thrown exception for non LE certificates

backend/internal/certificate.js

@@ -337,16 +337,28 @@ const internalCertificate = {
 	},
 
 	/**
+	 * @param   {Access}  access
 	 * @param   {Object}  data
 	 * @param   {Number}  data.id
 	 * @returns {Promise}
 	 */
-	download: (data) => {
+	download: (access, data) => {
-		const downloadName = 'npm-' + data.id + '-' + `${Date.now()}.zip`;
-		const opName       = '/tmp/' + downloadName;
-		const zipDirectory = '/etc/letsencrypt/live/npm-' + data.id;
 
 		return new Promise((resolve, reject) => {
+			access.can('certificates:get', data)
+				.then(() => {
+					return internalCertificate.get(access, data);
+				})
+				.then((certificate) => {
+					if (certificate.provider === 'letsencrypt') {
+						const zipDirectory = '/etc/letsencrypt/live/npm-' + data.id;
+
+						if (!fs.existsSync(zipDirectory)) {
+							throw new error.ItemNotFoundError('Certificate ' + certificate.nice_name + ' does not exists');
+						}
+
+						const downloadName = 'npm-' + data.id + '-' + `${Date.now()}.zip`;
+						const opName       = '/tmp/' + downloadName;
 						internalCertificate.zipDirectory(zipDirectory, opName)
 							.then(() => {
 								logger.debug('zip completed : ', opName);
@@ -357,6 +369,10 @@ const internalCertificate = {
 							}).catch((err) => {
 								reject(err);
 							});
+					} else {
+						throw new error.ValidationError('Only Let\'sEncrypt certificates can be renewed');
+					}
+				}).catch((err) => reject(err));
 		});
 	},
 

backend/routes/api/nginx/certificates.js

@@ -228,7 +228,7 @@ router
 	 * Renew certificate
 	 */
 	.get((req, res, next) => {
-		internalCertificate.download({
+		internalCertificate.download(res.locals.access, {
 			id: parseInt(req.params.certificate_id, 10)
 		})
 			.then((result) => {