Merge pull request #2302 from pdapnz/fix_bug_url_parsing

fix bug https://github.com/outroll/vesta/issues/2301
Update README.md to use HTTPS
2025-08-20 21:34:11 -07:00 · 2025-04-25 13:41:17 +10:00 · 2024-07-02 13:34:58 +10:00 · 2024-04-18 12:52:49 +03:00 · 2024-02-26 13:42:55 +11:00 · 2022-12-08 13:41:08 +03:00
1713 changed files with 83246 additions and 17303 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
+src/react/node_modules
+src/react/build
+/.idea
--- a/README.md
+++ b/README.md
@ -1,6 +1,8 @@
 [Vesta Control Panel](http://vestacp.com/)
 ==================================================

+Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
+
 [![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

 * Vesta is an open source hosting control panel.
@ -16,7 +18,7 @@ ssh root@your.server

 Download the installation script, and run it:
 ```bash
-curl http://vestacp.com/pub/vst-install.sh | bash
+curl https://vestacp.com/pub/vst-install.sh | bash
 ```

 How to install (3 step)
@ -29,7 +31,7 @@ ssh root@your.server

 Download the installation script:
 ```bash
-curl -O http://vestacp.com/pub/vst-install.sh
+curl -O https://vestacp.com/pub/vst-install.sh
 ```
 Then run it:
 ```bash
@ -38,5 +40,5 @@ bash vst-install.sh

 License
 ----------------------------
-Vesta is licensed under  [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license
+Vesta is licensed under  [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license

--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to dev@vestacp.com
--- a/bin/v-activate-vesta-license
+++ b/bin/v-activate-vesta-license
@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf

 # Checking arg number
 check_args '2' "$#" 'MODULE LICENSE'
-
+is_user_format_valid "$license" "license"

 #----------------------------------------------------------#
 #                       Action                             #
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'

 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
+answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT

 # Checking server answer
--- a/bin/v-add-backup-host
+++ b/bin/v-add-backup-host
@ -38,8 +38,7 @@ EOF
 sftpc() {
    expect -f "-" <<EOF "$@"
        set count 0
-        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
-            Port=$port $user@$host
+        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
        expect {
            "password:" {
                send "$password\r"
@ -94,12 +93,14 @@ EOF

 if [ "$type" != 'local' ];then
    check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
-    is_format_valid 'host'
+    is_format_valid 'user' 'host' 'path' 'port'
    is_password_valid
    if [ "$type" = 'sftp' ]; then
        which expect >/dev/null 2>&1
        check_result $? "expect command not found"  $E_NOTEXIST
    fi
+    host "$host" >/dev/null 2>&1
+    check_result $? "host connection failed" "$E_CONNECT"
 fi


--- a/bin/v-add-dns-on-web-alias
+++ b/bin/v-add-dns-on-web-alias
@ -55,7 +55,7 @@ if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
 fi

 # Adding top-level domain and then its sub
-$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' $restart >> /dev/null
+$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null

 # Checking top-level domain
 if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then
--- a/bin/v-add-dns-record
+++ b/bin/v-add-dns-record
@ -45,10 +45,12 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
    fi
 fi

-dvalue=${dvalue//\"/}
+if [ $rtype != "CAA" ]; then
+    dvalue=${dvalue//\"/}

-if [[ "$dvalue" =~ [\;[:space:]] ]]; then
-    dvalue='"'"$dvalue"'"'
+    if [[ "$dvalue" =~ [\;[:space:]] ]]; then
+        dvalue='"'"$dvalue"'"'
+    fi
 fi

 # Additional argument formatting
--- a/bin/v-add-firewall-chain
+++ b/bin/v-add-firewall-chain
@ -22,7 +22,7 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
 iptables="/sbin/iptables"

 # Get vesta port by reading nginx.conf
-vestaport=$(grep 'listen' /usr/local/vesta/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
+vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
 if [ -z "$vestaport" ]; then
    vestaport=8083
 fi
@ -47,7 +47,13 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'

 # Checking known chains
 case $chain in
-    SSH)        port=22; protocol=TCP ;;
+    SSH)        # Get ssh port by reading ssh config file.
+                sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
+                if [ -z "$sshport" ]; then
+                    sshport=22
+                fi
+                port=$sshport; 
+                protocol=TCP ;;
    FTP)        port=21; protocol=TCP  ;;
    MAIL)       port='25,465,587,2525,110,995,143,993'; protocol=TCP  ;;
    DNS)        port=53; protocol=UDP  ;;
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@ -1,13 +1,8 @@
 #!/bin/bash
-# info: adding letsencrypt ssl cetificate for domain
-# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
+# info: check letsencrypt domain
+# options: USER DOMAIN [ALIASES]
 #
-# The function turns on SSL support for a domain. Parameter ssl_dir is a path
-# to directory where 2 or 3 ssl files can be found. Certificate file
-# domain.tld.crt and its key domain.tld.key  are mandatory. Certificate
-# authority domain.tld.ca file is optional. If home directory  parameter
-# (ssl_home) is not set, https domain uses public_shtml as separate
-# documentroot directory.
+# The function check and validates domain with Let's Encript


 #----------------------------------------------------------#
@ -18,8 +13,9 @@
 user=$1
 domain=$2
 aliases=$3
-restart=$4
-notify=$5
+
+# LE API
+API='https://acme-v02.api.letsencrypt.org'

 # Includes
 source $VESTA/func/main.sh
@ -27,98 +23,346 @@ source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf

 # Additional argument formatting
-format_domain_idn
+format_identifier_idn() {
+    identifier_idn=$identifier
+    if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
+        identifier_idn=$(idn -t --quiet -a $identifier_idn)
+    fi
+}
+
+# encode base64
+encode_base64() {
+    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
+}
+
+# Let's Encrypt v2 curl function
+query_le_v2() {
+
+    protected='{"nonce": "'$3'",'
+    protected=''$protected' "url": "'$1'",'
+    protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
+    content="Content-Type: application/jose+json"
+
+    payload_=$(echo -n "$2" |encode_base64)
+    protected_=$(echo -n "$protected" |encode_base64)
+    signature_=$(printf "%s" "$protected_.$payload_" |\
+        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
+        encode_base64)
+
+    post_data='{"protected":"'"$protected_"'",'
+    post_data=$post_data'"payload":"'"$payload_"'",'
+    post_data=$post_data'"signature":"'"$signature_"'"}'
+
+    # Save http response to file passed as "$4" arg or print to stdout if not provided
+    # http response headers are always sent to stdout
+    local save_to_file=${4:-"/dev/stdout"}
+    curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+}
+


 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#

-check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [ALIASES]'
+is_format_valid 'user' 'domain' 'aliases'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
+get_domain_values 'web'

+echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
+
+# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
+if [[ "$aliases" != "*.$domain" ]]; then
+    for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
+        check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
+        if [ -z "$check_alias" ]; then
+            echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_NOTEXIST "domain alias $alias doesn't exist"
+        fi
+    done
+fi;

 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

-# Parsing domain data
-get_domain_values 'web'
-
 # Registering LetsEncrypt user account
+echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-letsencrypt-user $user
+echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$?" -ne 0  ]; then
    touch $VESTA/data/queue/letsencrypt.pipe
    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    send_notice "LETSENCRYPT" "Account registration failed"
+    echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "LE account registration" >/dev/null
 fi

 # Parsing LetsEncrypt account data
 source $USER_DATA/ssl/le.conf
-email=$EMAIL

-# Validating domain and aliases
-i=1
-for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
-    $BIN/v-check-letsencrypt-domain $user $alias
-    if [ "$?" -ne 0 ]; then
-        touch $VESTA/data/queue/letsencrypt.pipe
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-        send_notice "LETSENCRYPT" "$alias validation failed"
-        check_result $E_INVALID "LE domain validation" >/dev/null
+# Checking wildcard alias
+if [ "$aliases" = "*.$domain" ]; then
+    echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
+    wildcard='yes'
+    proto="dns-01"
+    if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
+        echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
+    fi
+else
+    proto="http-01"
+fi
+
+# Requesting nonce / STEP 1
+echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(curl -s -I "$API/directory")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt nonce request status $status"
+fi
+
+# Placing new order / STEP 2
+echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
+url="$API/acme/new-order"
+payload='{"identifiers":['
+for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
+    format_identifier_idn
+    payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
+done
+payload=$(echo "$payload"|sed "s/,$//")
+payload=$payload']}'
+echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$url" "$payload" "$nonce")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
+echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
+finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
+echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 201 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt new auth status $status"
+fi
+
+# Requesting authorization token / STEP 3
+echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
+for auth in $authz; do
+    payload=''
+    echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
+    echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+    answer=$(query_le_v2 "$auth" "$payload" "$nonce")
+    echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+    url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
+    echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
+    token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
+    echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
+    nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+    echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+    status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+    echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+    if [[ "$status" -ne 200 ]]; then
+        echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
    fi

-    # Checking LE limits per account
-    if [ "$i" -gt 100 ]; then
-        touch $VESTA/data/queue/letsencrypt.pipe
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-        send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
-        check_result $E_LIMIT "LE can't sign more than 100 domains"
+    # Configuring challenge / STEP 4
+    echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
+    echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
+    if [ "$wildcard" = 'yes'  ]; then
+        record=$(printf "%s" "$token.$THUMB" |\
+            openssl dgst -sha256 -binary |encode_base64)
+        old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
+        old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
+        for old_record in $old_records; do
+            $BIN/v-delete-dns-record "$user" "$domain" "$old_record"
+        done
+        $BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
+        exitstatus=$?
+        echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
+        if [ "$exitstatus" -ne 0  ]; then
+            echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
+        fi
+        check_result $exitstatus "DNS _acme-challenge record wasn't created"
+    else
+        if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
+            if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
+                #  if vesta is behind main nginx
+                well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
+                acme_challenge="$well_known/acme-challenge"
+                mkdir -p $acme_challenge
+                echo "$token.$THUMB" > $acme_challenge/$token
+                echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
+                chown -R $user:$user $well_known
+            else
+                # default nginx method
+                conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
+                sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
+                # if [ ! -e "$conf" ]; then
+                    echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
+                        > $conf
+                    echo '    default_type text/plain;' >> $conf
+                    echo '    return 200 "$1.'$THUMB'";' >> $conf
+                    echo '}' >> $conf
+                # fi
+                echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
+                if [ ! -e "$sconf" ]; then
+                    ln -s "$conf" "$sconf"
+                fi
+                echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log 
+                $BIN/v-restart-proxy
+                if [ -z "$PROXY_SYSTEM" ]; then
+                    # apache-less variant
+                    echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log 
+                    $BIN/v-restart-web
+                fi
+                exitstatus=$?
+                if [ "$exitstatus" -ne 0  ]; then
+                    echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
+                fi
+                check_result $exitstatus "Proxy restart failed" >/dev/null
+            fi
+        else
+            well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
+            acme_challenge="$well_known/acme-challenge"
+            mkdir -p $acme_challenge
+            echo "$token.$THUMB" > $acme_challenge/$token
+            chown -R $user:$user $well_known
+            echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
+            # $BIN/v-restart-web
+            # check_result $? "Web restart failed" >/dev/null
+        fi
+    fi
+
+    # Requesting ACME validation / STEP 5
+    echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
+    validation_check=$(echo "$answer" |grep '"valid"')
+    echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
+    if [[ ! -z "$validation_check" ]]; then
+        validation='valid'
+    else
+        validation='pending'
+    fi
+
+    # Doing pol check on status
+    i=1
+    while [ "$validation" = 'pending' ]; do
+        echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
+        payload='{}'
+        echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+        answer=$(query_le_v2 "$url" "$payload" "$nonce")
+        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+        validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
+        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+        nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+        echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+        status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+        if [[ "$status" -ne 200 ]]; then
+            echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_CONNECT "Let's Encrypt validation status $status"
+        fi
+
+        i=$((i + 1))
+        if [ "$i" -gt 10 ]; then
+            echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_CONNECT "Let's Encrypt domain validation timeout"
+        fi
+        sleeping=$((i*2))
+        echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
+        sleep $sleeping
+    done
+    if [ "$validation" = 'invalid' ]; then
+        echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_CONNECT "Let's Encrypt domain verification failed"
    fi
-    i=$((i++))
 done

-# Generating CSR
-ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
+
+# Generating new ssl certificate
+ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
    "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')

-# Signing CSR
-crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
-if [ "$?" -ne 0 ]; then
-    touch $VESTA/data/queue/letsencrypt.pipe
-    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-    send_notice "LETSENCRYPT" "$alias validation failed"
-    check_result "$E_INVALID" "LE $domain validation"
-fi
-echo "$crt" > $ssl_dir/$domain.crt
+# Sending CSR to finalize order / STEP 6
+echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log

-# Dowloading CA certificate
-le_certs='https://letsencrypt.org/certs'
-x1='lets-encrypt-x1-cross-signed.pem.txt'
-x3='lets-encrypt-x3-cross-signed.pem.txt'
-issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
-if [ -z "$(echo $issuer|grep X3)" ]; then
-    curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
-else
-    curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
+csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
+payload='{"csr":"'$csr'"}'
+echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
+echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
+fi
+
+# Downloading signed certificate / STEP 7
+echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    [ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
+    echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
+fi
+
+# Splitting up downloaded pem
+# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
+crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
+# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
+head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
+
+pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
+# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
+ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
+# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
+ca_end=$(( pem_lines - crt_end + 1 ))
+# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
+tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
+
+# Temporary fix for double "END CERTIFICATE"
+if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
+    sed -i '1,2d' $ssl_dir/$domain.ca
 fi

 # Adding SSL
 ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
 $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
+echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
-if [ "$?" -ne '0' ]; then
+exitstatus=$?
+echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
+if [ "$exitstatus" -ne '0' ]; then
    touch $VESTA/data/queue/letsencrypt.pipe
    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
+    echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
    send_notice 'LETSENCRYPT' "$domain certificate installation failed"
-    check_result $? "SSL install" >/dev/null
+    check_result $exitstatus "SSL install" >/dev/null
 fi

 # Adding LE autorenew cronjob
@ -135,24 +379,20 @@ if [ -z "$LETSENCRYPT" ]; then
 fi
 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'

+reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'

 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#

-# Restarting web
-$BIN/v-restart-web $restart
-if [ "$?" -ne 0  ]; then
-    send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
-fi
-
-# Notifying user
-send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
-
 # Deleteing task from queue
 touch $VESTA/data/queue/letsencrypt.pipe
 sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe

+# Notifying user
+send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
+echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
+
 # Logging
 log_event "$OK" "$ARGUMENTS"

--- a/bin/v-add-letsencrypt-user
+++ b/bin/v-add-letsencrypt-user
@ -1,8 +1,8 @@
 #!/bin/bash
 # info: register letsencrypt user account
-# options: USER [EMAIL]
+# options: USER
 #
-# The function creates and register LetsEncript account key
+# The function creates and register LetsEncript account 


 #----------------------------------------------------------#
@ -11,8 +11,9 @@

 # Argument definition
 user=$1
-email=$2
-key_size=4096
+
+# LE API
+API='https://acme-v02.api.letsencrypt.org'

 # Includes
 source $VESTA/func/main.sh
@ -23,15 +24,38 @@ encode_base64() {
    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }

+# Let's Encrypt v2 curl function
+query_le_v2() {
+    protected='{"nonce": "'$3'",'
+    protected=''$protected' "url": "'$1'",'
+    protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
+    content="Content-Type: application/jose+json"
+
+    payload_=$(echo -n "$2" |encode_base64)
+    protected_=$(echo -n "$protected" |encode_base64)
+    signature_=$(printf "%s" "$protected_.$payload_" |\
+        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
+        encode_base64)
+
+    post_data='{"protected":"'"$protected_"'",'
+    post_data=$post_data'"payload":"'"$payload_"'",'
+    post_data=$post_data'"signature":"'"$signature_"'"}'
+
+    curl -s -i -d "$post_data" "$1" -H "$content"
+}
+

 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#

-check_args '1' "$#" 'USER [EMAIL]'
+check_args '1' "$#" 'USER'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 if [ -e "$USER_DATA/ssl/le.conf" ]; then
+    source "$USER_DATA/ssl/le.conf"
+fi
+if [ ! -z "$KID" ]; then
    exit
 fi

@ -40,57 +64,57 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#

-api='https://acme-v01.api.letsencrypt.org'
-if [ -z "$email" ]; then
-    email=$(get_user_value '$CONTACT')
+
+# Defining user email
+if [[ -z "$EMAIL" ]]; then
+    EMAIL=$(get_user_value '$CONTACT')
 fi

-agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
+# Defining user agreement
+agreement=''

-# Generating key
-key="$USER_DATA/ssl/user.key"
-if [ ! -e "$key" ]; then
-    openssl genrsa -out $key $key_size >/dev/null 2>&1
-    chmod 600 $key
+# Generating user key
+KEY="$USER_DATA/ssl/user.key"
+if [ ! -e "$KEY" ]; then
+    openssl genrsa -out $KEY 4096 >/dev/null 2>&1
+    chmod 600 $KEY
 fi

 # Defining key exponent
-exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
-    grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
-    xxd -r -p |encode_base64)
+if [ -z "$EXPONENT" ]; then
+    EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
+        grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
+        xxd -r -p |encode_base64)
+fi

 # Defining key modulus
-modulus=$(openssl rsa -in "$key" -modulus -noout |\
-    sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
+if [ -z "$MODULUS" ]; then
+    MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
+        sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
+fi

-# Defining key thumb
-thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
+# Defining JWK
+jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'

-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
+# Defining key thumbnail
+if [ -z "$THUMB" ]; then
+    THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
+fi

-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)

-# Defining registration query
-query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
-query=$query'"agreement":"'$agreement'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
+# Requesting ACME nonce
+nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')

-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
-status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
+# Creating ACME account
+url="$API/acme/new-acct"
+payload='{"termsOfServiceAgreed": true}'
+answer=$(query_le_v2 "$url" "$payload" "$nonce")
+kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')

-# Checking http answer status
-if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
-    check_result $E_CONNECT "LetsEncrypt account registration $status"
+# Checking answer status
+status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
+if [[ "${status:0:2}" -ne "20" ]]; then
+    check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
 fi


@ -99,12 +123,17 @@ fi
 #----------------------------------------------------------#

 # Adding le.conf
-echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
-echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
-echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
-echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
-chmod 660  $USER_DATA/ssl/le.conf
-
+if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
+    echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
+    echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
+    echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
+    echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
+    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
+    chmod 660  $USER_DATA/ssl/le.conf
+else
+    sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
+    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
+fi

 # Logging
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-add-sys-mail-ssl
+++ b/bin/v-add-sys-mail-ssl
@ -0,0 +1,106 @@
+#!/bin/bash
+# info: copy mail ssl certificate
+# options: USER DOMAIN [RESTART]
+#
+# The function copies user domain SSL to mail SSL directory
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining certificate location
+dom_crt="/home/$user/conf/web/ssl.$domain.pem"
+dom_key="/home/$user/conf/web/ssl.$domain.key"
+vst_crt="$VESTA/ssl/mail.crt"
+vst_key="$VESTA/ssl/mail.key"
+
+# Checking certificate
+if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
+    check_result $E_NOTEXIST "$domain certificate doesn't exist"
+fi
+
+# Checking difference
+diff $dom_crt $vst_crt >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    rm -f $vst_crt.old $vst_key.old
+    mv $vst_crt $vst_crt.old >/dev/null 2>&1
+    mv $vst_key $vst_key.old >/dev/null 2>&1
+    cp $dom_crt $vst_crt 2>/dev/null
+    cp $dom_key $vst_key 2>/dev/null
+    chown root:mail $vst_crt $vst_key
+else
+    restart=no
+fi
+
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+fi
+
+# Updating vesta.conf
+if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
+    echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
+else
+    sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
+        $VESTA/conf/vesta.conf
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-add-sys-vesta-ssl
+++ b/bin/v-add-sys-vesta-ssl
@ -0,0 +1,97 @@
+#!/bin/bash
+# info: add vesta ssl certificate
+# options: USER DOMAIN [RESTART]
+#
+# The function copies user domain SSL to vesta SSL directory
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining certificate location
+dom_crt="/home/$user/conf/web/ssl.$domain.pem"
+dom_key="/home/$user/conf/web/ssl.$domain.key"
+vst_crt="$VESTA/ssl/certificate.crt"
+vst_key="$VESTA/ssl/certificate.key"
+
+# Checking certificate
+if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
+    check_result $E_NOTEXIST "$domain certificate doesn't exist"
+fi
+
+# Checking difference
+diff $dom_crt $vst_crt >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    rm -f $vst_crt.old $vst_key.old
+    mv $vst_crt $vst_crt.old
+    mv $vst_key $vst_key.old
+    cp $dom_crt $vst_crt 2>/dev/null
+    cp $dom_key $vst_key 2>/dev/null
+    chown root:mail $vst_crt $vst_key
+else
+    restart=no
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+    if [ ! -z "$FTP_SYSTEM" ]; then
+        $BIN/v-restart-service "$FTP_SYSTEM"
+    fi
+    if [ -e "/var/run/vesta-nginx.pid" ]; then
+        kill -HUP $(cat /var/run/vesta-nginx.pid)
+    else
+        service vesta restart
+    fi
+fi
+
+# Updating vesta.conf
+if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
+    echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
+else
+    sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
+        $VESTA/conf/vesta.conf
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-add-web-domain
+++ b/bin/v-add-web-domain
@ -48,6 +48,8 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
 is_domain_new 'web' "$domain,$aliases"
 is_dir_symlink $HOMEDIR/$user/web
+if_dir_exists $HOMEDIR/$user/web/$domain
+is_dir_symlink $HOMEDIR/$user/web/$domain
 if [ ! -z "$ip" ]; then
    is_ip_valid "$ip" "$user"
 else
@ -63,7 +65,7 @@ fi
 source $USER_DATA/user.conf

 # Creating domain directories
-mkdir -p $HOMEDIR/$user/web/$domain \
+sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
      $HOMEDIR/$user/web/$domain/public_html \
      $HOMEDIR/$user/web/$domain/public_shtml \
      $HOMEDIR/$user/web/$domain/document_errors \
@ -80,7 +82,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
    $HOMEDIR/$user/web/$domain/logs/

 # Adding domain skeleton
-cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
+sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
 for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
    sed -i "s/%domain%/$domain/g" $file
 done
@ -89,9 +91,9 @@ done
 chown -R $user:$user $HOMEDIR/$user/web/$domain
 chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
 chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
-chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
-chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
-chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
+sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
+sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
+sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*

 # Addding PHP-FPM backend
 if [ ! -z "$WEB_BACKEND" ]; then
@ -113,9 +115,12 @@ if [ "$aliases" = 'none' ]; then
    ALIAS=''
 else
    ALIAS="www.$domain"
-    if [ ! -z "$aliases" ]; then
-        ALIAS="$ALIAS,$aliases"
+    if [ -z "$aliases" ]; then
+        ALIAS="www.$domain"
+    else
+        ALIAS="$aliases"
    fi
+    
    ip_alias=$(get_ip_alias $domain)
    if [ ! -z "$ip_alias" ]; then
        ALIAS="$ALIAS,$ip_alias"
--- a/bin/v-add-web-domain-backend
+++ b/bin/v-add-web-domain-backend
@ -46,7 +46,7 @@ fi

 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
    if [ "$backend_port" -eq "$port" ]; then
--- a/bin/v-add-web-domain-ftp
+++ b/bin/v-add-web-domain-ftp
@ -84,7 +84,7 @@ fi
 /usr/sbin/useradd $ftp_user \
    -s $shell \
    -o -u $(id -u $user) \
-    -g $(id -u $user) \
+    -g $(id -g $user) \
    -M -d "$ftp_path_a"  > /dev/null 2>&1

 # Set ftp user password
--- a/bin/v-add-web-domain-ssl
+++ b/bin/v-add-web-domain-ssl
@ -120,6 +120,22 @@ check_result $? "Web restart failed" >/dev/null
 $BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" >/dev/null

+# Updating system ssl dependencies
+if [ ! -z "$VESTA_CERTIFICATE" ]; then
+    crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+if [ ! -z "$MAIL_CERTIFICATE" ]; then
+    crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+
 if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
    hostname=$(hostname)
    if [ "$hostname" = "$domain" ]; then
@ -127,6 +143,12 @@ if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
    fi
 fi

+UPDATE_SSL_SCRIPT=''
+source $VESTA/conf/vesta.conf
+if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
+    eval "$UPDATE_SSL_SCRIPT $user $domain"
+fi
+
 # Logging
 log_history "enabled ssl support for $domain"
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-backup-user
+++ b/bin/v-backup-user
@ -216,24 +216,32 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
            cp $USER_DATA/ssl/$domain.* vesta/
        fi

+        # Changin dir to documentroot
+        cd $HOMEDIR/$user/web/$domain
+
        # Define exclude arguments
        exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
        set -f
        fargs=()
-        fargs+=(--exclude='logs/*')
+        fargs+=(--exclude='./logs/*')
        if [ ! -z "$exlusion" ]; then
            xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
            for xpath in $xdirs; do
-                fargs+=(--exclude=$xpath/*)
-                echo "$(date "+%F %T") excluding directory $xpath"
-                msg="$msg\n$(date "+%F %T") excluding directory $xpath"
+                if [ -d "$xpath" ]; then
+                    fargs+=(--exclude=$xpath/*)
+                    echo "$(date "+%F %T") excluding directory $xpath"
+                    msg="$msg\n$(date "+%F %T") excluding directory $xpath"
+                else
+                    echo "$(date "+%F %T") excluding file $xpath"
+                    msg="$msg\n$(date "+%F %T") excluding file $xpath"
+                    fargs+=(--exclude=$xpath)
+                fi
            done
        fi
        set +f

        # Backup files
-        cd $HOMEDIR/$user/web/$domain
-        tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
+        tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
    done

    # Print total
@ -452,11 +460,15 @@ if [ "$USER" != '*' ]; then
    fi
    fargs=()
    for xpath in $(echo "$USER" |tr ',' '\n'); do
-        fargs+=(-not)
-        fargs+=(-path)
-        fargs+=("./$xpath*")
-        echo "$(date "+%F %T") excluding directory $xpath" |\
+        if [ -d "$xpath" ]; then
+            fargs+=(--exclude=$xpath/*)
+            echo "$(date "+%F %T") excluding directory $xpath" |\
            tee -a $BACKUP/$user.log
+        else
+            echo "$(date "+%F %T") excluding file $xpath" |\
+            tee -a $BACKUP/$user.log
+            fargs+=(--exclude=$xpath)
+        fi
    done

    IFS=$'\n'
@ -467,11 +479,12 @@ if [ "$USER" != '*' ]; then
        exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
        if [ -z "$exclusion" ]; then
            ((i ++))
-            udir_list="$udir_list $udir"
+            udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g")
+            udir_list="$udir_list $udir_str"
            echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log

            # Backup files and dirs
-            tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
+            tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
        fi
    done
    set +f
@ -582,7 +595,7 @@ ftp_backup() {
    fi

    # Debug info
-    echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
+    echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar"

    # Checking ftp connection
    fconn=$(ftpc)
--- a/bin/v-backup-users
+++ b/bin/v-backup-users
@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then
    exit
 fi
 for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
+        continue;
+    fi
    check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
    log=$VESTA/log/backup.log
    if [ ! -z "$check_suspend" ]; then
--- a/bin/v-change-mail-account-password
+++ b/bin/v-change-mail-account-password
@ -52,8 +52,11 @@ salt=$(generate_password "$PW_MATRIX" "8")
 md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"

 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
+    quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
+    quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
+    quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
    sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
-    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
+    str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M"
    echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi

--- a/bin/v-change-sys-config-value
+++ b/bin/v-change-sys-config-value
@ -28,6 +28,7 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
 check_args '2' "$#" 'KEY VALUE'
 is_format_valid 'key'

+format_no_quotes "$value" 'value'

 #----------------------------------------------------------#
 #                       Action                             #
--- a/bin/v-change-sys-service-config
+++ b/bin/v-change-sys-service-config
@ -63,6 +63,7 @@ case $service in
    spamd)          dst=$($BIN/v-list-sys-spamd-config plain);;
    spamassassin)   dst=$($BIN/v-list-sys-spamd-config plain);;
    clamd)          dst=$($BIN/v-list-sys-clamd-config plain);;
+    clamd.scan)     dst=$($BIN/v-list-sys-clamd-config plain);;
    cron)           dst='/etc/crontab';;
    crond)          dst='/etc/crontab';;
    fail2ban)       dst='/etc/fail2ban/jail.local';;
@ -95,13 +96,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then

    if [ "$service" = 'php' ]; then
        if [ "$WEB_SYSTEM" = "nginx" ]; then
-            service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
+            if [ $(ps --no-headers -o comm 1) == systemd ]; then
+                service=$(systemctl | grep -o -E "php.*fpm.*\.service")
+                service=${service//.service/}
+            else
+                service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
+            fi
        else
            service=$WEB_SYSTEM
        fi
    fi

-    service $service restart >/dev/null 2>&1
+    for single_service in $service; do
+        service $single_service restart >/dev/null 2>&1
+    done <<< "$service"
+
    if [ $? -ne 0 ]; then
        for config in $dst; do
            cat $config.vst.back > $config
--- a/bin/v-change-user-package
+++ b/bin/v-change-user-package
@ -16,16 +16,12 @@ force=$3

 # Includes
 source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf

 is_package_avalable() {

-    usr_data=$(cat $USER_DATA/user.conf)
-    IFS=$'\n'
-    for key in $usr_data; do
-        eval ${key%%=*}=${key#*=}
-    done
-
+    source $USER_DATA/user.conf
    WEB_DOMAINS='0'
    DATABASES='0'
    MAIL_DOMAINS='0'
@ -33,9 +29,13 @@ is_package_avalable() {
    DISK_QUOTA='0'
    BANDWIDTH='0'

-    pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
-        grep -v DATE)
-    eval $pkg_data
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
+    IFS=$'\n'
+    for str in $pkg_data; do
+        key=$(echo $str |cut -f 1 -d =)
+        value=$(echo $str |cut -f 2 -d \')
+        eval $key="$value"
+    done

    # Checking usage agains package limits
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,11 +73,22 @@ is_package_avalable() {
            check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
        fi
    fi
+
+    # Checking templates
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }

 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    source $USER_DATA/user.conf
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
+    IFS=$'\n'
+    for str in $pkg_data; do
+        key=$(echo $str |cut -f 1 -d =)
+        value=$(echo $str |cut -f 2 -d \')
+        eval $key="$value"
+    done
    echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'
@ -156,7 +167,7 @@ fi
 change_user_package

 # Update user shell
-shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
+shell_conf=$(echo "$pkg_data" |grep 'SHELL' |cut -f 2 -d \')
 shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
 /usr/bin/chsh -s "$shell" "$user" &>/dev/null

--- a/bin/v-change-user-password
+++ b/bin/v-change-user-password
@ -13,6 +13,10 @@
 user=$1
 password=$2; HIDE=2

+# Importing system enviroment as we run this script
+# mostly by cron wich not read it by itself
+source /etc/profile
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@ -22,6 +26,9 @@ source $VESTA/conf/vesta.conf
 #                    Verifications                         #
 #----------------------------------------------------------#

+if [ "$user" = "root" ]; then
+    check_result $E_FORBIDEN "Changing root password is forbiden"
+fi
 check_args '2' "$#" 'USER PASSWORD'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
--- a/bin/v-change-vesta-port
+++ b/bin/v-change-vesta-port
@ -0,0 +1,60 @@
+#!/bin/bash
+# info: change vesta port
+# options: port
+#
+# Function will change vesta port
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+port=$1
+
+if [ -z "$VESTA" ]; then
+    VESTA="/usr/local/vesta"
+fi
+
+# Get current vesta port by reading nginx.conf
+oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
+if [ -z "$oldport" ]; then
+    oldport=8083
+fi
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+# Checking permissions
+if [ "$(id -u)" != '0' ]; then
+    check_result $E_FORBIDEN "You must be root to execute this script"
+fi
+
+check_args '1' "$#" 'PORT'
+is_int_format_valid "$port" 'port number'
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
+if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
+    sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
+fi
+sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
+$VESTA/bin/v-update-firewall
+systemctl restart fail2ban.service
+sed -i "s| $oldport | $port |g" /etc/iptables.rules
+systemctl restart vesta
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit 0;
--- a/bin/v-change-web-domain-backend-tpl
+++ b/bin/v-change-web-domain-backend-tpl
@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf

 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
    if [ "$backend_port" -eq "$port" ]; then
--- a/bin/v-check-letsencrypt-domain
+++ b/bin/v-check-letsencrypt-domain
@ -1,162 +0,0 @@
-#!/bin/bash
-# info: check letsencrypt domain
-# options: USER DOMAIN
-#
-# The function check and validates domain with LetsEncript
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-user=$1
-domain=$2
-
-# Includes
-source $VESTA/func/main.sh
-source $VESTA/conf/vesta.conf
-
-# encode base64
-encode_base64() {
-    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
-}
-
-# Additional argument formatting
-format_domain_idn
-
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
-is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_object_valid 'user' 'USER' "$user"
-is_object_unsuspended 'user' 'USER' "$user"
-if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
-    check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
-fi
-rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
-if [ -z "$rdomain" ]; then
-    check_result $E_NOTEXIST "domain $domain doesn't exist"
-fi
-
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-source $USER_DATA/ssl/le.conf
-api='https://acme-v01.api.letsencrypt.org'
-r_domain=$(echo "$rdomain" |cut -f 2 -d \')
-key="$USER_DATA/ssl/user.key"
-exponent="$EXPONENT"
-modulus="$MODULUS"
-thumb="$THUMB"
-
-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
-
-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-
-# Defining ACME query (request challenge)
-query='{"resource":"new-authz","identifier"'
-query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
-
-# Checking http answer status
-status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
-if [[ "$status" -ne "201" ]]; then
-    check_result $E_CONNECT "LetsEncrypt challenge request $status"
-fi
-
-# Parsing domain nonce,token and uri
-nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
-uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
-
-# Adding location wrapper for request challenge
-if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
-    conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
-    sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
-    if [ ! -e "$conf" ]; then
-        echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
-        echo '    default_type text/plain;' >> $conf
-        echo '    return 200 "$1.'$thumb'";' >> $conf
-        echo '}' >> $conf
-    fi
-    if [ ! -e "$sconf" ]; then
-        ln -s "$conf" "$sconf"
-    fi
-else
-    acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
-    if [ ! -d "$acme" ]; then
-        mkdir -p $acme
-    fi
-    echo "$token.$thumb" > $acme/$token
-    chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
-fi
-
-# Restarting web server
-if [ -z "$PROXY_SYSTEM" ]; then
-    $BIN/v-restart-web
-    check_result $? "Proxy restart failed" >/dev/null
-else
-    $BIN/v-restart-proxy
-    $BIN/v-restart-web
-    check_result $? "Web restart failed" >/dev/null
-fi
-
-# Defining ACME query (request validation)
-query='{"resource":"challenge","type":"http-01","keyAuthorization"'
-query=$query':"'$token.$thumb'","token":"'$token'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$uri")
-
-# Checking domain validation status
-i=1
-status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
-location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
-while [ "$status" = 'pending' ]; do
-    answer=$(curl -s -i "$location")
-    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
-    sleep 1
-    i=$((i + 1))
-    if [ "$i" -gt 60 ]; then
-        check_result $E_CONNECT "$detail"
-    fi
-done
-if [ "$status" = 'invalid' ]; then
-    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    check_result $E_CONNECT "$detail"
-fi
-
-
-#----------------------------------------------------------#
-#                       Vesta                              #
-#----------------------------------------------------------#
-
-# Logging
-log_event "$OK" "$ARGUMENTS"
-
-exit
--- a/bin/v-deactivate-vesta-license
+++ b/bin/v-deactivate-vesta-license
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'

 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/cancel.php?licence_key=$license)
+answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT

 # Checking server answer
--- a/bin/v-delete-mail-domain
+++ b/bin/v-delete-mail-domain
@ -56,7 +56,7 @@ fi
 # Deleting dkim dns record
 if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
    records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
    for id in $dkim_records; do
        $BIN/v-delete-dns-record $user $domain $id
    done
--- a/bin/v-delete-sys-mail-ssl
+++ b/bin/v-delete-sys-mail-ssl
@ -0,0 +1,75 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+vst_crt="$VESTA/ssl/certificate.crt"
+vst_key="$VESTA/ssl/certificate.key"
+
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
+# Moving old certificates
+if [ -e "$VESTA/ssl/mail.crt" ]; then
+    mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
+fi
+if [ -e "VESTA/ssl/mail.key" ]; then
+    mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
+fi
+
+# Updating vesta.conf value
+sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-delete-sys-vesta-ssl
+++ b/bin/v-delete-sys-vesta-ssl
@ -0,0 +1,37 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Updating vesta.conf value
+sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
--- a/bin/v-delete-user-favourites
+++ b/bin/v-delete-user-favourites
@ -32,6 +32,8 @@ case $system in
    DNS_REC)    is_format_valid 'id' ;;
    *)          is_format_valid 'object'
 esac
+
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"

--- a/bin/v-delete-web-domain-ssl
+++ b/bin/v-delete-web-domain-ssl
@ -57,7 +57,13 @@ fi

 # Deleting old certificate
 tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
-rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
+
+# remove certificate files - do not use wildcard, as this might remove other domains
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
+
 mv $USER_DATA/ssl/$domain.* $tmpdir
 chown -R $user:$user $tmpdir

--- a/bin/v-extract-fs-archive
+++ b/bin/v-extract-fs-archive
@ -82,7 +82,7 @@ fi
 # Extracting ziped archive
 if [ ! -z "$(echo $src_file |grep -i  '.zip')" ]; then
    sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
+    sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
    rc=$?
 fi

--- a/bin/v-generate-ssl-cert
+++ b/bin/v-generate-ssl-cert
@ -67,7 +67,7 @@ fi

 args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
 check_args '7' "$#" "$args_usage"
-is_format_valid 'domain_alias' 'format'
+is_format_valid 'domain' 'alias' 'format'


 #----------------------------------------------------------#
--- a/bin/v-insert-dns-domain
+++ b/bin/v-insert-dns-domain
@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then
 fi

 # Flush domain
-if [ "$flush" ! = 'no' ]; then
+if [ "$flush" != 'no' ]; then
    sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
 fi

--- a/bin/v-list-dns-domain
+++ b/bin/v-list-dns-domain
@ -71,6 +71,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"

--- a/bin/v-list-letsencrypt-user
+++ b/bin/v-list-letsencrypt-user
@ -23,7 +23,8 @@ json_list() {
        "EMAIL": "'$EMAIL'",
        "EXPONENT": "'$EXPONENT'",
        "MODULUS": "'$MODULUS'",
-        "THUMB: "'$THUMB'"
+        "THUMB": "'$THUMB'",
+        "KID": "'$KID'"
    }'
    echo '}'
 }
@ -35,17 +36,18 @@ shell_list() {
    echo "THUMB:          $THUMB"
    echo "EXPONENT:       $EXPONENT"
    echo "MODULUS:        $MODULUS"
+    echo "KID:            $KID"
 }

 # PLAIN list function
 plain_list() {
-    echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB"
+    echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
 }

 # CSV list function
 csv_list() {
-    echo "USER,EMAIL,EXPONENT,MODULUS,THUMB"
-    echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB"
+    echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
+    echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
 }


@ -54,6 +56,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
    check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"
--- a/bin/v-list-mail-domain-dkim-dns
+++ b/bin/v-list-mail-domain-dkim-dns
@ -57,6 +57,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"

@ -67,7 +68,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"

 # Parsing domain keys
 if [ -e "$USER_DATA/mail/$domain.pub" ]; then
-    pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----")
+    pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
    pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
 else
    pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"
--- a/bin/v-list-sys-config
+++ b/bin/v-list-sys-config
@ -51,7 +51,9 @@ json_list() {
        "MAIL_URL": "'$MAIL_URL'",
        "DB_PMA_URL": "'$DB_PMA_URL'",
        "DB_PGA_URL": "'$DB_PGA_URL'",
-        "SOFTACULOUS": "'$SOFTACULOUS'"
+        "SOFTACULOUS": "'$SOFTACULOUS'",
+        "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
+        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
    }
 }'
 }
@ -138,6 +140,12 @@ shell_list() {
    if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
        echo "Language:       $LANGUAGE"
    fi
+    if [ ! -z "$MAIL_CERTIFICATE" ]; then
+        echo "Mail SSL:       $MAIL_CERTIFICATE"
+    fi
+    if [ ! -z "$VESTA_CERTIFICATE" ]; then
+        echo "Vesta SSL:      $VESTA_CERTIFICATE"
+    fi
    echo "Version:        $VERSION"
 }

@ -151,7 +159,8 @@ plain_list() {
    echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
    echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
    echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
-    echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
+    echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
+    echo -e  "$VESTA_CERTIFICATE"
 }


@ -165,7 +174,8 @@ csv_list() {
    echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
    echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
    echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
-    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
+    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
+    echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
    echo
    echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
    echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@ -176,6 +186,7 @@ csv_list() {
    echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
    echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
    echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
+    echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
    echo
 }

@ -187,7 +198,7 @@ csv_list() {
 # Listing data
 case $format in
    json)   json_list ;;
-    plain)  shell_list ;;
+    plain)  plain_list ;;
    csv)    csv_list ;;
    shell)  shell_list ;;
 esac
--- a/bin/v-list-sys-mail-ssl
+++ b/bin/v-list-sys-mail-ssl
@ -0,0 +1,135 @@
+#!/bin/bash
+# info: list mail ssl certificate
+# options: [FORMAT]
+#
+# The function of obtaining mail ssl files.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    echo '{'
+    echo -e "\t\"MAIL\": {"
+    echo "        \"CRT\": \"$crt\","
+    echo "        \"KEY\": \"$key\","
+    echo "        \"CA\": \"$ca\","
+    echo "        \"SUBJECT\": \"$subj\","
+    echo "        \"ALIASES\": \"$alt_dns\","
+    echo "        \"NOT_BEFORE\": \"$before\","
+    echo "        \"NOT_AFTER\": \"$after\","
+    echo "        \"SIGNATURE\": \"$signature\","
+    echo "        \"PUB_KEY\": \"$pub_key\","
+    echo "        \"ISSUER\": \"$issuer\""
+    echo -e "\t}\n}"
+}
+
+# SHELL list function
+shell_list() {
+    if [ ! -z "$crt" ]; then
+        echo -e "$crt"
+    fi
+    if [ ! -z "$key" ]; then
+        echo -e "\n$key"
+    fi
+    if [ ! -z "$crt" ]; then
+        echo
+        echo
+        echo "SUBJECT:        $subj"
+        if [ ! -z "$alt_dns" ]; then
+            echo "ALIASES:        ${alt_dns//,/ }"
+        fi
+        echo "VALID FROM:     $before"
+        echo "VALID TIL:      $after"
+        echo "SIGNATURE:      $signature"
+        echo "PUB_KEY:        $pub_key"
+        echo "ISSUER:         $issuer"
+    fi
+}
+
+# PLAIN list function
+plain_list() {
+    if [ ! -z "$crt" ]; then
+        echo -e "$crt"
+    fi
+    if [ ! -z "$key" ]; then
+        echo -e "\n$key"
+    fi
+    if [ ! -z "$ca" ]; then
+        echo -e "\n$ca"
+    fi
+    if [ ! -z "$crt" ]; then
+        echo "$subj"
+        echo "${alt_dns//,/ }"
+        echo "$before"
+        echo "$after"
+        echo "$signature"
+        echo "$pub_key"
+        echo "$issuer"
+    fi
+
+}
+
+# CSV list function
+csv_list() {
+    echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
+    echo "PUB_KEY,ISSUER"
+    echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
+    echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Parsing SSL certificate
+if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
+    exit
+fi
+
+crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
+key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
+
+
+# Parsing SSL certificate details without CA
+info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
+subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
+after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
+signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
+signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
+pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
+issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
+alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
+alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
+alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
--- a/bin/v-list-user
+++ b/bin/v-list-user
@ -154,6 +154,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"


--- a/bin/v-list-user-backup
+++ b/bin/v-list-user-backup
@ -75,6 +75,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '2' "$#" 'USER BACKUP [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'backup' 'BACKUP' "$backup"

--- a/bin/v-list-user-backups
+++ b/bin/v-list-user-backups
@ -22,7 +22,7 @@ json_list() {
    i=1
    objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
    echo "{"
-    while read str; do
+    while read -r str; do
        eval $str
        echo -n '    "'$BACKUP'": {
        "TYPE": "'$TYPE'",
--- a/bin/v-list-user-package
+++ b/bin/v-list-user-package
@ -22,6 +22,7 @@ json_list() {
    echo '{'
    echo '    "'$PACKAGE'": {
        "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
+        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
        "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
        "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
        "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -47,6 +48,7 @@ json_list() {
 shell_list() {
    echo "PACKAGE:        $PACKAGE"
    echo "WEB TEMPLATE:   $WEB_TEMPLATE"
+    echo "BACKEND_TEMPLATE:   $BACKEND_TEMPLATE"
    echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
    echo "DNS TEMPLATE:   $DNS_TEMPLATE"
    echo "WEB DOMAINS:    $WEB_DOMAINS"
@ -68,7 +70,7 @@ shell_list() {

 # PLAIN list function
 plain_list() {
-    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
    echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
    echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
    echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -76,11 +78,11 @@ plain_list() {

 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
    echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
    echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
    echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
-    echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+    echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
    echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
    echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
    echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
--- a/bin/v-list-user-packages
+++ b/bin/v-list-user-packages
@ -27,6 +27,7 @@ json_list() {
        source $VESTA/data/packages/$package
        echo -n '    "'$PACKAGE'": {
        "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
+        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
        "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
        "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
        "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -65,7 +66,7 @@ shell_list() {
        package_data=$(cat $VESTA/data/packages/$package)
        package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
        eval $package_data
-        echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
+        echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
        echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
    done
 }
@ -75,7 +76,7 @@ plain_list() {
    for package in $packages; do
        source $VESTA/data/packages/$package
        PACKAGE=${package/.pkg/}
-        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
        echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
        echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
        echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -84,13 +85,13 @@ plain_list() {

 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
    echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
    echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
    echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
    for package in $packages; do
        PACKAGE=${package/.pkg/}
-        echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+        echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
        echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
        echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
        echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
--- a/bin/v-list-user-stats
+++ b/bin/v-list-user-stats
@ -115,6 +115,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"


--- a/bin/v-list-users
+++ b/bin/v-list-users
@ -15,9 +15,14 @@ format=${1-shell}
 # JSON list function
 json_list() {
    echo '{'
-    object_count=$(grep '@' /etc/passwd |wc -l)
    i=1
    while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
+        if [ $i -gt 1 ]; then
+            echo ","
+        fi
        source $VESTA/data/users/$USER/user.conf
        echo -n '    "'$USER'": {
        "FNAME": "'$FNAME'",
@ -74,14 +79,8 @@ json_list() {
        "TIME": "'$TIME'",
        "DATE": "'$DATE'"
        }'
-        if [ "$i" -lt "$object_count" ]; then
-            echo ','
-        else
-            echo
-        fi
        ((i++))
    done < <(grep '@' /etc/passwd |cut -f1 -d:)
-
    echo '}'
 }

@ -90,6 +89,9 @@ shell_list() {
    echo "USER   PKG   WEB   DNS   MAIL   DB   DISK   BW   SPND   DATE"
    echo "----   ---   ---   ---   ---    --   ----   --   ----   ----"
    while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
        source $VESTA/data/users/$USER/user.conf
        echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
        echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@ -99,6 +101,9 @@ shell_list() {
 # PLAIN list function
 plain_list() {
    while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
        source $VESTA/data/users/$USER/user.conf
        echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
        echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@ -131,6 +136,9 @@ csv_list() {
    echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
    echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
    while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
        source $VESTA/data/users/$USER/user.conf
        echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
        echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@ -151,6 +159,9 @@ csv_list() {
 # Raw list function
 raw_list() {
    while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
        echo $VESTA/data/users/$USER/user.conf
        cat $VESTA/data/users/$USER/user.conf
    done < <(grep '@' /etc/passwd |cut -f1 -d:)
--- a/bin/v-list-web-domain
+++ b/bin/v-list-web-domain
@ -110,6 +110,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

--- a/bin/v-list-web-domain-ssl
+++ b/bin/v-list-web-domain-ssl
@ -19,6 +19,7 @@ source $VESTA/func/main.sh

 # JSON list function
 json_list() {
+    issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
    echo '{'
    echo -e "\t\"$domain\": {"
    echo "        \"CRT\": \"$crt\","
@ -97,6 +98,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"

@ -110,7 +112,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
    crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')

    info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
-    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \")
    before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
    after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
    signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
--- a/bin/v-list-web-domains
+++ b/bin/v-list-web-domains
@ -100,6 +100,7 @@ csv_list() {
 #----------------------------------------------------------#

 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"


--- a/bin/v-restart-proxy
+++ b/bin/v-restart-proxy
@ -50,7 +50,13 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
 fi

 # Restart system
-service $PROXY_SYSTEM restart >/dev/null 2>&1
+if [ ! -f "/etc/debian_version" ]; then
+    service $PROXY_SYSTEM restart >/dev/null 2>&1
+else
+    systemctl reset-failed $PROXY_SYSTEM
+    systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
+fi
+
 if [ $? -ne 0 ]; then
    send_email_report
    check_result $E_RESTART "$PROXY_SYSTEM restart failed"
--- a/bin/v-restore-user
+++ b/bin/v-restore-user
@ -56,6 +56,7 @@ ftpc() {
    quote USER $USERNAME
    quote PASS $PASSWORD
    binary
+    lcd $BACKUP
    $1
    $2
    $3
@ -289,7 +290,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
    if [ -z "$web" ] || [ "$web" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$web" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi

@ -406,15 +407,21 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
        fi

        # Restoring web domain data
-        tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
-            -C $HOMEDIR/$user/web/$domain/
-        if [ "$?" -ne 0 ]; then
-            rm -rf $tmpdir
-            error="can't unpack $domain data tarball"
-            echo "$error" |$SENDMAIL -s "$subj" $email $notify
-            sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
-            check_result "$E_PARSING" "$error"
+        chown $user $tmpdir
+        chmod u+w $HOMEDIR/$user/web/$domain
+        sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
+            -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
+            2> $HOMEDIR/$user/web/$domain/restore_errors.log
+        if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
+            chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
        fi
+        #if [ "$?" -ne 0 ]; then
+        #    rm -rf $tmpdir
+        #    error="can't unpack $domain data tarball"
+        #    echo "$error" |$SENDMAIL -s "$subj" $email $notify
+        #    sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
+        #    check_result "$E_PARSING" "$error"
+        #fi

        # Applying Fix for tar < 1.24
        find $HOMEDIR/$user/web/$domain -type d \
@ -452,7 +459,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
    if [ -z "$dns" ] || [ "$dns" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi

@ -532,7 +539,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
    if [ -z "$mail" ] || [ "$mail" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi

@ -586,13 +593,15 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then

        # Rebuilding mail config
        rebuild_mail_domain_conf
-        
+
        domain_idn=$domain
        format_domain_idn

        # Restoring emails
        if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
-            tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
+            chown $user $tmpdir
+            chmod u+w $HOMEDIR/$user/mail/$domain_idn
+            sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
                -C $HOMEDIR/$user/mail/$domain_idn/
            if [ "$?" -ne 0 ]; then
                rm -rf $tmpdir
@ -627,7 +636,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
    if [ -z "$db" ] || [ "$db" = '*' ]; then
        databases="$backup_databases"
    else
-        echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt
        databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
    fi

--- a/bin/v-schedule-user-restore
+++ b/bin/v-schedule-user-restore
@ -23,6 +23,19 @@ udir=$8
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf

+# Check backup ownership function
+is_backup_available() {
+    passed=false
+    if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
+        passed=true
+    elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
+        passed=true
+    fi
+
+    if [ $passed = false ]; then
+        check_result $E_FORBIDEN "permission denied"
+    fi
+}

 #----------------------------------------------------------#
 #                    Verifications                         #
@ -34,6 +47,7 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_backup_enabled
 is_backup_scheduled 'restore'
+is_backup_available "$user" "$backup"


 #----------------------------------------------------------#
--- a/bin/v-search-object
+++ b/bin/v-search-object
@ -84,6 +84,22 @@ OLD_IFS=$IFS
 IFS=$'\n'

 # User loop
+search_user=$(ls -1 $VESTA/data/users |grep $object)
+for user in $search_user; do
+    if [ -e "$VESTA/data/users/$user/user.conf" ]; then
+        source $VESTA/data/users/$user/user.conf
+        ((i ++))
+        type=$(echo $type|cut -f1 -d \.)
+        str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
+        str="$str RESULT='$user' ALIAS=''"
+        str="$str LINK='$user' PARENT=''"
+        str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
+        str="$str DATE='$DATE'"
+        echo $str >> $conf
+    fi
+done
+
+# User data loop
 for user in $(ls $VESTA/data/users/); do
    # Search query
    search=$(grep "$object" \
@ -94,7 +110,7 @@ for user in $(ls $VESTA/data/users/); do
        $VESTA/data/users/$user/mail/*.conf \
        $VESTA/data/users/$user/db.conf \
        $VESTA/data/users/$user/cron.conf 2> /dev/null)
-    
+
    for row in $search; do
        # Initialise variable
        key=''
@ -154,12 +170,13 @@ for user in $(ls $VESTA/data/users/); do

        # DNS Records
        if [ "$type" = 'dns' ]; then
-            if [ -n "$(echo $RECORD |grep $object)" ]; then
+            if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then
+                dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
                key="RECORD"
-                result="$RECORD.$DOMAIN"
+                result="$RECORD.$dom"
                suspended=$SUSPENDED
                object_link=$ID
-                object_parent=$DOMAIN
+                object_parent=$dom
                object_time=$TIME
                object_date=$DATE
                ((i ++))
--- a/bin/v-search-ssl-certificates
+++ b/bin/v-search-ssl-certificates
@ -0,0 +1,93 @@
+#!/bin/bash
+# info: search ssl certificates
+# options: [FORMAT]
+#
+# The function to obtain the list of available ssl certificates.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    IFS=$'\n'
+    objects=$(echo "$search_cmd" |wc -l)
+    i=1
+    echo '['
+    for str in $search_cmd; do
+        eval $str
+        if [ "$i" -lt "$objects" ]; then
+            echo -e  "\t\"$USER:$DOMAIN\","
+        else
+            echo -e  "\t\"$USER:$DOMAIN\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# SHELL list function
+shell_list() {
+    IFS=$'\n'
+    echo "USER   DOMAIN"
+    echo "----   ------"
+    for str in $search_cmd; do
+        eval $str
+        echo "$USER $DOMAIN"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    IFS=$'\n'
+    for str in $search_cmd; do
+        eval $str
+        echo -e "$USER\t$DOMAIN"
+    done
+}
+
+# CSV list function
+csv_list() {
+    IFS=$'\n'
+    echo "USER,DOMAIN"
+    for str in $search_cmd; do
+        eval $str
+        echo  "$USER,$DOMAIN"
+    done
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
+    cut -f 1 -d ' ' |\
+    sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list |column -t ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
--- a/bin/v-sign-letsencrypt-csr
+++ b/bin/v-sign-letsencrypt-csr
@ -1,110 +0,0 @@
-#!/bin/bash
-# info: sing letsencrypt csr
-# options: USER DOMAIN CSR_DIR [FORMAT]
-#
-# The function signs certificate request using LetsEncript API
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-user=$1
-domain=$2
-csr="$3/$domain.csr"
-format=$4
-
-# Includes
-source $VESTA/func/main.sh
-source $VESTA/conf/vesta.conf
-
-# encode base64
-encode_base64() {
-    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
-}
-
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-check_args '3' "$#" 'USER DOMAIN CSR'
-is_format_valid 'user' 'domain'
-is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_object_valid 'user' 'USER' "$user"
-is_object_unsuspended 'user' 'USER' "$user"
-if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
-    check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
-fi
-check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
-if [ -z "$check_domain" ]; then
-    check_result $E_NOTEXIST "domain $domain doesn't exist"
-fi
-if [ ! -e "$csr" ]; then
-    check_result $E_NOTEXIST "$csr doesn't exist"
-fi
-
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-source $USER_DATA/ssl/le.conf
-api='https://acme-v01.api.letsencrypt.org'
-key="$USER_DATA/ssl/user.key"
-exponent="$EXPONENT"
-modulus="$MODULUS"
-thumb="$THUMB"
-
-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
-
-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-
-# Defining ACME query (request challenge)
-csr=$(openssl req -in $csr -outform DER |encode_base64)
-query='{"resource":"new-cert","csr":"'$csr'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(mktemp)
-curl -s -d "$data" "$api/acme/new-cert" -o $answer
-if [ ! -z "$(grep Error $answer)" ]; then
-    detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    detail=$(echo "$detail" |awk -F "::" '{print $2}')
-    rm $answer
-    check_result $E_LIMIT "$detail"
-fi
-
-# Printing certificate
-crt=$(cat "$answer" |openssl base64 -e)
-rm $answer
-if [ "$format" != 'json' ]; then
-    echo "-----BEGIN CERTIFICATE-----"
-    echo "$crt"
-    echo "-----END CERTIFICATE-----"
-else
-    echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
-    echo -n '-----BEGIN CERTIFICATE-----\n'
-    echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
-    echo -n '-----END CERTIFICATE-----'
-    echo -e  "\"\n\t\t}\n\t}"
-fi
-
-
-#----------------------------------------------------------#
-#                       Vesta                              #
-#----------------------------------------------------------#
-
-# Logging
-log_event "$OK" "$ARGUMENTS"
-
-exit
--- a/bin/v-unsuspend-mail-account
+++ b/bin/v-unsuspend-mail-account
@ -48,6 +48,9 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
    md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
    quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
+    if [ "$quota" = 'unlimited' ]; then
+        quota=0
+    fi
    sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
    echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
--- a/bin/v-update-firewall
+++ b/bin/v-update-firewall
@ -51,11 +51,6 @@ if [ $? -ne 0 ]; then
    conntrack_ftp='no'
 fi

-# Checking custom OpenSSH  port
-sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
-if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22"  ]; then
-    sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
-fi

 # Creating temporary file
 tmp=$(mktemp)
--- a/bin/v-update-letsencrypt-ssl
+++ b/bin/v-update-letsencrypt-ssl
@ -22,46 +22,63 @@ source $VESTA/conf/vesta.conf
 #                       Action                             #
 #----------------------------------------------------------#

-# Defining user list
-users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
+lecounter=0
+hostname=$(hostname)

-# Checking users
-for user in $users; do
+echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
+
+# Checking user certificates
+for user in $($BIN/v-list-users plain |cut -f 1); do
    USER_DATA=$VESTA/data/users/$user
-    # Checking user certificates
-    lecounter=0
-    for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do

-        crt="$VESTA/data/users/$user/ssl/$domain.crt"
-        crt_data=$(openssl x509 -text -in "$crt")
-        expire=$(echo "$crt_data" |grep "Not After")
-        expire=$(echo "$expire" |cut -f 2,3,4 -d :)
-        expire=$(date -d "$expire" +%s)
-        now=$(date +%s)
-        expire=$((expire - now))
-        expire=$((expire / 86400))
-        domain=$(basename $crt |sed -e "s/.crt$//")
-        if [[ "$expire" -lt 31 ]]; then
-            aliases=$(echo "$crt_data" |grep DNS:)
-            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
-            aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
-            aliases=$(echo "$aliases" |grep -v "^$domain$")
-            if [ ! -z "$aliases" ]; then
-                aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
-                msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
-                if [ $? -ne 0 ]; then
-                    echo "$domain $msg"
-                fi
-            else
-                msg==$($BIN/v-add-letsencrypt-domain $user $domain)
-                if [ $? -ne 0 ]; then
-                    echo "$domain $msg"
-                fi
+    for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
+    
+        limit_check=1
+        fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
+
+        if [[ "$hostname" = "$domain" ]]; then
+            if [[ "$fail_counter" -eq 7 ]]; then
+                limit_check=0
            fi
+            if [[ "$fail_counter" -eq 8 ]]; then
+                fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
+                send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
+            fi
+        fi
+
+        if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
+            # echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
+            echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
+            continue;
+        fi
+        crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
+        not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
+        expiration=$(date -d "$not_after" +%s)
+        now=$(date +%s)
+        seconds_valid=$((expiration - now))
+        days_valid=$((seconds_valid / 86400))
+        if [[ "$days_valid" -lt 31 ]]; then
            if [ $lecounter -gt 0 ]; then
-                sleep 10
+                sleep 120
            fi
            ((lecounter++))
+            aliases=$(echo "$crt_data" |grep DNS:)
+            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
+            aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
+            aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
+            aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
+            msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
+            if [ $? -ne 0 ]; then
+                if [[ $msg == *"is suspended" ]]; then
+                    echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
+                else
+                    echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
+                    echo "$domain $msg"
+                    fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
+                    echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
+                    echo "fail_counter = $fail_counter"
+                fi
+            fi
        fi
    done
 done
--- a/bin/v-update-sys-ip
+++ b/bin/v-update-sys-ip
@ -44,7 +44,7 @@ if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
 fi

 # Updating configs
-if [ ! -z "$new" ]; then
+if [ ! -z "$old" ]; then
    mv $VESTA/data/ips/$old $VESTA/data/ips/$new

    # Updating PROXY
--- a/bin/v-update-sys-rrd-mem
+++ b/bin/v-update-sys-rrd-mem
@ -61,13 +61,13 @@ fi
 # Parsing data
 if [ "$period" = 'daily' ]; then
    mem=$(free -m)
-    used=$(echo "$mem" |grep Mem |awk '{print $3}')
+    used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}')
    if [ -z "$(echo "$mem" | grep available)" ]; then
-        free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
+        free=$(echo "$mem" |grep buff/cache |awk '{print $4}')
    else
-        free=$(echo "$mem" |grep Mem |awk '{print $7}')
+        free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}')
    fi
-    swap=$(echo "$mem" |grep Swap |awk '{print $3}')
+    swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}')

    # Updating rrd
    rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free
--- a/bin/v-update-sys-rrd-pgsql
+++ b/bin/v-update-sys-rrd-pgsql
@ -85,7 +85,7 @@ for host in $hosts; do
        # Parsing data
        q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
                FROM pg_stat_database;'
-        status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?"
+        status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
        if [ '0' -ne "$code" ]; then
            active=0
            slow=0
--- a/bin/v-update-sys-vesta
+++ b/bin/v-update-sys-vesta
@ -28,12 +28,32 @@ source $VESTA/conf/vesta.conf
 # Checking arg number
 check_args '1' "$#" 'PACKAGE'

+valid=0
+if [ "$package" = "vesta" ]; then
+    valid=1
+fi
+if [ "$package" = "vesta-nginx" ]; then
+    valid=1
+fi
+if [ "$package" = "vesta-php" ]; then
+    valid=1
+fi
+if [ "$package" = "vesta-ioncube" ]; then 
+    valid=1
+fi
+if [ "$package" = "vesta-softaculous" ]; then
+    valid=1
+fi
+if [ $valid -eq 0 ]; then
+    echo "Package $package is not valid"
+    exit 1
+fi

 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

-if [ -d "/etc/sysconfig" ]; then
+if [ -n "$(command -v yum)" ]; then
    # Clean yum chache
    yum -q clean all

--- a/bin/v-update-user-counters
+++ b/bin/v-update-user-counters
@ -53,6 +53,7 @@ for user in $user_list; do
    IP_OWNED=0
    U_USERS=0
    U_DISK=0
+    DISK=0 
    U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
    if [ -z "$U_DISK_DIRS" ]; then
        U_DISK_DIRS=0
--- a/bin/v-update-user-stats
+++ b/bin/v-update-user-stats
@ -67,6 +67,9 @@ TOTAL_USERS=0

 # Updating user stats
 for user in $user_list; do
+    if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
+        continue;
+    fi
    USER_DATA=$VESTA/data/users/$user
    source $USER_DATA/user.conf
    next_month=$(date +'%m/01/%y' -d '+ 1 month')
--- a/func/db.sh
+++ b/func/db.sh
@ -55,14 +55,14 @@ mysql_query() {

 mysql_dump() {
    err="/tmp/e.mysql"
-    mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err
+    mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
    if [ '0' -ne "$?" ]; then
        rm -rf $tmpdir
        if [ "$notify" != 'no' ]; then
            echo -e "Can't dump database $database\n$(cat $err)" |\
                $SENDMAIL -s "$subj" $email
        fi
-        echo "Error: dump $database failed"
+        echo "Error: dump $database failed\n$(cat $err)"
        log_event  "$E_DB" "$ARGUMENTS"
        exit $E_DB
    fi
@ -322,7 +322,7 @@ delete_pgsql_database() {
    psql_connect $HOST

    query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
-    psql_qyery "$query" > /dev/null
+    psql_query "$query" > /dev/null

    query="DROP DATABASE $database"
    psql_query "$query" > /dev/null
--- a/func/domain.sh
+++ b/func/domain.sh
@ -215,7 +215,11 @@ add_web_config() {
        fi
    fi

-    trigger="${2/.*pl/.sh}"
+    trigger="${2/%.tpl/.sh}"
+    if [[ "$2" =~ stpl$ ]]; then
+        trigger="${2/%.stpl/.sh}"
+    fi
+
    if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
        $WEBTPL/$1/$WEB_BACKEND/$trigger \
            $user $domain $local_ip $HOMEDIR \
@ -285,8 +289,10 @@ del_web_config() {
        if [[ "$2" =~ stpl$ ]]; then
            conf="$HOMEDIR/$user/conf/web/s$1.conf"
        fi
-        get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
-        sed -i "$top_line,$bottom_line d" $conf
+        if [ -e "$conf" ]; then
+            get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
+            sed -i "$top_line,$bottom_line d" $conf
+        fi
    fi
    # clean-up for both config styles if there is no more domains
    web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
@ -337,7 +343,7 @@ is_web_domain_cert_valid() {
        check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
    fi

-    openssl s_server -quiet -cert $ssl_dir/$domain.crt \
+    openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
        -key $ssl_dir/$domain.key >> /dev/null 2>&1 &
    pid=$!
    sleep 0.5
@ -406,6 +412,24 @@ update_domain_zone() {
            VALUE=$(idn --quiet -a -t "$VALUE")
        fi

+        # Split long TXT entries into 255 chunks
+        if [ "$TYPE" = 'TXT' ]; then
+            txtlength=${#VALUE}
+            if [ $txtlength -gt 255 ]; then
+                already_chunked=0
+                if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
+                    already_chunked=1
+                fi
+                if [ $already_chunked -eq 0 ]; then
+                    if [[ ${VALUE:0:1} = '"' ]]; then
+                        txtlength=$(( $txtlength - 2 ))
+                        VALUE=${VALUE:1:txtlength}
+                    fi
+                    VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
+                fi
+            fi
+        fi
+
        if [ "$SUSPENDED" != 'yes' ]; then
            eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
        fi
--- a/func/ip.sh
+++ b/func/ip.sh
@ -141,7 +141,7 @@ get_real_ip() {
    else
        nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
        if [ ! -z "$nat" ]; then
-            echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
+            echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
        fi
    fi
 }
--- a/func/main.sh
+++ b/func/main.sh
@ -35,6 +35,7 @@ E_DB=17
 E_RRD=18
 E_UPDATE=19
 E_RESTART=20
+E_TEAPOT=418

 # Event string for logger
 for ((I=1; I <= $# ; I++)); do
@ -212,7 +213,8 @@ is_object_new() {
 # Check if object is valid
 is_object_valid() {
    if [ $2 = 'USER' ]; then
-        if [ ! -d "$VESTA/data/users/$3" ]; then
+        user_vst_dir=$(basename $3)
+        if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
            check_result $E_NOTEXIST "$1 $3 doesn't exist"
        fi
    else
@ -294,6 +296,20 @@ is_dir_symlink() {
    fi
 }

+# Check if file exists
+if_file_exists() {
+    if [[ -f "$1" ]]; then
+        check_result $E_FORBIDEN "$1 file exists"
+    fi
+}
+
+# Check if directory exists
+if_dir_exists() {
+    if [[ -d "$1" ]]; then
+        check_result $E_FORBIDEN "$1 directory exists"
+    fi
+}
+
 # Get object value
 get_object_value() {
    object=$(grep "$2='$3'" $USER_DATA/$1.conf)
@ -659,7 +675,7 @@ is_dbuser_format_valid() {

 # DNS record type validator
 is_dns_type_format_valid() {
-    known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA'
+    known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
    if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
        check_result $E_INVALID "invalid dns record type format :: $1"
    fi
@ -815,6 +831,23 @@ is_format_valid_shell() {
        exit $E_INVALID	
    fi	
 }
+
+format_no_quotes() {
+    exclude="['|\"]"
+    if [[ "$1" =~ $exclude ]]; then
+       check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
+    fi
+    is_no_new_line_format "$1"
+}
+
+is_no_new_line_format() {
+    test=$(echo "$1" | head -n1 );
+    if [[ "$test" != "$1" ]]; then
+      check_result "$E_INVALID" "invalid value :: $1"
+    fi
+}
+
+
 # Format validation controller
 is_format_valid() {
    for arg_name in $*; do
@ -823,6 +856,7 @@ is_format_valid() {
            case $arg_name in
                account)        is_user_format_valid "$arg" "$arg_name";;
                action)         is_fw_action_format_valid "$arg";;
+                alias)          is_alias_format_valid "$arg" ;;
                aliases)        is_alias_format_valid "$arg" ;;
                antispam)       is_boolean_format_valid "$arg" 'antispam' ;;
                antivirus)      is_boolean_format_valid "$arg" 'antivirus' ;;
@ -848,6 +882,7 @@ is_format_valid() {
                host)           is_object_format_valid "$arg" "$arg_name" ;;
                hour)           is_cron_format_valid "$arg" $arg_name ;;
                id)             is_int_format_valid "$arg" 'id' ;;
+                interface)      is_interface_format_valid "$arg" ;;
                ip)             is_ip_format_valid "$arg" ;;
                ip_name)        is_domain_format_valid "$arg" 'IP name';;
                ip_status)      is_ip_status_format_valid "$arg" ;;
@ -933,7 +968,85 @@ format_aliases() {
        aliases=$(echo "$aliases" |tr -s '.')
        aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
        aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
-        aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d")
+        aliases=$(echo "$aliases" |sed -e "/^$/d")
        aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
    fi
 }
+
+alter_web_counter() {
+    user=$1
+    domain=$2
+    USER_DATA=$VESTA/data/users/$user
+    
+    varc=$3
+    vard="\$${varc}"
+    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
+    
+    if [ -z "$counter" ]; then
+        add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
+        counter=0
+    fi
+    
+    ((counter++))
+    backup_counter=$counter
+    
+    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
+    counter=$backup_counter
+    
+    echo $counter
+}
+
+reset_web_counter() {
+    user=$1
+    domain=$2
+    USER_DATA=$VESTA/data/users/$user
+    
+    varc=$3
+    vard="\$${varc}"
+
+    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
+}
+
+get_web_counter() {
+    user=$1
+    domain=$2
+    USER_DATA=$VESTA/data/users/$user
+    
+    varc=$3
+    vard="\$${varc}"
+    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
+
+    if [ -z "$counter" ]; then
+        counter=0
+    fi
+
+    echo $counter
+}
+
+# Simple chmod wrapper that skips symlink files after glob expand
+# Taken from HestiaCP
+no_symlink_chmod() {
+    local filemode=$1; shift;
+
+    for i in "$@"; do
+        [[ -L ${i} ]] && continue
+
+        chmod "${filemode}" "${i}"
+    done
+}
+
+# $1 = subject
+# $2 = body
+send_email_to_admin() {
+    email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
+    email=$(echo "$email" | cut -f 2 -d "'")
+    if [ -z "$email" ]; then
+        if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
+            email=$NOTIFY_ADMIN_FULL_BACKUP
+        fi
+    fi
+    if [ -z "$email" ]; then
+        return;
+    fi
+    echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
+}
--- a/func/rebuild.sh
+++ b/func/rebuild.sh
@ -51,7 +51,7 @@ rebuild_user_conf() {
    mkdir -p $HOMEDIR/$user/conf
    chmod a+x $HOMEDIR/$user
    chmod a+x $HOMEDIR/$user/conf
-    chown $user:$user $HOMEDIR/$user
+    chown --no-dereference $user:$user $HOMEDIR/$user
    chown root:root $HOMEDIR/$user/conf

    # Update disk pipe
@ -80,7 +80,7 @@ rebuild_user_conf() {
        chmod 751 $HOMEDIR/$user/conf/web
        chmod 751 $HOMEDIR/$user/web
        chmod 771 $HOMEDIR/$user/tmp
-        chown $user:$user $HOMEDIR/$user/web
+        chown --no-dereference $user:$user $HOMEDIR/$user/web
        if [ -z "$create_user" ]; then
            $BIN/v-rebuild-web-domains $user $restart
        fi
@ -152,7 +152,7 @@ rebuild_web_domain_conf() {
    prepare_web_domain_values

    # Rebuilding domain directories
-    mkdir -p $HOMEDIR/$user/web/$domain \
+    sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/public_html \
        $HOMEDIR/$user/web/$domain/public_shtml \
        $HOMEDIR/$user/web/$domain/document_errors \
@ -178,14 +178,15 @@ rebuild_web_domain_conf() {

    # Propagating html skeleton
    if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
-        cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/
+        sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
+            $HOMEDIR/$user/web/$domain/
    fi

    # Set folder permissions
-    chmod 551 $HOMEDIR/$user/web/$domain \
+    no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/stats \
        $HOMEDIR/$user/web/$domain/logs
-    chmod 751 $HOMEDIR/$user/web/$domain/private \
+    no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
        $HOMEDIR/$user/web/$domain/cgi-bin \
        $HOMEDIR/$user/web/$domain/public_html \
        $HOMEDIR/$user/web/$domain/public_shtml \
@ -193,7 +194,7 @@ rebuild_web_domain_conf() {
    chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*

    # Set ownership
-    chown $user:$user $HOMEDIR/$user/web/$domain \
+    chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/private \
        $HOMEDIR/$user/web/$domain/cgi-bin \
        $HOMEDIR/$user/web/$domain/public_html \
@ -600,7 +601,7 @@ rebuild_pgsql_database() {
        exit $E_CONNECT
    fi

-    query="CREATE ROLE $DBUSER"
+    query="CREATE ROLE $DBUSER WITH LOGIN"
    psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1

    query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
@ -617,7 +618,7 @@ rebuild_pgsql_database() {
    query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
    psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1

-    query="GRANT CONNECT ON DATABASE template1 to $dbuser"
+    query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
    psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
 }

--- a/install/debian/7/nginx/nginx.conf
+++ b/install/debian/7/nginx/nginx.conf
@ -50,6 +50,7 @@ http {

    # Compression
    gzip                on;
+    gzip_vary           on;
    gzip_comp_level     9;
    gzip_min_length     512;
    gzip_buffers        8 64k;
--- a/install/debian/7/nginx/phpmyadmin.inc
+++ b/install/debian/7/nginx/phpmyadmin.inc
@ -1,5 +1,5 @@
 location /phpmyadmin {
-    alias /usr/share/phpmyadmin/;
+    alias /usr/share/phpmyadmin;

    location ~ /(libraries|setup) {
        return 404;
--- a/install/debian/7/nginx/phppgadmin.inc
+++ b/install/debian/7/nginx/phppgadmin.inc
@ -1,5 +1,5 @@
 location /phppgadmin {
-    alias /usr/share/phppgadmin/;
+    alias /usr/share/phppgadmin;

    location ~ ^/phppgadmin/(.*\.php)$ {
        alias /usr/share/phppgadmin/$1;
--- a/install/debian/7/nginx/webmail.inc
+++ b/install/debian/7/nginx/webmail.inc
@ -1,5 +1,5 @@
 location /webmail {
-    alias /var/lib/roundcube/;
+    alias /var/lib/roundcube;

    location ~ /(config|temp|logs) {
        return 404;
--- a/install/debian/7/pma/apache.conf
+++ b/install/debian/7/pma/apache.conf
@ -15,6 +15,7 @@ Alias /phpmyadmin /usr/share/phpmyadmin
 		php_admin_flag allow_url_fopen Off
 		php_value include_path .
 		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
+		php_admin_value sys_temp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
 	</IfModule>

--- a/install/debian/7/pma/config.inc.php
+++ b/install/debian/7/pma/config.inc.php
@ -137,6 +137,13 @@ if (!empty($dbname)) {
 $cfg['UploadDir'] = '';
 $cfg['SaveDir'] = '';

+/*
+ * Temp dir for faster beahivour
+ *
+ */
+$cfg['TempDir']  = '/tmp';
+
+
 /* Support additional configurations */
 foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
 {
--- a/install/debian/7/templates/web/apache2/basedir.stpl
+++ b/install/debian/7/templates/web/apache2/basedir.stpl
@ -15,8 +15,9 @@
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/7/templates/web/apache2/basedir.tpl
+++ b/install/debian/7/templates/web/apache2/basedir.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/7/templates/web/apache2/default.stpl
+++ b/install/debian/7/templates/web/apache2/default.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/default.tpl
+++ b/install/debian/7/templates/web/apache2/default.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/hosting.stpl
+++ b/install/debian/7/templates/web/apache2/hosting.stpl
@ -22,8 +22,9 @@
        php_admin_flag mysql.allow_persistent  off
        php_admin_flag safe_mode off
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
-        php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
+        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/hosting.tpl
+++ b/install/debian/7/templates/web/apache2/hosting.tpl
@ -14,7 +14,6 @@
    <Directory %docroot%>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
-        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value upload_max_filesize 10M
        php_admin_value max_execution_time 20
        php_admin_value post_max_size  8M
@ -24,6 +23,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/phpcgi.stpl
+++ b/install/debian/7/templates/web/apache2/phpcgi.stpl
@ -15,8 +15,9 @@
        SSLRequireSSL
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/7/templates/web/apache2/phpcgi.tpl
+++ b/install/debian/7/templates/web/apache2/phpcgi.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/7/templates/web/apache2/phpfcgid.stpl
+++ b/install/debian/7/templates/web/apache2/phpfcgid.stpl
@ -15,8 +15,9 @@
        SSLRequireSSL
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/7/templates/web/apache2/phpfcgid.tpl
+++ b/install/debian/7/templates/web/apache2/phpfcgid.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/7/templates/web/nginx/caching.stpl
+++ b/install/debian/7/templates/web/nginx/caching.stpl
@ -1,7 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port%;
+    listen      %ip%:%proxy_ssl_port% ssl;
    server_name %domain_idn% %alias_idn%;
-    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
--- a/install/debian/7/templates/web/nginx/default.stpl
+++ b/install/debian/7/templates/web/nginx/default.stpl
@ -1,7 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port%;
+    listen      %ip%:%proxy_ssl_port% ssl;
    server_name %domain_idn% %alias_idn%;
-    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
--- a/install/debian/7/templates/web/nginx/hosting.stpl
+++ b/install/debian/7/templates/web/nginx/hosting.stpl
@ -1,7 +1,6 @@
 server {
-    listen      %ip%:%proxy_ssl_port%;
+    listen      %ip%:%proxy_ssl_port% ssl;
    server_name %domain_idn% %alias_idn%;
-    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
@ -31,7 +30,7 @@ server {
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

-    disable_symlinks if_not_owner from=%docroot%;
+    disable_symlinks if_not_owner from=%sdocroot%;

    include %home%/%user%/conf/web/snginx.%domain%.conf*;
 }
--- a/install/debian/7/templates/web/nginx/http2.stpl
+++ b/install/debian/7/templates/web/nginx/http2.stpl
@ -1,17 +1,16 @@
 server {
-    listen      %ip%:%proxy_ssl_port% http2;
+    listen      %ip%:%proxy_ssl_port% ssl http2;
    server_name %domain_idn% %alias_idn%;
-    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
-    error_log  /var/log/httpd/domains/%domain%.error.log error;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;

    location / {
        proxy_pass      https://%ip%:%web_ssl_port%;
        location ~* ^.+\.(%proxy_extentions%)$ {
            root           %sdocroot%;
-            access_log     /var/log/httpd/domains/%domain%.log combined;
-            access_log     /var/log/httpd/domains/%domain%.bytes bytes;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
--- a/install/debian/7/templates/web/nginx/http2.tpl
+++ b/install/debian/7/templates/web/nginx/http2.tpl
@ -1,14 +1,14 @@
 server {
    listen      %ip%:%proxy_port%;
    server_name %domain_idn% %alias_idn%;
-    error_log  /var/log/httpd/domains/%domain%.error.log error;
+    error_log  /var/log/%web_system%/domains/%domain%.error.log error;

    location / {
        proxy_pass      http://%ip%:%web_port%;
        location ~* ^.+\.(%proxy_extentions%)$ {
            root           %docroot%;
-            access_log     /var/log/httpd/domains/%domain%.log combined;
-            access_log     /var/log/httpd/domains/%domain%.bytes bytes;
+            access_log     /var/log/%web_system%/domains/%domain%.log combined;
+            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
--- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
@ -10,63 +10,53 @@ server {
    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
-
-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
-    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
-    }
-
-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-    }
-    
-    location / {
-        try_files $uri @rewrite;
-    }
-
+   
    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
-    }
-    
-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
-    }    
+    }   
+   
+    location / {
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
+        }

-    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location ~ \..*/.*\.php$ {
+            return 403;
+        }
+
+        location ~ ^/sites/.*/private/ {
+            return 403;
+        }
+
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+        }
+        
        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }

-    location ~ ^/sites/.*/files/imagecache/ {
-        try_files $uri @rewrite;
-    }    
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }

-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;             
-        include /etc/nginx/fastcgi_params;
+        location ~ ^/sites/.*/files/imagecache/ {
+            try_files $uri @rewrite;
+        }    
+
+        location ~ '\.php$|^/update.php' {
+            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_pass %backend_lsnr%;             
+            include /etc/nginx/fastcgi_params;
+        }        
    }

    error_page  403 /error/404.html;
--- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
@ -7,62 +7,52 @@ server {
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
-    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
-        }
-
-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-    }
-
-    location / {
-        try_files $uri @rewrite;
-    }
-
    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }
+
+    location / {
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
+        }
+
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location ~ \..*/.*\.php$ {
+            return 403;
+        }
+
+        location ~ ^/sites/.*/private/ {
+            return 403;
+        }
+
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+        }
    
-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
-    }    
+        try_files $uri @rewrite; 

-    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }

-    location ~ ^/sites/.*/files/imagecache/ {
-        try_files $uri @rewrite;
-    }
-        
-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;             
-        include /etc/nginx/fastcgi_params;
+        location ~ ^/sites/.*/files/imagecache/ {
+            try_files $uri @rewrite;
+        }
+            
+        location ~ '\.php$|^/update.php' {
+            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_pass %backend_lsnr%;             
+            include /etc/nginx/fastcgi_params;
+        }        
    }

    error_page  403 /error/404.html;
--- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
@ -11,62 +11,56 @@ server {
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;

-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
-    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
-    }
-
-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
    }
    
    location / {
-        try_files $uri /index.php?$query_string;
-    }
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
+        }

-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
-    }        
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }

-    location ~ ^/sites/.*/files/styles/ {
-        try_files $uri @rewrite;
-    }
+        location ~ \..*/.*\.php$ {
+            return 403;
+        }

-    location ~ ^(/[a-z\-]+)?/system/files/ {
-        try_files $uri /index.php?$query_string;
-    }
+        location ~ ^/sites/.*/private/ {
+            return 403;
+        }

-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+        }
    
-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;
-        include         /etc/nginx/fastcgi_params;
+        try_files $uri /index.php?$query_string;  
+
+        location ~ ^/sites/.*/files/styles/ {
+            try_files $uri @rewrite;
+        }
+
+        location ~ ^(/[a-z\-]+)?/system/files/ {
+            try_files $uri /index.php?$query_string;
+        }
+
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }
+        
+        location ~ '\.php$|^/update.php' {
+            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_pass %backend_lsnr%;
+            include /etc/nginx/fastcgi_params;
+        }        
    }

    error_page  403 /error/404.html;
--- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
@ -7,62 +7,56 @@ server {
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
+   
+    location / {
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
        }

-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-    
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-    }
-    
-    location / {
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location ~ \..*/.*\.php$ {
+            return 403;
+        }
+
+        location ~ ^/sites/.*/private/ {
+            return 403;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+        }  
+
        try_files $uri /index.php?$query_string;
-    }

-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
-    }        
+        location ~ ^/sites/.*/files/styles/ {
+            try_files $uri @rewrite;
+        }

-    location ~ ^/sites/.*/files/styles/ {
-        try_files $uri @rewrite;
-    }
+        location ~ ^(/[a-z\-]+)?/system/files/ {
+            try_files $uri /index.php?$query_string;
+        }

-    location ~ ^(/[a-z\-]+)?/system/files/ {
-        try_files $uri /index.php?$query_string;
-    }
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }

-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }
-
-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;
-        include         /etc/nginx/fastcgi_params;
+        location ~ '\.php$|^/update.php' {
+            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_pass %backend_lsnr%;
+            include /etc/nginx/fastcgi_params;
+        }                
    }

    error_page  403 /error/404.html;
--- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
@ -11,63 +11,62 @@ server {
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;

-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
-    }
-
-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-    }
-    
+   
    location / {
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
+        }
+
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location ~ \..*/.*\.php$ {
+            return 403;
+        }
+
+        location ~ ^/sites/.*/private/ {
+            return 403;
+        }
+
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+        }
+        
+        location ~ /vendor/.*\.php$ {
+            deny all;
+            return 404;
+        }          
+        
        try_files $uri /index.php?$query_string;
-    }
+        
+        location ~ ^/sites/.*/files/styles/ {
+            try_files $uri @rewrite;
+        }

-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
-    }        
+        location ~ ^(/[a-z\-]+)?/system/files/ {
+            try_files $uri /index.php?$query_string;
+        }

-    location ~ ^/sites/.*/files/styles/ {
-        try_files $uri @rewrite;
-    }
-
-    location ~ ^(/[a-z\-]+)?/system/files/ {
-        try_files $uri /index.php?$query_string;
-    }
-
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }
-    
-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;
-        include         /etc/nginx/fastcgi_params;
-    }
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }
+        
+        location ~ '\.php$|^/update.php' {
+            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_pass %backend_lsnr%;
+            include /etc/nginx/fastcgi_params;
+        }        
+    }    

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
--- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
@ -7,64 +7,63 @@ server {
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;

-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
-    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+    }  
+   
+    location / {
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
        }

-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-    
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-    }
-    
-    location / {
-        try_files $uri /index.php?$query_string;
-    }
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }

-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
+        location ~ \..*/.*\.php$ {
+            return 403;
+        }
+
+        location ~ ^/sites/.*/private/ {
+            return 403;
+        }
+        
+        location ~ ^/sites/[^/]+/files/.*\.php$ {
+            deny all;
+        }
+        
+        location ~ /vendor/.*\.php$ {
+            deny all;
+            return 404;
+        }          
+        
+        try_files $uri /index.php?$query_string;
+        
+        location ~ ^/sites/.*/files/styles/ {
+            try_files $uri @rewrite;
+        }
+
+        location ~ ^(/[a-z\-]+)?/system/files/ {
+            try_files $uri /index.php?$query_string;
+        }
+
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }
+
+        location ~ '\.php$|^/update.php' {
+            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_pass %backend_lsnr%;
+            include /etc/nginx/fastcgi_params;
+        }        
    }        

-    location ~ ^/sites/.*/files/styles/ {
-        try_files $uri @rewrite;
-    }
-
-    location ~ ^(/[a-z\-]+)?/system/files/ {
-        try_files $uri /index.php?$query_string;
-    }
-
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }
-
-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;
-        include         /etc/nginx/fastcgi_params;
-    }
-
    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;
--- a/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl
@ -3,7 +3,7 @@ server {
    server_name %domain_idn% %alias_idn%;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
-    root        %docroot%;
+    root        %sdocroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
--- a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl
@ -1,7 +1,7 @@
 server {
    listen      %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;
-    root        %docroot%;
+    root        %sdocroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
--- a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl
+++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl
@ -0,0 +1,89 @@
+server {
+    listen      %ip%:%web_ssl_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    set $cache_uri $request_uri;
+
+    if ($request_method = POST) {
+        set $cache_uri 'null cache';
+    }
+
+    if ($query_string != "") {
+        set $cache_uri 'null cache';
+    }   
+
+    if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
+                          |wp-.*.php|/feed/|index.php|wp-comments-popup.php
+                          |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
+                          |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
+        set $cache_uri 'null cache';
+    }  
+
+    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
+                         |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
+        set $cache_uri 'null cache';
+    }
+    
+    location / {
+        try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args;
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    %backend_lsnr%;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/conf/web/%domain%.auth*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
+}
--- a/Show more
+++ b/Show more