ht/dns-add: display recommended CAA record

DOCS/configuration.md

@@ -183,6 +183,14 @@ Linux user as who runs SFTPGo. (Used to delete files that users created.)
 
 Public IPv6 and IPv4 addresses that users must set in their AAAA and A records for a site with dedicated domain.
 
+### `caa_account_uri`
+
+The URI of the account that requests stable Let's Encrypt certificates. Used for the CAA record of approved accounts. Output of `certbot show_account`
+
+### `caa_account_uri_staging`
+
+The URI of the account that requests staging Let's Encrypt certificates. Used for the CAA record of testing accounts. Output of `certbot show_account --test-cert`
+
 ### `sftp_pub`
 
 Filesystem path to where the public key of the SFTP service is available.

config.ini

@@ -57,6 +57,8 @@ sftpgo_user = "sftpgo"
 ; Will be shown to users
 ipv6_address = "::1"
 ipv4_address = "127.0.0.1"
+caa_account_uri = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789"
+caa_account_uri_staging = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789"
 sftp_pub = "/etc/sftpgo/ed25519.pub"
 sftp_fp = "/etc/sftpgo/ed25519.fp"
 sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"

css/main.css

@@ -55,10 +55,6 @@ p {
 	margin-bottom: 1rem;
 }
 
-.breakable {
-	word-break: break-all;
-}
-
 ::selection {
 	background-color: var(--foreground-color);
 	color: var(--background-color);
@@ -72,10 +68,6 @@ pre {
 	margin: 0;
 }
 
-code {
-	white-space: nowrap;
-}
-
 a {
 	color: var(--foreground-color);
 	text-decoration: underline var(--svc-color) 0.2em;

pg-act/ns/caa.php

@@ -5,10 +5,10 @@ $values = nsParseCommonRequirements();
 if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
 	output(403, 'Wrong value for <code>flag</code>.');
 
-if (!(preg_match('/^[a-z]{1,127}$/D', $_POST['tag'])))
+if (!(preg_match('/^[a-z0-9]{1,127}$/D', $_POST['tag'])))
 	output(403, 'Wrong value for <code>tag</code>.');
 
-if (!(preg_match('/^[a-z0-9.-]{1,255}$/D', $_POST['value'])))
+if (!(preg_match('/^[a-zA-Z0-9 .,;*|#~@=:!?%$+\/\()[\]_-]{1,255}$/D', $_POST['value'])))
 	output(403, 'Wrong value for <code>value</code>.');
 
 rateLimit();

pg-act/ns/txt.php

@@ -2,7 +2,7 @@
 
 $values = nsParseCommonRequirements();
 
-if (!(preg_match('/^[a-zA-Z0-9 .@=:!%$+\/\()[\]_-]{5,8192}$/D', $_POST['txt'])))
+if (!(preg_match('/^[a-zA-Z0-9 .,;*|#~@=:!?%$+\/\()[\]_-]{5,8192}$/D', $_POST['txt'])))
 	output(403, 'Wrong value for <code>txt</code>.');
 
 rateLimit();

pg-view/ht/add-dns.php

@@ -19,6 +19,10 @@
 	<dd>
 		<code><?= SERVER_NAME ?>_domain-verification=<?= getAuthToken() ?></code>
 	</dd>
+	<dt><code>CAA</code></dt>
+	<dd>
+		<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
+	</dd>
 </dl>
 
 <form method="post">