Patch: Allow challenge for protected webroot

[HolySmoke86]

I have a few webs that protect their Webroot via the "Protected Dirs" config (nginx auth_basic). This prevents letsencrypt from accessing the ACME challenge response.
The following patch changes the template generation of per-vhost nginx configuration files to disable basic auth for the .well-known/acme-challenge directory:

--- /opt/psa/admin/conf/templates/default/domain/service/nginxProtectedDirectories.php.orig	2018-02-06 12:55:48.586891199 +0100
+++ /opt/psa/admin/conf/templates/default/domain/service/nginxProtectedDirectories.php	2018-02-06 12:54:48.034348146 +0100
@@ -13,6 +13,12 @@
         auth_basic "<?php echo strlen($directory['realm']) > 0 ? $directory['realm'] : ' ' ?>";
         auth_basic_user_file "<?php echo $directory['authFile'] ?>";
 
+		<?php if (ltrim($directory['relativePath'] . '/', '/') == ''): ?>
+		location ~ \.well-known/acme-challenge {
+			auth_basic off;
+		}
+		<?php endif ?>
+
     <?php if ($VAR->domain->physicalHosting->php && $VAR->domain->physicalHosting->proxySettings['nginxServePhp']): ?>
 
         location ~ \.php(/.*)?$ {