Merge pull request #2302 from pdapnz/fix_bug_url_parsing

fix bug https://github.com/outroll/vesta/issues/2301
Update README.md to use HTTPS
2025-08-22 06:14:19 -07:00 · 2025-04-25 13:41:17 +10:00 · 2024-07-02 13:34:58 +10:00 · 2024-04-18 12:52:49 +03:00 · 2024-02-26 13:42:55 +11:00 · 2022-12-08 13:41:08 +03:00
2193 changed files with 116360 additions and 18221 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
 src/react/node_modules
 src/react/build
 /.idea
--- a/README.md
+++ b/README.md
@ -1,6 +1,8 @@
 [Vesta Control Panel](http://vestacp.com/)
 ==================================================
 Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
 [![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 * Vesta is an open source hosting control panel.
@ -16,7 +18,7 @@ ssh root@your.server
 Download the installation script, and run it:
 ```bash
-curl http://vestacp.com/pub/vst-install.sh | bash
+curl https://vestacp.com/pub/vst-install.sh | bash
 ```
 How to install (3 step)
@ -29,7 +31,7 @@ ssh root@your.server
 Download the installation script:
 ```bash
-curl -O http://vestacp.com/pub/vst-install.sh
+curl -O https://vestacp.com/pub/vst-install.sh
 ```
 Then run it:
 ```bash
@ -38,5 +40,5 @@ bash vst-install.sh
 License
 ----------------------------
-Vesta is licensed under  [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license
+Vesta is licensed under  [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,5 @@
 # Security Policy
 ## Reporting a Vulnerability
 Please report security issues to dev@vestacp.com
--- a/bin/v-activate-vesta-license
+++ b/bin/v-activate-vesta-license
@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
 # Checking arg number
 check_args '2' "$#" 'MODULE LICENSE'
-
+is_user_format_valid "$license" "license"
 #----------------------------------------------------------#
 #                       Action                             #
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
+answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 # Checking server answer
--- a/bin/v-add-backup-host
+++ b/bin/v-add-backup-host
@ -38,8 +38,7 @@ EOF
 sftpc() {
    expect -f "-" <<EOF "$@"
        set count 0
-        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
+        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
            Port=$port $user@$host
        expect {
            "password:" {
                send "$password\r"
@ -94,12 +93,14 @@ EOF
 if [ "$type" != 'local' ];then
    check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
-    is_format_valid 'host'
+    is_format_valid 'user' 'host' 'path' 'port'
    is_password_valid
    if [ "$type" = 'sftp' ]; then
        which expect >/dev/null 2>&1
        check_result $? "expect command not found"  $E_NOTEXIST
    fi
    host "$host" >/dev/null 2>&1
    check_result $? "host connection failed" "$E_CONNECT"
 fi
--- a/bin/v-add-dns-on-web-alias
+++ b/bin/v-add-dns-on-web-alias
@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l)
 # Adding second level domain
 if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
    $BIN/v-add-dns-domain \
-        $user $alias $ip '' '' '' '' '' $restart >> /dev/null
+        $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
    exit
 fi
 # Adding top-level domain and then its sub
-$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null
+$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
 # Checking top-level domain
 if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then
--- a/bin/v-add-dns-record
+++ b/bin/v-add-dns-record
@ -45,10 +45,12 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
    fi
 fi
-dvalue=${dvalue//\"/}
+if [ $rtype != "CAA" ]; then
    dvalue=${dvalue//\"/}
-if [[ "$dvalue" =~ [\;[:space:]] ]]; then
+    if [[ "$dvalue" =~ [\;[:space:]] ]]; then
-    dvalue='"'"$dvalue"'"'
+        dvalue='"'"$dvalue"'"'
    fi
 fi
 # Additional argument formatting
--- a/bin/v-add-firewall-chain
+++ b/bin/v-add-firewall-chain
@ -21,6 +21,12 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
 # Defining absolute path to iptables
 iptables="/sbin/iptables"
 # Get vesta port by reading nginx.conf
 vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
 if [ -z "$vestaport" ]; then
    vestaport=8083
 fi
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@ -41,13 +47,19 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 # Checking known chains
 case $chain in
-    SSH)        port=22; protocol=TCP ;;
+    SSH)        # Get ssh port by reading ssh config file.
                sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
                if [ -z "$sshport" ]; then
                    sshport=22
                fi
                port=$sshport; 
                protocol=TCP ;;
    FTP)        port=21; protocol=TCP  ;;
    MAIL)       port='25,465,587,2525,110,995,143,993'; protocol=TCP  ;;
    DNS)        port=53; protocol=UDP  ;;
    WEB)        port='80,443'; protocol=TCP  ;;
    DB)         port='3306,5432'; protocol=TCP  ;;
-    VESTA)      port=8083; protocol=TCP  ;;
+    VESTA)      port=$vestaport; protocol=TCP  ;;
    *)          check_args '2' "$#" 'CHAIN PORT' ;;
 esac
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@ -1,13 +1,8 @@
 #!/bin/bash
-# info: adding letsencrypt ssl cetificate for domain
+# info: check letsencrypt domain
-# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
+# options: USER DOMAIN [ALIASES]
 #
-# The function turns on SSL support for a domain. Parameter ssl_dir is a path
+# The function check and validates domain with Let's Encript
 # to directory where 2 or 3 ssl files can be found. Certificate file
 # domain.tld.crt and its key domain.tld.key  are mandatory. Certificate
 # authority domain.tld.ca file is optional. If home directory  parameter
 # (ssl_home) is not set, https domain uses public_shtml as separate
 # documentroot directory.
 #----------------------------------------------------------#
@ -18,8 +13,9 @@
 user=$1
 domain=$2
 aliases=$3
-restart=$4
+
-notify=$5
+# LE API
 API='https://acme-v02.api.letsencrypt.org'
 # Includes
 source $VESTA/func/main.sh
@ -27,98 +23,346 @@ source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 # Additional argument formatting
-format_domain_idn
+format_identifier_idn() {
    identifier_idn=$identifier
    if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
        identifier_idn=$(idn -t --quiet -a $identifier_idn)
    fi
 }
 # encode base64
 encode_base64() {
    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }
 # Let's Encrypt v2 curl function
 query_le_v2() {
    protected='{"nonce": "'$3'",'
    protected=''$protected' "url": "'$1'",'
    protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
    content="Content-Type: application/jose+json"
    payload_=$(echo -n "$2" |encode_base64)
    protected_=$(echo -n "$protected" |encode_base64)
    signature_=$(printf "%s" "$protected_.$payload_" |\
        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
        encode_base64)
    post_data='{"protected":"'"$protected_"'",'
    post_data=$post_data'"payload":"'"$payload_"'",'
    post_data=$post_data'"signature":"'"$signature_"'"}'
    # Save http response to file passed as "$4" arg or print to stdout if not provided
    # http response headers are always sent to stdout
    local save_to_file=${4:-"/dev/stdout"}
    curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
-check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
+check_args '2' "$#" 'USER DOMAIN [ALIASES]'
-is_format_valid 'user' 'domain'
+is_format_valid 'user' 'domain' 'aliases'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 get_domain_values 'web'
 echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
 # check if alias is the letsencrypt wildcard domain, if not, make the normal checks
 if [[ "$aliases" != "*.$domain" ]]; then
    for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
        check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
        if [ -z "$check_alias" ]; then
            echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_NOTEXIST "domain alias $alias doesn't exist"
        fi
    done
 fi;
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Parsing domain data
 get_domain_values 'web'
 # Registering LetsEncrypt user account
 echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-letsencrypt-user $user
 echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$?" -ne 0  ]; then
    touch $VESTA/data/queue/letsencrypt.pipe
    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    send_notice "LETSENCRYPT" "Account registration failed"
    echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "LE account registration" >/dev/null
 fi
 # Parsing LetsEncrypt account data
 source $USER_DATA/ssl/le.conf
 email=$EMAIL
-# Validating domain and aliases
+# Checking wildcard alias
-i=1
+if [ "$aliases" = "*.$domain" ]; then
-for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
+    echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
-    $BIN/v-check-letsencrypt-domain $user $alias
+    wildcard='yes'
-    if [ "$?" -ne 0 ]; then
+    proto="dns-01"
-        touch $VESTA/data/queue/letsencrypt.pipe
+    if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
+        echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
-        send_notice "LETSENCRYPT" "$alias validation failed"
+        check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
-        check_result $E_INVALID "LE domain validation" >/dev/null
+    fi
 else
    proto="http-01"
 fi
 # Requesting nonce / STEP 1
 echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(curl -s -I "$API/directory")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 200 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt nonce request status $status"
 fi
 # Placing new order / STEP 2
 echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
 url="$API/acme/new-order"
 payload='{"identifiers":['
 for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
    format_identifier_idn
    payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
 done
 payload=$(echo "$payload"|sed "s/,$//")
 payload=$payload']}'
 echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$url" "$payload" "$nonce")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
 authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
 echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
 finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
 echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 201 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt new auth status $status"
 fi
 # Requesting authorization token / STEP 3
 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
 for auth in $authz; do
    payload=''
    echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
    echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
    answer=$(query_le_v2 "$auth" "$payload" "$nonce")
    echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
    url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
    echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
    token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
    echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
    nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
    echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
    status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
    echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
    if [[ "$status" -ne 200 ]]; then
        echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
        check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
    fi
-    # Checking LE limits per account
+    # Configuring challenge / STEP 4
-    if [ "$i" -gt 100 ]; then
+    echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
-        touch $VESTA/data/queue/letsencrypt.pipe
+    echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
+    if [ "$wildcard" = 'yes'  ]; then
-        send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
+        record=$(printf "%s" "$token.$THUMB" |\
-        check_result $E_LIMIT "LE can't sign more than 100 domains"
+            openssl dgst -sha256 -binary |encode_base64)
        old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
        old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
        for old_record in $old_records; do
            $BIN/v-delete-dns-record "$user" "$domain" "$old_record"
        done
        $BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
        exitstatus=$?
        echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
        if [ "$exitstatus" -ne 0  ]; then
            echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
        fi
        check_result $exitstatus "DNS _acme-challenge record wasn't created"
    else
        if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
            if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
                #  if vesta is behind main nginx
                well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
                acme_challenge="$well_known/acme-challenge"
                mkdir -p $acme_challenge
                echo "$token.$THUMB" > $acme_challenge/$token
                echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
                chown -R $user:$user $well_known
            else
                # default nginx method
                conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
                sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
                # if [ ! -e "$conf" ]; then
                    echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
                        > $conf
                    echo '    default_type text/plain;' >> $conf
                    echo '    return 200 "$1.'$THUMB'";' >> $conf
                    echo '}' >> $conf
                # fi
                echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
                if [ ! -e "$sconf" ]; then
                    ln -s "$conf" "$sconf"
                fi
                echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log 
                $BIN/v-restart-proxy
                if [ -z "$PROXY_SYSTEM" ]; then
                    # apache-less variant
                    echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log 
                    $BIN/v-restart-web
                fi
                exitstatus=$?
                if [ "$exitstatus" -ne 0  ]; then
                    echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
                fi
                check_result $exitstatus "Proxy restart failed" >/dev/null
            fi
        else
            well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
            acme_challenge="$well_known/acme-challenge"
            mkdir -p $acme_challenge
            echo "$token.$THUMB" > $acme_challenge/$token
            chown -R $user:$user $well_known
            echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
            # $BIN/v-restart-web
            # check_result $? "Web restart failed" >/dev/null
        fi
    fi
    # Requesting ACME validation / STEP 5
    echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
    validation_check=$(echo "$answer" |grep '"valid"')
    echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
    if [[ ! -z "$validation_check" ]]; then
        validation='valid'
    else
        validation='pending'
    fi
    # Doing pol check on status
    i=1
    while [ "$validation" = 'pending' ]; do
        echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
        payload='{}'
        echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
        answer=$(query_le_v2 "$url" "$payload" "$nonce")
        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
        validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
        nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
        echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
        status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
        if [[ "$status" -ne 200 ]]; then
            echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_CONNECT "Let's Encrypt validation status $status"
        fi
        i=$((i + 1))
        if [ "$i" -gt 10 ]; then
            echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_CONNECT "Let's Encrypt domain validation timeout"
        fi
        sleeping=$((i*2))
        echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
        sleep $sleeping
    done
    if [ "$validation" = 'invalid' ]; then
        echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
        check_result $E_CONNECT "Let's Encrypt domain verification failed"
    fi
    i=$((i++))
 done
-# Generating CSR
+
-ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
+# Generating new ssl certificate
 ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
    "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
-# Signing CSR
+# Sending CSR to finalize order / STEP 6
-crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
+echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$?" -ne 0 ]; then
    touch $VESTA/data/queue/letsencrypt.pipe
    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    send_notice "LETSENCRYPT" "$alias validation failed"
    check_result "$E_INVALID" "LE $domain validation"
 fi
 echo "$crt" > $ssl_dir/$domain.crt
-# Dowloading CA certificate
+csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
-le_certs='https://letsencrypt.org/certs'
+payload='{"csr":"'$csr'"}'
-x1='lets-encrypt-x1-cross-signed.pem.txt'
+echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
-x3='lets-encrypt-x3-cross-signed.pem.txt'
+answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
-issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
-if [ -z "$(echo $issuer|grep X3)" ]; then
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
-    curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
-else
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
-    curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
 echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 200 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
 fi
 # Downloading signed certificate / STEP 7
 echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 200 ]]; then
    [ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
    echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
 fi
 # Splitting up downloaded pem
 # echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
 crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
 # echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
 head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
 pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
 # echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
 ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
 # echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
 ca_end=$(( pem_lines - crt_end + 1 ))
 # echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
 tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
 # Temporary fix for double "END CERTIFICATE"
 if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
    sed -i '1,2d' $ssl_dir/$domain.ca
 fi
 # Adding SSL
 ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
 $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
 echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
-if [ "$?" -ne '0' ]; then
+exitstatus=$?
 echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$exitstatus" -ne '0' ]; then
    touch $VESTA/data/queue/letsencrypt.pipe
    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
    send_notice 'LETSENCRYPT' "$domain certificate installation failed"
-    check_result $? "SSL install" >/dev/null
+    check_result $exitstatus "SSL install" >/dev/null
 fi
 # Adding LE autorenew cronjob
@ -135,24 +379,20 @@ if [ -z "$LETSENCRYPT" ]; then
 fi
 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
 reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Restarting web
 $BIN/v-restart-web $restart
 if [ "$?" -ne 0  ]; then
    send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
 fi
 # Notifying user
 send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
 # Deleteing task from queue
 touch $VESTA/data/queue/letsencrypt.pipe
 sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
 # Notifying user
 send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
 echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
 # Logging
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-add-letsencrypt-user
+++ b/bin/v-add-letsencrypt-user
@ -1,8 +1,8 @@
 #!/bin/bash
 # info: register letsencrypt user account
-# options: USER [EMAIL]
+# options: USER
 #
-# The function creates and register LetsEncript account key
+# The function creates and register LetsEncript account 
 #----------------------------------------------------------#
@ -11,8 +11,9 @@
 # Argument definition
 user=$1
-email=$2
+
-key_size=4096
+# LE API
 API='https://acme-v02.api.letsencrypt.org'
 # Includes
 source $VESTA/func/main.sh
@ -23,15 +24,38 @@ encode_base64() {
    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }
 # Let's Encrypt v2 curl function
 query_le_v2() {
    protected='{"nonce": "'$3'",'
    protected=''$protected' "url": "'$1'",'
    protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
    content="Content-Type: application/jose+json"
    payload_=$(echo -n "$2" |encode_base64)
    protected_=$(echo -n "$protected" |encode_base64)
    signature_=$(printf "%s" "$protected_.$payload_" |\
        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
        encode_base64)
    post_data='{"protected":"'"$protected_"'",'
    post_data=$post_data'"payload":"'"$payload_"'",'
    post_data=$post_data'"signature":"'"$signature_"'"}'
    curl -s -i -d "$post_data" "$1" -H "$content"
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
-check_args '1' "$#" 'USER [EMAIL]'
+check_args '1' "$#" 'USER'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 if [ -e "$USER_DATA/ssl/le.conf" ]; then
    source "$USER_DATA/ssl/le.conf"
 fi
 if [ ! -z "$KID" ]; then
    exit
 fi
@ -40,57 +64,57 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
-api='https://acme-v01.api.letsencrypt.org'
+
-if [ -z "$email" ]; then
+# Defining user email
-    email=$(get_user_value '$CONTACT')
+if [[ -z "$EMAIL" ]]; then
    EMAIL=$(get_user_value '$CONTACT')
 fi
-agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
+# Defining user agreement
 agreement=''
-# Generating key
+# Generating user key
-key="$USER_DATA/ssl/user.key"
+KEY="$USER_DATA/ssl/user.key"
-if [ ! -e "$key" ]; then
+if [ ! -e "$KEY" ]; then
-    openssl genrsa -out $key $key_size >/dev/null 2>&1
+    openssl genrsa -out $KEY 4096 >/dev/null 2>&1
-    chmod 600 $key
+    chmod 600 $KEY
 fi
 # Defining key exponent
-exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
+if [ -z "$EXPONENT" ]; then
-    grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
+    EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
-    xxd -r -p |encode_base64)
+        grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
        xxd -r -p |encode_base64)
 fi
 # Defining key modulus
-modulus=$(openssl rsa -in "$key" -modulus -noout |\
+if [ -z "$MODULUS" ]; then
-    sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
+    MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
        sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
 fi
-# Defining key thumb
+# Defining JWK
-thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
+jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
 thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
-# Defining JWK header
+# Defining key thumbnail
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
+if [ -z "$THUMB" ]; then
-header='{"alg":"RS256","jwk":'"$header"'}'
+    THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
 fi
 # Requesting nonce
 nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
 protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-# Defining registration query
+# Requesting ACME nonce
-query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
+nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
 query=$query'"agreement":"'$agreement'"}'
 payload=$(echo -n "$query" |encode_base64)
 signature=$(printf "%s" "$protected.$payload" |\
    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
 data='{"header":'"$header"',"protected":"'"$protected"'",'
 data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-# Sending request to LetsEncrypt API
+# Creating ACME account
-answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
+url="$API/acme/new-acct"
-status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
+payload='{"termsOfServiceAgreed": true}'
 answer=$(query_le_v2 "$url" "$payload" "$nonce")
 kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
-# Checking http answer status
+# Checking answer status
-if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
+status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
-    check_result $E_CONNECT "LetsEncrypt account registration $status"
+if [[ "${status:0:2}" -ne "20" ]]; then
    check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
 fi
@ -99,12 +123,17 @@ fi
 #----------------------------------------------------------#
 # Adding le.conf
-echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
+if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
-echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
+    echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
-echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
+    echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
-echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
+    echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
-chmod 660  $USER_DATA/ssl/le.conf
+    echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
-
+    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
    chmod 660  $USER_DATA/ssl/le.conf
 else
    sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
 fi
 # Logging
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-add-mail-domain
+++ b/bin/v-add-mail-domain
@ -45,6 +45,7 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_domain_new 'mail' "$domain"
 is_package_full 'MAIL_DOMAINS'
 is_dir_symlink $HOMEDIR/$user/mail
 #----------------------------------------------------------#
--- a/bin/v-add-sys-ip
+++ b/bin/v-add-sys-ip
@ -60,8 +60,8 @@ if [ -z "$sys_ip_check" ]; then
    /sbin/ip addr add $ip/$cidr dev $interface \
        broadcast $broadcast label $iface
-    # Adding RHEL/CentOS/Fedora startup script
+    # Adding RHEL/CentOS/Fedora/Amazon startup script
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
        sys_ip="# Added by vesta"
        sys_ip="$sys_ip\nDEVICE=$iface"
        sys_ip="$sys_ip\nBOOTPROTO=static"
--- a/bin/v-add-sys-mail-ssl
+++ b/bin/v-add-sys-mail-ssl
@ -0,0 +1,106 @@
 #!/bin/bash
 # info: copy mail ssl certificate
 # options: USER DOMAIN [RESTART]
 #
 # The function copies user domain SSL to mail SSL directory
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 user=$1
 domain=$2
 restart=$3
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
 is_format_valid 'user' 'domain'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Defining certificate location
 dom_crt="/home/$user/conf/web/ssl.$domain.pem"
 dom_key="/home/$user/conf/web/ssl.$domain.key"
 vst_crt="$VESTA/ssl/mail.crt"
 vst_key="$VESTA/ssl/mail.key"
 # Checking certificate
 if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
    check_result $E_NOTEXIST "$domain certificate doesn't exist"
 fi
 # Checking difference
 diff $dom_crt $vst_crt >/dev/null 2>&1
 if [ $? -ne 0 ]; then
    rm -f $vst_crt.old $vst_key.old
    mv $vst_crt $vst_crt.old >/dev/null 2>&1
    mv $vst_key $vst_key.old >/dev/null 2>&1
    cp $dom_crt $vst_crt 2>/dev/null
    cp $dom_key $vst_key 2>/dev/null
    chown root:mail $vst_crt $vst_key
 else
    restart=no
 fi
 # Updating mail certificate
 case $MAIL_SYSTEM in
    exim)           conf='/etc/exim/exim.conf';;
    exim4)          conf='/etc/exim4/exim4.conf.template';;
 esac
 if [ -e "$conf" ]; then
    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
 fi
 # Updating imap certificate
 conf="/etc/dovecot/conf.d/10-ssl.conf"
 if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Restarting services
 if [ "$restart" != 'no' ]; then
    if [ ! -z "$MAIL_SYSTEM" ]; then
        $BIN/v-restart-service $MAIL_SYSTEM
    fi
    if [ ! -z "$IMAP_SYSTEM" ]; then
        $BIN/v-restart-service $IMAP_SYSTEM
    fi
 fi
 # Updating vesta.conf
 if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
    echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
 else
    sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
        $VESTA/conf/vesta.conf
 fi
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit
--- a/bin/v-add-sys-quota
+++ b/bin/v-add-sys-quota
@ -21,7 +21,7 @@ source $VESTA/conf/vesta.conf
 # Checking quota package
 quota=$(which --skip-alias --skip-functions quota 2>/dev/null)
 if [ $? -ne 0 ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
        yum -y install quota >/dev/null 2>&1
        check_result $? "quota package installation failed" $E_UPDATE
    else
--- a/bin/v-add-sys-vesta-ssl
+++ b/bin/v-add-sys-vesta-ssl
@ -0,0 +1,97 @@
 #!/bin/bash
 # info: add vesta ssl certificate
 # options: USER DOMAIN [RESTART]
 #
 # The function copies user domain SSL to vesta SSL directory
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 user=$1
 domain=$2
 restart=$3
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Defining certificate location
 dom_crt="/home/$user/conf/web/ssl.$domain.pem"
 dom_key="/home/$user/conf/web/ssl.$domain.key"
 vst_crt="$VESTA/ssl/certificate.crt"
 vst_key="$VESTA/ssl/certificate.key"
 # Checking certificate
 if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
    check_result $E_NOTEXIST "$domain certificate doesn't exist"
 fi
 # Checking difference
 diff $dom_crt $vst_crt >/dev/null 2>&1
 if [ $? -ne 0 ]; then
    rm -f $vst_crt.old $vst_key.old
    mv $vst_crt $vst_crt.old
    mv $vst_key $vst_key.old
    cp $dom_crt $vst_crt 2>/dev/null
    cp $dom_key $vst_key 2>/dev/null
    chown root:mail $vst_crt $vst_key
 else
    restart=no
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Restarting services
 if [ "$restart" != 'no' ]; then
    if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
        $BIN/v-restart-service $MAIL_SYSTEM
    fi
    if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
        $BIN/v-restart-service $IMAP_SYSTEM
    fi
    if [ ! -z "$FTP_SYSTEM" ]; then
        $BIN/v-restart-service "$FTP_SYSTEM"
    fi
    if [ -e "/var/run/vesta-nginx.pid" ]; then
        kill -HUP $(cat /var/run/vesta-nginx.pid)
    else
        service vesta restart
    fi
 fi
 # Updating vesta.conf
 if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
    echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
 else
    sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
        $VESTA/conf/vesta.conf
 fi
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit
--- a/bin/v-add-user-package
+++ b/bin/v-add-user-package
@ -30,37 +30,37 @@ is_package_new() {
 is_package_consistent() {
    source $pkg_dir/$package.pkg
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS'
+        is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
    fi
    if [ "$WEB_ALIASES" != 'unlimited' ]; then
-        is_format_valid_int $WEB_ALIASES 'WEB_ALIASES'
+        is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
    fi
    if [ "$DNS_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS'
+        is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
    fi
    if [ "$DNS_RECORDS" != 'unlimited' ]; then
-        is_format_valid_int $DNS_RECORDS 'DNS_RECORDS'
+        is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
    fi
    if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS'
+        is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
    fi
    if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
-        is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
+        is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
    fi
    if [ "$DATABASES" != 'unlimited' ]; then
-        is_format_valid_int $DATABASES 'DATABASES'
+        is_int_format_valid $DATABASES 'DATABASES'
    fi
    if [ "$CRON_JOBS" != 'unlimited' ]; then
-        is_format_valid_int $CRON_JOBS 'CRON_JOBS'
+        is_int_format_valid $CRON_JOBS 'CRON_JOBS'
    fi
    if [ "$DISK_QUOTA" != 'unlimited' ]; then
-        is_format_valid_int $DISK_QUOTA 'DISK_QUOTA'
+        is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
    fi
    if [ "$BANDWIDTH" != 'unlimited' ]; then
-        is_format_valid_int $BANDWIDTH 'BANDWIDTH'
+        is_int_format_valid $BANDWIDTH 'BANDWIDTH'
    fi
    if [ "$BACKUPS" != 'unlimited' ]; then
-        is_format_valid_int $BACKUPS 'BACKUPS'
+        is_int_format_valid $BACKUPS 'BACKUPS'
    fi
    is_format_valid_shell $SHELL
 }
--- a/bin/v-add-vesta-softaculous
+++ b/bin/v-add-vesta-softaculous
@ -46,7 +46,7 @@ fi
 #----------------------------------------------------------#
 # Cleaning yum cache
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    yum -q clean all
    yum="yum -q -y --noplugins --disablerepo=* --enablerepo=vesta"
 else
@ -57,7 +57,7 @@ fi
 # Updating php pacakge
 if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
        $yum -y update vesta-php
        check_result $? "vesta-php package upgrade failed" $E_UPDATE
    else
@ -67,7 +67,7 @@ if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
 fi
 # Adding vesta-ioncube package
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    rpm -q vesta-ioncube >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        $yum -y install vesta-ioncube >/dev/null 2>&1
@ -82,7 +82,7 @@ else
 fi
 # Adding vesta-softaculous package
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    rpm -q vesta-softaculous >/dev/null 2>&1
    if [ $? -ne 0 ]; then
        $yum -y install vesta-softaculous >/dev/null 2>&1
@ -98,6 +98,8 @@ fi
 # Installing softaculous
 if [ ! -e "$VESTA/softaculous/vst_installed" ]; then
    mkdir -p /var/softaculous
    chown -R admin:admin /var/softaculous
    cd $VESTA/softaculous
    wget -q http://c.vestacp.com/3rdparty/softaculous_install.inc
    $VESTA/php/bin/php softaculous_install.inc
@ -105,9 +107,11 @@ if [ ! -e "$VESTA/softaculous/vst_installed" ]; then
    touch $VESTA/softaculous/vst_installed
 fi
-# Adding symlink
+# Enabling symlink
-if [ ! -e "$VESTA/web/softaculous" ]; then
+if [ -e "$VESTA/disabled_plugins/softaculous" ]; then
-    ln -s $VESTA/softaculous/vesta $VESTA/web/softaculous
+    if [ ! -e "$VESTA/web/softaculous" ]; then
        mv $VESTA/disabled_plugins/softaculous $VESTA/web/softaculous
    fi
 fi
 # Updating SOFTACULOUS value
--- a/bin/v-add-web-domain
+++ b/bin/v-add-web-domain
@ -47,6 +47,9 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
 is_domain_new 'web' "$domain,$aliases"
 is_dir_symlink $HOMEDIR/$user/web
 if_dir_exists $HOMEDIR/$user/web/$domain
 is_dir_symlink $HOMEDIR/$user/web/$domain
 if [ ! -z "$ip" ]; then
    is_ip_valid "$ip" "$user"
 else
@ -62,7 +65,7 @@ fi
 source $USER_DATA/user.conf
 # Creating domain directories
-mkdir -p $HOMEDIR/$user/web/$domain \
+sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
      $HOMEDIR/$user/web/$domain/public_html \
      $HOMEDIR/$user/web/$domain/public_shtml \
      $HOMEDIR/$user/web/$domain/document_errors \
@ -79,7 +82,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
    $HOMEDIR/$user/web/$domain/logs/
 # Adding domain skeleton
-cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
+sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
 for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
    sed -i "s/%domain%/$domain/g" $file
 done
@ -88,9 +91,9 @@ done
 chown -R $user:$user $HOMEDIR/$user/web/$domain
 chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
 chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
-chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
+sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
-chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
+sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
-chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
+sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
 # Addding PHP-FPM backend
 if [ ! -z "$WEB_BACKEND" ]; then
@ -112,9 +115,12 @@ if [ "$aliases" = 'none' ]; then
    ALIAS=''
 else
    ALIAS="www.$domain"
-    if [ ! -z "$aliases" ]; then
+    if [ -z "$aliases" ]; then
-        ALIAS="$ALIAS,$aliases"
+        ALIAS="www.$domain"
    else
        ALIAS="$aliases"
    fi
    ip_alias=$(get_ip_alias $domain)
    if [ ! -z "$ip_alias" ]; then
        ALIAS="$ALIAS,$ip_alias"
--- a/bin/v-add-web-domain-backend
+++ b/bin/v-add-web-domain-backend
@ -46,7 +46,7 @@ fi
 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
    if [ "$backend_port" -eq "$port" ]; then
--- a/bin/v-add-web-domain-ftp
+++ b/bin/v-add-web-domain-ftp
@ -84,7 +84,7 @@ fi
 /usr/sbin/useradd $ftp_user \
    -s $shell \
    -o -u $(id -u $user) \
-    -g $(id -u $user) \
+    -g $(id -g $user) \
    -M -d "$ftp_path_a"  > /dev/null 2>&1
 # Set ftp user password
--- a/bin/v-add-web-domain-ssl
+++ b/bin/v-add-web-domain-ssl
@ -120,6 +120,35 @@ check_result $? "Web restart failed" >/dev/null
 $BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" >/dev/null
 # Updating system ssl dependencies
 if [ ! -z "$VESTA_CERTIFICATE" ]; then
    crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
    crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
        $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
    fi
 fi
 if [ ! -z "$MAIL_CERTIFICATE" ]; then
    crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
    crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
        $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
    fi
 fi
 if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
    hostname=$(hostname)
    if [ "$hostname" = "$domain" ]; then
        $BIN/v-update-host-certificate $user $domain
    fi
 fi
 UPDATE_SSL_SCRIPT=''
 source $VESTA/conf/vesta.conf
 if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
    eval "$UPDATE_SSL_SCRIPT $user $domain"
 fi
 # Logging
 log_history "enabled ssl support for $domain"
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-backup-user
+++ b/bin/v-backup-user
@ -68,8 +68,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
    (( ++i))
 done
 if [ -z "$BACKUP_TEMP" ]; then
    BACKUP_TEMP=$BACKUP
 fi
 # Creating temporary directory
-tmpdir=$(mktemp -p /tmp -d)
+tmpdir=$(mktemp -p $BACKUP_TEMP -d)
 if [ "$?" -ne 0 ]; then
    echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
@ -212,24 +216,32 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
            cp $USER_DATA/ssl/$domain.* vesta/
        fi
        # Changin dir to documentroot
        cd $HOMEDIR/$user/web/$domain
        # Define exclude arguments
        exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
        set -f
        fargs=()
-        fargs+=(--exclude='logs/*')
+        fargs+=(--exclude='./logs/*')
        if [ ! -z "$exlusion" ]; then
            xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
            for xpath in $xdirs; do
-                fargs+=(--exclude=$xpath/*)
+                if [ -d "$xpath" ]; then
-                echo "$(date "+%F %T") excluding directory $xpath"
+                    fargs+=(--exclude=$xpath/*)
-                msg="$msg\n$(date "+%F %T") excluding directory $xpath"
+                    echo "$(date "+%F %T") excluding directory $xpath"
                    msg="$msg\n$(date "+%F %T") excluding directory $xpath"
                else
                    echo "$(date "+%F %T") excluding file $xpath"
                    msg="$msg\n$(date "+%F %T") excluding file $xpath"
                    fargs+=(--exclude=$xpath)
                fi
            done
        fi
        set +f
        # Backup files
-        cd $HOMEDIR/$user/web/$domain
+        tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
        tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
    done
    # Print total
@ -388,14 +400,17 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
        grep "DB='$database'" $conf > vesta/db.conf
        dump="$tmpdir/db/$database/$database.$TYPE.sql"
        dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
        grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
-        case $TYPE in
+        if [ ! -f "$dumpgz" ]; then
-            mysql) dump_mysql_database ;;
+            case $TYPE in
-            pgsql) dump_pgsql_database ;;
+                mysql) dump_mysql_database ;;
-        esac
+                pgsql) dump_pgsql_database ;;
            esac
-        # Compress dump
+            # Compress dump
-        gzip -$BACKUP_GZIP $dump
+            gzip -$BACKUP_GZIP $dump
        fi
    done
    # Print total
@ -445,11 +460,15 @@ if [ "$USER" != '*' ]; then
    fi
    fargs=()
    for xpath in $(echo "$USER" |tr ',' '\n'); do
-        fargs+=(-not)
+        if [ -d "$xpath" ]; then
-        fargs+=(-path)
+            fargs+=(--exclude=$xpath/*)
-        fargs+=("./$xpath*")
+            echo "$(date "+%F %T") excluding directory $xpath" |\
        echo "$(date "+%F %T") excluding directory $xpath" |\
            tee -a $BACKUP/$user.log
        else
            echo "$(date "+%F %T") excluding file $xpath" |\
            tee -a $BACKUP/$user.log
            fargs+=(--exclude=$xpath)
        fi
    done
    IFS=$'\n'
@ -460,11 +479,12 @@ if [ "$USER" != '*' ]; then
        exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
        if [ -z "$exclusion" ]; then
            ((i ++))
-            udir_list="$udir_list $udir"
+            udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g")
            udir_list="$udir_list $udir_str"
            echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
            # Backup files and dirs
-            tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
+            tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
        fi
    done
    set +f
@ -499,7 +519,7 @@ local_backup(){
    backup_list=$(ls -lrt $BACKUP/ |awk '{print $9}' |grep "^$user\." | grep ".tar")
    backups_count=$(echo "$backup_list" |wc -l)
    if [ "$BACKUPS" -le "$backups_count" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
        # Removing old backup
        for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
@ -575,7 +595,7 @@ ftp_backup() {
    fi
    # Debug info
-    echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
+    echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar"
    # Checking ftp connection
    fconn=$(ftpc)
@ -615,7 +635,7 @@ ftp_backup() {
    fi
    backups_count=$(echo "$backup_list" |wc -l)
    if [ "$backups_count" -ge "$BACKUPS" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
        for backup in $(echo "$backup_list" |head -n $backups_rm_number); do 
            backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar$//")
            echo -e "$(date "+%F %T") Rotated ftp backup: $backup_date" |\
@ -770,7 +790,7 @@ sftp_backup() {
    fi
    backups_count=$(echo "$backup_list" |wc -l)
    if [ "$backups_count" -ge "$BACKUPS" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
        for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
            backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar.*$//")
            echo -e "$(date "+%F %T") Rotated sftp backup: $backup_date" |\
--- a/bin/v-backup-users
+++ b/bin/v-backup-users
@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then
    exit
 fi
 for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
    if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
        continue;
    fi
    check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
    log=$VESTA/log/backup.log
    if [ ! -z "$check_suspend" ]; then
--- a/bin/v-change-mail-account-password
+++ b/bin/v-change-mail-account-password
@ -52,8 +52,11 @@ salt=$(generate_password "$PW_MATRIX" "8")
 md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
    quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
    quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
    quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
    sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
-    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
+    str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M"
    echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
--- a/bin/v-change-sys-config-value
+++ b/bin/v-change-sys-config-value
@ -28,6 +28,7 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
 check_args '2' "$#" 'KEY VALUE'
 is_format_valid 'key'
 format_no_quotes "$value" 'value'
 #----------------------------------------------------------#
 #                       Action                             #
--- a/bin/v-change-sys-hostname
+++ b/bin/v-change-sys-hostname
@ -31,18 +31,16 @@ is_format_valid 'domain'
 hostname $domain
-# RHEL/CentOS
+if [ -d "/etc/sysconfig" ]; then
-if [ -e "/etc/redhat-release" ]; then
+    # RHEL/CentOS/Amazon
    touch /etc/sysconfig/network
    if [ -z "$(grep HOSTNAME /etc/sysconfig/network)" ]; then
        echo "HOSTNAME='$domain'" >> /etc/sysconfig/network
    else
        sed -i "s/HOSTNAME=.*/HOSTNAME='$domain'/" /etc/sysconfig/network
    fi
-fi
+else
-
+    # Debian/Ubuntu
 # Debian/Ubuntu
 if [ ! -e "/etc/redhat-release" ]; then
    echo "$domain" > /etc/hostname
 fi
--- a/bin/v-change-sys-ip-nat
+++ b/bin/v-change-sys-ip-nat
@ -34,48 +34,72 @@ is_ip_valid "$ip"
 #                       Action                             #
 #----------------------------------------------------------#
-# Changing nat ip
+# Updating IP
 if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
    sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
    old=''
    new=$nat_ip
 else
-    update_ip_value '$NAT' "$nat_ip"
+    old=$(get_ip_value '$NAT')
-fi
+    new=$nat_ip
-
+    sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip
-# Check ftp system
+    if [ -z "$nat_ip" ]; then
-if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
+        new=$ip
    # Find configuration
    if [ -e '/etc/vsftpd/vsftpd.conf' ]; then
        conf='/etc/vsftpd/vsftpd.conf'
    fi
    if [ -e '/etc/vsftpd.conf' ]; then
        conf='/etc/vsftpd.conf'
    fi
    # Update config
    if [ -z "$(grep pasv_address $conf)" ]; then
        if [ ! -z "$nat_ip" ]; then
            echo "pasv_address=$nat_ip" >> $conf
        fi
    else
        if [ ! -z "$nat_ip" ]; then
            sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
        else
            sed -i "/pasv_address/d" $conf
        fi
    fi
 fi
 # Updating WEB configs
 if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then
    sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf
    for user in $(ls $VESTA/data/users/); do
        $BIN/v-rebuild-web-domains $user no
    done
    $BIN/v-restart-dns $restart
 fi
 # Updating DNS configs
 if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then
    sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf
    sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf
    for user in $(ls $VESTA/data/users/); do
        $BIN/v-rebuild-dns-domains $user no
    done
    $BIN/v-restart-dns $restart
 fi
 # Updating FTP
 if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then
    conf=$(find /etc -name $FTP_SYSTEM.conf)
    if [ -e "$conf" ]; then
        sed -i "s/$old/$new/g" $conf
        if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
            check_pasv=$(grep pasv_address $conf)
            if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
                echo "pasv_address=$nat_ip" >> $conf
            fi
            if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then
                sed -i "/pasv_address/d" $conf
            fi
            if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
                sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
            fi
        fi
    fi
    $BIN/v-restart-ftp $restart
 fi
 # Updating firewall
 if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then
    sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
    $BIN/v-update-firewall
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Restart ftp server
 $BIN/v-restart-ftp $restart
 check_result $? "FTP restart failed" >/dev/null
 # Logging
 log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-change-sys-service-config
+++ b/bin/v-change-sys-service-config
@ -63,6 +63,7 @@ case $service in
    spamd)          dst=$($BIN/v-list-sys-spamd-config plain);;
    spamassassin)   dst=$($BIN/v-list-sys-spamd-config plain);;
    clamd)          dst=$($BIN/v-list-sys-clamd-config plain);;
    clamd.scan)     dst=$($BIN/v-list-sys-clamd-config plain);;
    cron)           dst='/etc/crontab';;
    crond)          dst='/etc/crontab';;
    fail2ban)       dst='/etc/fail2ban/jail.local';;
@ -95,13 +96,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
    if [ "$service" = 'php' ]; then
        if [ "$WEB_SYSTEM" = "nginx" ]; then
-            service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
+            if [ $(ps --no-headers -o comm 1) == systemd ]; then
                service=$(systemctl | grep -o -E "php.*fpm.*\.service")
                service=${service//.service/}
            else
                service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
            fi
        else
            service=$WEB_SYSTEM
        fi
    fi
-    service $service restart >/dev/null 2>&1
+    for single_service in $service; do
        service $single_service restart >/dev/null 2>&1
    done <<< "$service"
    if [ $? -ne 0 ]; then
        for config in $dst; do
            cat $config.vst.back > $config
--- a/bin/v-change-user-package
+++ b/bin/v-change-user-package
@ -16,16 +16,12 @@ force=$3
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 is_package_avalable() {
-    usr_data=$(cat $USER_DATA/user.conf)
+    source $USER_DATA/user.conf
    IFS=$'\n'
    for key in $usr_data; do
        eval ${key%%=*}=${key#*=}
    done
    WEB_DOMAINS='0'
    DATABASES='0'
    MAIL_DOMAINS='0'
@ -33,9 +29,13 @@ is_package_avalable() {
    DISK_QUOTA='0'
    BANDWIDTH='0'
-    pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
-        grep -v DATE)
+    IFS=$'\n'
-    eval $pkg_data
+    for str in $pkg_data; do
        key=$(echo $str |cut -f 1 -d =)
        value=$(echo $str |cut -f 2 -d \')
        eval $key="$value"
    done
    # Checking usage agains package limits
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,11 +73,22 @@ is_package_avalable() {
            check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
        fi
    fi
    # Checking templates
    is_web_template_valid $WEB_TEMPLATE
    is_dns_template_valid $DNS_TEMPLATE
    is_proxy_template_valid $PROXY_TEMPLATE
 }
 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
+    source $USER_DATA/user.conf
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
    IFS=$'\n'
    for str in $pkg_data; do
        key=$(echo $str |cut -f 1 -d =)
        value=$(echo $str |cut -f 2 -d \')
        eval $key="$value"
    done
    echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'
@ -156,7 +167,7 @@ fi
 change_user_package
 # Update user shell
-shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
+shell_conf=$(echo "$pkg_data" |grep 'SHELL' |cut -f 2 -d \')
 shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
 /usr/bin/chsh -s "$shell" "$user" &>/dev/null
--- a/bin/v-change-user-password
+++ b/bin/v-change-user-password
@ -13,6 +13,10 @@
 user=$1
 password=$2; HIDE=2
 # Importing system enviroment as we run this script
 # mostly by cron wich not read it by itself
 source /etc/profile
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@ -22,6 +26,9 @@ source $VESTA/conf/vesta.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 if [ "$user" = "root" ]; then
    check_result $E_FORBIDEN "Changing root password is forbiden"
 fi
 check_args '2' "$#" 'USER PASSWORD'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
@ -37,6 +44,10 @@ is_password_valid
 echo "$user:$password" | /usr/sbin/chpasswd
 md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)
 if [ "$user" = 'admin' ] && [ -e "$VESTA/web/reset.admin" ]; then
    rm -f $VESTA/web/reset.admin
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-change-vesta-port
+++ b/bin/v-change-vesta-port
@ -0,0 +1,60 @@
 #!/bin/bash
 # info: change vesta port
 # options: port
 #
 # Function will change vesta port
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 port=$1
 if [ -z "$VESTA" ]; then
    VESTA="/usr/local/vesta"
 fi
 # Get current vesta port by reading nginx.conf
 oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
 if [ -z "$oldport" ]; then
    oldport=8083
 fi
 # Includes
 source $VESTA/func/main.sh
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 # Checking permissions
 if [ "$(id -u)" != '0' ]; then
    check_result $E_FORBIDEN "You must be root to execute this script"
 fi
 check_args '1' "$#" 'PORT'
 is_int_format_valid "$port" 'port number'
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
 if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
    sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
 fi
 sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
 $VESTA/bin/v-update-firewall
 systemctl restart fail2ban.service
 sed -i "s| $oldport | $port |g" /etc/iptables.rules
 systemctl restart vesta
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit 0;
--- a/bin/v-change-web-domain-backend-tpl
+++ b/bin/v-change-web-domain-backend-tpl
@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf
 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
    if [ "$backend_port" -eq "$port" ]; then
--- a/bin/v-change-web-domain-ip
+++ b/bin/v-change-web-domain-ip
@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user"
 # Preparing variables for vhost replace
 get_domain_values 'web'
 old=$(get_real_ip $IP)
-new=$ip
+new=$(get_real_ip $ip)
 # Replacing vhost
 replace_web_config "$WEB_SYSTEM" "$TPL.tpl"
--- a/bin/v-check-api-key
+++ b/bin/v-check-api-key
@ -0,0 +1,40 @@
 #!/bin/bash
 # info: check api key
 # options: KEY
 #
 # The function checks a key file in /usr/local/vesta/data/keys/
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 if [ -z "$1" ]; then
    echo "Error: key missmatch"
    exit 9
 fi
 key=$(basename $1)
 ip=${2-127.0.0.1}
 time_n_date=$(date +'%T %F')
 time=$(echo "$time_n_date" |cut -f 1 -d \ )
 date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 if [ ! -e $VESTA/data/keys/$key ]; then
    echo "Error: key missmatch"
    echo "$date $time api $ip failed to login" >> $VESTA/log/auth.log
    exit 9
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 echo "$date $time api $ip successfully launched" >> $VESTA/log/auth.log
 exit
--- a/bin/v-check-letsencrypt-domain
+++ b/bin/v-check-letsencrypt-domain
@ -1,162 +0,0 @@
 #!/bin/bash
 # info: check letsencrypt domain
 # options: USER DOMAIN
 #
 # The function check and validates domain with LetsEncript
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 user=$1
 domain=$2
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 # encode base64
 encode_base64() {
    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }
 # Additional argument formatting
 format_domain_idn
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER DOMAIN'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
    check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
 fi
 rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
 if [ -z "$rdomain" ]; then
    check_result $E_NOTEXIST "domain $domain doesn't exist"
 fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 source $USER_DATA/ssl/le.conf
 api='https://acme-v01.api.letsencrypt.org'
 r_domain=$(echo "$rdomain" |cut -f 2 -d \')
 key="$USER_DATA/ssl/user.key"
 exponent="$EXPONENT"
 modulus="$MODULUS"
 thumb="$THUMB"
 # Defining JWK header
 header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
 header='{"alg":"RS256","jwk":'"$header"'}'
 # Requesting nonce
 nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
 protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
 # Defining ACME query (request challenge)
 query='{"resource":"new-authz","identifier"'
 query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
 payload=$(echo -n "$query" |encode_base64)
 signature=$(printf "%s" "$protected.$payload" |\
    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
 data='{"header":'"$header"',"protected":"'"$protected"'",'
 data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
 # Sending request to LetsEncrypt API
 answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
 # Checking http answer status
 status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
 if [[ "$status" -ne "201" ]]; then
    check_result $E_CONNECT "LetsEncrypt challenge request $status"
 fi
 # Parsing domain nonce,token and uri
 nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
 protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
 token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
 uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
 # Adding location wrapper for request challenge
 if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
    conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
    sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
    if [ ! -e "$conf" ]; then
        echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
        echo '    default_type text/plain;' >> $conf
        echo '    return 200 "$1.'$thumb'";' >> $conf
        echo '}' >> $conf
    fi
    if [ ! -e "$sconf" ]; then
        ln -s "$conf" "$sconf"
    fi
 else
    acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
    if [ ! -d "$acme" ]; then
        mkdir -p $acme
    fi
    echo "$token.$thumb" > $acme/$token
    chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
 fi
 # Restarting web server
 if [ -z "$PROXY_SYSTEM" ]; then
    $BIN/v-restart-web
    check_result $? "Proxy restart failed" >/dev/null
 else
    $BIN/v-restart-proxy
    $BIN/v-restart-web
    check_result $? "Web restart failed" >/dev/null
 fi
 # Defining ACME query (request validation)
 query='{"resource":"challenge","type":"http-01","keyAuthorization"'
 query=$query':"'$token.$thumb'","token":"'$token'"}'
 payload=$(echo -n "$query" |encode_base64)
 signature=$(printf "%s" "$protected.$payload" |\
    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
 data='{"header":'"$header"',"protected":"'"$protected"'",'
 data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
 # Sending request to LetsEncrypt API
 answer=$(curl -s -i -d "$data" "$uri")
 # Checking domain validation status
 i=1
 status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
 location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
 while [ "$status" = 'pending' ]; do
    answer=$(curl -s -i "$location")
    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
    status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
    sleep 1
    i=$((i + 1))
    if [ "$i" -gt 60 ]; then
        check_result $E_CONNECT "$detail"
    fi
 done
 if [ "$status" = 'invalid' ]; then
    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
    check_result $E_CONNECT "$detail"
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit
--- a/bin/v-check-user-hash
+++ b/bin/v-check-user-hash
@ -0,0 +1,100 @@
 #!/bin/bash
 # info: check user hash
 # options: USER HASH [IP]
 #
 # The function verifies user hash
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 user=$1
 hash=$2; HIDE=2
 ip=${3-127.0.0.1}
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 time_n_date=$(date +'%T %F')
 time=$(echo "$time_n_date" |cut -f 1 -d \ )
 date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER HASH'
 is_format_valid 'user'
 # Checking user
 if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
    echo "Error: password missmatch"
    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
    exit 9
 fi
 # Checking user hash
 is_hash_valid
 # Checking empty hash
 if [[ -z "$hash" ]]; then
    echo "Error: password missmatch"
    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
    exit 9
 fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Parsing user's salt
 shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
 if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
 then
    salt=$(echo "$shadow" |cut -f 3 -d \$)
    method=$(echo "$shadow" |cut -f 2 -d \$)
    if [ "$method" -eq '1' ]; then
        method='md5'
    elif [ "$method" -eq '6' ]; then
        method='sha-512'
    else
        echo "Error: password missmatch"
        echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
        exit 9
    fi
 else
    salt=${shadow:0:2}
    method='des'
 fi
 # Checking salt
 if [ -z "$salt" ]; then
    echo "Error: password missmatch"
    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
    exit 9
 fi
 # Comparing hashes
 if [[ "$shadow" != "$hash" ]]; then
    echo "Error: password missmatch"
    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
    exit 9
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 echo "$date $time $user $ip successfully logged in" >> $VESTA/log/auth.log
 exit
--- a/bin/v-check-user-password
+++ b/bin/v-check-user-password
@ -82,7 +82,8 @@ if [ -z "$salt" ]; then
 fi
 # Generating hash
-hash=$($BIN/v-generate-password-hash $method $salt <<< $password)
+set -o noglob
 hash=$($BIN/v-generate-password-hash $method $salt <<< "$password")
 if [[ -z "$hash" ]]; then
    echo "Error: password missmatch"
    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
--- a/bin/v-deactivate-vesta-license
+++ b/bin/v-deactivate-vesta-license
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/cancel.php?licence_key=$license)
+answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 # Checking server answer
--- a/bin/v-delete-mail-domain
+++ b/bin/v-delete-mail-domain
@ -56,7 +56,7 @@ fi
 # Deleting dkim dns record
 if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
    records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
    for id in $dkim_records; do
        $BIN/v-delete-dns-record $user $domain $id
    done
--- a/bin/v-delete-sys-mail-ssl
+++ b/bin/v-delete-sys-mail-ssl
@ -0,0 +1,75 @@
 #!/bin/bash
 # info: delete sys vesta user ssl certificate
 # options: NONE
 #
 # The script disables user domain ssl synchronization
 #----------------------------------------------------------#
 #                  Variable & Function                     #
 #----------------------------------------------------------#
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 vst_crt="$VESTA/ssl/certificate.crt"
 vst_key="$VESTA/ssl/certificate.key"
 # Updating mail certificate
 case $MAIL_SYSTEM in
    exim)           conf='/etc/exim/exim.conf';;
    exim4)          conf='/etc/exim4/exim4.conf.template';;
 esac
 if [ -e "$conf" ]; then
    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
 fi
 # Updating imap certificate
 conf="/etc/dovecot/conf.d/10-ssl.conf"
 if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
 fi
 # Moving old certificates
 if [ -e "$VESTA/ssl/mail.crt" ]; then
    mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
 fi
 if [ -e "VESTA/ssl/mail.key" ]; then
    mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
 fi
 # Updating vesta.conf value
 sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Restarting services
 if [ "$restart" != 'no' ]; then
    if [ ! -z "$MAIL_SYSTEM" ]; then
        $BIN/v-restart-service $MAIL_SYSTEM
    fi
    if [ ! -z "$IMAP_SYSTEM" ]; then
        $BIN/v-restart-service $IMAP_SYSTEM
    fi
 fi
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit
--- a/bin/v-delete-sys-vesta-ssl
+++ b/bin/v-delete-sys-vesta-ssl
@ -0,0 +1,37 @@
 #!/bin/bash
 # info: delete sys vesta user ssl certificate
 # options: NONE
 #
 # The script disables user domain ssl synchronization
 #----------------------------------------------------------#
 #                  Variable & Function                     #
 #----------------------------------------------------------#
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Updating vesta.conf value
 sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit
--- a/bin/v-delete-user-favourites
+++ b/bin/v-delete-user-favourites
@ -32,6 +32,8 @@ case $system in
    DNS_REC)    is_format_valid 'id' ;;
    *)          is_format_valid 'object'
 esac
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
--- a/bin/v-delete-vesta-softaculous
+++ b/bin/v-delete-vesta-softaculous
@ -29,7 +29,8 @@ fi
 # Deleting symlink
 if [ -e "$VESTA/web/softaculous" ]; then
-    rm -f $VESTA/web/softaculous
+    mkdir -p $VESTA/disabled_plugins
    mv $VESTA/web/softaculous $VESTA/disabled_plugins
 fi
 # Updating SOFTACULOUS value
--- a/bin/v-delete-web-domain-ssl
+++ b/bin/v-delete-web-domain-ssl
@ -57,7 +57,13 @@ fi
 # Deleting old certificate
 tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
-rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
+
 # remove certificate files - do not use wildcard, as this might remove other domains
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
 mv $USER_DATA/ssl/$domain.* $tmpdir
 chown -R $user:$user $tmpdir
--- a/bin/v-extract-fs-archive
+++ b/bin/v-extract-fs-archive
@ -82,7 +82,7 @@ fi
 # Extracting ziped archive
 if [ ! -z "$(echo $src_file |grep -i  '.zip')" ]; then
    sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
+    sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
    rc=$?
 fi
--- a/bin/v-generate-ssl-cert
+++ b/bin/v-generate-ssl-cert
@ -67,7 +67,7 @@ fi
 args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
 check_args '7' "$#" "$args_usage"
-is_format_valid 'domain_alias' 'format'
+is_format_valid 'domain' 'alias' 'format'
 #----------------------------------------------------------#
--- a/bin/v-get-user-salt
+++ b/bin/v-get-user-salt
@ -0,0 +1,118 @@
 #!/bin/bash
 # info: get user salt
 # options: USER [IP] [FORMAT]
 #
 # The function provides users salt
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 user=$1
 ip=${2-127.0.0.1}
 format=${3-shell}
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 time_n_date=$(date +'%T %F')
 time=$(echo "$time_n_date" |cut -f 1 -d \ )
 date=$(echo "$time_n_date" |cut -f 2 -d \ )
 # JSON list function
 json_list() {
    echo '{'
    echo '    "'$user'": {
        "METHOD": "'$method'",
        "SALT": "'$salt'",
        "TIME": "'$time'",
        "DATE": "'$date'"
        }'
    echo '}'
 }
 # SHELL list function
 shell_list() {
    echo "METHOD:         $method"
    echo "SALT:           $salt"
 }
 # PLAIN list function
 plain_list() {
    echo -e "$method\t$salt"
 }
 # CSV list function
 csv_list() {
    echo "METHOD,SALT"
    echo "$method, $salt"
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 check_args '1' "$#" 'USER [IP] [SALT]'
 is_format_valid 'user'
 # Checking user
 if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
    echo "Error: password missmatch"
    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
    exit 9
 fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Parsing user's salt
 shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
 if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
 then
    salt=$(echo "$shadow" |cut -f 3 -d \$)
    method=$(echo "$shadow" |cut -f 2 -d \$)
    if [ "$method" -eq '1' ]; then
        method='md5'
    elif [ "$method" -eq '6' ]; then
        method='sha-512'
    else
        echo "Error: password missmatch"
        echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
        exit 9
    fi
 else
    salt=${shadow:0:2}
    method='des'
 fi
 if [ -z "$salt" ]; then
    echo "Error: password missmatch"
    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
    exit 9
 fi
 # Listing data
 case $format in
    json)   json_list ;;
    plain)  plain_list ;;
    csv)    csv_list ;;
    shell)  shell_list ;;
 esac
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 exit
--- a/bin/v-insert-dns-domain
+++ b/bin/v-insert-dns-domain
@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then
 fi
 # Flush domain
-if [ "$flush" ! = 'no' ]; then
+if [ "$flush" != 'no' ]; then
    sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
 fi
--- a/bin/v-list-dns-domain
+++ b/bin/v-list-dns-domain
@ -71,6 +71,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
 is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"
--- a/bin/v-list-letsencrypt-user
+++ b/bin/v-list-letsencrypt-user
@ -23,7 +23,8 @@ json_list() {
        "EMAIL": "'$EMAIL'",
        "EXPONENT": "'$EXPONENT'",
        "MODULUS": "'$MODULUS'",
-        "THUMB: "'$THUMB'"
+        "THUMB": "'$THUMB'",
        "KID": "'$KID'"
    }'
    echo '}'
 }
@ -35,17 +36,18 @@ shell_list() {
    echo "THUMB:          $THUMB"
    echo "EXPONENT:       $EXPONENT"
    echo "MODULUS:        $MODULUS"
    echo "KID:            $KID"
 }
 # PLAIN list function
 plain_list() {
-    echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB"
+    echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
 }
 # CSV list function
 csv_list() {
-    echo "USER,EMAIL,EXPONENT,MODULUS,THUMB"
+    echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
-    echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB"
+    echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
 }
@ -54,6 +56,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '1' "$#" 'USER [FORMAT]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
    check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"
--- a/bin/v-list-mail-domain-dkim-dns
+++ b/bin/v-list-mail-domain-dkim-dns
@ -57,6 +57,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
 is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"
@ -67,7 +68,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
 # Parsing domain keys
 if [ -e "$USER_DATA/mail/$domain.pub" ]; then
-    pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----")
+    pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
    pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
 else
    pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"
--- a/bin/v-list-sys-config
+++ b/bin/v-list-sys-config
@ -51,7 +51,9 @@ json_list() {
        "MAIL_URL": "'$MAIL_URL'",
        "DB_PMA_URL": "'$DB_PMA_URL'",
        "DB_PGA_URL": "'$DB_PGA_URL'",
-        "SOFTACULOUS": "'$SOFTACULOUS'"
+        "SOFTACULOUS": "'$SOFTACULOUS'",
        "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
    }
 }'
 }
@ -138,6 +140,12 @@ shell_list() {
    if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
        echo "Language:       $LANGUAGE"
    fi
    if [ ! -z "$MAIL_CERTIFICATE" ]; then
        echo "Mail SSL:       $MAIL_CERTIFICATE"
    fi
    if [ ! -z "$VESTA_CERTIFICATE" ]; then
        echo "Vesta SSL:      $VESTA_CERTIFICATE"
    fi
    echo "Version:        $VERSION"
 }
@ -151,7 +159,8 @@ plain_list() {
    echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
    echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
    echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
-    echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
+    echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
    echo -e  "$VESTA_CERTIFICATE"
 }
@ -165,7 +174,8 @@ csv_list() {
    echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
    echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
    echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
-    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
+    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
    echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
    echo
    echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
    echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@ -176,6 +186,7 @@ csv_list() {
    echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
    echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
    echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
    echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
    echo
 }
@ -187,7 +198,7 @@ csv_list() {
 # Listing data
 case $format in
    json)   json_list ;;
-    plain)  shell_list ;;
+    plain)  plain_list ;;
    csv)    csv_list ;;
    shell)  shell_list ;;
 esac
--- a/bin/v-list-sys-info
+++ b/bin/v-list-sys-info
@ -56,17 +56,18 @@ csv_list() {
 HOSTNAME=$(hostname)
 # Check OS/Release
-if [ -e '/etc/redhat-release' ]; then
+if [ -d '/etc/sysconfig' ]; then
-    if [ ! -z "$(grep CentOS /etc/redhat-release)" ]; then
+    if [ -e '/etc/redhat-release' ]; then
        OS='CentOS'
        VERSION=$(cat /etc/redhat-release |tr ' ' '\n' |grep [0-9])
    else
-        OS="RHEL"
+        OS="Amazon"
        VERSION=$(cat /etc/issue |tr ' ' '\n' |grep [0-9])
    fi
    VERSION=$(cat /etc/redhat-release| tr ' ' '\n' |grep [0-9])
 else
    if [ "$(lsb_release -si)" == "Ubuntu" ] && [ -e '/etc/debian_version' ]; then
        OS="Ubuntu"
-        VERSION=$(grep DISTRIB_RELEASE /etc/lsb-release| cut -f 2 -d '=')
+        VERSION=$(grep DISTRIB_RELEASE /etc/lsb-release |cut -f 2 -d '=')
    else
        distro=$(head -n1 /etc/issue |cut -f 1 -d ' ')
        if [ "$distro" = 'Debian' ]; then
--- a/bin/v-list-sys-mail-ssl
+++ b/bin/v-list-sys-mail-ssl
@ -0,0 +1,135 @@
 #!/bin/bash
 # info: list mail ssl certificate
 # options: [FORMAT]
 #
 # The function of obtaining mail ssl files.
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 format=${1-shell}
 # Includes
 source $VESTA/func/main.sh
 # JSON list function
 json_list() {
    echo '{'
    echo -e "\t\"MAIL\": {"
    echo "        \"CRT\": \"$crt\","
    echo "        \"KEY\": \"$key\","
    echo "        \"CA\": \"$ca\","
    echo "        \"SUBJECT\": \"$subj\","
    echo "        \"ALIASES\": \"$alt_dns\","
    echo "        \"NOT_BEFORE\": \"$before\","
    echo "        \"NOT_AFTER\": \"$after\","
    echo "        \"SIGNATURE\": \"$signature\","
    echo "        \"PUB_KEY\": \"$pub_key\","
    echo "        \"ISSUER\": \"$issuer\""
    echo -e "\t}\n}"
 }
 # SHELL list function
 shell_list() {
    if [ ! -z "$crt" ]; then
        echo -e "$crt"
    fi
    if [ ! -z "$key" ]; then
        echo -e "\n$key"
    fi
    if [ ! -z "$crt" ]; then
        echo
        echo
        echo "SUBJECT:        $subj"
        if [ ! -z "$alt_dns" ]; then
            echo "ALIASES:        ${alt_dns//,/ }"
        fi
        echo "VALID FROM:     $before"
        echo "VALID TIL:      $after"
        echo "SIGNATURE:      $signature"
        echo "PUB_KEY:        $pub_key"
        echo "ISSUER:         $issuer"
    fi
 }
 # PLAIN list function
 plain_list() {
    if [ ! -z "$crt" ]; then
        echo -e "$crt"
    fi
    if [ ! -z "$key" ]; then
        echo -e "\n$key"
    fi
    if [ ! -z "$ca" ]; then
        echo -e "\n$ca"
    fi
    if [ ! -z "$crt" ]; then
        echo "$subj"
        echo "${alt_dns//,/ }"
        echo "$before"
        echo "$after"
        echo "$signature"
        echo "$pub_key"
        echo "$issuer"
    fi
 }
 # CSV list function
 csv_list() {
    echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
    echo "PUB_KEY,ISSUER"
    echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
    echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 # Parsing SSL certificate
 if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
    exit
 fi
 crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
 key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
 # Parsing SSL certificate details without CA
 info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
 subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
 before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
 after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
 signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
 signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
 pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
 issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
 alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
 alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
 alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
 # Listing data
 case $format in
    json)   json_list ;;
    plain)  plain_list ;;
    csv)    csv_list ;;
    shell)  shell_list ;;
 esac
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 exit
--- a/bin/v-list-sys-services
+++ b/bin/v-list-sys-services
@ -191,7 +191,7 @@ fi
 # Checking MAIL ANTIVIRUS
 if [ ! -z "$ANTIVIRUS_SYSTEM" ] && [ "$ANTIVIRUS_SYSTEM" != 'remote' ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
        if [ "$ANTIVIRUS_SYSTEM" == 'clamav' ];then
            ANTIVIRUS_SYSTEM='clamd'
        fi
@ -220,7 +220,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
        proc_name=''
        service="$db"
        if [ "$service" = 'mysql' ]; then
-            if [ -e "/etc/redhat-release" ]; then
+            if [ -d "/etc/sysconfig" ]; then
                service='mysqld'
                proc_name='mysqld'
                if [ -e "/usr/lib/systemd/system/mariadb.service" ]; then
@ -231,7 +231,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
        if [ "$service" == 'pgsql' ]; then
            service='postgresql'
            proc_name='postmaster'
-            if [ ! -e "/etc/redhat-release" ]; then
+            if [ ! -d "/etc/sysconfig" ]; then
                proc_name='postgres'
            fi
            if [ ! -e '/etc/init.d/postgresql' ]; then
--- a/bin/v-list-sys-vesta-updates
+++ b/bin/v-list-sys-vesta-updates
@ -64,7 +64,7 @@ shell_list() {
 latest=$(wget -q -T 1 -t 1 http://c.vestacp.com/latest.txt -O -)
 # Checking installed vesta version
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    rpm_format="VERSION='%{VERSION}'"
    rpm_format="$rpm_format RELEASE='%{RELEASE}'"
    rpm_format="$rpm_format ARCH='%{ARCH}'"
@ -89,7 +89,7 @@ data="NAME='vesta' VERSION='$VERSION' RELEASE='$RELEASE' ARCH='$ARCH'"
 data="$data UPDATED='$UPDATED' DESCR='core package' TIME='$TIME' DATE='$DATE'"
 # Checking installed vesta-php version
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    eval $(rpm --queryformat="$rpm_format" -q vesta-php)
    DATE=$(date -d @$UTIME +%F)
    TIME=$(date -d @$UTIME +%T)
@ -107,7 +107,7 @@ data="$data ARCH='$ARCH' UPDATED='$UPDATED' DESCR='php interpreter'"
 data="$data TIME='$TIME' DATE='$DATE'"
 # Checking installed vesta-nginx version
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    eval $(rpm --queryformat="$rpm_format" -q vesta-nginx)
    DATE=$(date -d @$UTIME +%F)
    TIME=$(date -d @$UTIME +%T)
@ -126,7 +126,7 @@ data="$data TIME='$TIME' DATE='$DATE'"
 # Checking installed vesta-ioncube version
 if [ "$SOFTACULOUS" = 'yes' ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
        eval $(rpm --queryformat="$rpm_format" -q vesta-ioncube)
        DATE=$(date -d @$UTIME +%F)
        TIME=$(date -d @$UTIME +%T)
@ -146,7 +146,7 @@ fi
 # Checking installed vesta-softaculous version
 if [ "$SOFTACULOUS" = 'yes' ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
        eval $(rpm --queryformat="$rpm_format" -q vesta-softaculous)
        DATE=$(date -d @$UTIME +%F)
        TIME=$(date -d @$UTIME +%T)
--- a/bin/v-list-user
+++ b/bin/v-list-user
@ -154,6 +154,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '1' "$#" 'USER [FORMAT]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
--- a/bin/v-list-user-backup
+++ b/bin/v-list-user-backup
@ -75,6 +75,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER BACKUP [FORMAT]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'backup' 'BACKUP' "$backup"
--- a/bin/v-list-user-backups
+++ b/bin/v-list-user-backups
@ -22,7 +22,7 @@ json_list() {
    i=1
    objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
    echo "{"
-    while read str; do
+    while read -r str; do
        eval $str
        echo -n '    "'$BACKUP'": {
        "TYPE": "'$TYPE'",
--- a/bin/v-list-user-log
+++ b/bin/v-list-user-log
@ -23,7 +23,10 @@ json_list() {
    objects=$(echo "$logs" |wc -l)
    echo "{"
    for str in $logs; do
-        eval $str
+        ID=$(echo "$str" |cut -f 2 -d \')
        DATE=$(echo "$str" |cut -f 4 -d \')
        TIME=$(echo "$str" |cut -f 6 -d \')
        CMD=$(echo "$str" |cut -f 8 -d \')
        CMD=${CMD//\"/\\\"}
        echo -n '    "'$ID'": {
        "CMD": "'$CMD'",
@ -46,13 +49,9 @@ shell_list() {
    echo "DATE~TIME~CMD"
    echo "----~----~---"
    for str in $logs; do
-        eval $str
+        DATE=$(echo "$str" |cut -f 4 -d \')
-        if [ -z "$DATE" ]; then
+        TIME=$(echo "$str" |cut -f 6 -d \')
-            DATE='no'
+        CMD=$(echo "$str" |cut -f 8 -d \')
        fi
        if [ -z "$TIME" ]; then
            TIME='no'
        fi
        echo "$DATE~$TIME~$CMD"
    done
 }
@ -61,7 +60,9 @@ shell_list() {
 plain_list() {
    IFS=$'\n'
    for str in $logs; do
-        eval $str
+        DATE=$(echo "$str" |cut -f 4 -d \')
        TIME=$(echo "$str" |cut -f 6 -d \')
        CMD=$(echo "$str" |cut -f 8 -d \')
        echo -e "$ID\t$CMD\t$UNDO\t$TIME\t$DATE"
    done
 }
@ -71,7 +72,9 @@ csv_list() {
    IFS=$'\n'
    echo "ID,CMD,UNDO,TIME,DATE"
    for str in $logs; do
-        eval $str
+        DATE=$(echo "$str" |cut -f 4 -d \')
        TIME=$(echo "$str" |cut -f 6 -d \')
        CMD=$(echo "$str" |cut -f 8 -d \')
        echo "$ID,\"$CMD\",\"$UNDO\",$TIME,$DATE"
    done
 }
--- a/bin/v-list-user-package
+++ b/bin/v-list-user-package
@ -22,6 +22,7 @@ json_list() {
    echo '{'
    echo '    "'$PACKAGE'": {
        "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
        "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
        "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
        "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -47,6 +48,7 @@ json_list() {
 shell_list() {
    echo "PACKAGE:        $PACKAGE"
    echo "WEB TEMPLATE:   $WEB_TEMPLATE"
    echo "BACKEND_TEMPLATE:   $BACKEND_TEMPLATE"
    echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
    echo "DNS TEMPLATE:   $DNS_TEMPLATE"
    echo "WEB DOMAINS:    $WEB_DOMAINS"
@ -68,7 +70,7 @@ shell_list() {
 # PLAIN list function
 plain_list() {
-    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
    echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
    echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
    echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -76,11 +78,11 @@ plain_list() {
 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
    echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
    echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
    echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
-    echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+    echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
    echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
    echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
    echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
--- a/bin/v-list-user-packages
+++ b/bin/v-list-user-packages
@ -27,6 +27,7 @@ json_list() {
        source $VESTA/data/packages/$package
        echo -n '    "'$PACKAGE'": {
        "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
        "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
        "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
        "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -65,7 +66,7 @@ shell_list() {
        package_data=$(cat $VESTA/data/packages/$package)
        package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
        eval $package_data
-        echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
+        echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
        echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
    done
 }
@ -75,7 +76,7 @@ plain_list() {
    for package in $packages; do
        source $VESTA/data/packages/$package
        PACKAGE=${package/.pkg/}
-        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
        echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
        echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
        echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -84,13 +85,13 @@ plain_list() {
 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
    echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
    echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
    echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
    for package in $packages; do
        PACKAGE=${package/.pkg/}
-        echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+        echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
        echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
        echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
        echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
--- a/bin/v-list-user-stats
+++ b/bin/v-list-user-stats
@ -115,6 +115,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '1' "$#" 'USER [FORMAT]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
--- a/bin/v-list-users
+++ b/bin/v-list-users
@ -15,9 +15,14 @@ format=${1-shell}
 # JSON list function
 json_list() {
    echo '{'
    object_count=$(grep '@' /etc/passwd |wc -l)
    i=1
    while read USER; do
        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
            continue;
        fi
        if [ $i -gt 1 ]; then
            echo ","
        fi
        source $VESTA/data/users/$USER/user.conf
        echo -n '    "'$USER'": {
        "FNAME": "'$FNAME'",
@ -74,14 +79,8 @@ json_list() {
        "TIME": "'$TIME'",
        "DATE": "'$DATE'"
        }'
        if [ "$i" -lt "$object_count" ]; then
            echo ','
        else
            echo
        fi
        ((i++))
    done < <(grep '@' /etc/passwd |cut -f1 -d:)
    echo '}'
 }
@ -90,6 +89,9 @@ shell_list() {
    echo "USER   PKG   WEB   DNS   MAIL   DB   DISK   BW   SPND   DATE"
    echo "----   ---   ---   ---   ---    --   ----   --   ----   ----"
    while read USER; do
        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
            continue;
        fi
        source $VESTA/data/users/$USER/user.conf
        echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
        echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@ -99,6 +101,9 @@ shell_list() {
 # PLAIN list function
 plain_list() {
    while read USER; do
        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
            continue;
        fi
        source $VESTA/data/users/$USER/user.conf
        echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
        echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@ -131,6 +136,9 @@ csv_list() {
    echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
    echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
    while read USER; do
        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
            continue;
        fi
        source $VESTA/data/users/$USER/user.conf
        echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
        echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@ -151,6 +159,9 @@ csv_list() {
 # Raw list function
 raw_list() {
    while read USER; do
        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
            continue;
        fi
        echo $VESTA/data/users/$USER/user.conf
        cat $VESTA/data/users/$USER/user.conf
    done < <(grep '@' /etc/passwd |cut -f1 -d:)
--- a/bin/v-list-web-domain
+++ b/bin/v-list-web-domain
@ -110,6 +110,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
 is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
--- a/bin/v-list-web-domain-ssl
+++ b/bin/v-list-web-domain-ssl
@ -19,6 +19,7 @@ source $VESTA/func/main.sh
 # JSON list function
 json_list() {
    issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
    echo '{'
    echo -e "\t\"$domain\": {"
    echo "        \"CRT\": \"$crt\","
@ -97,6 +98,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
 is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
@ -110,7 +112,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
    crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
    info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
-    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \")
    before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
    after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
    signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
--- a/bin/v-list-web-domains
+++ b/bin/v-list-web-domains
@ -100,6 +100,7 @@ csv_list() {
 #----------------------------------------------------------#
 check_args '1' "$#" 'USER [FORMAT]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
--- a/bin/v-open-fs-config
+++ b/bin/v-open-fs-config
@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then
        echo "Error: invalid source path $src_file"
        exit 2
    fi
    spath=$(echo "$rpath" |egrep "/etc|/var/lib")
    if [ -z "$spath" ]; then
        echo "Error: invalid source path $src_file"
        exit 2
    fi
 fi
 # Reading conf
--- a/bin/v-rebuild-web-domains
+++ b/bin/v-rebuild-web-domains
@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user"
 #----------------------------------------------------------#
 # Deleting old web configs
-sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
+sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
 if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf"  ]; then
    rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf
 fi
@ -47,7 +47,7 @@ fi
 # Deleting old proxy configs
 if [ ! -z "$PROXY_SYSTEM" ]; then
-    sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
+    sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
    if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then
        rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf
--- a/bin/v-restart-proxy
+++ b/bin/v-restart-proxy
@ -50,7 +50,13 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
 fi
 # Restart system
-service $PROXY_SYSTEM restart >/dev/null 2>&1
+if [ ! -f "/etc/debian_version" ]; then
    service $PROXY_SYSTEM restart >/dev/null 2>&1
 else
    systemctl reset-failed $PROXY_SYSTEM
    systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
 fi
 if [ $? -ne 0 ]; then
    send_email_report
    check_result $E_RESTART "$PROXY_SYSTEM restart failed"
--- a/bin/v-restart-web-backend
+++ b/bin/v-restart-web-backend
@ -50,7 +50,7 @@ if [ -z "$WEB_BACKEND" ] || [ "$WEB_BACKEND" = 'remote' ]; then
 fi
 # Restart system
-php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d /)
+php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d / |head -n 1)
 if [ -z "$php_fpm" ]; then
    service $WEB_BACKEND restart >/dev/null 2>&1
 else
--- a/bin/v-restore-user
+++ b/bin/v-restore-user
@ -56,6 +56,7 @@ ftpc() {
    quote USER $USERNAME
    quote PASS $PASSWORD
    binary
    lcd $BACKUP
    $1
    $2
    $3
@ -229,8 +230,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
    (( ++i))
 done
 if [ -z "$BACKUP_TEMP" ]; then
    BACKUP_TEMP=$BACKUP
 fi
 # Creating temporary directory
-tmpdir=$(mktemp -p /tmp -d)
+tmpdir=$(mktemp -p $BACKUP_TEMP -d)
 if [ "$?" -ne 0 ]; then
    echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
    sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
@ -285,7 +290,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
    if [ -z "$web" ] || [ "$web" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$web" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi
@ -373,8 +378,10 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
            # Copying ssl certificates
            if [ "$SSL" = 'yes' ]; then
-                for crt in $(ls $tmpdir/web/$domain/conf |grep ssl); do
+                certificates=$(ls $tmpdir/web/$domain/conf| grep ssl)
-                    crt=$(echo "$crt" |sed "s/ssl.//")
+                certificates=$(echo "$certificates" |grep $domain)
                for crt in $certificates; do
                    crt=$(echo $crt|sed -e "s/ssl.//")
                    cp -f $tmpdir/web/$domain/conf/ssl.$crt $USER_DATA/ssl/$crt
                done
            fi
@ -400,15 +407,21 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
        fi
        # Restoring web domain data
-        tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
+        chown $user $tmpdir
-            -C $HOMEDIR/$user/web/$domain/
+        chmod u+w $HOMEDIR/$user/web/$domain
-        if [ "$?" -ne 0 ]; then
+        sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
-            rm -rf $tmpdir
+            -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
-            error="can't unpack $domain data tarball"
+            2> $HOMEDIR/$user/web/$domain/restore_errors.log
-            echo "$error" |$SENDMAIL -s "$subj" $email $notify
+        if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
-            sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
+            chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
            check_result "$E_PARSING" "$error"
        fi
        #if [ "$?" -ne 0 ]; then
        #    rm -rf $tmpdir
        #    error="can't unpack $domain data tarball"
        #    echo "$error" |$SENDMAIL -s "$subj" $email $notify
        #    sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
        #    check_result "$E_PARSING" "$error"
        #fi
        # Applying Fix for tar < 1.24
        find $HOMEDIR/$user/web/$domain -type d \
@ -446,7 +459,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
    if [ -z "$dns" ] || [ "$dns" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi
@ -526,7 +539,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
    if [ -z "$mail" ] || [ "$mail" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi
@ -586,7 +599,9 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
        # Restoring emails
        if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
-            tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
+            chown $user $tmpdir
            chmod u+w $HOMEDIR/$user/mail/$domain_idn
            sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
                -C $HOMEDIR/$user/mail/$domain_idn/
            if [ "$?" -ne 0 ]; then
                rm -rf $tmpdir
@ -621,7 +636,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
    if [ -z "$db" ] || [ "$db" = '*' ]; then
        databases="$backup_databases"
    else
-        echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt
        databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
    fi
--- a/bin/v-schedule-user-restore
+++ b/bin/v-schedule-user-restore
@ -23,6 +23,19 @@ udir=$8
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 # Check backup ownership function
 is_backup_available() {
    passed=false
    if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
        passed=true
    elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
        passed=true
    fi
    if [ $passed = false ]; then
        check_result $E_FORBIDEN "permission denied"
    fi
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
@ -34,6 +47,7 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_backup_enabled
 is_backup_scheduled 'restore'
 is_backup_available "$user" "$backup"
 #----------------------------------------------------------#
--- a/bin/v-search-object
+++ b/bin/v-search-object
@ -84,6 +84,22 @@ OLD_IFS=$IFS
 IFS=$'\n'
 # User loop
 search_user=$(ls -1 $VESTA/data/users |grep $object)
 for user in $search_user; do
    if [ -e "$VESTA/data/users/$user/user.conf" ]; then
        source $VESTA/data/users/$user/user.conf
        ((i ++))
        type=$(echo $type|cut -f1 -d \.)
        str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
        str="$str RESULT='$user' ALIAS=''"
        str="$str LINK='$user' PARENT=''"
        str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
        str="$str DATE='$DATE'"
        echo $str >> $conf
    fi
 done
 # User data loop
 for user in $(ls $VESTA/data/users/); do
    # Search query
    search=$(grep "$object" \
@ -154,12 +170,13 @@ for user in $(ls $VESTA/data/users/); do
        # DNS Records
        if [ "$type" = 'dns' ]; then
-            if [ -n "$(echo $RECORD |grep $object)" ]; then
+            if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then
                dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
                key="RECORD"
-                result="$RECORD.$DOMAIN"
+                result="$RECORD.$dom"
                suspended=$SUSPENDED
                object_link=$ID
-                object_parent=$DOMAIN
+                object_parent=$dom
                object_time=$TIME
                object_date=$DATE
                ((i ++))
--- a/bin/v-search-ssl-certificates
+++ b/bin/v-search-ssl-certificates
@ -0,0 +1,93 @@
 #!/bin/bash
 # info: search ssl certificates
 # options: [FORMAT]
 #
 # The function to obtain the list of available ssl certificates.
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 format=${1-shell}
 # Includes
 source $VESTA/func/main.sh
 # JSON list function
 json_list() {
    IFS=$'\n'
    objects=$(echo "$search_cmd" |wc -l)
    i=1
    echo '['
    for str in $search_cmd; do
        eval $str
        if [ "$i" -lt "$objects" ]; then
            echo -e  "\t\"$USER:$DOMAIN\","
        else
            echo -e  "\t\"$USER:$DOMAIN\""
        fi
        (( ++i))
    done
    echo "]"
 }
 # SHELL list function
 shell_list() {
    IFS=$'\n'
    echo "USER   DOMAIN"
    echo "----   ------"
    for str in $search_cmd; do
        eval $str
        echo "$USER $DOMAIN"
    done
 }
 # PLAIN list function
 plain_list() {
    IFS=$'\n'
    for str in $search_cmd; do
        eval $str
        echo -e "$USER\t$DOMAIN"
    done
 }
 # CSV list function
 csv_list() {
    IFS=$'\n'
    echo "USER,DOMAIN"
    for str in $search_cmd; do
        eval $str
        echo  "$USER,$DOMAIN"
    done
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
    cut -f 1 -d ' ' |\
    sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
 # Listing data
 case $format in
    json)   json_list ;;
    plain)  plain_list ;;
    csv)    csv_list ;;
    shell)  shell_list |column -t ;;
 esac
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 exit
--- a/bin/v-sign-letsencrypt-csr
+++ b/bin/v-sign-letsencrypt-csr
@ -1,110 +0,0 @@
 #!/bin/bash
 # info: sing letsencrypt csr
 # options: USER DOMAIN CSR_DIR [FORMAT]
 #
 # The function signs certificate request using LetsEncript API
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 user=$1
 domain=$2
 csr="$3/$domain.csr"
 format=$4
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 # encode base64
 encode_base64() {
    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 check_args '3' "$#" 'USER DOMAIN CSR'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
    check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
 fi
 check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
 if [ -z "$check_domain" ]; then
    check_result $E_NOTEXIST "domain $domain doesn't exist"
 fi
 if [ ! -e "$csr" ]; then
    check_result $E_NOTEXIST "$csr doesn't exist"
 fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 source $USER_DATA/ssl/le.conf
 api='https://acme-v01.api.letsencrypt.org'
 key="$USER_DATA/ssl/user.key"
 exponent="$EXPONENT"
 modulus="$MODULUS"
 thumb="$THUMB"
 # Defining JWK header
 header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
 header='{"alg":"RS256","jwk":'"$header"'}'
 # Requesting nonce
 nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
 protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
 # Defining ACME query (request challenge)
 csr=$(openssl req -in $csr -outform DER |encode_base64)
 query='{"resource":"new-cert","csr":"'$csr'"}'
 payload=$(echo -n "$query" |encode_base64)
 signature=$(printf "%s" "$protected.$payload" |\
    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
 data='{"header":'"$header"',"protected":"'"$protected"'",'
 data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
 # Sending request to LetsEncrypt API
 answer=$(mktemp)
 curl -s -d "$data" "$api/acme/new-cert" -o $answer
 if [ ! -z "$(grep Error $answer)" ]; then
    detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
    detail=$(echo "$detail" |awk -F "::" '{print $2}')
    rm $answer
    check_result $E_LIMIT "$detail"
 fi
 # Printing certificate
 crt=$(cat "$answer" |openssl base64 -e)
 rm $answer
 if [ "$format" != 'json' ]; then
    echo "-----BEGIN CERTIFICATE-----"
    echo "$crt"
    echo "-----END CERTIFICATE-----"
 else
    echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
    echo -n '-----BEGIN CERTIFICATE-----\n'
    echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
    echo -n '-----END CERTIFICATE-----'
    echo -e  "\"\n\t\t}\n\t}"
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit
--- a/bin/v-stop-firewall
+++ b/bin/v-stop-firewall
@ -56,7 +56,7 @@ bash $tmp 2>/dev/null
 rm -f $tmp
 # Saving rules to the master iptables file
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    /sbin/iptables-save > /etc/sysconfig/iptables
    if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
        /sbin/chkconfig iptables off
--- a/bin/v-suspend-dns-domain
+++ b/bin/v-suspend-dns-domain
@ -41,6 +41,16 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain"
 #                       Action                             #
 #----------------------------------------------------------#
 # Deleting system configs
 if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
    if [ -e '/etc/named.conf' ]; then
        dns_conf='/etc/named.conf'
    else
        dns_conf='/etc/bind/named.conf'
    fi
    sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-unsuspend-dns-domain
+++ b/bin/v-unsuspend-dns-domain
@ -40,7 +40,21 @@ is_object_suspended 'dns' 'DOMAIN' "$domain"
 #                       Action                             #
 #----------------------------------------------------------#
 # Creating system configs
 if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
    if [ -e '/etc/named.conf' ]; then
        dns_conf='/etc/named.conf'
        dns_group='named'
    else
        dns_conf='/etc/bind/named.conf'
        dns_group='bind'
    fi
    # Adding zone in named.conf
    named="zone \"$domain_idn\" {type master; file"
    named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};"
    echo "$named" >> $dns_conf
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-unsuspend-mail-account
+++ b/bin/v-unsuspend-mail-account
@ -48,6 +48,9 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
    md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
    quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
    if [ "$quota" = 'unlimited' ]; then
        quota=0
    fi
    sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
    echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
--- a/bin/v-update-firewall
+++ b/bin/v-update-firewall
@ -51,11 +51,6 @@ if [ $? -ne 0 ]; then
    conntrack_ftp='no'
 fi
 # Checking custom OpenSSH  port
 sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
 if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22"  ]; then
    sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
 fi
 # Creating temporary file
 tmp=$(mktemp)
@ -157,7 +152,7 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then
 fi
 # Saving rules to the master iptables file
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
    /sbin/iptables-save > /etc/sysconfig/iptables
    if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
        /sbin/chkconfig iptables on
--- a/bin/v-update-host-certificate
+++ b/bin/v-update-host-certificate
@ -72,11 +72,16 @@ chown $exim_user:mail $VESTA/ssl/certificate.crt
 chown $exim_user:mail $VESTA/ssl/certificate.key
 # Restart exim, dovecot & vesta
-v-restart-mail
+$BIN/v-restart-mail
-v-restart-service dovecot
+if [ ! -z "$IMAP_SYSTEM" ]; then
-v-restart-service vesta
+    $BIN/v-restart-service "$IMAP_SYSTEM"
-
+fi
-
+if [ ! -z "$FTP_SYSTEM" ]; then
    $BIN/v-restart-service "$FTP_SYSTEM"
 fi
 if [ -f "/var/run/vesta-nginx.pid" ]; then
    kill -HUP $(cat /var/run/vesta-nginx.pid)
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-update-letsencrypt-ssl
+++ b/bin/v-update-letsencrypt-ssl
@ -22,42 +22,63 @@ source $VESTA/conf/vesta.conf
 #                       Action                             #
 #----------------------------------------------------------#
-# Defining user list
+lecounter=0
-users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
+hostname=$(hostname)
-# Checking users
+echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
-for user in $users; do
+
 # Checking user certificates
 for user in $($BIN/v-list-users plain |cut -f 1); do
    USER_DATA=$VESTA/data/users/$user
-    # Checking user certificates
+
    for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
-        crt="$VESTA/data/users/$user/ssl/$domain.crt"
+        limit_check=1
-        crt_data=$(openssl x509 -text -in "$crt")
+        fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
-        expire=$(echo "$crt_data" |grep "Not After")
+
-        expire=$(echo "$expire" |cut -f 2,3,4 -d :)
+        if [[ "$hostname" = "$domain" ]]; then
-        expire=$(date -d "$expire" +%s)
+            if [[ "$fail_counter" -eq 7 ]]; then
                limit_check=0
            fi
            if [[ "$fail_counter" -eq 8 ]]; then
                fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
                send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
            fi
        fi
        if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
            # echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
            echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
            continue;
        fi
        crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
        not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
        expiration=$(date -d "$not_after" +%s)
        now=$(date +%s)
-        expire=$((expire - now))
+        seconds_valid=$((expiration - now))
-        expire=$((expire / 86400))
+        days_valid=$((seconds_valid / 86400))
-        domain=$(basename $crt |sed -e "s/.crt$//")
+        if [[ "$days_valid" -lt 31 ]]; then
-        if [[ "$expire" -lt 31 ]]; then
+            if [ $lecounter -gt 0 ]; then
                sleep 120
            fi
            ((lecounter++))
            aliases=$(echo "$crt_data" |grep DNS:)
-            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
+            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
            aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
-            aliases=$(echo "$aliases" |grep -v "^$domain$")
+            aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
-            if [ ! -z "$aliases" ]; then
+            aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
-                aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
+            msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
-                msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
+            if [ $? -ne 0 ]; then
-                if [ $? -ne 0 ]; then
+                if [[ $msg == *"is suspended" ]]; then
-                    echo "$domain $msg"
+                    echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
-                fi
+                else
-            else
+                    echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
                msg==$($BIN/v-add-letsencrypt-domain $user $domain)
                if [ $? -ne 0 ]; then
                    echo "$domain $msg"
                    fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
                    echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
                    echo "fail_counter = $fail_counter"
                fi
            fi
            sleep 10
        fi
    done
 done
--- a/bin/v-update-sys-ip
+++ b/bin/v-update-sys-ip
@ -1,6 +1,6 @@
 #!/bin/bash
 # info: update system ip
-# options: [USER] [IP_STATUS]
+# options: [NONE]
 #
 # The function scans configured ip in the system and register them with vesta
 # internal database. This call is intended for use on vps servers, where ip is
@ -11,12 +11,10 @@
 #                    Variable&Function                     #
 #----------------------------------------------------------#
-# Argument definition
+# Importing system variables
-user=${1-admin}
+source /etc/profile
 ip_status=${2-shared}
 # Includes
 source /etc/profile.d/vesta.sh
 source $VESTA/func/main.sh
 source $VESTA/func/ip.sh
 source $VESTA/conf/vesta.conf
@ -26,87 +24,84 @@ source $VESTA/conf/vesta.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 check_args '0' "$#" '[USER] [IP_STATUS]'
 is_format_valid 'user' 'ip_status'
 is_object_valid 'user' 'USER' "$user" "$user"
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
-# Get list of ip addresses
+# Listing system ip addresses
-ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}')
+ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/)
-ip_list=$(echo "$ip_list"|cut -f 1 -d /)
+v_ips=$(ls $VESTA/data/ips/)
-ip_num=$(echo "$ip_list" | wc -l)
+ip_num=$(echo "$ips" |wc -l)
 v_ip_num=$(echo "$v_ips" |wc -l)
-# WorkAround for DHCP IP address
+# Checking primary IP change
-vst_ip_list=$(ls $VESTA/data/ips/)
+if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
-vst_ip_num=$(echo "$vst_ip_list" | wc -l)
+    if [ "$ips" != "$v_ips" ]; then
-
+        new=$ips
-if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then
+        old=$v_ips
    if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then
        new=$ip_list
        old=$vst_ip_list
        mv $VESTA/data/ips/$old $VESTA/data/ips/$new
        if [ ! -z "$PROXY_SYSTEM" ]; then
            mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \
                /etc/$PROXY_SYSTEM/conf.d/$new.conf
            sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf
        fi
        if [ ! -z "$WEB_SYSTEM" ]; then
            mv /etc/$WEB_SYSTEM/conf.d/$old.conf \
                /etc/$WEB_SYSTEM/conf.d/$new.conf
            sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf
            sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
            # Rebuild web domains
            for user in $(ls $VESTA/data/users/); do
                $BIN/v-rebuild-web-domains $user no
            done
        fi
        if [ ! -z "$FTP_SYSTEM" ];then
            ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
            sed -i "s/$old/$new/g" $ftpd_conf_file
        fi
        # Restarting web server
        $BIN/v-restart-web
        # Restarting ftp server
        $BIN/v-restart-ftp
        # Restarting proxy server
        if [ ! -z "$PROXY_SYSTEM" ]; then
            $BIN/v-restart-proxy
        fi
        # Restarting firewall
        if [ ! -z "$FIREWALL_SYSTEM" ]; then
            $BIN/v-update-firewall
        fi
        if [ ! -z "$DNS_SYSTEM" ]; then
            # Rebuild dns domains
            for user in $(ls $VESTA/data/users/); do
                sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf
                sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf
                $BIN/v-rebuild-dns-domains $user no
            done
            $BIN/v-restart-dns
            check_result $? "dns restart failed" >/dev/null
        fi
        # No further comparation is needed
        exit
    fi
 fi
-# Compare ips
+# Updating configs
-for ip in $ip_list; do
+if [ ! -z "$old" ]; then
    mv $VESTA/data/ips/$old $VESTA/data/ips/$new
    # Updating PROXY
    if [ ! -z "$PROXY_SYSTEM" ]; then
        cd /etc/$PROXY_SYSTEM/conf.d
        if [ -e "$old.conf" ]; then
            mv $old.conf $new.conf
            sed -i "s/$old/$new/g" $new.conf
        fi
    fi
    # Updating WEB
    if [ ! -z "$WEB_SYSTEM" ]; then
        cd /etc/$WEB_SYSTEM/conf.d
        if [ -e "$old.conf" ]; then
            mv $old.conf $new.conf
            sed -i "s/$old/$new/g" $new.conf
        fi
        sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
        for user in $(ls $VESTA/data/users/); do
            $BIN/v-rebuild-web-domains $user no
        done
        $BIN/v-restart-proxy
        $BIN/v-restart-web
    fi
    # Updating DNS
    if [ ! -z "$DNS_SYSTEM" ]; then
        sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf
        sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf
        for user in $(ls $VESTA/data/users/); do
            $BIN/v-rebuild-dns-domains $user no
        done
        $BIN/v-restart-dns
    fi
    # Updating FTP
    if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then
        conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
        if [ ! -z "$conf" ]; then
            sed -i "s/$old/$new/g" $conf
            $BIN/v-restart-ftp
        fi
    fi
    # Updating firewall
    if [ ! -z "$FIREWALL_SYSTEM" ]; then
        sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
        $BIN/v-update-firewall
    fi
 fi
 # Adding system IP
 for ip in $ips; do
    check_ifconfig=$(/sbin/ifconfig |grep "$ip")
    if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then
-        interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq)
+        interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq)
        interface=$(echo "$interface" |cut -f 1 -d : |head -n 1)
        netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ )
        netmask=$(convert_cidr $netmask)
@ -114,6 +109,15 @@ for ip in $ip_list; do
    fi
 done
 # Updating NAT
 pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
 if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then
    if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then
        ip=$(ls -t $VESTA/data/ips/ |head -n1)
        $BIN/v-change-sys-ip-nat $ip $pub_ip
    fi
 fi
 #----------------------------------------------------------#
 #                       Vesta                              #
--- a/bin/v-update-sys-rrd-mem
+++ b/bin/v-update-sys-rrd-mem
@ -61,13 +61,13 @@ fi
 # Parsing data
 if [ "$period" = 'daily' ]; then
    mem=$(free -m)
-    used=$(echo "$mem" |grep Mem |awk '{print $3}')
+    used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}')
    if [ -z "$(echo "$mem" | grep available)" ]; then
-        free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
+        free=$(echo "$mem" |grep buff/cache |awk '{print $4}')
    else
-        free=$(echo "$mem" |grep Mem |awk '{print $7}')
+        free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}')
    fi
-    swap=$(echo "$mem" |grep Swap |awk '{print $3}')
+    swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}')
    # Updating rrd
    rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free
--- a/bin/v-update-sys-rrd-mysql
+++ b/bin/v-update-sys-rrd-mysql
@ -14,6 +14,7 @@ period=${1-daily}
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/db.sh
 source $VESTA/conf/vesta.conf
@ -66,23 +67,10 @@ for host in $hosts; do
    fi
    if [ "$period" = 'daily' ]; then
-        # Defining host credentials
+        mysql_connect $host
-        host_str=$(grep "HOST='$host'" $conf)
+        query='SHOW GLOBAL STATUS'
-        for key in $host_str; do
+        status=$(mysql_query "$query" 2>/dev/null)
-            eval ${key%%=*}=${key#*=}
+        if [ $? -ne 0 ]; then
        done
        sql="mysql -h $HOST -u $USER -p$PASSWORD -e"
        # Checking empty vars
        if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ]; then
            echo "Error: config is broken"
            log_event "$E_PARSING" "$ARGUMENTS"
            exit $E_PARSING
        fi
        # Parsing data
        status=$($sql "SHOW GLOBAL STATUS" 2>/dev/null); code="$?"
        if [ '0' -ne "$code" ]; then
            active=0
            slow=0
        else
--- a/bin/v-update-sys-rrd-pgsql
+++ b/bin/v-update-sys-rrd-pgsql
@ -85,7 +85,7 @@ for host in $hosts; do
        # Parsing data
        q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
                FROM pg_stat_database;'
-        status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?"
+        status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
        if [ '0' -ne "$code" ]; then
            active=0
            slow=0
--- a/bin/v-update-sys-vesta
+++ b/bin/v-update-sys-vesta
@ -28,12 +28,32 @@ source $VESTA/conf/vesta.conf
 # Checking arg number
 check_args '1' "$#" 'PACKAGE'
 valid=0
 if [ "$package" = "vesta" ]; then
    valid=1
 fi
 if [ "$package" = "vesta-nginx" ]; then
    valid=1
 fi
 if [ "$package" = "vesta-php" ]; then
    valid=1
 fi
 if [ "$package" = "vesta-ioncube" ]; then 
    valid=1
 fi
 if [ "$package" = "vesta-softaculous" ]; then
    valid=1
 fi
 if [ $valid -eq 0 ]; then
    echo "Package $package is not valid"
    exit 1
 fi
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
-if [ -e "/etc/redhat-release" ]; then
+if [ -n "$(command -v yum)" ]; then
    # Clean yum chache
    yum -q clean all
--- a/bin/v-update-user-counters
+++ b/bin/v-update-user-counters
@ -53,6 +53,7 @@ for user in $user_list; do
    IP_OWNED=0
    U_USERS=0
    U_DISK=0
    DISK=0 
    U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
    if [ -z "$U_DISK_DIRS" ]; then
        U_DISK_DIRS=0
--- a/bin/v-update-user-quota
+++ b/bin/v-update-user-quota
@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user"
 # Updating disk quota
 # Had quota equals package value. Soft quota equals 90% of package value for warnings.
 quota=$(get_user_value '$DISK_QUOTA')
-soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .)
+soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
 hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
 # Searching home mount point
--- a/bin/v-update-user-stats
+++ b/bin/v-update-user-stats
@ -67,6 +67,9 @@ TOTAL_USERS=0
 # Updating user stats
 for user in $user_list; do
    if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
        continue;
    fi
    USER_DATA=$VESTA/data/users/$user
    source $USER_DATA/user.conf
    next_month=$(date +'%m/01/%y' -d '+ 1 month')
--- a/bin/v-update-web-domain-stat
+++ b/bin/v-update-web-domain-stat
@ -62,7 +62,7 @@ build_webalizer() {
 }
 build_awstats() {
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
        awstats="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl"
        wwwroot="/usr/share/awstats/wwwroot"
        if [  ! -e "$awstats" ]; then
--- a/bin/v-update-web-templates
+++ b/bin/v-update-web-templates
@ -33,7 +33,11 @@ esac
 # Detecting release
 if [ "$version" = 'rhel' ]; then
-    release=$(grep -o "[0-9]" /etc/redhat-release |head -n1)
+    if [ -e '/etc/redhat-release' ]; then
        release=$(grep -o "[0-9]" /etc/redhat-release |head -n1)
    else
        release=6
    fi
 fi
 if [ "$version" = 'ubuntu' ]; then
    release=$(lsb_release -r |awk '{print $2}')
--- a/func/db.sh
+++ b/func/db.sh
@ -38,23 +38,31 @@ mysql_connect() {
        exit $E_CONNECT
    fi
    mysql_ver=$(cat $mysql_out |tail -n1 |cut -f 1 -d -)
    mysql_fork="mysql"
    check_mysql_fork=$(grep "MariaDB" $mysql_out)
    if [ ! -z "$check_mysql_fork" ]; then
        mysql_fork="mariadb"
    fi
    rm -f $mysql_out
 }
 mysql_query() {
-    mysql --defaults-file=$mycnf -e "$1" 2>/dev/null
+    sql_tmp=$(mktemp)
    echo "$1" > $sql_tmp
    mysql --defaults-file=$mycnf < "$sql_tmp"  2>/dev/null
    rm -f "$sql_tmp"
 }
 mysql_dump() {
    err="/tmp/e.mysql"
-    mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err
+    mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
    if [ '0' -ne "$?" ]; then
        rm -rf $tmpdir
        if [ "$notify" != 'no' ]; then
            echo -e "Can't dump database $database\n$(cat $err)" |\
                $SENDMAIL -s "$subj" $email
        fi
-        echo "Error: dump $database failed"
+        echo "Error: dump $database failed\n$(cat $err)"
        log_event  "$E_DB" "$ARGUMENTS"
        exit $E_DB
    fi
@ -84,7 +92,10 @@ psql_connect() {
 }
 psql_query() {
-    psql -h $HOST -U $USER -c "$1" 2>/dev/null
+    sql_tmp=$(mktemp)
    echo "$1" > $sql_tmp
    psql -h $HOST -U $USER -f "$sql_tmp" 2>/dev/null
    rm -f $sql_tmp
 }
 psql_dump() {
@ -311,7 +322,7 @@ delete_pgsql_database() {
    psql_connect $HOST
    query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
-    psql_qyery "$query" > /dev/null
+    psql_query "$query" > /dev/null
    query="DROP DATABASE $database"
    psql_query "$query" > /dev/null
--- a/func/domain.sh
+++ b/func/domain.sh
@ -215,7 +215,11 @@ add_web_config() {
        fi
    fi
-    trigger="${2/.*pl/.sh}"
+    trigger="${2/%.tpl/.sh}"
    if [[ "$2" =~ stpl$ ]]; then
        trigger="${2/%.stpl/.sh}"
    fi
    if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
        $WEBTPL/$1/$WEB_BACKEND/$trigger \
            $user $domain $local_ip $HOMEDIR \
@ -269,7 +273,7 @@ replace_web_config() {
    fi
 }
-# Delete web configuartion
+# Delete web configuration
 del_web_config() {
    conf="$HOMEDIR/$user/conf/web/$domain.$1.conf"
    if [[ "$2" =~ stpl$ ]]; then
@ -285,12 +289,16 @@ del_web_config() {
        if [[ "$2" =~ stpl$ ]]; then
            conf="$HOMEDIR/$user/conf/web/s$1.conf"
        fi
-        get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
+        if [ -e "$conf" ]; then
-        sed -i "$top_line,$bottom_line d" $conf
+            get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
-
+            sed -i "$top_line,$bottom_line d" $conf
-        web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
+        fi
-        if [ "$web_domain" -eq '0' ]; then
+    fi
-            sed -i "/.*\/$user\/.*$1.conf/d" /etc/$1/conf.d/vesta.conf
+    # clean-up for both config styles if there is no more domains
    web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
    if [ "$web_domain" -eq '0' ]; then
        sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf
        if [ -f "$conf" ]; then
            rm -f $conf
        fi
    fi
@ -335,7 +343,7 @@ is_web_domain_cert_valid() {
        check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
    fi
-    openssl s_server -quiet -cert $ssl_dir/$domain.crt \
+    openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
        -key $ssl_dir/$domain.key >> /dev/null 2>&1 &
    pid=$!
    sleep 0.5
@ -404,6 +412,24 @@ update_domain_zone() {
            VALUE=$(idn --quiet -a -t "$VALUE")
        fi
        # Split long TXT entries into 255 chunks
        if [ "$TYPE" = 'TXT' ]; then
            txtlength=${#VALUE}
            if [ $txtlength -gt 255 ]; then
                already_chunked=0
                if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
                    already_chunked=1
                fi
                if [ $already_chunked -eq 0 ]; then
                    if [[ ${VALUE:0:1} = '"' ]]; then
                        txtlength=$(( $txtlength - 2 ))
                        VALUE=${VALUE:1:txtlength}
                    fi
                    VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
                fi
            fi
        fi
        if [ "$SUSPENDED" != 'yes' ]; then
            eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
        fi
--- a/func/ip.sh
+++ b/func/ip.sh
@ -26,7 +26,7 @@ get_ip_iface() {
 }
-# Check ip address speciefic value
+# Check ip address specific value
 is_ip_key_empty() {
    key="$1"
    string=$(cat $VESTA/data/ips/$ip)
@ -141,7 +141,7 @@ get_real_ip() {
    else
        nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
        if [ ! -z "$nat" ]; then
-            echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
+            echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
        fi
    fi
 }
--- a/func/main.sh
+++ b/func/main.sh
@ -35,6 +35,7 @@ E_DB=17
 E_RRD=18
 E_UPDATE=19
 E_RESTART=20
 E_TEAPOT=418
 # Event string for logger
 for ((I=1; I <= $# ; I++)); do
@ -212,7 +213,8 @@ is_object_new() {
 # Check if object is valid
 is_object_valid() {
    if [ $2 = 'USER' ]; then
-        if [ ! -d "$VESTA/data/users/$3" ]; then
+        user_vst_dir=$(basename $3)
        if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
            check_result $E_NOTEXIST "$1 $3 doesn't exist"
        fi
    else
@ -273,11 +275,41 @@ is_object_value_exist() {
 is_password_valid() {
    if [[ "$password" =~ ^/tmp/ ]]; then
        if [ -f "$password" ]; then
-            password=$(head -n1 $password)
+            password="$(head -n1 $password)"
        fi
    fi
 }
 # Check if hash is transmitted via file
 is_hash_valid() {
    if [[ "$hash" =~ ^/tmp/ ]]; then
        if [ -f "$hash" ]; then
            hash="$(head -n1 $hash)"
        fi
    fi
 }
 # Check if directory is a symlink
 is_dir_symlink() {
    if [[ -L "$1" ]]; then
        check_result $E_FORBIDEN "$1 directory is a symlink"
    fi
 }
 # Check if file exists
 if_file_exists() {
    if [[ -f "$1" ]]; then
        check_result $E_FORBIDEN "$1 file exists"
    fi
 }
 # Check if directory exists
 if_dir_exists() {
    if [[ -d "$1" ]]; then
        check_result $E_FORBIDEN "$1 directory exists"
    fi
 }
 # Get object value
 get_object_value() {
    object=$(grep "$2='$3'" $USER_DATA/$1.conf)
@ -516,7 +548,7 @@ is_user_format_valid() {
 is_domain_format_valid() {
    object_name=${2-domain}
    exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]"
-    if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then
+    if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then
        check_result $E_INVALID "invalid $object_name format :: $1"
    fi
 }
@ -634,8 +666,8 @@ is_date_format_valid() {
 is_dbuser_format_valid() {
    exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|/|\|\"|'|;|%|\`| ]"
    if [ 17 -le ${#1} ]; then
-		check_result $E_INVALID "mysql username can be up to 16 characters long"
+        check_result $E_INVALID "mysql username can be up to 16 characters long"
-	fi
+    fi
    if [[ "$1" =~ $exclude ]]; then
        check_result $E_INVALID "invalid $2 format :: $1"
    fi
@ -643,7 +675,7 @@ is_dbuser_format_valid() {
 # DNS record type validator
 is_dns_type_format_valid() {
-    known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA'
+    known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
    if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
        check_result $E_INVALID "invalid dns record type format :: $1"
    fi
@ -723,8 +755,12 @@ is_ip_status_format_valid() {
 # Cron validator
 is_cron_format_valid() {
-    limit=60
+    limit=59
    check_format=''
    if [ "$2" = 'hour' ]; then
        limit=23
    fi
    if [ "$2" = 'day' ]; then
        limit=31
    fi
@ -753,9 +789,13 @@ is_cron_format_valid() {
            fi
        done
    fi
-    if [[ "$1" =~ ^[0-9]+$ ]] && [ "$1" -le $limit ]; then
+    crn_values=$(echo $1 |tr "," " " | tr "-" " ")
-        check_format='ok'
+    for crn_vl in $crn_values
-    fi
+        do
            if [[ "$crn_vl" =~ ^[0-9]+$ ]] && [ "$crn_vl" -le $limit ]; then
                 check_format='ok'
              fi
        done
    if [ "$check_format" != 'ok' ]; then
        check_result $E_INVALID "invalid $2 format :: $1"
    fi
@ -770,7 +810,7 @@ is_name_format_valid() {
 # Object validator
 is_object_format_valid() {
-    if ! [[ "$1" =~ ^[[:alnum:]][-|\.|_[:alnum:]]{0,28}[[:alnum:]]$ ]]; then
+    if ! [[ "$1" =~ ^[[:alnum:]][-|\.|_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
        check_result $E_INVALID "invalid $2 format :: $1"
    fi
 }
@ -781,6 +821,32 @@ is_password_format_valid() {
        check_result $E_INVALID "invalid password format :: $1"
    fi
 }
 # Missing function - 
 # Before: validate_format_shell 
 # After: is_format_valid_shell
 is_format_valid_shell() {	
    if [ -z "$(grep -w $1 /etc/shells)" ]; then	
        echo "Error: shell $1 is not valid"	
        log_event "$E_INVALID" "$EVENT"	
        exit $E_INVALID	
    fi	
 }
 format_no_quotes() {
    exclude="['|\"]"
    if [[ "$1" =~ $exclude ]]; then
       check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
    fi
    is_no_new_line_format "$1"
 }
 is_no_new_line_format() {
    test=$(echo "$1" | head -n1 );
    if [[ "$test" != "$1" ]]; then
      check_result "$E_INVALID" "invalid value :: $1"
    fi
 }
 # Format validation controller
 is_format_valid() {
@ -790,11 +856,12 @@ is_format_valid() {
            case $arg_name in
                account)        is_user_format_valid "$arg" "$arg_name";;
                action)         is_fw_action_format_valid "$arg";;
                alias)          is_alias_format_valid "$arg" ;;
                aliases)        is_alias_format_valid "$arg" ;;
                antispam)       is_boolean_format_valid "$arg" 'antispam' ;;
                antivirus)      is_boolean_format_valid "$arg" 'antivirus' ;;
                autoreply)      is_autoreply_format_valid "$arg" ;;
-                backup)         is_user_format_valid "$arg" 'backup' ;;
+                backup)         is_object_format_valid "$arg" 'backup' ;;
                charset)        is_object_format_valid "$arg" "$arg_name" ;;
                charsets)       is_common_format_valid "$arg" 'charsets' ;;
                comment)        is_object_format_valid "$arg" 'comment' ;;
@ -815,6 +882,7 @@ is_format_valid() {
                host)           is_object_format_valid "$arg" "$arg_name" ;;
                hour)           is_cron_format_valid "$arg" $arg_name ;;
                id)             is_int_format_valid "$arg" 'id' ;;
                interface)      is_interface_format_valid "$arg" ;;
                ip)             is_ip_format_valid "$arg" ;;
                ip_name)        is_domain_format_valid "$arg" 'IP name';;
                ip_status)      is_ip_status_format_valid "$arg" ;;
@ -849,6 +917,8 @@ is_format_valid() {
                rtype)          is_dns_type_format_valid "$arg" ;;
                rule)           is_int_format_valid "$arg" "rule id" ;;
                soa)            is_domain_format_valid "$arg" 'SOA' ;;	
                #missing command: is_format_valid_shell
                shell)          is_format_valid_shell "$arg" ;;
                stats_pass)     is_password_format_valid "$arg" ;;
                stats_user)     is_user_format_valid "$arg" "$arg_name" ;;
                template)       is_object_format_valid "$arg" "$arg_name" ;;
@ -898,7 +968,85 @@ format_aliases() {
        aliases=$(echo "$aliases" |tr -s '.')
        aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
        aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
-        aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d")
+        aliases=$(echo "$aliases" |sed -e "/^$/d")
        aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
    fi
 }
 alter_web_counter() {
    user=$1
    domain=$2
    USER_DATA=$VESTA/data/users/$user
    varc=$3
    vard="\$${varc}"
    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
    if [ -z "$counter" ]; then
        add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
        counter=0
    fi
    ((counter++))
    backup_counter=$counter
    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
    counter=$backup_counter
    echo $counter
 }
 reset_web_counter() {
    user=$1
    domain=$2
    USER_DATA=$VESTA/data/users/$user
    varc=$3
    vard="\$${varc}"
    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
 }
 get_web_counter() {
    user=$1
    domain=$2
    USER_DATA=$VESTA/data/users/$user
    varc=$3
    vard="\$${varc}"
    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
    if [ -z "$counter" ]; then
        counter=0
    fi
    echo $counter
 }
 # Simple chmod wrapper that skips symlink files after glob expand
 # Taken from HestiaCP
 no_symlink_chmod() {
    local filemode=$1; shift;
    for i in "$@"; do
        [[ -L ${i} ]] && continue
        chmod "${filemode}" "${i}"
    done
 }
 # $1 = subject
 # $2 = body
 send_email_to_admin() {
    email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
    email=$(echo "$email" | cut -f 2 -d "'")
    if [ -z "$email" ]; then
        if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
            email=$NOTIFY_ADMIN_FULL_BACKUP
        fi
    fi
    if [ -z "$email" ]; then
        return;
    fi
    echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
 }
--- a/func/rebuild.sh
+++ b/func/rebuild.sh
@ -51,7 +51,7 @@ rebuild_user_conf() {
    mkdir -p $HOMEDIR/$user/conf
    chmod a+x $HOMEDIR/$user
    chmod a+x $HOMEDIR/$user/conf
-    chown $user:$user $HOMEDIR/$user
+    chown --no-dereference $user:$user $HOMEDIR/$user
    chown root:root $HOMEDIR/$user/conf
    # Update disk pipe
@ -71,13 +71,16 @@ rebuild_user_conf() {
        echo "$BIN/v-update-web-domains-disk $user" \
            >> $VESTA/data/queue/disk.pipe
        if [[ -L "$HOMEDIR/$user/web" ]]; then
            rm $HOMEDIR/$user/web
        fi
        mkdir -p $HOMEDIR/$user/conf/web
        mkdir -p $HOMEDIR/$user/web
        mkdir -p $HOMEDIR/$user/tmp
        chmod 751 $HOMEDIR/$user/conf/web
        chmod 751 $HOMEDIR/$user/web
        chmod 771 $HOMEDIR/$user/tmp
-        chown $user:$user $HOMEDIR/$user/web
+        chown --no-dereference $user:$user $HOMEDIR/$user/web
        if [ -z "$create_user" ]; then
            $BIN/v-rebuild-web-domains $user $restart
        fi
@ -105,6 +108,9 @@ rebuild_user_conf() {
        echo "$BIN/v-update-mail-domains-disk $user" \
            >> $VESTA/data/queue/disk.pipe
        if [[ -L "$HOMEDIR/$user/mail" ]]; then
            rm $HOMEDIR/$user/mail
        fi
        mkdir -p $HOMEDIR/$user/conf/mail
        mkdir -p $HOMEDIR/$user/mail
        chmod 751 $HOMEDIR/$user/mail
@ -146,7 +152,7 @@ rebuild_web_domain_conf() {
    prepare_web_domain_values
    # Rebuilding domain directories
-    mkdir -p $HOMEDIR/$user/web/$domain \
+    sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/public_html \
        $HOMEDIR/$user/web/$domain/public_shtml \
        $HOMEDIR/$user/web/$domain/document_errors \
@ -172,14 +178,15 @@ rebuild_web_domain_conf() {
    # Propagating html skeleton
    if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
-        cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/
+        sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
            $HOMEDIR/$user/web/$domain/
    fi
    # Set folder permissions
-    chmod 551 $HOMEDIR/$user/web/$domain \
+    no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/stats \
        $HOMEDIR/$user/web/$domain/logs
-    chmod 751 $HOMEDIR/$user/web/$domain/private \
+    no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
        $HOMEDIR/$user/web/$domain/cgi-bin \
        $HOMEDIR/$user/web/$domain/public_html \
        $HOMEDIR/$user/web/$domain/public_shtml \
@ -187,7 +194,7 @@ rebuild_web_domain_conf() {
    chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
    # Set ownership
-    chown $user:$user $HOMEDIR/$user/web/$domain \
+    chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/private \
        $HOMEDIR/$user/web/$domain/cgi-bin \
        $HOMEDIR/$user/web/$domain/public_html \
@ -535,12 +542,30 @@ rebuild_mail_domain_conf() {
 rebuild_mysql_database() {
    mysql_connect $HOST
    mysql_query "CREATE DATABASE \`$DB\` CHARACTER SET $CHARSET" >/dev/null
-    if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then
+    if [ "$mysql_fork" = "mysql" ]; then
-        mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" >/dev/null
+        # mysql
-        mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" >/dev/null
+        if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then
-        query="UPDATE mysql.user SET authentication_string='$MD5'"
+            # mysql >= 5.7
-        query="$query WHERE User='$DBUSER'"
+            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
            query="UPDATE mysql.user SET authentication_string='$MD5'"
            query="$query WHERE User='$DBUSER'"
        else
            # mysql < 5.7
            query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
        fi
    else
        # mariadb
        if [ "$(echo $mysql_ver |cut -d '.' -f1)" -eq 5 ]; then
            # mariadb = 5
            mysql_query "CREATE USER \`$DBUSER\`" > /dev/null
            mysql_query "CREATE USER \`$DBUSER\`@localhost" > /dev/null
        else
            # mariadb = 10
            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
        fi
        # mariadb any version
        query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
    fi
    mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@\`%\`" >/dev/null
@ -576,7 +601,7 @@ rebuild_pgsql_database() {
        exit $E_CONNECT
    fi
-    query="CREATE ROLE $DBUSER"
+    query="CREATE ROLE $DBUSER WITH LOGIN"
    psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
    query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
@ -593,7 +618,7 @@ rebuild_pgsql_database() {
    query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
    psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
-    query="GRANT CONNECT ON DATABASE template1 to $dbuser"
+    query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
    psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
 }
--- a/install/debian/7/nginx/nginx.conf
+++ b/install/debian/7/nginx/nginx.conf
@ -50,6 +50,7 @@ http {
    # Compression
    gzip                on;
    gzip_vary           on;
    gzip_comp_level     9;
    gzip_min_length     512;
    gzip_buffers        8 64k;
--- a/install/debian/7/nginx/phpmyadmin.inc
+++ b/install/debian/7/nginx/phpmyadmin.inc
@ -1,5 +1,5 @@
 location /phpmyadmin {
-    alias /usr/share/phpmyadmin/;
+    alias /usr/share/phpmyadmin;
    location ~ /(libraries|setup) {
        return 404;
--- a/Show more
+++ b/Show more