add-dns: add cname to config, full CAA display

DOCS/configuration.md

@@ -184,17 +184,35 @@ Linux group as who runs SFTPGo. (Gets full permissions on users directories.)
 
 Linux user as who runs SFTPGo. (Used to delete files that users created.)
 
+### `cname`
+
+For a site with dedicated domain, the domain that users must point their domain to.
+
+This domain should have the following records:
+
+AAAA
+: `ipv6_address`
+
+A
+: `ipv4_address`
+
+CAA
+: `caa_account_uris[testing]`
+
+CAA
+: `caa_account_uris[approved]`
+
 ### `ipv6_address`, `ipv4_address`
 
-Public IPv6 and IPv4 addresses that users must set in their AAAA and A records for a site with dedicated domain.
+For a site with dedicated domain, when manually copying records, public IPv6 and IPv4 addresses that users must set in their AAAA and A records.
 
-### `caa_account_uri`
+Should be the same as the AAAA and A records for `cname`.
 
-The URI of the account that requests stable Let's Encrypt certificates. Used for the CAA record of approved accounts. Output of `certbot show_account`
+### `caa_account_uris[]`
 
-### `caa_account_uri_staging`
+For a site with dedicated domain, when manually copying records, the URIs of the accounts (both stable and staging) that request Let's Encrypt certificates. Keys `testing` and `approved` must be set to outputs of respectively `certbot show_account --test-cert` and `certbot show_account`
 
-The URI of the account that requests staging Let's Encrypt certificates. Used for the CAA record of testing accounts. Output of `certbot show_account --test-cert`
+Should be the same as the CAA records for `cname`.
 
 ### `sftp_pub`
 

config.template.ini

@@ -57,10 +57,11 @@ sftpgo_group = "sftpgo"
 sftpgo_user = "sftpgo"
 
 ; Will be shown to users
+cname = "ht.servnest.test."
 ipv6_address = "::1"
 ipv4_address = "127.0.0.1"
-caa_account_uri = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789"
+caa_account_uris[testing] = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789"
-caa_account_uri_staging = "https://acme-staging-v02.api.letsencrypt.org/acme/acct/0123456789"
+caa_account_uris[approved] = "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789"
 sftp_pub = "/etc/sftpgo/ed25519.pub"
 sftp_fp = "/etc/sftpgo/ed25519.fp"
 sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"

css/main.css

@@ -103,3 +103,8 @@ table {
 table.zone td:first-child {
 	text-align: right;
 }
+
+s {
+	font-size: 0.7rem;
+	line-height: 1.2rem;
+}

pg-view/auth/index.php

@@ -31,4 +31,4 @@ else
 
 <h2><?= _('Internal ID') ?></h2>
 
-<p><?= sprintf(_('The current account\'s internal ID is %s.'), '<small><code>' . ($_SESSION['id'] ?? '—') . '</code></small>') ?></p>
+<p><?= sprintf(_('The current account\'s internal ID is %s.'), '<small><code>' . ($_SESSION['id'] ?? '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef') . '</code></small>') ?></p>

pg-view/ht/add-dns.php

@@ -18,10 +18,18 @@
 		<dd>
 			<code><?= CONF['ht']['ipv4_address'] ?></code>
 		</dd>
-		<dt><code>CAA</code></dt>
+		<dt><code>CAA</code> (<?= _('useful for testing accounts only') ?>)</dt>
-		<dd>
+		<?= (($_SESSION['type'] ?? '') === 'testing') ? '' : '<s>' ?>
-			<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= (($_SESSION['type'] ?? 'approved') === 'approved') ? CONF['ht']['caa_account_uri'] : CONF['ht']['caa_account_uri_staging'] ?>"</code>
+			<dd>
-		</dd>
+				<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= CONF['ht']['caa_account_uris']['testing'] ?>"</code>
+			</dd>
+		<?= (($_SESSION['type'] ?? '') === 'testing') ? '' : '</s>' ?>
+		<dt><code>CAA</code> (<?= _('useful for approved accounts only') ?>)</dt>
+		<?= (($_SESSION['type'] ?? '') === 'approved') ? '' : '<s>' ?>
+			<dd>
+				<code>0 issue "letsencrypt.org; validationmethods=http-01; accounturi=<?= CONF['ht']['caa_account_uris']['approved'] ?>"</code>
+			</dd>
+		<?= (($_SESSION['type'] ?? '') === 'approved') ? '' : '</s>' ?>
 	</dl>
 </details>