From 2fb8f163fccb51b6c50ac0995b0d777ddc4d52c4 Mon Sep 17 00:00:00 2001
From: Rephl3x <zak.bearman@amslabs.net>
Date: Thu, 29 Jan 2026 11:14:22 +1300
Subject: [PATCH] Add DNS-only mode toggle

---
 certy.ps1 | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/certy.ps1 b/certy.ps1
index 462448a..c488db1 100644
--- a/certy.ps1
+++ b/certy.ps1
@@ -637,6 +637,8 @@ $verboseBox = Add-CheckBox "Verbose" $xInput $y 120 $rowHeight
 $runWacsBox = Add-CheckBox "Run WACS after DNS update" ($xInput + 140) $y 260 $rowHeight
 $perHostBox = Add-CheckBox "One cert per host" ($xInput + 430) $y 180 $rowHeight
 $runWacsBox.Checked = $true
+$y += $rowHeight + $gap
+$disableCertsBox = Add-CheckBox "Turn off cert generation (DNS-only mode)" $xInput $y 360 $rowHeight
 $y += $rowHeight + ($gap * 2)
 
 $runBtn = New-Object System.Windows.Forms.Button
@@ -694,6 +696,23 @@ function Update-ReplicationUI {
     $dnsListBox.Enabled = $enabled
 }
 
+function Update-CertGenerationUI {
+    $disabled = $disableCertsBox.Checked
+    $runWacsBox.Enabled = -not $disabled
+    $perHostBox.Enabled = -not $disabled
+    if ($disabled) {
+        $runWacsBox.Checked = $false
+    }
+
+    $wacsPathBox.Enabled = -not $disabled
+    $outputTypeBox.Enabled = -not $disabled
+    $outputPathBox.Enabled = -not $disabled
+    $pfxPasswordBox.Enabled = -not $disabled
+    $baseUriBox.Enabled = -not $disabled
+    $validationBox.Enabled = -not $disabled
+    $validationPortBox.Enabled = -not $disabled
+}
+
 $loadedDefaults = Load-Defaults
 if ($loadedDefaults) {
     if ($loadedDefaults.DefaultZone) { $zoneBox.Text = $loadedDefaults.DefaultZone }
@@ -714,10 +733,12 @@ if ($loadedDefaults) {
     if ($null -ne $loadedDefaults.RunWacs) { $runWacsBox.Checked = [bool]$loadedDefaults.RunWacs }
     if ($null -ne $loadedDefaults.Verbose) { $verboseBox.Checked = [bool]$loadedDefaults.Verbose }
     if ($null -ne $loadedDefaults.PerHostCerts) { $perHostBox.Checked = [bool]$loadedDefaults.PerHostCerts }
+    if ($null -ne $loadedDefaults.DisableCertGeneration) { $disableCertsBox.Checked = [bool]$loadedDefaults.DisableCertGeneration }
     if ($loadedDefaults.OutputType) { $outputTypeBox.SelectedItem = $loadedDefaults.OutputType }
     if (-not $outputTypeBox.SelectedItem) { $outputTypeBox.SelectedIndex = 0 }
     Update-OutputTypeUI
     if (Test-Path function:Update-ReplicationUI) { Update-ReplicationUI }
+    Update-CertGenerationUI
     & $logAction "Defaults loaded from $(Get-DefaultsPath)."
 }
 
@@ -875,6 +896,10 @@ $outputTypeBox.Add_SelectedIndexChanged({
     Update-OutputTypeUI
 })
 
+$disableCertsBox.Add_CheckedChanged({
+    Update-CertGenerationUI
+})
+
 $saveDefaultsBtn.Add_Click({
     $defaults = [pscustomobject]@{
         DefaultZone         = $zoneBox.Text
@@ -894,6 +919,7 @@ $saveDefaultsBtn.Add_Click({
         RunWacs             = $runWacsBox.Checked
         Verbose             = $verboseBox.Checked
         PerHostCerts        = $perHostBox.Checked
+        DisableCertGeneration = $disableCertsBox.Checked
     }
     Save-Defaults -Defaults $defaults
     & $logAction "Defaults saved to $(Get-DefaultsPath)."
@@ -964,7 +990,9 @@ $runBtn.Add_Click({
             & $logAction "Replication disabled."
         }
 
-        if ($runWacsBox.Checked) {
+        if ($disableCertsBox.Checked) {
+            & $logAction "Cert generation disabled; DNS updates/replication only."
+        } elseif ($runWacsBox.Checked) {
             $wacsPath = $wacsPathBox.Text.Trim()
             if (-not (Test-Path -Path $wacsPath -PathType Leaf)) {
                 throw "WACS not found at: $wacsPath"