froxlor_ssl) > 0) {
-				$cert_mode = 'renew';
-				$certrow['id'] = $froxlor_ssl['id'];
-				$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
-				$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
-				$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
-				$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
-				$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
-			} else {
-				// check whether we have an entry with valid certificates which just does not need
-				// updating yet, so we need to skip this here
-				$froxlor_ssl_settings_stmt = Database::prepare("
-					SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
-				");
-				$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
-				if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
-					$cert_mode = false;
-				}
-			}
-
-			if ($cert_mode) {
-				$domains = array(
-					strtolower($certrow['domain'])
-				);
-
-				$froxlor_aliases = Settings::Get('system.froxloraliases');
-				if (! empty($froxlor_aliases)) {
-					$froxlor_aliases = explode(",", $froxlor_aliases);
-					foreach ($froxlor_aliases as $falias) {
-						if (\Froxlor\Validate\Validate::validateDomain(trim($falias))) {
-							$domains[] = strtolower(trim($falias));
-						}
-					}
-				}
-
-				// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
-				// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
-				$do_force = false;
-				if ($cert_mode == 'renew') {
-					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
-				} else {
-					$do_force = true;
-					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
-				}
-
-				$cronlog = FroxlorLogger::getInstanceOf(array(
-					'loginname' => $certrow['loginname'],
-					'adminsession' => 0
-				));
-
-				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force);
-			}
-		}
-
-		// customer domains
-		$certrows = $needRenew ? $needRenew['customer_ssl'] : array();
-		foreach ($certrows as $certrow) {
-
-			// initialize mode to 'issue'
-			$cert_mode = 'issue';
-
-			// set logger to corresponding loginname for the log to appear in the users system-log
-			$cronlog = FroxlorLogger::getInstanceOf(array(
-				'loginname' => $certrow['loginname'],
-				'adminsession' => 0
-			));
-
-			// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
-			if ($certrow['ssl_redirect'] != 2) {
-
-				$do_force = false;
-				if (! empty($certrow['ssl_cert_file']) && ! empty($certrow['expirationdate'])) {
-					$cert_mode = 'renew';
-					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
-				} else if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) {
-					// domain changed (SAN or similar)
-					$do_force = true;
-					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']);
-				} else {
-					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
-				}
-
-				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
-				$domains = array(
-					strtolower($certrow['domain'])
-				);
-				// add www.<domain> to SAN list
-				if ($certrow['wwwserveralias'] == 1) {
-					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
-					$domains[] = strtolower('www.' . $certrow['domain']);
-				}
-
-				// add alias domains (and possibly www.<aliasdomain>) to SAN list
-				Database::pexecute($aliasdomains_stmt, array(
-					'id' => $certrow['domainid']
-				));
-				$aliasdomains = $aliasdomains_stmt->fetchAll(\PDO::FETCH_ASSOC);
-				foreach ($aliasdomains as $aliasdomain) {
-					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
-					$domains[] = strtolower($aliasdomain['domain']);
-					if ($aliasdomain['wwwserveralias'] == 1) {
-						$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
-						$domains[] = strtolower('www.' . $aliasdomain['domain']);
-					}
-				}
-
-				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force);
-			} else {
-				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
-			}
-		}
-
-		// If we have a change in a certificate, we need to update the webserver - configs
-		// This is easiest done by just creating a new task ;)
-		if ($changedetected) {
-			if (self::$no_inserttask == false) {
-				\Froxlor\System\Cronjob::inserttask(1);
-			}
-			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
-		} else {
-			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "No new certificates or certificates due for renewal found");
-		}
-	}
-
-	private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0, $force = false)
-	{
-		if (! empty($domains)) {
-
-			if (self::$do_update) {
-				self::checkUpgrade();
-				self::$do_update = false;
-			}
-
-			$acmesh_cmd = self::$acmesh . " --auto-upgrade 0 --server " . self::$apiserver . " --" . $cert_mode . " -d " . implode(" -d ", $domains);
-
-			if ($cert_mode == 'issue') {
-				$acmesh_cmd .= " -w " . Settings::Get('system.letsencryptchallengepath');
-			}
-			if (Settings::Get('system.leecc') > 0) {
-				$acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc');
-			} else {
-				$acmesh_cmd .= " --keylength " . Settings::Get('system.letsencryptkeysize');
-			}
-			if (Settings::Get('system.letsencryptreuseold') != '1') {
-				$acmesh_cmd .= " --always-force-new-domain-key";
-			}
-			if (Settings::Get('system.letsencryptca') == 'testing') {
-				$acmesh_cmd .= " --staging";
-			}
-			if ($force) {
-				$acmesh_cmd .= " --force";
-			}
-			if (defined('CRON_DEBUG_FLAG')) {
-				$acmesh_cmd .= " --debug";
-			}
-
-			$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
-			// debug output of acme.sh run
-			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, implode("\n", $acme_result));
-
-			$return = array();
-			self::readCertificateToVar($certrow['domain'], $return);
-
-			if (! empty($return['crt'])) {
-
-				$newcert = openssl_x509_parse($return['crt']);
-
-				if ($newcert) {
-					// Store the new data
-					Database::pexecute(self::$updcert_stmt, array(
-						'id' => $certrow['id'],
-						'domainid' => $certrow['domainid'],
-						'crt' => $return['crt'],
-						'key' => $return['key'],
-						'ca' => $return['chain'],
-						'chain' => $return['chain'],
-						'csr' => $return['csr'],
-						'fullchain' => $return['fullchain'],
-						'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
-					));
-
-					if ($certrow['ssl_redirect'] == 3) {
-						Database::pexecute(self::$upddom_stmt, array(
-							'domainid' => $certrow['domainid']
-						));
-					}
-
-					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
-					$changedetected = 1;
-				} else {
-					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Got non-successful Let's Encrypt response for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
-				}
-			} else {
-				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
-			}
-		}
-	}
-
-	private static function readCertificateToVar($domain, &$return)
+	private static function checkFsFilesAreNewer($domain, $cert_date = 0)
 	{
 		$certificate_folder = dirname(self::$acmesh) . "/" . $domain;
 		if (Settings::Get('system.leecc') > 0) {
 			$certificate_folder .= "_ecc";
 		}
 		$certificate_folder = \Froxlor\FileDir::makeCorrectDir($certificate_folder);
+		$ssl_file = \Froxlor\FileDir::makeCorrectFile($certificate_folder . '/' . $domain . '.cer');
 
-		if (is_dir($certificate_folder)) {
+		if (is_dir($certificate_folder) && file_exists($ssl_file) && is_readable($ssl_file)) {
+			$cert_data = openssl_x509_parse(file_get_contents($ssl_file));
+			if (strtotime($cert_data['validTo_time_t']) > strtotime($cert_date)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * get certificate files from filesystem and store in $return array
+	 *
+	 * @param string $domain
+	 * @param array $return
+	 * @param object $cronlog
+	 */
+	private static function readCertificateToVar($domain, &$return, &$cronlog)
+	{
+		$certificate_folder = dirname(self::$acmesh) . "/" . $domain;
+		$certificate_folder_noecc = null;
+		if (Settings::Get('system.leecc') > 0) {
+			$certificate_folder_noecc = \Froxlor\FileDir::makeCorrectDir($certificate_folder);
+			$certificate_folder .= "_ecc";
+		}
+		$certificate_folder = \Froxlor\FileDir::makeCorrectDir($certificate_folder);
+
+		if (is_dir($certificate_folder) || is_dir($certificate_folder_noecc)) {
 			foreach ([
 				'crt' => $domain . '.cer',
 				'key' => $domain . '.key',
@@ -405,28 +538,52 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 				if (file_exists($ssl_file)) {
 					$return[$index] = file_get_contents($ssl_file);
 				} else {
+					if (! empty($certificate_folder_noecc)) {
+						$ssl_file_fb = \Froxlor\FileDir::makeCorrectFile($certificate_folder_noecc . '/' . $sslfile);
+						if (file_exists($ssl_file_fb)) {
+							$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "ECC certificates activated but found only non-ecc file");
+							$return[$index] = file_get_contents($ssl_file_fb);
+							continue;
+						}
+					}
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find file '" . $sslfile . "' in '" . $certificate_folder . "'");
 					$return[$index] = null;
 				}
 			}
+		} else {
+			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find certificate-folder '" . $certificate_folder . "'");
 		}
 	}
 
-	private static function checkInstall()
+	/**
+	 * install acme.sh if not found yet
+	 */
+	private static function checkInstall($tries = 0)
 	{
-		if (! file_exists(self::$acmesh)) {
+		if (! file_exists(self::$acmesh) && $tries > 0) {
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '" . self::$acmesh . "'");
+			echo PHP_EOL . "Download/installation of acme.sh seems to have failed. Re-run cronjob to try again or install manually to '" . self::$acmesh . "'" . PHP_EOL;
+			return false;
+		} else if (! file_exists(self::$acmesh)) {
 			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Could not find acme.sh - installing it to /root/.acme.sh/");
 			$return = false;
 			\Froxlor\FileDir::safe_exec("wget -O - https://get.acme.sh | sh", $return, array(
 				'|'
 			));
+			// check whether the installation worked
+			return self::checkInstall(++ $tries);
 		}
+		return true;
 	}
 
+	/**
+	 * run upgrade
+	 */
 	private static function checkUpgrade()
 	{
 		$acmesh_result = \Froxlor\FileDir::safe_exec(self::$acmesh . " --upgrade");
-		// check for activated cron (which is installed automatically) but we don't need it
-		$acmesh_result2 = \Froxlor\FileDir::safe_exec(self::$acmesh . " --uninstall-cronjob");
+		// check for activated cron
+		$acmesh_result2 = \Froxlor\FileDir::safe_exec(self::$acmesh . " --install-cronjob");
 		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Checking for LetsEncrypt client upgrades before renewing certificates:\n" . implode("\n", $acmesh_result) . "\n" . implode("\n", $acmesh_result2));
 	}
 }

lib/Froxlor/Cron/System/BackupCron.php

@@ -77,6 +77,7 @@ class BackupCron extends \Froxlor\Cron\FroxlorCron
 
 		$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `id` = :id");
 
+		$cronlog = FroxlorLogger::getInstanceOf();
 		$all_jobs = $result_tasks_stmt->fetchAll();
 		foreach ($all_jobs as $row) {
 
@@ -96,7 +97,7 @@ class BackupCron extends \Froxlor\Cron\FroxlorCron
 						\Froxlor\FileDir::safe_exec('mkdir -p ' . escapeshellarg($row['data']['destdir']));
 					}
 
-					self::createCustomerBackup($row['data'], $customerdocroot, FroxlorLogger::getInstanceOf());
+					self::createCustomerBackup($row['data'], $customerdocroot, $cronlog);
 				}
 			}
 

lib/Froxlor/Cron/System/Extrausers.php

@@ -67,7 +67,7 @@ class Extrausers
 						'name' => \Froxlor\Customer\Customer::getCustomerDetail($u['customerid'], 'name'),
 						'company' => \Froxlor\Customer\Customer::getCustomerDetail($u['customerid'], 'company')
 					);
-					$u['comment'] = \Froxlor\User::getCorrectUserSalutation($salutation_array);
+					$u['comment'] = self::cleanString(\Froxlor\User::getCorrectUserSalutation($salutation_array));
 					if ($u['login_enabled'] != 'Y') {
 						$u['password'] = '*';
 						$u['shell'] = '/bin/false';
@@ -90,4 +90,10 @@ class Extrausers
 			$cronlog->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Error when writing ' . $type . ' file entries');
 		}
 	}
+
+	private static function cleanString($string = null)
+	{
+		$allowed = "/[^a-z0-9\\.\\-\\_\\ ]/i";
+		return preg_replace($allowed, "", $string);
+	}
 }

lib/Froxlor/Cron/Traffic/ReportsCron.php

@@ -36,7 +36,7 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 		if ((int) Settings::Get('system.report_trafficmax') > 0) {
 			// Warn the customers at xx% traffic-usage
 			$result_stmt = Database::prepare("
-				SELECT `c`.`customerid`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
+				SELECT `c`.`customerid`, `c`.`customernumber`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
 				`c`.`company`, `c`.`traffic`, `c`.`email`, `c`.`def_language`,
 				`a`.`name` AS `adminname`, `a`.`email` AS `adminmail`,
 				(SELECT SUM(`t`.`http` + `t`.`ftp_up` + `t`.`ftp_down` + `t`.`mail`)
@@ -60,11 +60,15 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 					$rep_userinfo = array(
 						'name' => $row['name'],
 						'firstname' => $row['firstname'],
-						'company' => $row['company']
+						'company' => $row['company'],
+						'customernumber' => $row['customernumber']
 					);
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($rep_userinfo),
-						'NAME' => $row['name'], // < keep this for compatibility
+						'NAME' => $rep_userinfo['name'],
+						'FIRSTNAME' => $rep_userinfo['firstname'],
+						'COMPANY' => $rep_userinfo['company'],
+						'CUSTOMER_NO' => $rep_userinfo['customernumber'],
 						'TRAFFIC' => round(($row['traffic'] / 1024), 2), /* traffic is stored in KB, template uses MB */
 						'TRAFFICUSED' => round(($row['traffic_used'] / 1024), 2), /* traffic is stored in KB, template uses MB */
 						'USAGE_PERCENT' => round(($row['traffic_used'] * 100) / $row['traffic'], 2),
@@ -168,8 +172,8 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 					$replace_arr = array(
 						'NAME' => $row['name'],
 						'TRAFFIC' => round(($row['traffic'] / 1024), 2), /* traffic is stored in KB, template uses MB */
-							'TRAFFICUSED' => round(($row['traffic_used_total'] / 1024), 2), /* traffic is stored in KB, template uses MB */
-							'USAGE_PERCENT' => round(($row['traffic_used_total'] * 100) / $row['traffic'], 2),
+						'TRAFFICUSED' => round(($row['traffic_used_total'] / 1024), 2), /* traffic is stored in KB, template uses MB */
+						'USAGE_PERCENT' => round(($row['traffic_used_total'] * 100) / $row['traffic'], 2),
 						'MAX_PERCENT' => Settings::Get('system.report_trafficmax')
 					);
 
@@ -343,7 +347,7 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 			 * report about diskusage for customers
 			 */
 			$result_stmt = Database::query("
-				SELECT `c`.`customerid`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
+				SELECT `c`.`customerid`, `c`.`customernumber`, `c`.`adminid`, `c`.`name`, `c`.`firstname`,
 				`c`.`company`, `c`.`diskspace`, `c`.`diskspace_used`, `c`.`email`, `c`.`def_language`,
 				`a`.`name` AS `adminname`, `a`.`email` AS `adminmail`
 				FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c`
@@ -361,11 +365,15 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 					$rep_userinfo = array(
 						'name' => $row['name'],
 						'firstname' => $row['firstname'],
-						'company' => $row['company']
+						'company' => $row['company'],
+						'customernumber' => $row['customernumber']
 					);
 					$replace_arr = array(
 						'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($rep_userinfo),
-						'NAME' => $row['name'], // < keep this for compatibility
+						'NAME' => $rep_userinfo['name'],
+						'FIRSTNAME' => $rep_userinfo['firstname'],
+						'COMPANY' => $rep_userinfo['company'],
+						'CUSTOMER_NO' => $rep_userinfo['customernumber'],
 						'DISKAVAILABLE' => round(($row['diskspace'] / 1024), 2), /* traffic is stored in KB, template uses MB */
 						'DISKUSED' => round($row['diskspace_used'] / 1024, 2), /* traffic is stored in KB, template uses MB */
 						'USAGE_PERCENT' => round(($row['diskspace_used'] * 100) / $row['diskspace'], 2),
@@ -386,13 +394,15 @@ class ReportsCron extends \Froxlor\Cron\FroxlorCron
 						$lngfile = Database::pexecute_first($lngfile_stmt, array(
 							'deflang' => Settings::Get('panel.standardlanguage')
 						));
-						$langfile = $lngfile['file'];
+						$langfile = $lngfile['file'] ?? 'lng/english.lng.php';
 					}
 
 					// include english language file (fallback)
 					include_once \Froxlor\FileDir::makeCorrectFile(\Froxlor\Froxlor::getInstallDir() . '/lng/english.lng.php');
 					// include admin/customer language file
-					include_once \Froxlor\FileDir::makeCorrectFile(\Froxlor\Froxlor::getInstallDir() . '/' . $langfile);
+					if ($lngfile != 'lng/english.lng.php') {
+						include_once \Froxlor\FileDir::makeCorrectFile(\Froxlor\Froxlor::getInstallDir() . '/' . $langfile);
+					}
 
 					// Get mail templates from database; the ones from 'admin' are fetched for fallback
 					$result2_stmt = Database::prepare("

lib/Froxlor/Domain/Domain.php

@@ -6,6 +6,41 @@ use Froxlor\Database\Database;
 class Domain
 {
 
+	/**
+	 * return all ip addresses associated with given domain,
+	 * returns all ips if domain-id = 0 (froxlor.vhost)
+	 *
+	 * @param int $domain_id
+	 * @return array
+	 */
+	public static function getIpsOfDomain($domain_id)
+	{
+		if ($domain_id > 0) {
+			$sel_stmt = Database::prepare("
+				SELECT i.ip FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`
+				LEFT JOIN `" . TABLE_DOMAINTOIP . "` `dip` ON dip.id_ipandports = i.id
+				AND dip.id_domain = :domainid
+				GROUP BY i.ip
+			");
+			$sel_param = array(
+				'domainid' => $domain_id
+			);
+		} else {
+			// assuming froxlor.vhost (id = 0)
+			$sel_stmt = Database::prepare("
+				SELECT ip FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+				GROUP BY ip
+			");
+			$sel_param = array();
+		}
+		Database::pexecute($sel_stmt, $sel_param);
+		$result = array();
+		while ($ip = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
+			$result[] = $ip['ip'];
+		}
+		return $result;
+	}
+
 	/**
 	 * return an array of all enabled redirect-codes
 	 *

lib/Froxlor/Froxlor.php

@@ -7,10 +7,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '0.10.13';
+	const VERSION = '0.10.16';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '201912313';
+	const DBVERSION = '202004140';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';

lib/Froxlor/MailLogParser.php

@@ -209,12 +209,12 @@ class MailLogParser
 
 			$timestamp = $this->getLogTimestamp($line);
 			if ($this->startTime < $timestamp) {
-				if (preg_match("/dovecot.*(?::|\]) imap\(.*@([a-z0-9\.\-]+)\):.*(?:in=(\d+) out=(\d+)|bytes=(\d+)\/(\d+))/i", $line, $matches)) {
+				if (preg_match("/dovecot.*(?::|\]) imap\(.*@([a-z0-9\.\-]+)\)(<\d+><[a-z0-9+\/=]+>)?:.*(?:in=(\d+) out=(\d+)|bytes=(\d+)\/(\d+))/i", $line, $matches)) {
 					// Dovecot IMAP
-					$this->addDomainTraffic($matches[1], (int) $matches[2] + (int) $matches[3], $timestamp);
-				} elseif (preg_match("/dovecot.*(?::|\]) pop3\(.*@([a-z0-9\.\-]+)\):.*in=(\d+).*out=(\d+)/i", $line, $matches)) {
+					$this->addDomainTraffic($matches[1], (int) $matches[3] + (int) $matches[4], $timestamp);
+				} elseif (preg_match("/dovecot.*(?::|\]) pop3\(.*@([a-z0-9\.\-]+)\)(<\d+><[a-z0-9+\/=]+>)?:.*in=(\d+).*out=(\d+)/i", $line, $matches)) {
 					// Dovecot POP3
-					$this->addDomainTraffic($matches[1], (int) $matches[2] + (int) $matches[3], $timestamp);
+					$this->addDomainTraffic($matches[1], (int) $matches[3] + (int) $matches[4], $timestamp);
 				}
 			}
 		}

lib/formfields/admin/domains/formfield.domains_add.php

@@ -384,7 +384,7 @@ return array(
 						'value' => array()
 					),
 					'sessiontickets' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd',
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.sessionticketsenabled' != '1'),
 						'label' => $lng['admin']['domain_sessiontickets'],
 						'type' => 'checkbox',
 						'values' => array(

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -431,7 +431,7 @@ return array(
 						)
 					),
 					'sessiontickets' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd',
+						'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.sessionticketsenabled' != '1'),
 						'label' => $lng['admin']['domain_sessiontickets'],
 						'type' => 'checkbox',
 						'values' => array(

lng/english.lng.php

@@ -204,6 +204,7 @@ $lng['error']['mydomain'] = '\'Domain\'';
 $lng['error']['mydocumentroot'] = '\'Documentroot\'';
 $lng['error']['loginnameexists'] = 'Loginname %s already exists';
 $lng['error']['emailiswrong'] = 'Email-address %s contains invalid characters or is incomplete';
+$lng['error']['alternativeemailiswrong'] = 'The given alternative email address %s to send the credentials to seems to be invalid';
 $lng['error']['loginnameiswrong'] = 'Loginname "%s" contains illegal characters.';
 $lng['error']['loginnameiswrong2'] = 'Loginname contains too many characters. Only %s characters are allowed.';
 $lng['error']['userpathcombinationdupe'] = 'Combination of username and path already exists';
@@ -317,6 +318,7 @@ $lng['admin']['templates']['COMPANY'] = 'Replaces with the customer\'s company n
 $lng['admin']['templates']['USERNAME'] = 'Replaced with the customer\'s account username.';
 $lng['admin']['templates']['PASSWORD'] = 'Replaced with the customer\'s account password.';
 $lng['admin']['templates']['EMAIL'] = 'Replaced with the address of the POP3/IMAP account.';
+$lng['admin']['templates']['CUSTOMER_NO'] = 'Replaces with the customer number';
 $lng['admin']['webserver'] = 'Webserver';
 $lng['admin']['bindzonewarning'] = $lng['panel']['emptyfordefault'] . '<br /><strong class="red">ATTENTION:</strong> If you use a zonefile you will have to manage all required records for all sub-zones manually as well.';
 
@@ -408,6 +410,7 @@ $lng['admin']['ipsandports']['add'] = 'Add IP/Port';
 $lng['admin']['ipsandports']['edit'] = 'Edit IP/Port';
 $lng['admin']['ipsandports']['ipandport'] = 'IP/Port';
 $lng['admin']['ipsandports']['ip'] = 'IP';
+$lng['admin']['ipsandports']['ipnote'] = '<div id="ipnote" class="red">Note: Although private ip addresses are allowed, some features like DNS might not behave correctly.<br>Only use private ip addresses if you are sure.</div>';
 $lng['admin']['ipsandports']['port'] = 'Port';
 
 // ADDED IN 1.2.13-rc3
@@ -1695,7 +1698,7 @@ $lng['admin']['integrityresult'] = 'Result';
 $lng['admin']['integrityfix'] = 'Fix problems automatically';
 $lng['question']['admin_integritycheck_reallyfix'] = 'Do you really want to try fixing all database integrity problems automatically?';
 $lng['serversettings']['system_croncmdline']['title'] = 'Cron execution command (php-binary)';
-$lng['serversettings']['system_croncmdline']['description'] = 'Command to execute our cronjobs. Change this only if you know what you are doing (default: "/usr/bin/nice -n 5 /usr/bin/php5 -q")!';
+$lng['serversettings']['system_croncmdline']['description'] = 'Command to execute our cronjobs. Change this only if you know what you are doing (default: "/usr/bin/nice -n 5 /usr/bin/php -q")!';
 $lng['error']['cannotdeletehostnamephpconfig'] = 'This PHP-configuration is used by the Froxlor-vhost and cannot be deleted.';
 $lng['error']['cannotdeletedefaultphpconfig'] = 'This PHP-configuration is set as default and cannot be deleted.';
 $lng['serversettings']['system_cron_allowautoupdate']['title'] = 'Allow automatic database updates';
@@ -1980,8 +1983,8 @@ $lng['admin']['domain_http2']['title'] = 'HTTP2 support';
 $lng['admin']['domain_http2']['description'] = 'See <a target="_blank" href="https://en.wikipedia.org/wiki/HTTP/2">Wikipedia</a> for a detailed explanation of HTTP2';
 $lng['admin']['testmail'] = 'SMTP test';
 $lng['success']['testmailsent'] = 'Test mail sent successfully';
-$lng['serversettings']['disable_le_selfcheck']['title'] = "Disable Let's Encrypt local self-check";
-$lng['serversettings']['disable_le_selfcheck']['description'] = "If activated, froxlor will <strong>not</strong> perform its self-check for token accessibility. Needed for NATed IP's or similar.";
+$lng['serversettings']['le_domain_dnscheck']['title'] = "Validate DNS of domains when using Let's Encrypt";
+$lng['serversettings']['le_domain_dnscheck']['description'] = "If activated, froxlor will validate whether the domain which requests a Let's Encrypt certificate resolves to at least one of the system ip addresses.";
 $lng['menue']['phpsettings']['fpmdaemons'] = 'PHP-FPM versions';
 $lng['admin']['phpsettings']['activephpconfigs'] = 'In use for php-config(s)';
 $lng['admin']['phpsettingsforsubdomains'] = 'Apply php-config to all subdomains:';

lng/german.lng.php

@@ -202,6 +202,7 @@ $lng['error']['mydomain'] = '\'Domain\'';
 $lng['error']['mydocumentroot'] = '\'Documentroot\'';
 $lng['error']['loginnameexists'] = 'Der Login-Name "%s" existiert bereits.';
 $lng['error']['emailiswrong'] = 'Die E-Mail-Adresse "%s" enthält ungültige Zeichen oder ist nicht vollständig.';
+$lng['error']['alternativeemailiswrong'] = 'Die angegebene alternative E-Mail Adresse "%s", an welche die Zugangsdaten geschickt werden soll, scheint ungültig zu sein.';
 $lng['error']['loginnameiswrong'] = 'Der Login-Name "%s" enthält ungültige Zeichen.';
 $lng['error']['loginnameiswrong2'] = 'Der Login-Name enthält zu viele Zeichen, es sind maximal %s Zeichen erlaubt.';
 $lng['error']['userpathcombinationdupe'] = 'Die Kombination aus Benutzername und Pfad existiert bereits.';
@@ -314,6 +315,7 @@ $lng['admin']['templates']['COMPANY'] = 'Wird mit dem Firmennamen des Kunden ers
 $lng['admin']['templates']['USERNAME'] = 'Wird mit dem Benutzernamen des neuen Kundenkontos ersetzt.';
 $lng['admin']['templates']['PASSWORD'] = 'Wird mit dem Passwort des neuen Kundenkontos ersetzt.';
 $lng['admin']['templates']['EMAIL'] = 'Wird mit der Adresse des neuen E-Mail-Kontos ersetzt.';
+$lng['admin']['templates']['CUSTOMER_NO'] = 'Wir mit der Kunden-Nummer ersetzt';
 $lng['admin']['bindzonewarning'] = $lng['panel']['emptyfordefault'] . '<br /><strong class="red">WARNUNG:</strong> Bei der Verwendung einer Zonendatei müssen alle benötigten Records aller Subdomains ebenfalls manuell verwaltet werden.';
 
 /**
@@ -403,6 +405,7 @@ $lng['admin']['ipsandports']['add'] = 'IP-Adresse/Port hinzufügen';
 $lng['admin']['ipsandports']['edit'] = 'IP-Adresse/Port bearbeiten';
 $lng['admin']['ipsandports']['ipandport'] = 'IP-Adresse/Port';
 $lng['admin']['ipsandports']['ip'] = 'IP-Adresse';
+$lng['admin']['ipsandports']['ipnote'] = '<div id="ipnote" class="red">Hinweis: Obwohl private IP Adressen erlaubt sind, kann es bei manchen Features wie DNS zu ungewolltem Verhalten kommen.<br>Verwende private Adressen nur wenn du sicher bist.</div>';
 $lng['admin']['ipsandports']['port'] = 'Port';
 
 // ADDED IN 1.2.13-rc3
@@ -1419,7 +1422,7 @@ $lng['admin']['integrityresult'] = 'Ergebnis';
 $lng['admin']['integrityfix'] = 'Probleme automatisch beheben';
 $lng['question']['admin_integritycheck_reallyfix'] = 'M&ouml;chten Sie wirklich versuchen s&auml;mtliche Datenbank-Integrit&auml;tsprobleme automatisch zu beheben?';
 $lng['serversettings']['system_croncmdline']['title'] = 'Cron Startbefehl (php Programm)';
-$lng['serversettings']['system_croncmdline']['description'] = 'Befehl zum Ausführen des Cronjobs. Ändern dieser Einstellung nur wenn nötig (Standard: "/usr/bin/nice -n 5 /usr/bin/php5 -q")!';
+$lng['serversettings']['system_croncmdline']['description'] = 'Befehl zum Ausführen des Cronjobs. Ändern dieser Einstellung nur wenn nötig (Standard: "/usr/bin/nice -n 5 /usr/bin/php -q")!';
 $lng['error']['cannotdeletehostnamephpconfig'] = 'Diese PHP-Konfiguration ist dem Froxlor-Vhost zugewiesen und kann daher nicht gelöscht werden.';
 $lng['error']['cannotdeletedefaultphpconfig'] = 'Diese PHP-Konfiguration ist als Standard hinterlegt und kann daher nicht gelöscht werden.';
 $lng['serversettings']['system_cron_allowautoupdate']['title'] = 'Erlaube automatische Datenbank-Aktualisierungen';
@@ -1630,8 +1633,8 @@ $lng['admin']['domain_http2']['title'] = 'HTTP2 Unterstützung';
 $lng['admin']['domain_http2']['description'] = 'Siehe <a target="_blank" href="https://de.wikipedia.org/wiki/Hypertext_Transfer_Protocol#HTTP.2F2">Wikipedia</a> für eine ausführliche Beschreibung von HTTP2';
 $lng['admin']['testmail'] = 'SMTP Test';
 $lng['success']['testmailsent'] = 'Test E-Mail erfolgreich gesendet';
-$lng['serversettings']['disable_le_selfcheck']['title'] = "Deaktiviere Let's Encrypt lokale Selbstprüfung";
-$lng['serversettings']['disable_le_selfcheck']['description'] = "Wenn aktiviert wird Froxlor <strong>keine</strong> Erreichbarkeitsprüfung des Tokens vornehmen. Nötig bei ge-NAT-eten IP-Adressen oder Ähnlichem";
+$lng['serversettings']['le_domain_dnscheck']['title'] = "Validiere DNS der Domains wenn Let's Encrypt genutzt wird";
+$lng['serversettings']['le_domain_dnscheck']['description'] = "Wenn aktiviert wird froxlor überprüfen ob die DNS Einträge der Domains, welche ein Let's Encrypt Zertifikat beantragt, mindestens auf eine der System IP Adressen auflöst.";
 $lng['menue']['phpsettings']['fpmdaemons'] = 'PHP-FPM Versionen';
 $lng['admin']['phpsettings']['activephpconfigs'] = 'In Verwendung für PHP-Konfiguration(en)';
 $lng['admin']['phpsettingsforsubdomains'] = 'PHP-Config für alle Subdomains übernehmen:';

lng/italian.lng.php

@@ -1635,7 +1635,7 @@ $lng['admin']['integrityresult'] = 'Risultato';
 $lng['admin']['integrityfix'] = 'Risolvi problemi automaticamente';
 $lng['question']['admin_integritycheck_reallyfix'] = 'Vuoi veramente provare a risolvere i problemi di integrità del database automaticamente?';
 $lng['serversettings']['system_croncmdline']['title'] = 'Commando di esecuzione Cron (binario php)';
-$lng['serversettings']['system_croncmdline']['description'] = 'Commando per eseguire i nostri cronjob. Modificalo soltanto se sai cosa stai facendo (predefinito: "/usr/bin/nice -n 5 /usr/bin/php5 -q")!';
+$lng['serversettings']['system_croncmdline']['description'] = 'Commando per eseguire i nostri cronjob. Modificalo soltanto se sai cosa stai facendo (predefinito: "/usr/bin/nice -n 5 /usr/bin/php -q")!';
 $lng['error']['cannotdeletehostnamephpconfig'] = 'Questa configurazione PHP è utilizzata dal vhost Froxlor e non può essere eliminata.';
 $lng['error']['cannotdeletedefaultphpconfig'] = 'Questa configurazione PHP è impostata come predefinita e non può essere eliminata.';
 $lng['serversettings']['system_cron_allowautoupdate']['title'] = 'Permetti aggiornamenti automatici del database';

templates/Sparkle/admin/domains/domains.tpl

@@ -30,7 +30,7 @@
 				<table class="full hl">
 					<thead>
 						<tr>
-							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain']}</th>
+							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain_ace']}</th>
 							<th>{$lng['admin']['ipsandports']['ip']}</th>
 							<th>{$lng['admin']['customer']}&nbsp;{$arrowcode['c.loginname']}</th>
 							<th>{$lng['panel']['options']}</th>

templates/Sparkle/admin/ipsandports/ipsandports_add.tpl

@@ -6,6 +6,7 @@ $header
 				{$title}
 			</h2>
 		</header>
+		<script type="text/javascript" src="templates/{$theme}/assets/js/ipsandports.js"></script>
 
 		<section>
 

templates/Sparkle/admin/ipsandports/ipsandports_edit.tpl

@@ -6,6 +6,7 @@ $header
 				{$title}
 			</h2>
 		</header>
+		<script type="text/javascript" src="templates/{$theme}/assets/js/ipsandports.js"></script>
 
 		<section>
 

templates/Sparkle/admin/templates/templates_add_2.tpl

@@ -40,23 +40,27 @@ $header
 				</tr>
 			</thead>
 			<tbody>
+				<tr>
+					<td><em>{SALUTATION}</em></td>
+					<td>{$lng['admin']['templates']['SALUTATION']}</td>
+				</tr>
+				<tr>
+					<td><em>{FIRSTNAME}</em></td>
+					<td>{$lng['admin']['templates']['FIRSTNAME']}</td>
+				</tr>
+				<tr>
+					<td><em>{NAME}</em></td>
+					<td>{$lng['admin']['templates']['NAME']}</td>
+				</tr>
+				<tr>
+					<td><em>{COMPANY}</em></td>
+					<td>{$lng['admin']['templates']['COMPANY']}</td>
+				</tr>
+				<tr>
+					<td><em>{CUSTOMER_NO}</em></td>
+					<td>{$lng['admin']['templates']['CUSTOMER_NO']}</td>
+				</tr>
 				<if ($template == 'createcustomer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
-					<tr>
-						<td><em>{FIRSTNAME}</em></td>
-						<td>{$lng['admin']['templates']['FIRSTNAME']}</td>
-					</tr>
-					<tr>
-						<td><em>{NAME}</em></td>
-						<td>{$lng['admin']['templates']['NAME']}</td>
-					</tr>
-					<tr>
-						<td><em>{COMPANY}</em></td>
-						<td>{$lng['admin']['templates']['COMPANY']}</td>
-					</tr>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -88,10 +92,6 @@ $header
 					</if>
 				</if>
 				<if ($template == 'password_reset')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -138,10 +138,6 @@ $header
 					</tr>
 				</if>
 				<if ($template == 'new_database_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{DB_NAME}</em></td>
 						<td>{$lng['admin']['templates']['DB_NAME']}</td>
@@ -164,10 +160,6 @@ $header
 					</tr>
 				</if>
 				<if ($template == 'new_ftpaccount_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USR_NAME}</em></td>
 						<td>{$lng['admin']['templates']['USR_NAME']}</td>

templates/Sparkle/admin/templates/templates_edit.tpl

@@ -42,23 +42,27 @@ $header
 				</tr>
 			</thead>
 			<tbody>
+				<tr>
+					<td><em>{SALUTATION}</em></td>
+					<td>{$lng['admin']['templates']['SALUTATION']}</td>
+				</tr>
+				<tr>
+					<td><em>{FIRSTNAME}</em></td>
+					<td>{$lng['admin']['templates']['FIRSTNAME']}</td>
+				</tr>
+				<tr>
+					<td><em>{NAME}</em></td>
+					<td>{$lng['admin']['templates']['NAME']}</td>
+				</tr>
+				<tr>
+					<td><em>{COMPANY}</em></td>
+					<td>{$lng['admin']['templates']['COMPANY']}</td>
+				</tr>
+				<tr>
+					<td><em>{CUSTOMER_NO}</em></td>
+					<td>{$lng['admin']['templates']['CUSTOMER_NO']}</td>
+				</tr>
 				<if ($template_name == 'createcustomer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
-					<tr>
-						<td><em>{FIRSTNAME}</em></td>
-						<td>{$lng['admin']['templates']['FIRSTNAME']}</td>
-					</tr>
-					<tr>
-						<td><em>{NAME}</em></td>
-						<td>{$lng['admin']['templates']['NAME']}</td>
-					</tr>
-					<tr>
-						<td><em>{COMPANY}</em></td>
-						<td>{$lng['admin']['templates']['COMPANY']}</td>
-					</tr>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -90,10 +94,6 @@ $header
 					</if>
 				</if>
 				<if ($template_name == 'password_reset')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USERNAME}</em></td>
 						<td>{$lng['admin']['templates']['USERNAME']}</td>
@@ -140,10 +140,6 @@ $header
 					</tr>
 				</if>
 				<if ($template_name == 'new_database_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{DB_NAME}</em></td>
 						<td>{$lng['admin']['templates']['DB_NAME']}</td>
@@ -166,10 +162,6 @@ $header
 					</tr>
 				</if>
 				<if ($template_name == 'new_ftpaccount_by_customer')>
-					<tr>
-						<td><em>{SALUTATION}</em></td>
-						<td>{$lng['admin']['templates']['SALUTATION']}</td>
-					</tr>
 					<tr>
 						<td><em>{USR_NAME}</em></td>
 						<td>{$lng['admin']['templates']['USR_NAME']}</td>
@@ -190,4 +182,3 @@ $header
 
 	</article>
 $footer
-

templates/Sparkle/assets/js/ipsandports.js

@@ -0,0 +1,46 @@
+$(document).ready(function() {
+
+	var getUrlParameter = function getUrlParameter(sParam) {
+	    var sPageURL = decodeURIComponent(window.location.search.substring(1)),
+	        sURLVariables = sPageURL.split('&'),
+	        sParameterName,
+	        i;
+
+	    for (i = 0; i < sURLVariables.length; i++) {
+	        sParameterName = sURLVariables[i].split('=');
+
+	        if (sParameterName[0] === sParam) {
+	            return sParameterName[1] === undefined ? true : sParameterName[1];
+	        }
+	    }
+	};
+
+	/**
+	 * check for internal ip and output a notice if private-range ip is given
+	 */
+	$('#ip').change(function() {
+		var ipval = $(this).val();
+		if (ipval.length > 0) {
+			var sid = getUrlParameter('s');
+			$.ajax({
+		        url: "admin_ipsandports.php?s="+sid+"&page=overview&action=jqCheckIP",
+		        type: "POST",
+		        data: {
+		            ip: ipval
+		        },
+		        dataType: "json",
+		        success: function(json) {
+                            if (json != 0) {
+                                $('#ip').parent().append(json);
+	                    } else {
+	                        $('#ipnote').remove();
+	                    }
+		        },
+		        error: function(a, b) {
+		            console.log(a, b);
+		        }
+		    });
+		}
+	});
+
+});

templates/Sparkle/customer/domains/domainlist.tpl

@@ -27,7 +27,7 @@
 				<table class="full hl">
 					<thead>
 						<tr>
-							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain']}</th>
+							<th>{$lng['domains']['domainname']}&nbsp;{$arrowcode['d.domain_ace']}</th>
 							<th>{$lng['panel']['path']}</th>
 							<th>{$lng['panel']['options']}</th>
 						</tr>

tests/Certificates/CertificatesTest.php

@@ -64,7 +64,7 @@ class CertificatesTest extends TestCase
 			'ssl_key_file' => $certdata['key']
 		))->add();
 		$result = json_decode($json_result, true)['data'];
-		$this->assertEquals(5, $result['domainid']);
+		$this->assertEquals(6, $result['domainid']);
 	}
 
 	public function testAdminCertificatesList()
@@ -148,7 +148,7 @@ class CertificatesTest extends TestCase
 			'ssl_key_file' => $certdata['key']
 		))->update();
 		$result = json_decode($json_result, true)['data'];
-		$this->assertEquals(5, $result['domainid']);
+		$this->assertEquals(6, $result['domainid']);
 		$this->assertEquals(str_replace("\n", "", $certdata['cert']), str_replace("\n", "", $result['ssl_cert_file']));
 	}
 

tests/Domains/DomainsTest.php

@@ -347,4 +347,27 @@ class DomainsTest extends TestCase
 		$this->expectExceptionMessage("Not allowed to execute given command.");
 		$json_result = Domains::getLocal($customer_userdata)->listingCount();
 	}
+
+	public function testAdminIdnDomainsAdd()
+	{
+		global $admin_userdata;
+		// get customer
+		$json_result = Customers::getLocal($admin_userdata, array(
+			'loginname' => 'test1'
+		))->get();
+		$customer_userdata = json_decode($json_result, true)['data'];
+		$data = [
+			'domain' => 'täst.local',
+			'customerid' => $customer_userdata['customerid']
+		];
+		$json_result = Domains::getLocal($admin_userdata, $data)->add();
+		$result = json_decode($json_result, true)['data'];
+		$this->assertEquals($customer_userdata['documentroot'] . 'xn--tst-qla.local/', $result['documentroot']);
+		$this->assertEquals('xn--tst-qla.local', $result['domain']);
+		$this->assertEquals('täst.local', $result['domain_ace']);
+
+		Domains::getLocal($admin_userdata, [
+			'domainname' => 'täst.local'
+		])->delete();
+	}
 }