diff -urN smeserver-manager-0.1.4.old/root/etc/e-smith/events/actions/letsencrypt-kill-dehydrated-timer smeserver-manager-0.1.4/root/etc/e-smith/events/actions/letsencrypt-kill-dehydrated-timer
--- smeserver-manager-0.1.4.old/root/etc/e-smith/events/actions/letsencrypt-kill-dehydrated-timer	1970-01-01 01:00:00.000000000 +0100
+++ smeserver-manager-0.1.4/root/etc/e-smith/events/actions/letsencrypt-kill-dehydrated-timer	2024-11-22 11:28:49.316853979 +0000
@@ -0,0 +1,2 @@
+#! /bin/sh
+systemctl is-active --quiet dehydrated.timer && systemctl stop dehydrated.timer
diff -urN smeserver-manager-0.1.4.old/root/etc/e-smith/events/actions/letsencrypt-setdomains smeserver-manager-0.1.4/root/etc/e-smith/events/actions/letsencrypt-setdomains
--- smeserver-manager-0.1.4.old/root/etc/e-smith/events/actions/letsencrypt-setdomains	1970-01-01 01:00:00.000000000 +0100
+++ smeserver-manager-0.1.4/root/etc/e-smith/events/actions/letsencrypt-setdomains	2024-12-01 14:47:00.000000000 +0000
@@ -0,0 +1,159 @@
+#!/bin/bash
+
+#----------------------------------------------------------------------
+# copyright (C) 2022 Koozali SME Server
+#               
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#               
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#               
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+
+event=$1
+fqdn=$2
+todo=$3
+domainlist=""
+
+case $todo in
+  disabled|enabled)
+        #
+        ;;
+  *)
+	todo="all"
+	;;
+esac
+
+if [[ ! -z "$fqdn"  ]]
+  then
+  # if fqdn not empty just use this one
+  domainlist="$fqdn"
+elif [[ ! -z "$event" ]] && [[ "$event" == *"domain"* ]]
+  then
+  # else if event *domains* => all domains
+  domainlist=$(perl -Mesmith::DomainsDB -e 'my $domains = esmith::DomainsDB->open; my @DOM = $domains->get_all_by_prop(type=>"domain"); print( join(" " , map { $_->key } @DOM)) ')
+elif [[ ! -z "$event" ]] && [[ "$event" == *"host"* ]]
+  then
+  # else if event *hosts* => all hosts
+  domainlist=$(perl -Mesmith::HostsDB -e 'my $domains = esmith::HostsDB->open; my @DOM = $domains->get_all_by_prop(type=>"host"); print( join(" " , map { $_->key } @DOM)) ')
+else
+  # else all domain and hosts
+  domains=$(perl -Mesmith::DomainsDB -e 'my $domains = esmith::DomainsDB->open; my @DOM = $domains->get_all_by_prop(type=>"domain"); print( join(" " , map { $_->key } @DOM)) ')
+  hosts=$(perl -Mesmith::HostsDB -e 'my $domains = esmith::HostsDB->open; my @DOM = $domains->get_all_by_prop(type=>"host"); print( join(" " , map { $_->key } @DOM)) ')
+  domainlist="$domains $hosts"
+fi
+domainlist=$(echo $domainlist |sort|uniq)
+
+#list from pihole install script; only ipv4 ones
+#here we select our 
+dns=$(/sbin/e-smith/db configuration getprop letesencrypt dnscheck||echo "https://cloudflare-dns.com/dns-query,8.8.8.8,8.8.4.4,1.1.1.1,1.0.0.1,208.67.222.222,208.67.220.220,4.2.2.1,4.2.2.2,8.20.247.20,84.200.69.80,84.200.70.40,9.9.9.10,149.112.112.10")
+# from https://stackoverflow.com/questions/10586153/how-to-split-a-string-into-an-array-in-bash
+IFS=', ' read -r -a DNS <<< "$dns"
+RANDOM=$$$(date +%s)
+x=1
+#TODO: if only one element skip the random selection
+while [ $x -le 5 ]; do
+mydns=${DNS[ $RANDOM % ${#DNS[@]} ]}
+if [[ $mydns == http* ]] ; then
+  curl -s $mydns >/dev/null 
+  if [[ "$?" == "0" ]]; then
+    break
+  fi
+else
+  nc -z  -w2 $mydns 53
+  if [[ "$?" == "0" ]]; then
+    break
+  fi
+fi
+x=$(( $x + 1 ))
+#in case of failure defaulting on a dns over https after 5
+mydns="https://cloudflare-dns.com/dns-query"
+done
+echo "External DNS Server  : $mydns"
+
+MYFORCEDIP=$(/sbin/e-smith/db configuration getprop letesencrypt ExternalIP)
+# check if gateway or server only
+MYMODE=$(/sbin/e-smith/db configuration get SystemMode)
+# check our external ip if gateway, internal else
+LOCALIP=$(/sbin/e-smith/db configuration get InternalIP)
+MYIP=$LOCALIP
+# check the ip suggested by external world that point to us.
+MYEXTIP=$(/usr/sbin/e-smith/getmyip)
+
+if [ -z "$MYFORCEDIP" ]; then
+  # we do not expect that a server-only has an ip routable on internet as firewall is not designed for that
+  # but in case, we handle the situation as for ExternalIP in servergateway mode, please write ad hoc rules for masq if you do so...
+  if [[ "$MYMODE" == "servergateway"  ]] ; then
+    MYIP=$(/sbin/e-smith/db configuration get ExternalIP);
+  fi
+  if [[ "$MYIP" != "$MYEXTIP"  ]] ; then
+    echo "External Interface IP: $MYIP"
+    echo "Detected Wan IP      : $MYEXTIP"
+    echo "You seem to be behind a firewall, using the external IP obtained with our test $MYEXTIP"
+    MYIP=$MYEXTIP
+  fi
+else
+  MYIP=$MYFORCEDIP
+fi
+
+echo "============================================================================================="
+OUTPUT="Domain\tStatus\tMYIP\tA\tLE_status\tLE_previous"
+# TODO all : check disabled and enabled ; active : check enabled and undef only
+
+for DOMAIN in  $domainlist 
+   do
+   # is it a host, a domain or should we ignore it
+   TYPE=$(/sbin/e-smith/db domains gettype $DOMAIN || /sbin/e-smith/db hosts gettype $DOMAIN )
+   if [[ "$TYPE" == "domain" ]] ; then 
+	TYPE="domains"
+   elif [[ "$TYPE" == "host" ]] ; then
+        TYPE="hosts"
+   else
+	echo "$DOMAIN is not in domains and not in hosts ($TYPE)"
+	continue
+   fi
+   # do we have a priority ?
+   currentstate=$(/sbin/e-smith/db $TYPE getprop $DOMAIN letsencryptSSLcert || echo "disabled")
+   if [ "$currentstate" != "$todo" -a "$todo" != "all" ] ; then
+	#echo "$DOMAIN skipping, only checking $todo $TYPE"
+	continue
+   fi
+   # https://stackoverflow.com/questions/15268987/bash-based-regex-domain-name-validation 
+   if ( !  echo $DOMAIN| grep -P -q '(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+([a-zA-Z]{2,}|xn--[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])$)' -Z ) ; then
+	if [[ "$currentstate" == "disabled" ]]; then continue; fi
+        echo "$DOMAIN is not a RFC compliant domain, disabling"
+	/sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert disabled
+        /sbin/e-smith/db $TYPE delprop $DOMAIN letsencryptMYIP
+        continue
+   fi
+   THISDOMIP=$(/usr/bin/q A @$mydns $DOMAIN -f json |jq -r 'first(.Answers[].A  | select( . != null )) // null' 2>/dev/null || /usr/bin/q A @$LOCALIP $DOMAIN -f json |jq -r 'first(.Answers[].A  | select( . != null )) // null' 2>/dev/null  )
+   previous=$(/sbin/e-smith/db $TYPE getprop $DOMAIN letsencryptSSLcert||echo 'undefined');
+   # if it does not resolve, next
+   if [[ "$THISDOMIP" == ""  ]]
+        then
+        OUTPUT="$OUTPUT\n$DOMAIN\tNOK\t$MYIP\tnoip\tdisabled\t$previous"
+        /sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert disabled
+        /sbin/e-smith/db $TYPE delprop $DOMAIN letsencryptMYIP
+        continue;
+   fi
+   if [[ "$MYIP" == "$THISDOMIP" ]]
+        then
+        OUTPUT="$OUTPUT\n$DOMAIN\tOK\t$MYIP\t$THISDOMIP\tenabled\t$previous"
+        /sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert enabled letsencryptMYIP $THISDOMIP
+   else
+        OUTPUT="$OUTPUT\n$DOMAIN\tNOK\t$MYIP\t$THISDOMIP\tdisabled\t$previous"
+        /sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert disabled letsencryptMYIP $THISDOMIP
+   fi
+   sleep 1
+done
+printf "%b" $OUTPUT |column -t -s $'\t' 
+
diff -urN smeserver-manager-0.1.4.old/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/sme_core.css/90contribs smeserver-manager-0.1.4/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/sme_core.css/90contribs
--- smeserver-manager-0.1.4.old/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/sme_core.css/90contribs	2020-11-19 07:53:26.000000000 +0000
+++ smeserver-manager-0.1.4/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/sme_core.css/90contribs	2024-11-26 16:25:00.000000000 +0000
@@ -67,5 +67,21 @@
 color: #8ebe43;
 background-color: #8ebe43;
     }
+      
+/* flag container no flag */
+#flag-container span {
+  font-size: 24px;
+}
+
+.fallback-box {
+  display: inline-block; /* Make it inline-block to fit around the content */
+  border: 2px solid gray; /* Change the border color as desired */
+  padding: 10px; /* Add some padding */
+  border-radius: 10px; /* Round the corners of the box */
+  font-size: 60px; /* Adjust size if needed */
+  margin-top: 10px; /* Add some margin */
+  text-align: center; /* Center text inside the box */
+}
+
 HERE
 }
diff -urN smeserver-manager-0.1.4.old/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/styles.css/50body smeserver-manager-0.1.4/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/styles.css/50body
--- smeserver-manager-0.1.4.old/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/styles.css/50body	2024-12-09 10:51:08.462623478 +0000
+++ smeserver-manager-0.1.4/root/etc/e-smith/templates/usr/share/smanager/themes/default/public/css/styles.css/50body	2024-11-26 16:25:00.000000000 +0000
@@ -234,7 +234,7 @@
     width: 100%;
 }
 #h2e11 {
-    width: 70%;
+    width: 50%;
     float: left;
 }
 #h2e12 {
@@ -257,9 +257,9 @@
     width: 70%;
 }
 
-#h2e22,#h2e23 {
+#h2e22,#h2e23,#h2e12 {
     float: left;
-    width: 10%;
+    width: 14em;
     text-align: center;
 }
 
@@ -273,6 +273,7 @@
     left: 2px;
 }
 
+
 /*end*/
 EOF
 }
diff -urN smeserver-manager-0.1.4.old/root/usr/sbin/e-smith/getmyip smeserver-manager-0.1.4/root/usr/sbin/e-smith/getmyip
--- smeserver-manager-0.1.4.old/root/usr/sbin/e-smith/getmyip	1970-01-01 01:00:00.000000000 +0100
+++ smeserver-manager-0.1.4/root/usr/sbin/e-smith/getmyip	2024-11-27 15:53:00.000000000 +0000
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# List of services to query for the public IP
+services=(
+    "ifconfig.me"
+    "ipinfo.io/ip"
+    "icanhazip.com"
+    "api.ipify.org"
+    "ident.me"
+    "ip.tyk.nu"
+    "checkip.amazonaws.com"
+    "ipecho.net/plain"
+    "myip.dnsomatic.com"
+    "ip.seeip.org"
+    "ipapi.co/ip"
+    "wtfismyip.com/text"
+    "openident.net/ip"
+    "ifconfig.co/ip"
+)
+
+# Function to shuffle the array of services
+shuffle_services() {
+    local i
+    for ((i=${#services[@]} - 1; i > 0; i--)); do
+        local j=$((RANDOM % (i + 1)))
+        local temp="${services[i]}"
+        services[i]="${services[j]}"
+        services[j]="$temp"
+    done
+}
+
+# Function to fetch the public IP address
+get_public_ip() {
+    shuffle_services
+    for service in "${services[@]}"; do
+        public_ip=$(curl -s --max-time 5 "$service")
+        
+        # Check if the curl request was successful and there's a valid IP address
+        if [[ $? -eq 0 && $public_ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            logger -t public_ip_script "Service used: $service, IP found: $public_ip"
+            echo "$public_ip"
+            return
+        fi
+    done
+
+    # If none of the services returned a valid IP, output an error message
+    echo "Failed to retrieve public IP using all services." >&2
+    logger -t public_ip_script "Error: Failed to retrieve public IP using all services."
+    exit 1
+}
+
+# Execute the function
+get_public_ip
+
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/public/css/letsencrypt.css smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/public/css/letsencrypt.css
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/public/css/letsencrypt.css	2024-12-09 10:51:12.148733531 +0000
+++ smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/public/css/letsencrypt.css	2024-12-09 15:13:38.416498067 +0000
@@ -53,3 +53,38 @@
 .read1 {}
 .text2 {}
 .back3 {}
+ .inline-buttons {
+    display: flex; /* Use flexbox to arrange items horizontally */
+    gap: 10px;     /* Optional: Add space between buttons */
+  }
+
+  .inline-buttons .link {
+    /* Additional styling can be added here if needed */
+  }
+  
+  
+  .inline-buttons .link {
+    display: inline-block; /* Keep links as inline-block for button shape */
+    padding: 7px 14px;     /* Adjusted padding to approximate 70% of the original */
+    margin: 0;             /* Remove margin */
+    background-color: #efefef; /* Light gray background color */
+    color: black;          /* Text color */
+    text-decoration: none; /* Remove underline */
+    border: 2px solid #bbb; /* Thin, light gray border */
+    border-radius: 3px;    /* Slightly rounded corners */
+    font-size: 11.2px;     /* Adjusted font size to approximate 70% of the original */
+    text-align: center;    /* Center the text */
+    cursor: pointer;       /* Pointer cursor on hover */  }
+
+  /* Hover and active effects for better interaction */
+  .inline-buttons .link:hover {
+    background-color: #d9d9d9; /* Darker shade on hover */
+  }
+
+  .inline-buttons .link:active {
+    background-color: #c0c0c0; /* Even darker shade on click */
+  }
+  
+  span .label {
+	padding-top:13em;
+  }