Merge pull request #3734 from acmesh-official/dev

sync
Merge pull request #3599 from cirow/dev
2025-11-24 18:01:56 +08:00 · 2021-10-03 22:48:12 +08:00 · 2021-10-03 22:34:21 +08:00 · 2021-10-03 22:33:41 +08:00 · 2021-10-03 22:31:56 +08:00 · 2021-10-03 22:25:44 +08:00
36 changed files with 1912 additions and 395 deletions
--- a/.github/auto-comment.yml
+++ b/.github/auto-comment.yml
@@ -1,40 +0,0 @@
-# Comment to a new issue.
-issuesOpened: >
-  If this is a bug report, please upgrade to the latest code and try again:
-  
-  如果有 bug, 请先更新到最新版试试:
-  
-  ```
-  acme.sh --upgrade
-  ```
-  
-  please also provide the log with `--debug 2`.
-  
-  同时请提供调试输出 `--debug 2`
-  
-  see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
-  
-  Without `--debug 2` log, your issue will NEVER get replied.
-  
-  没有调试输出, 你的 issue 不会得到任何解答.
-
-
-pullRequestOpened: >
-  First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead.
-  
-  If this is a PR to support new DNS API or new notification API, please read this guide first:
-  https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide
-  
-  Please check the guide items one by one.
-  
-  Then add your usage here:
-  https://github.com/acmesh-official/acme.sh/wiki/dnsapi
-   
-  Or some other wiki pages:
-  
-  https://github.com/acmesh-official/acme.sh/wiki/deployhooks
-  
-  https://github.com/acmesh-official/acme.sh/wiki/notify
-  
-
-
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@@ -59,24 +59,24 @@ jobs:
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Set env file
      run: |
-        cd ../acmetest 
+        cd ../acmetest
        if [ "${{ secrets.TokenName1}}" ] ; then
-          echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list
+          echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env
        fi
        if [ "${{ secrets.TokenName2}}" ] ; then
-          echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list
+          echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env
        fi
        if [ "${{ secrets.TokenName3}}" ] ; then
-          echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list
+          echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env
        fi
        if [ "${{ secrets.TokenName4}}" ] ; then
-          echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list
+          echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env
        fi
        if [ "${{ secrets.TokenName5}}" ] ; then
-          echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list
+          echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env
        fi
-        echo "TEST_DNS_NO_WILDCARD" >> env.list 
-        echo "TEST_DNS_SLEEP" >> env.list
+        echo "TEST_DNS_NO_WILDCARD" >> docker.env
+        echo "TEST_DNS_SLEEP" >> docker.env
    - name: Run acmetest
      run: cd ../acmetest && ./rundocker.sh  testall

@@ -226,8 +226,10 @@ jobs:
    - uses: vmactions/solaris-vm@v0.0.3
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
-        prepare: pkgutil -y -i socat curl
+        prepare: pkgutil -y -i socat
        run: |
+          pkg set-mediator -v -I default@1.1 openssl
+          export PATH=/usr/gnu/bin:$PATH
          if [ "${{ secrets.TokenName1}}" ] ; then
            export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
          fi
@@ -245,5 +247,3 @@ jobs:
          fi
          cd ../acmetest
          ./letest.sh
-
-        
--- a/.github/workflows/FreeBSD.yml
+++ b/.github/workflows/FreeBSD.yml
@@ -0,0 +1,60 @@
+name: FreeBSD
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '*.sh'
+      - '.github/workflows/FreeBSD.yml'
+
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '*.sh'
+      - '.github/workflows/FreeBSD.yml'
+
+
+jobs:
+  FreeBSD:
+    strategy:
+      matrix:
+        include:
+         - TEST_ACME_Server: "LetsEncrypt.org_test"
+           CA_ECDSA: ""
+           CA: ""
+           CA_EMAIL: ""
+         - TEST_ACME_Server: "ZeroSSL.com"
+           CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
+           CA: "ZeroSSL RSA Domain Secure Site CA"
+           CA_EMAIL: "githubtest@acme.sh"
+    runs-on: macos-latest
+    env:
+      TEST_LOCAL: 1
+      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
+      CA_ECDSA: ${{ matrix.CA_ECDSA }}
+      CA: ${{ matrix.CA }}
+      CA_EMAIL: ${{ matrix.CA_EMAIL }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: vmactions/cf-tunnel@v0.0.2
+      id: tunnel
+      with:
+        protocol: http
+        port: 8080
+    - name: Set envs
+      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - uses: vmactions/freebsd-vm@v0.1.4
+      with:
+        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL'
+        nat: |
+          "8080": "80"
+        prepare: pkg install -y socat curl
+        usesh: true
+        run: |
+          cd ../acmetest \
+          && ./letest.sh
+
+
--- a/.github/workflows/LetsEncrypt.yml
+++ b/.github/workflows/LetsEncrypt.yml
@@ -1,127 +0,0 @@
-name: LetsEncrypt
-on:
-  push:
-    branches:
-      - '*'
-    paths:
-      - '**.sh'
-      - '**.yml'
-  pull_request:
-    branches:
-      - dev
-    paths:
-      - '**.sh'
-      - '**.yml'
-
-
-jobs:
-  Ubuntu:
-    runs-on: ubuntu-latest
-    env:
-      TEST_LOCAL: 1
-    steps:
-    - uses: actions/checkout@v2
-    - name: Install tools
-      run: sudo apt-get install -y socat
-    - name: Clone acmetest
-      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - name: Run acmetest
-      run: cd ../acmetest && sudo --preserve-env ./letest.sh
-
-  MacOS:
-    runs-on: macos-latest
-    env:
-      TEST_LOCAL: 1
-    steps:
-    - uses: actions/checkout@v2
-    - name: Install tools
-      run:  brew install socat
-    - name: Clone acmetest
-      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - name: Run acmetest
-      run: cd ../acmetest && sudo --preserve-env ./letest.sh
-
-  Windows:
-    runs-on: windows-latest
-    env:
-      TEST_LOCAL: 1
-      #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
-      Le_HTTPPort: 8888
-    steps:
-    - name: Set git to use LF
-      run: |
-          git config --global core.autocrlf false
-    - uses: actions/checkout@v2
-    - name: Install cygwin base packages with chocolatey
-      run: |
-          choco config get cacheLocation
-          choco install --no-progress cygwin
-      shell: cmd
-    - name: Install cygwin additional packages
-      run: |
-          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
-      shell: cmd
-    - name: Set ENV
-      shell: cmd
-      run: |
-          echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
-    - name: Check ENV
-      shell: cmd
-      run: |
-          echo "PATH=%PATH%"
-    - name: Clone acmetest
-      shell: cmd
-      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - name: Run acmetest
-      shell: cmd
-      run: cd ../acmetest && bash.exe -c ./letest.sh
-
-  FreeBSD:
-    runs-on: macos-latest
-    env:
-      TEST_LOCAL: 1
-    steps:
-    - uses: actions/checkout@v2
-    - uses: vmactions/cf-tunnel@v0.0.2
-      id: tunnel
-      with:
-        protocol: http
-        port: 8080
-    - name: Set envs
-      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
-    - name: Clone acmetest
-      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/freebsd-vm@v0.1.4
-      with:
-        envs: 'TEST_LOCAL TestingDomain'
-        nat: |
-          "8080": "80"
-        prepare: pkg install -y socat curl
-        usesh: true
-        run: |
-          cd ../acmetest && ./letest.sh
-
-  Solaris:
-    runs-on: macos-latest
-    env:
-      TEST_LOCAL: 1
-    steps:
-    - uses: actions/checkout@v2
-    - uses: vmactions/cf-tunnel@v0.0.2
-      id: tunnel
-      with:
-        protocol: http
-        port: 8080
-    - name: Set envs
-      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
-    - name: Clone acmetest
-      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/solaris-vm@v0.0.3
-      with:
-        envs: 'TEST_LOCAL TestingDomain'
-        nat: |
-          "8080": "80"
-        prepare: pkgutil -y -i socat curl
-        run: |
-          cd ../acmetest && ./letest.sh
-
--- a/.github/workflows/Linux.yml
+++ b/.github/workflows/Linux.yml
@@ -0,0 +1,40 @@
+name: Linux
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '*.sh'
+      - '.github/workflows/Linux.yml'
+
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '*.sh'
+      - '.github/workflows/Linux.yml'
+
+
+
+jobs:
+  Linux:
+    strategy:
+      matrix:
+        os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64"]
+    runs-on: ubuntu-latest
+    env:
+      TEST_LOCAL: 1
+    steps:
+    - uses: actions/checkout@v2
+    - name: Clone acmetest
+      run: |
+          cd .. \
+          && git clone https://github.com/acmesh-official/acmetest.git \
+          && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      run: |
+          cd ../acmetest \
+          && ./rundocker.sh  testplat ${{ matrix.os }}
+
+
+
--- a/.github/workflows/MacOS.yml
+++ b/.github/workflows/MacOS.yml
@@ -0,0 +1,52 @@
+name: MacOS
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '*.sh'
+      - '.github/workflows/MacOS.yml'
+
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '*.sh'
+      - '.github/workflows/MacOS.yml'
+
+
+jobs:
+  MacOS:
+    strategy:
+      matrix:
+        include:
+         - TEST_ACME_Server: "LetsEncrypt.org_test"
+           CA_ECDSA: ""
+           CA: ""
+           CA_EMAIL: ""
+         - TEST_ACME_Server: "ZeroSSL.com"
+           CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
+           CA: "ZeroSSL RSA Domain Secure Site CA"
+           CA_EMAIL: "githubtest@acme.sh"
+    runs-on: macos-latest
+    env:
+      TEST_LOCAL: 1
+      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
+      CA_ECDSA: ${{ matrix.CA_ECDSA }}
+      CA: ${{ matrix.CA }}
+      CA_EMAIL: ${{ matrix.CA_EMAIL }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install tools
+      run:  brew install socat
+    - name: Clone acmetest
+      run: |
+          cd .. \
+          && git clone https://github.com/acmesh-official/acmetest.git \
+          && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      run: |
+          cd ../acmetest \
+          && sudo --preserve-env ./letest.sh
+
+
--- a/.github/workflows/PebbleStrict.yml
+++ b/.github/workflows/PebbleStrict.yml
@@ -4,14 +4,14 @@ on:
    branches:
      - '*'
    paths:
-      - '**.sh'
-      - '**.yml'
+      - '*.sh'
+      - '.github/workflows/PebbleStrict.yml'
  pull_request:
    branches:
      - dev
    paths:
-      - '**.sh'
-      - '**.yml'
+      - '*.sh'
+      - '.github/workflows/PebbleStrict.yml'

 jobs:
  PebbleStrict:
@@ -19,7 +19,7 @@ jobs:
    env:
      TestingDomain: example.com
      TestingAltDomains: www.example.com
-      ACME_DIRECTORY: https://localhost:14000/dir
+      TEST_ACME_Server: https://localhost:14000/dir
      HTTPS_INSECURE: 1
      Le_HTTPPort: 5002
      TEST_LOCAL: 1
--- a/.github/workflows/Solaris.yml
+++ b/.github/workflows/Solaris.yml
@@ -0,0 +1,58 @@
+name: Solaris
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '*.sh'
+      - '.github/workflows/Solaris.yml'
+
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '*.sh'
+      - '.github/workflows/Solaris.yml'
+
+
+jobs:
+  Solaris:
+    strategy:
+      matrix:
+        include:
+         - TEST_ACME_Server: "LetsEncrypt.org_test"
+           CA_ECDSA: ""
+           CA: ""
+           CA_EMAIL: ""
+         - TEST_ACME_Server: "ZeroSSL.com"
+           CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
+           CA: "ZeroSSL RSA Domain Secure Site CA"
+           CA_EMAIL: "githubtest@acme.sh"
+    runs-on: macos-latest
+    env:
+      TEST_LOCAL: 1
+      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
+      CA_ECDSA: ${{ matrix.CA_ECDSA }}
+      CA: ${{ matrix.CA }}
+      CA_EMAIL: ${{ matrix.CA_EMAIL }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: vmactions/cf-tunnel@v0.0.2
+      id: tunnel
+      with:
+        protocol: http
+        port: 8080
+    - name: Set envs
+      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - uses: vmactions/solaris-vm@v0.0.3
+      with:
+        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL'
+        nat: |
+          "8080": "80"
+        prepare: pkgutil -y -i socat curl
+        run: |
+          cd ../acmetest \
+          && ./letest.sh
+
--- a/.github/workflows/Ubuntu.yml
+++ b/.github/workflows/Ubuntu.yml
@@ -0,0 +1,54 @@
+name: Ubuntu
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '*.sh'
+      - '.github/workflows/Ubuntu.yml'
+
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '*.sh'
+      - '.github/workflows/Ubuntu.yml'
+
+
+jobs:
+  Ubuntu:
+    strategy:
+      matrix:
+        include:
+         - TEST_ACME_Server: "LetsEncrypt.org_test"
+           CA_ECDSA: ""
+           CA: ""
+           CA_EMAIL: ""
+         - TEST_ACME_Server: "ZeroSSL.com"
+           CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
+           CA: "ZeroSSL RSA Domain Secure Site CA"
+           CA_EMAIL: "githubtest@acme.sh"
+
+    runs-on: ubuntu-latest
+    env:
+      TEST_LOCAL: 1
+      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
+      CA_ECDSA: ${{ matrix.CA_ECDSA }}
+      CA: ${{ matrix.CA }}
+      CA_EMAIL: ${{ matrix.CA_EMAIL }}
+      NO_ECC_384: ${{ matrix.NO_ECC_384 }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install tools
+      run: sudo apt-get install -y socat
+    - name: Clone acmetest
+      run: |
+          cd .. \
+          && git clone https://github.com/acmesh-official/acmetest.git \
+          && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      run: |
+          cd ../acmetest \
+          && sudo --preserve-env ./letest.sh
+
+
--- a/.github/workflows/Windows.yml
+++ b/.github/workflows/Windows.yml
@@ -0,0 +1,70 @@
+name: Windows
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '*.sh'
+      - '.github/workflows/Windows.yml'
+
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '*.sh'
+      - '.github/workflows/Windows.yml'
+
+
+jobs:
+  Windows:
+    strategy:
+      matrix:
+        include:
+         - TEST_ACME_Server: "LetsEncrypt.org_test"
+           CA_ECDSA: ""
+           CA: ""
+           CA_EMAIL: ""
+         - TEST_ACME_Server: "ZeroSSL.com"
+           CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
+           CA: "ZeroSSL RSA Domain Secure Site CA"
+           CA_EMAIL: "githubtest@acme.sh"
+    runs-on: windows-latest
+    env:
+      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
+      CA_ECDSA: ${{ matrix.CA_ECDSA }}
+      CA: ${{ matrix.CA }}
+      CA_EMAIL: ${{ matrix.CA_EMAIL }}
+      TEST_LOCAL: 1
+      #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
+      Le_HTTPPort: 8888
+    steps:
+    - name: Set git to use LF
+      run: |
+          git config --global core.autocrlf false
+    - uses: actions/checkout@v2
+    - name: Install cygwin base packages with chocolatey
+      run: |
+          choco config get cacheLocation
+          choco install --no-progress cygwin
+      shell: cmd
+    - name: Install cygwin additional packages
+      run: |
+          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
+      shell: cmd
+    - name: Set ENV
+      shell: cmd
+      run: |
+          echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV%
+    - name: Check ENV
+      shell: cmd
+      run: |
+          echo "PATH=%PATH%"
+    - name: Clone acmetest
+      shell: cmd
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      shell: cmd
+      run: cd ../acmetest && bash.exe -c ./letest.sh
+
+
+
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@@ -6,6 +6,11 @@ on:
      - '*'
    tags:
      - '*'
+    paths:
+      - '**.sh'
+      - "Dockerfile"
+      - '.github/workflows/dockerhub.yml'
+
    
 jobs:
  CheckToken:
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -5,13 +5,13 @@ on:
      - '*'
    paths:
      - '**.sh'
-      - '**.yml'
+      - '.github/workflows/shellcheck.yml'
  pull_request:
    branches:
      - dev
    paths:
      - '**.sh'
-      - '**.yml'
+      - '.github/workflows/shellcheck.yml'

 jobs:
  ShellCheck:
--- a/8
+++ b/8
@@ -1,7 +1,6 @@
 FROM alpine:3.12

-RUN apk update -f \
-  && apk --no-cache add -f \
+RUN apk --no-cache add -f \
  openssl \
  openssh-client \
  coreutils \
@@ -12,8 +11,7 @@ RUN apk update -f \
  tzdata \
  oath-toolkit-oathtool \
  tar \
-  libidn \
-  && rm -rf /var/cache/apk/*
+  libidn

 ENV LE_CONFIG_HOME /acme.sh

@@ -22,7 +20,7 @@ ARG AUTO_UPGRADE=1
 ENV AUTO_UPGRADE $AUTO_UPGRADE

 #Install
-ADD ./ /install_acme.sh/
+COPY ./ /install_acme.sh/
 RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/


--- a/README.md
+++ b/README.md
@@ -1,6 +1,11 @@
 # An ACME Shell script: acme.sh 

-![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
+[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)
+[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)
+[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)
+[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)
+[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)
+
 ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
 ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
 ![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
@@ -15,18 +20,18 @@

 - An ACME protocol client written purely in Shell (Unix shell) language.
 - Full ACME protocol implementation.
- Support ACME v1 and ACME v2
- Support ACME v2 wildcard certs
+- Support ECDSA certs
+- Support SAN and wildcard certs
 - Simple, powerful and very easy to use. You only need 3 minutes to learn it.
 - Bash, dash and sh compatible.
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
+- Purely written in Shell with no dependencies on python.
 - Just one script to issue, renew and install your certificates automatically.
 - DOES NOT require `root/sudoer` access.
- Docker friendly
- IPv6 support
+- Docker ready
+- IPv6 ready
 - Cron job notifications for renewal or error etc.

-It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt.
+It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates.

 Wiki: https://github.com/acmesh-official/acme.sh/wiki

@@ -57,37 +62,39 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)

 | NO | Status| Platform|
 |----|-------|---------|
-|1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX
-|2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included)
-|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD
-|4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris
-|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu
-|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense
-|7|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD
-|8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian
-|9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS
-|10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE
-|11|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Alpine Linux (with curl)
-|12|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Archlinux
-|13|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|fedora
-|14|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Kali Linux
-|15|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Oracle Linux
-|16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
-|17|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
-|18|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Mageia
-|19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
-|20|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux
-|21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux
+|1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX
+|2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included)
+|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)|FreeBSD
+|4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris
+|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu
+|6|NA|pfsense
+|7|NA|OpenBSD
+|8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
+|9|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS
+|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE
+|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl)
+|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux
+|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
+|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
+|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
+|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
+|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
+|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
+|19|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
+|20|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
+|21|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)

-For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest):
+
+Check our [testing project](https://github.com/acmesh-official/acmetest):

 https://github.com/acmesh-official/acmetest

 # Supported CA

- Letsencrypt.org CA(default)
- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)
+- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default)
+- Letsencrypt.org CA
 - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
+- [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA)
 - [Pebble strict Mode](https://github.com/letsencrypt/pebble)
 - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA

@@ -469,7 +476,7 @@ TODO:

 ### Code Contributors

-This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
+This project exists thanks to all the people who contribute.
 <a href="https://github.com/acmesh-official/acme.sh/graphs/contributors"><img src="https://opencollective.com/acmesh/contributors.svg?width=890&button=false" /></a>

 ### Financial Contributors
--- a/acme.sh
+++ b/acme.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env sh

-VER=2.9.0
+VER=3.0.1

 PROJECT_NAME="acme.sh"

@@ -20,6 +20,8 @@ _SUB_FOLDER_DEPLOY="deploy"

 _SUB_FOLDERS="$_SUB_FOLDER_DNSAPI $_SUB_FOLDER_DEPLOY $_SUB_FOLDER_NOTIFY"

+CA_LETSENCRYPT_V1="https://acme-v01.api.letsencrypt.org/directory"
+
 CA_LETSENCRYPT_V2="https://acme-v02.api.letsencrypt.org/directory"
 CA_LETSENCRYPT_V2_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"

@@ -29,18 +31,22 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
 CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
 _ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"

-DEFAULT_CA=$CA_LETSENCRYPT_V2
+CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa"
+CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc"
+
+DEFAULT_CA=$CA_ZEROSSL
 DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST

 CA_NAMES="
+ZeroSSL.com,zerossl
 LetsEncrypt.org,letsencrypt
 LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
 BuyPass.com,buypass
 BuyPass.com_test,buypass_test,buypasstest
-ZeroSSL.com,zerossl
+SSL.com,sslcom
 "

-CA_SERVERS="$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_ZEROSSL"
+CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_SSLCOM_RSA"

 DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"

@@ -155,6 +161,8 @@ _REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert"

 _ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"

+_SSLCOM_WIKI="https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA"
+
 _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"

 _PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
@@ -1210,7 +1218,7 @@ _createcsr() {
  _debug2 csr "$csr"
  _debug2 csrconf "$csrconf"

-  printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf"
+  printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\n" >"$csrconf"

  if [ "$acmeValidationv1" ]; then
    domainlist="$(_idn "$domainlist")"
@@ -1762,7 +1770,7 @@ _inithttp() {
    if [ -z "$ACME_HTTP_NO_REDIRECTS" ]; then
      _ACME_CURL="$_ACME_CURL -L "
    fi
-    if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
+    if [ "$DEBUG" ] && [ "$DEBUG" -ge 2 ]; then
      _CURL_DUMP="$(_mktemp)"
      _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "
    fi
@@ -1802,6 +1810,8 @@ _inithttp() {

 }

+_HTTP_MAX_RETRY=8
+
 # body  url [needbase64] [POST|PUT|DELETE] [ContentType]
 _post() {
  body="$1"
@@ -1809,6 +1819,33 @@ _post() {
  needbase64="$3"
  httpmethod="$4"
  _postContentType="$5"
+  _sleep_retry_sec=1
+  _http_retry_times=0
+  _hcode=0
+  while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
+    [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
+    _lastHCode="$?"
+    _debug "Retrying post"
+    _post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode"
+    _hcode="$?"
+    _debug _hcode "$_hcode"
+    if [ "$_hcode" = "0" ]; then
+      break
+    fi
+    _http_retry_times=$(_math $_http_retry_times + 1)
+    _sleep $_sleep_retry_sec
+  done
+  return $_hcode
+}
+
+# body  url [needbase64] [POST|PUT|DELETE] [ContentType] [displayError]
+_post_impl() {
+  body="$1"
+  _post_url="$2"
+  needbase64="$3"
+  httpmethod="$4"
+  _postContentType="$5"
+  displayError="$6"

  if [ -z "$httpmethod" ]; then
    httpmethod="POST"
@@ -1860,7 +1897,9 @@ _post() {
    fi
    _ret="$?"
    if [ "$_ret" != "0" ]; then
-      _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
+      fi
      if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
        _err "Here is the curl dump log:"
        _err "$(cat "$_CURL_DUMP")"
@@ -1916,7 +1955,9 @@ _post() {
      _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
    fi
    if [ "$_ret" != "0" ]; then
-      _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
+      fi
    fi
    _sed_i "s/^ *//g" "$HTTP_HEADER"
  else
@@ -1930,13 +1971,38 @@ _post() {

 # url getheader timeout
 _get() {
+  url="$1"
+  onlyheader="$2"
+  t="$3"
+  _sleep_retry_sec=1
+  _http_retry_times=0
+  _hcode=0
+  while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
+    [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
+    _lastHCode="$?"
+    _debug "Retrying GET"
+    _get_impl "$url" "$onlyheader" "$t" "$_lastHCode"
+    _hcode="$?"
+    _debug _hcode "$_hcode"
+    if [ "$_hcode" = "0" ]; then
+      break
+    fi
+    _http_retry_times=$(_math $_http_retry_times + 1)
+    _sleep $_sleep_retry_sec
+  done
+  return $_hcode
+}
+
+# url getheader timeout displayError
+_get_impl() {
  _debug GET
  url="$1"
  onlyheader="$2"
  t="$3"
+  displayError="$4"
  _debug url "$url"
  _debug "timeout=$t"
-
+  _debug "displayError" "$displayError"
  _inithttp

  if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
@@ -1955,7 +2021,9 @@ _get() {
    fi
    ret=$?
    if [ "$ret" != "0" ]; then
-      _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
+      fi
      if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
        _err "Here is the curl dump log:"
        _err "$(cat "$_CURL_DUMP")"
@@ -1981,7 +2049,9 @@ _get() {
      _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
    fi
    if [ "$ret" != "0" ]; then
-      _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
+      fi
    fi
  else
    ret=$?
@@ -2529,17 +2599,33 @@ __initHome() {
  fi
 }

+_clearAPI() {
+  ACME_NEW_ACCOUNT=""
+  ACME_KEY_CHANGE=""
+  ACME_NEW_AUTHZ=""
+  ACME_NEW_ORDER=""
+  ACME_REVOKE_CERT=""
+  ACME_NEW_NONCE=""
+  ACME_AGREEMENT=""
+}
+
 #server
 _initAPI() {
  _api_server="${1:-$ACME_DIRECTORY}"
  _debug "_init api for server: $_api_server"

-  if [ -z "$ACME_NEW_ACCOUNT" ]; then
+  MAX_API_RETRY_TIMES=10
+  _sleep_retry_sec=10
+  _request_retry_times=0
+  while [ -z "$ACME_NEW_ACCOUNT" ] && [ "${_request_retry_times}" -lt "$MAX_API_RETRY_TIMES" ]; do
+    _request_retry_times=$(_math "$_request_retry_times" + 1)
    response=$(_get "$_api_server")
    if [ "$?" != "0" ]; then
      _debug2 "response" "$response"
-      _err "Can not init api for: $_api_server."
-      return 1
+      _info "Can not init api for: $_api_server."
+      _info "Sleep $_sleep_retry_sec and retry."
+      _sleep "$_sleep_retry_sec"
+      continue
    fi
    response=$(echo "$response" | _json_decode)
    _debug2 "response" "$response"
@@ -2572,8 +2658,17 @@ _initAPI() {
    _debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT"
    _debug "ACME_AGREEMENT" "$ACME_AGREEMENT"
    _debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE"
-
+    if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
+      return 0
+    fi
+    _info "Sleep $_sleep_retry_sec and retry."
+    _sleep "$_sleep_retry_sec"
+  done
+  if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
+    return 0
  fi
+  _err "Can not init api, for $_api_server"
+  return 1
 }

 #[domain]  [keylength or isEcc flag]
@@ -2617,15 +2712,44 @@ _initpath() {
  _ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
  _debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"

-  CA_DIR="$CA_HOME/$_ACME_SERVER_HOST"
+  _ACME_SERVER_PATH="$(echo "$ACME_DIRECTORY" | cut -d : -f 2- | tr -s / | cut -d / -f 3-)"
+  _debug2 "_ACME_SERVER_PATH" "$_ACME_SERVER_PATH"

+  CA_DIR="$CA_HOME/$_ACME_SERVER_HOST/$_ACME_SERVER_PATH"
  _DEFAULT_CA_CONF="$CA_DIR/ca.conf"
-
  if [ -z "$CA_CONF" ]; then
    CA_CONF="$_DEFAULT_CA_CONF"
  fi
  _debug3 CA_CONF "$CA_CONF"

+  _OLD_CADIR="$CA_HOME/$_ACME_SERVER_HOST"
+  _OLD_ACCOUNT_KEY="$_OLD_CADIR/account.key"
+  _OLD_ACCOUNT_JSON="$_OLD_CADIR/account.json"
+  _OLD_CA_CONF="$_OLD_CADIR/ca.conf"
+
+  _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key"
+  _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json"
+  if [ -z "$ACCOUNT_KEY_PATH" ]; then
+    ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH"
+    if [ -f "$_OLD_ACCOUNT_KEY" ] && ! [ -f "$ACCOUNT_KEY_PATH" ]; then
+      mkdir -p "$CA_DIR"
+      mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
+    fi
+  fi
+
+  if [ -z "$ACCOUNT_JSON_PATH" ]; then
+    ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
+    if [ -f "$_OLD_ACCOUNT_JSON" ] && ! [ -f "$ACCOUNT_JSON_PATH" ]; then
+      mkdir -p "$CA_DIR"
+      mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
+    fi
+  fi
+
+  if [ -f "$_OLD_CA_CONF" ] && ! [ -f "$CA_CONF" ]; then
+    mkdir -p "$CA_DIR"
+    mv "$_OLD_CA_CONF" "$CA_CONF"
+  fi
+
  if [ -f "$CA_CONF" ]; then
    . "$CA_CONF"
  fi
@@ -2646,19 +2770,6 @@ _initpath() {
    HTTP_HEADER="$LE_CONFIG_HOME/http.header"
  fi

-  _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key"
-  _OLD_ACCOUNT_JSON="$LE_WORKING_DIR/account.json"
-
-  _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key"
-  _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json"
-  if [ -z "$ACCOUNT_KEY_PATH" ]; then
-    ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH"
-  fi
-
-  if [ -z "$ACCOUNT_JSON_PATH" ]; then
-    ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
-  fi
-
  _DEFAULT_CERT_HOME="$LE_CONFIG_HOME"
  if [ -z "$CERT_HOME" ]; then
    CERT_HOME="$_DEFAULT_CERT_HOME"
@@ -3056,10 +3167,10 @@ _checkConf() {
      _debug "Try include files"
      for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do
        _debug "check included $included"
-        if !_startswith "$included" "/" && _exists dirname; then
+        if ! _startswith "$included" "/" && _exists dirname; then
          _relpath="$(dirname "$_c_file")"
          _debug "_relpath" "$_relpath"
-          included="$_relpath/included"
+          included="$_relpath/$included"
        fi
        if _checkConf "$1" "$included"; then
          return 0
@@ -3271,6 +3382,8 @@ _on_before_issue() {
  if [ "$_chk_pre_hook" ]; then
    _info "Run pre hook:'$_chk_pre_hook'"
    if ! (
+      export Le_Domain="$_chk_main_domain"
+      export Le_Alt="$_chk_alt_domains"
      cd "$DOMAIN_PATH" && eval "$_chk_pre_hook"
    ); then
      _err "Error when run pre hook."
@@ -3332,7 +3445,7 @@ _on_before_issue() {
      _netprc="$(_ss "$_checkport" | grep "$_checkport")"
      netprc="$(echo "$_netprc" | grep "$_checkaddr")"
      if [ -z "$netprc" ]; then
-        netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS")"
+        netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS:$_checkport")"
      fi
      if [ "$netprc" ]; then
        _err "$netprc"
@@ -3489,15 +3602,6 @@ _regAccount() {
  _initAPI

  mkdir -p "$CA_DIR"
-  if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
-    _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
-    mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
-  fi
-
-  if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
-    _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
-    mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
-  fi

  if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
    if ! _create_account_key "$_reg_length"; then
@@ -3526,8 +3630,10 @@ _regAccount() {
    if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then
      _info "No EAB credentials found for ZeroSSL, let's get one"
      if [ -z "$_email" ]; then
-        _err "Please provide a email address for ZeroSSL account."
-        _err "See ZeroSSL usage: $_ZEROSSL_WIKI"
+        _info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")"
+        _info "$(__green "Please update your account with an email address first.")"
+        _info "$(__green "$PROJECT_ENTRY --register-account -m my@example.com")"
+        _info "See: $(__green "$_ZEROSSL_WIKI")"
        return 1
      fi
      _eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT)
@@ -3536,13 +3642,15 @@ _regAccount() {
        _err "Can not get EAB credentials from ZeroSSL."
        return 1
      fi
-      _debug2 "$_eabresp"
-      _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
+      _secure_debug2 _eabresp "$_eabresp"
+      _eab_id="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
+      _secure_debug2 _eab_id "$_eab_id"
      if [ -z "$_eab_id" ]; then
        _err "Can not resolve _eab_id"
        return 1
      fi
-      _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
+      _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
+      _secure_debug2 _eab_hmac_key "$_eab_hmac_key"
      if [ -z "$_eab_hmac_key" ]; then
        _err "Can not resolve _eab_hmac_key"
        return 1
@@ -3564,7 +3672,7 @@ _regAccount() {
    eab_sign_t="$eab_protected64.$eab_payload64"
    _debug3 eab_sign_t "$eab_sign_t"

-    key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')"
+    key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')"
    _debug3 key_hex "$key_hex"

    eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace)
@@ -3631,16 +3739,6 @@ _regAccount() {
 updateaccount() {
  _initpath

-  if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
-    _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
-    mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
-  fi
-
-  if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
-    _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
-    mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
-  fi
-
  if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
    _err "Account key is not found at: $ACCOUNT_KEY_PATH"
    return 1
@@ -3683,16 +3781,6 @@ updateaccount() {
 deactivateaccount() {
  _initpath

-  if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
-    _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
-    mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
-  fi
-
-  if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
-    _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
-    mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
-  fi
-
  if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
    _err "Account key is not found at: $ACCOUNT_KEY_PATH"
    return 1
@@ -3903,7 +3991,7 @@ _ns_lookup_ali() {
 }

 _ns_is_available_dp() {
-  if _get "https://dns.alidns.com" "" 1 >/dev/null 2>&1; then
+  if _get "https://doh.pub" "" 1 >/dev/null 2>&1; then
    return 0
  else
    return 1
@@ -4123,6 +4211,10 @@ issue() {
  if [ -z "$_ACME_IS_RENEW" ]; then
    _initpath "$_main_domain" "$_key_length"
    mkdir -p "$DOMAIN_PATH"
+  elif ! _hasfield "$_web_roots" "$W_DNS"; then
+    Le_OrderFinalize=""
+    Le_LinkOrder=""
+    Le_LinkCert=""
  fi

  if _hasfield "$_web_roots" "$W_DNS" && [ -z "$FORCE_DNS_MANUAL" ]; then
@@ -4690,26 +4782,13 @@ $_authorizations_map"
        return 1
      fi

-      _debug "sleep 2 secs to verify"
-      sleep 2
-      _debug "checking"
-
-      _send_signed_request "$uri"
-
-      if [ "$?" != "0" ]; then
-        _err "$d:Verify error:$response"
-        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
-        _clearup
-        _on_issue_err "$_post_hook" "$vlist"
-        return 1
-      fi
      _debug2 original "$response"

      response="$(echo "$response" | _normalizeJson)"
      _debug2 response "$response"

      status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"')
-
+      _debug2 status "$status"
      if _contains "$status" "invalid"; then
        error="$(echo "$response" | _egrep_o '"error":\{[^\}]*')"
        _debug2 error "$error"
@@ -4741,9 +4820,9 @@ $_authorizations_map"
      fi

      if [ "$status" = "pending" ]; then
-        _info "Pending"
+        _info "Pending, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
      elif [ "$status" = "processing" ]; then
-        _info "Processing"
+        _info "Processing, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
      else
        _err "$d:Verify error:$response"
        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
@@ -4751,7 +4830,19 @@ $_authorizations_map"
        _on_issue_err "$_post_hook" "$vlist"
        return 1
      fi
+      _debug "sleep 2 secs to verify again"
+      sleep 2
+      _debug "checking"

+      _send_signed_request "$uri"
+
+      if [ "$?" != "0" ]; then
+        _err "$d:Verify error:$response"
+        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+        _clearup
+        _on_issue_err "$_post_hook" "$vlist"
+        return 1
+      fi
    done

  done
@@ -4843,7 +4934,9 @@ $_authorizations_map"

  echo "$response" >"$CERT_PATH"
  _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH"
-
+  if [ -z "$_preferred_chain" ]; then
+    _preferred_chain=$(_readcaconf DEFAULT_PREFERRED_CHAIN)
+  fi
  if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then
    if [ "$DEBUG" ]; then
      _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")"
@@ -4897,10 +4990,10 @@ $_authorizations_map"
    _info "$(__green "Cert success.")"
    cat "$CERT_PATH"

-    _info "Your cert is in $(__green " $CERT_PATH ")"
+    _info "Your cert is in: $(__green "$CERT_PATH")"

    if [ -f "$CERT_KEY_PATH" ]; then
-      _info "Your cert key is in $(__green " $CERT_KEY_PATH ")"
+      _info "Your cert key is in: $(__green "$CERT_KEY_PATH")"
    fi

    if [ ! "$USER_PATH" ] || [ ! "$_ACME_IN_CRON" ]; then
@@ -4909,8 +5002,8 @@ $_authorizations_map"
    fi
  fi

-  [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")"
-  [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")"
+  [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")"
+  [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")"

  Le_CertCreateTime=$(_time)
  _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime"
@@ -5021,8 +5114,16 @@ renew() {

  . "$DOMAIN_CONF"
  _debug Le_API "$Le_API"
+  if [ -z "$Le_API" ] || [ "$CA_LETSENCRYPT_V1" = "$Le_API" ]; then
+    #if this is from an old version, Le_API is empty,
+    #so, we force to use letsencrypt server
+    Le_API="$CA_LETSENCRYPT_V2"
+  fi

  if [ "$Le_API" ]; then
+    if [ "$Le_API" != "$ACME_DIRECTORY" ]; then
+      _clearAPI
+    fi
    export ACME_DIRECTORY="$Le_API"
    #reload ca configs
    ACCOUNT_KEY_PATH=""
@@ -5030,6 +5131,7 @@ renew() {
    CA_CONF=""
    _debug3 "initpath again."
    _initpath "$Le_Domain" "$_isEcc"
+    _initAPI
  fi

  if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then
@@ -5445,7 +5547,7 @@ _installcert() {
  mkdir -p "$_backup_path"

  if [ "$_real_cert" ]; then
-    _info "Installing cert to:$_real_cert"
+    _info "Installing cert to: $_real_cert"
    if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
      cp "$_real_cert" "$_backup_path/cert.bak"
    fi
@@ -5453,7 +5555,7 @@ _installcert() {
  fi

  if [ "$_real_ca" ]; then
-    _info "Installing CA to:$_real_ca"
+    _info "Installing CA to: $_real_ca"
    if [ "$_real_ca" = "$_real_cert" ]; then
      echo "" >>"$_real_ca"
      cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
@@ -5466,7 +5568,7 @@ _installcert() {
  fi

  if [ "$_real_key" ]; then
-    _info "Installing key to:$_real_key"
+    _info "Installing key to: $_real_key"
    if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
      cp "$_real_key" "$_backup_path/key.bak"
    fi
@@ -5479,7 +5581,7 @@ _installcert() {
  fi

  if [ "$_real_fullchain" ]; then
-    _info "Installing full chain to:$_real_fullchain"
+    _info "Installing full chain to: $_real_fullchain"
    if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
      cp "$_real_fullchain" "$_backup_path/fullchain.bak"
    fi
@@ -5647,7 +5749,7 @@ uninstallcronjob() {
  _info "Removing cron job"
  cr="$($_CRONTAB -l | grep "$PROJECT_ENTRY --cron")"
  if [ "$cr" ]; then
-    if _exists uname && uname -a | grep solaris >/dev/null; then
+    if _exists uname && uname -a | grep SunOS >/dev/null; then
      $_CRONTAB -l | sed "/$PROJECT_ENTRY --cron/d" | $_CRONTAB --
    else
      $_CRONTAB -l | sed "/$PROJECT_ENTRY --cron/d" | $_CRONTAB -
@@ -5687,6 +5789,23 @@ revoke() {
    return 1
  fi

+  . "$DOMAIN_CONF"
+  _debug Le_API "$Le_API"
+
+  if [ "$Le_API" ]; then
+    if [ "$Le_API" != "$ACME_DIRECTORY" ]; then
+      _clearAPI
+    fi
+    export ACME_DIRECTORY="$Le_API"
+    #reload ca configs
+    ACCOUNT_KEY_PATH=""
+    ACCOUNT_JSON_PATH=""
+    CA_CONF=""
+    _debug3 "initpath again."
+    _initpath "$Le_Domain" "$_isEcc"
+    _initAPI
+  fi
+
  cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)"

  if [ -z "$cert" ]; then
@@ -5766,7 +5885,24 @@ remove() {
 _deactivate() {
  _d_domain="$1"
  _d_type="$2"
-  _initpath
+  _initpath "$_d_domain" "$_d_type"
+
+  . "$DOMAIN_CONF"
+  _debug Le_API "$Le_API"
+
+  if [ "$Le_API" ]; then
+    if [ "$Le_API" != "$ACME_DIRECTORY" ]; then
+      _clearAPI
+    fi
+    export ACME_DIRECTORY="$Le_API"
+    #reload ca configs
+    ACCOUNT_KEY_PATH=""
+    ACCOUNT_JSON_PATH=""
+    CA_CONF=""
+    _debug3 "initpath again."
+    _initpath "$Le_Domain" "$_d_type"
+    _initAPI
+  fi

  _identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}"
  if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
@@ -5797,7 +5933,7 @@ _deactivate() {
  _debug2 response "$response"
  _URL_NAME="url"

-  entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")"
+  entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n\n' | grep "\"status\": *\"valid\"")"
  if [ -z "$entries" ]; then
    _info "No valid entries found."
    if [ -z "$thumbprint" ]; then
@@ -6413,6 +6549,8 @@ Commands:
  --deactivate             Deactivate the domain authz, professional use.
  --set-default-ca         Used with '--server', Set the default CA to use.
                           See: $_SERVER_WIKI
+  --set-default-chain      Set the default preferred chain for a CA.
+                           See: $_PREFERRED_CHAIN_WIKI


 Parameters:
@@ -6561,7 +6699,7 @@ _getRepoHash() {
  _hash_path=$1
  shift
  _hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path"
-  _get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4
+  _get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4
 }

 _getUpgradeHash() {
@@ -6634,9 +6772,10 @@ _checkSudo() {
  return 0
 }

-#server
+#server  #keylength
 _selectServer() {
  _server="$1"
+  _skeylength="$2"
  _server_lower="$(echo "$_server" | _lower_case)"
  _sindex=0
  for snames in $CA_NAMES; do
@@ -6647,6 +6786,9 @@ _selectServer() {
      if [ "$_server_lower" = "$sname" ]; then
        _debug2 "_selectServer match $sname"
        _serverdir="$(_getfield "$CA_SERVERS" $_sindex)"
+        if [ "$_serverdir" = "$CA_SSLCOM_RSA" ] && _isEccKey "$_skeylength"; then
+          _serverdir="$CA_SSLCOM_ECC"
+        fi
        _debug "Selected server: $_serverdir"
        ACME_DIRECTORY="$_serverdir"
        export ACME_DIRECTORY
@@ -6664,6 +6806,9 @@ _getCAShortName() {
  if [ -z "$caurl" ]; then
    caurl="$DEFAULT_CA"
  fi
+  if [ "$CA_SSLCOM_ECC" = "$caurl" ]; then
+    caurl="$CA_SSLCOM_RSA" #just hack to get the short name
+  fi
  caurl_lower="$(echo $caurl | _lower_case)"
  _sindex=0
  for surl in $(echo "$CA_SERVERS" | _lower_case | tr , ' '); do
@@ -6692,6 +6837,18 @@ setdefaultca() {
  _info "Changed default CA to: $(__green "$ACME_DIRECTORY")"
 }

+#preferred-chain
+setdefaultchain() {
+  _initpath
+  _preferred_chain="$1"
+  if [ -z "$_preferred_chain" ]; then
+    _err "Please give a '--preferred-chain value' value."
+    return 1
+  fi
+  mkdir -p "$CA_DIR"
+  _savecaconf "DEFAULT_PREFERRED_CHAIN" "$_preferred_chain"
+}
+
 _process() {
  _CMD=""
  _domain=""
@@ -6843,6 +7000,9 @@ _process() {
    --set-default-ca)
      _CMD="setdefaultca"
      ;;
+    --set-default-chain)
+      _CMD="setdefaultchain"
+      ;;
    -d | --domain)
      _dvalue="$2"

@@ -6878,7 +7038,6 @@ _process() {
      ;;
    --server)
      _server="$2"
-      _selectServer "$_server"
      shift
      ;;
    --debug)
@@ -6977,7 +7136,6 @@ _process() {
      Le_DNSSleep="$_dnssleep"
      shift
      ;;
-
    --keylength | -k)
      _keylength="$2"
      shift
@@ -6986,7 +7144,6 @@ _process() {
      _accountkeylength="$2"
      shift
      ;;
-
    --cert-file | --certpath)
      _cert_file="$2"
      shift
@@ -7250,6 +7407,10 @@ _process() {
    shift 1
  done

+  if [ "$_server" ]; then
+    _selectServer "$_server" "${_ecc:-$_keylength}"
+  fi
+
  if [ "${_CMD}" != "install" ]; then
    if [ "$__INTERACTIVE" ] && ! _checkSudo; then
      if [ -z "$FORCE" ]; then
@@ -7372,6 +7533,9 @@ _process() {
  setdefaultca)
    setdefaultca
    ;;
+  setdefaultchain)
+    setdefaultchain "$_preferred_chain"
+    ;;
  *)
    if [ "$_CMD" ]; then
      _err "Invalid command: $_CMD"
--- a/deploy/consul.sh
+++ b/deploy/consul.sh
@@ -0,0 +1,98 @@
+#!/usr/bin/env sh
+
+# Here is a script to deploy cert to hashicorp consul using curl
+# (https://www.consul.io/)
+#
+# it requires following environment variables:
+#
+# CONSUL_PREFIX - this contains the prefix path in consul
+# CONSUL_HTTP_ADDR - consul requires this to find your consul server
+#
+# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available
+# to access the consul server
+
+#returns 0 means success, otherwise error.
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+consul_deploy() {
+
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  # validate required env vars
+  _getdeployconf CONSUL_PREFIX
+  if [ -z "$CONSUL_PREFIX" ]; then
+    _err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)"
+    return 1
+  fi
+  _savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX"
+
+  _getdeployconf CONSUL_HTTP_ADDR
+  if [ -z "$CONSUL_HTTP_ADDR" ]; then
+    _err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)"
+    return 1
+  fi
+  _savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR"
+
+  CONSUL_CMD=$(command -v consul)
+
+  # force CLI, but the binary does not exist => error
+  if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then
+    _err "Cannot find the consul binary!"
+    return 1
+  fi
+
+  # use the CLI first
+  if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then
+    _info "Found consul binary, deploying with CLI"
+    consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX"
+  else
+    _info "Did not find consul binary, deploying with API"
+    consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN"
+  fi
+}
+
+consul_deploy_api() {
+  CONSUL_HTTP_ADDR="$1"
+  CONSUL_PREFIX="$2"
+  CONSUL_HTTP_TOKEN="$3"
+
+  URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX"
+  export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN"
+
+  if [ -n "$FABIO" ]; then
+    _post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1
+    _post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1
+  else
+    _post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1
+    _post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1
+    _post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1
+    _post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1
+  fi
+}
+
+consul_deploy_cli() {
+  CONSUL_CMD="$1"
+  CONSUL_PREFIX="$2"
+
+  if [ -n "$FABIO" ]; then
+    $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1
+    $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1
+  else
+    $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
+    $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
+    $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
+    $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
+  fi
+}
--- a/deploy/haproxy.sh
+++ b/deploy/haproxy.sh
@@ -54,11 +54,6 @@ haproxy_deploy() {
  DEPLOY_HAPROXY_ISSUER_DEFAULT="no"
  DEPLOY_HAPROXY_RELOAD_DEFAULT="true"

-  if [ -f "${DOMAIN_CONF}" ]; then
-    # shellcheck disable=SC1090
-    . "${DOMAIN_CONF}"
-  fi
-
  _debug _cdomain "${_cdomain}"
  _debug _ckey "${_ckey}"
  _debug _ccert "${_ccert}"
@@ -66,6 +61,8 @@ haproxy_deploy() {
  _debug _cfullchain "${_cfullchain}"

  # PEM_PATH is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}"
+  _getdeployconf DEPLOY_HAPROXY_PEM_PATH
+  _debug2 DEPLOY_HAPROXY_PEM_PATH "${DEPLOY_HAPROXY_PEM_PATH}"
  if [ -n "${DEPLOY_HAPROXY_PEM_PATH}" ]; then
    Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
    _savedomainconf Le_Deploy_haproxy_pem_path "${Le_Deploy_haproxy_pem_path}"
@@ -82,6 +79,8 @@ haproxy_deploy() {
  fi

  # PEM_NAME is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
+  _getdeployconf DEPLOY_HAPROXY_PEM_NAME
+  _debug2 DEPLOY_HAPROXY_PEM_NAME "${DEPLOY_HAPROXY_PEM_NAME}"
  if [ -n "${DEPLOY_HAPROXY_PEM_NAME}" ]; then
    Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME}"
    _savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}"
@@ -90,6 +89,8 @@ haproxy_deploy() {
  fi

  # BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
+  _getdeployconf DEPLOY_HAPROXY_BUNDLE
+  _debug2 DEPLOY_HAPROXY_BUNDLE "${DEPLOY_HAPROXY_BUNDLE}"
  if [ -n "${DEPLOY_HAPROXY_BUNDLE}" ]; then
    Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE}"
    _savedomainconf Le_Deploy_haproxy_bundle "${Le_Deploy_haproxy_bundle}"
@@ -98,6 +99,8 @@ haproxy_deploy() {
  fi

  # ISSUER is optional. If not provided then assume "${DEPLOY_HAPROXY_ISSUER_DEFAULT}"
+  _getdeployconf DEPLOY_HAPROXY_ISSUER
+  _debug2 DEPLOY_HAPROXY_ISSUER "${DEPLOY_HAPROXY_ISSUER}"
  if [ -n "${DEPLOY_HAPROXY_ISSUER}" ]; then
    Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER}"
    _savedomainconf Le_Deploy_haproxy_issuer "${Le_Deploy_haproxy_issuer}"
@@ -106,6 +109,8 @@ haproxy_deploy() {
  fi

  # RELOAD is optional. If not provided then assume "${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
+  _getdeployconf DEPLOY_HAPROXY_RELOAD
+  _debug2 DEPLOY_HAPROXY_RELOAD "${DEPLOY_HAPROXY_RELOAD}"
  if [ -n "${DEPLOY_HAPROXY_RELOAD}" ]; then
    Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD}"
    _savedomainconf Le_Deploy_haproxy_reload "${Le_Deploy_haproxy_reload}"
@@ -190,7 +195,7 @@ haproxy_deploy() {
    _info "Updating OCSP stapling info"
    _debug _ocsp "${_ocsp}"
    _info "Extracting OCSP URL"
-    _ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}")
+    _ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}")
    _debug _ocsp_url "${_ocsp_url}"

    # Only process OCSP if URL was present
@@ -203,9 +208,9 @@ haproxy_deploy() {
      # Only process the certificate if we have a .issuer file
      if [ -r "${_issuer}" ]; then
        # Check if issuer cert is also a root CA cert
-        _subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
+        _subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
        _debug _subjectdn "${_subjectdn}"
-        _issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
+        _issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
        _debug _issuerdn "${_issuerdn}"
        _info "Requesting OCSP response"
        # If the issuer is a CA cert then our command line has "-CAfile" added
@@ -216,7 +221,7 @@ haproxy_deploy() {
        fi
        _debug _cafile_argument "${_cafile_argument}"
        # if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
-        _openssl_version=$(openssl version | cut -d' ' -f2)
+        _openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2)
        _debug _openssl_version "${_openssl_version}"
        _openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
        _openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
@@ -226,7 +231,7 @@ haproxy_deploy() {
          _header_sep=" "
        fi
        # Request the OCSP response from the issuer and store it
-        _openssl_ocsp_cmd="openssl ocsp \
+        _openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \
          -issuer \"${_issuer}\" \
          -cert \"${_pem}\" \
          -url \"${_ocsp_url}\" \
--- a/deploy/kong.sh
+++ b/deploy/kong.sh
@@ -45,7 +45,7 @@ kong_deploy() {
  #Generate data for request (Multipart/form-data with mixed content)
  if [ -z "$ssl_uuid" ]; then
    #set sni to domain
-    content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain"
+    content="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain"
  fi
  #add key
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
--- a/deploy/lighttpd.sh
+++ b/deploy/lighttpd.sh
@@ -0,0 +1,280 @@
+#!/usr/bin/env sh
+
+# Script for acme.sh to deploy certificates to lighttpd
+#
+# The following variables can be exported:
+#
+# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem"
+#
+# Defines the name of the PEM file.
+# Defaults to "<domain>.pem"
+#
+# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd"
+#
+# Defines location of PEM file for Lighttpd.
+# Defaults to /etc/lighttpd
+#
+# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd"
+#
+# OPTIONAL: Reload command used post deploy
+# This defaults to be a no-op (ie "true").
+# It is strongly recommended to set this something that makes sense
+# for your distro.
+#
+# export DEPLOY_LIGHTTPD_ISSUER="yes"
+#
+# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer"
+# Note: Required for OCSP stapling to work
+#
+# export DEPLOY_LIGHTTPD_BUNDLE="no"
+#
+# OPTIONAL: Deploy this certificate as part of a multi-cert bundle
+# This adds a suffix to the certificate based on the certificate type
+# eg RSA certificates will have .rsa as a suffix to the file name
+# Lighttpd will load all certificates and provide one or the other
+# depending on client capabilities
+# Note: This functionality requires Lighttpd was compiled against
+# a version of OpenSSL that supports this.
+#
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+lighttpd_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  # Some defaults
+  DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd"
+  DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem"
+  DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no"
+  DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes"
+  DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true"
+
+  _debug _cdomain "${_cdomain}"
+  _debug _ckey "${_ckey}"
+  _debug _ccert "${_ccert}"
+  _debug _cca "${_cca}"
+  _debug _cfullchain "${_cfullchain}"
+
+  # PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}"
+  _getdeployconf DEPLOY_LIGHTTPD_PEM_PATH
+  _debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}"
+  if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then
+    Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}"
+    _savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}"
+  elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then
+    Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}"
+  fi
+
+  # Ensure PEM_PATH exists
+  if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then
+    _debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists"
+  else
+    _err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist"
+    return 1
+  fi
+
+  # PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}"
+  _getdeployconf DEPLOY_LIGHTTPD_PEM_NAME
+  _debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}"
+  if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then
+    Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}"
+    _savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}"
+  elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then
+    Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}"
+  fi
+
+  # BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}"
+  _getdeployconf DEPLOY_LIGHTTPD_BUNDLE
+  _debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}"
+  if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then
+    Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}"
+    _savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}"
+  elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then
+    Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}"
+  fi
+
+  # ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}"
+  _getdeployconf DEPLOY_LIGHTTPD_ISSUER
+  _debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}"
+  if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then
+    Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}"
+    _savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}"
+  elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then
+    Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}"
+  fi
+
+  # RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}"
+  _getdeployconf DEPLOY_LIGHTTPD_RELOAD
+  _debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}"
+  if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then
+    Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}"
+    _savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}"
+  elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then
+    Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}"
+  fi
+
+  # Set the suffix depending if we are creating a bundle or not
+  if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then
+    _info "Bundle creation requested"
+    # Initialise $Le_Keylength if its not already set
+    if [ -z "${Le_Keylength}" ]; then
+      Le_Keylength=""
+    fi
+    if _isEccKey "${Le_Keylength}"; then
+      _info "ECC key type detected"
+      _suffix=".ecdsa"
+    else
+      _info "RSA key type detected"
+      _suffix=".rsa"
+    fi
+  else
+    _suffix=""
+  fi
+  _debug _suffix "${_suffix}"
+
+  # Set variables for later
+  _pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}"
+  _issuer="${_pem}.issuer"
+  _ocsp="${_pem}.ocsp"
+  _reload="${Le_Deploy_lighttpd_reload}"
+
+  _info "Deploying PEM file"
+  # Create a temporary PEM file
+  _temppem="$(_mktemp)"
+  _debug _temppem "${_temppem}"
+  cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}"
+  _ret="$?"
+
+  # Check that we could create the temporary file
+  if [ "${_ret}" != "0" ]; then
+    _err "Error code ${_ret} returned during PEM file creation"
+    [ -f "${_temppem}" ] && rm -f "${_temppem}"
+    return ${_ret}
+  fi
+
+  # Move PEM file into place
+  _info "Moving new certificate into place"
+  _debug _pem "${_pem}"
+  cat "${_temppem}" >"${_pem}"
+  _ret=$?
+
+  # Clean up temp file
+  [ -f "${_temppem}" ] && rm -f "${_temppem}"
+
+  # Deal with any failure of moving PEM file into place
+  if [ "${_ret}" != "0" ]; then
+    _err "Error code ${_ret} returned while moving new certificate into place"
+    return ${_ret}
+  fi
+
+  # Update .issuer file if requested
+  if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then
+    _info "Updating .issuer file"
+    _debug _issuer "${_issuer}"
+    cat "${_cca}" >"${_issuer}"
+    _ret="$?"
+
+    if [ "${_ret}" != "0" ]; then
+      _err "Error code ${_ret} returned while copying issuer/CA certificate into place"
+      return ${_ret}
+    fi
+  else
+    [ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists"
+  fi
+
+  # Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option
+  if [ -z "${Le_OCSP_Staple}" ]; then
+    Le_OCSP_Staple="0"
+  fi
+  if [ "${Le_OCSP_Staple}" = "1" ]; then
+    _info "Updating OCSP stapling info"
+    _debug _ocsp "${_ocsp}"
+    _info "Extracting OCSP URL"
+    _ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}")
+    _debug _ocsp_url "${_ocsp_url}"
+
+    # Only process OCSP if URL was present
+    if [ "${_ocsp_url}" != "" ]; then
+      # Extract the hostname from the OCSP URL
+      _info "Extracting OCSP URL"
+      _ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3)
+      _debug _ocsp_host "${_ocsp_host}"
+
+      # Only process the certificate if we have a .issuer file
+      if [ -r "${_issuer}" ]; then
+        # Check if issuer cert is also a root CA cert
+        _subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
+        _debug _subjectdn "${_subjectdn}"
+        _issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
+        _debug _issuerdn "${_issuerdn}"
+        _info "Requesting OCSP response"
+        # If the issuer is a CA cert then our command line has "-CAfile" added
+        if [ "${_subjectdn}" = "${_issuerdn}" ]; then
+          _cafile_argument="-CAfile \"${_issuer}\""
+        else
+          _cafile_argument=""
+        fi
+        _debug _cafile_argument "${_cafile_argument}"
+        # if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
+        _openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2)
+        _debug _openssl_version "${_openssl_version}"
+        _openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
+        _openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
+        if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then
+          _header_sep="="
+        else
+          _header_sep=" "
+        fi
+        # Request the OCSP response from the issuer and store it
+        _openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \
+          -issuer \"${_issuer}\" \
+          -cert \"${_pem}\" \
+          -url \"${_ocsp_url}\" \
+          -header Host${_header_sep}\"${_ocsp_host}\" \
+          -respout \"${_ocsp}\" \
+          -verify_other \"${_issuer}\" \
+          ${_cafile_argument} \
+          | grep -q \"${_pem}: good\""
+        _debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}"
+        eval "${_openssl_ocsp_cmd}"
+        _ret=$?
+      else
+        # Non fatal: No issuer file was present so no OCSP stapling file created
+        _err "OCSP stapling in use but no .issuer file was present"
+      fi
+    else
+      # Non fatal: No OCSP url was found int the certificate
+      _err "OCSP update requested but no OCSP URL was found in certificate"
+    fi
+
+    # Non fatal: Check return code of openssl command
+    if [ "${_ret}" != "0" ]; then
+      _err "Updating OCSP stapling failed with return code ${_ret}"
+    fi
+  else
+    # An OCSP file was already present but certificate did not have OCSP extension
+    if [ -f "${_ocsp}" ]; then
+      _err "OCSP was not requested but .ocsp file exists."
+      # Could remove the file at this step, although Lighttpd just ignores it in this case
+      # rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file"
+    fi
+  fi
+
+  # Reload Lighttpd
+  _debug _reload "${_reload}"
+  eval "${_reload}"
+  _ret=$?
+  if [ "${_ret}" != "0" ]; then
+    _err "Error code ${_ret} during reload"
+    return ${_ret}
+  else
+    _info "Reload successful"
+  fi
+
+  return 0
+}
--- a/deploy/ssh.sh
+++ b/deploy/ssh.sh
@@ -35,11 +35,6 @@ ssh_deploy() {
  _cfullchain="$5"
  _deploy_ssh_servers=""

-  if [ -f "$DOMAIN_CONF" ]; then
-    # shellcheck disable=SC1090
-    . "$DOMAIN_CONF"
-  fi
-
  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
@@ -47,6 +42,8 @@ ssh_deploy() {
  _debug _cfullchain "$_cfullchain"

  # USER is required to login by SSH to remote host.
+  _getdeployconf DEPLOY_SSH_USER
+  _debug2 DEPLOY_SSH_USER "$DEPLOY_SSH_USER"
  if [ -z "$DEPLOY_SSH_USER" ]; then
    if [ -z "$Le_Deploy_ssh_user" ]; then
      _err "DEPLOY_SSH_USER not defined."
@@ -58,6 +55,8 @@ ssh_deploy() {
  fi

  # SERVER is optional. If not provided then use _cdomain
+  _getdeployconf DEPLOY_SSH_SERVER
+  _debug2 DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER"
  if [ -n "$DEPLOY_SSH_SERVER" ]; then
    Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER"
    _savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server"
@@ -66,6 +65,8 @@ ssh_deploy() {
  fi

  # CMD is optional. If not provided then use ssh
+  _getdeployconf DEPLOY_SSH_CMD
+  _debug2 DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD"
  if [ -n "$DEPLOY_SSH_CMD" ]; then
    Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD"
    _savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd"
@@ -74,6 +75,8 @@ ssh_deploy() {
  fi

  # BACKUP is optional. If not provided then default to previously saved value or yes.
+  _getdeployconf DEPLOY_SSH_BACKUP
+  _debug2 DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP"
  if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then
    Le_Deploy_ssh_backup="no"
  elif [ -z "$Le_Deploy_ssh_backup" ] || [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
@@ -82,6 +85,8 @@ ssh_deploy() {
  _savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup"

  # BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy
+  _getdeployconf DEPLOY_SSH_BACKUP_PATH
+  _debug2 DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH"
  if [ -n "$DEPLOY_SSH_BACKUP_PATH" ]; then
    Le_Deploy_ssh_backup_path="$DEPLOY_SSH_BACKUP_PATH"
  elif [ -z "$Le_Deploy_ssh_backup_path" ]; then
@@ -91,6 +96,8 @@ ssh_deploy() {

  # MULTI_CALL is optional. If not provided then default to previously saved
  # value (which may be undefined... equivalent to "no").
+  _getdeployconf DEPLOY_SSH_MULTI_CALL
+  _debug2 DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL"
  if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
    Le_Deploy_ssh_multi_call="yes"
    _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call"
@@ -141,6 +148,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d

  # KEYFILE is optional.
  # If provided then private key will be copied to provided filename.
+  _getdeployconf DEPLOY_SSH_KEYFILE
+  _debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE"
  if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
    Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE"
    _savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile"
@@ -163,6 +172,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d

  # CERTFILE is optional.
  # If provided then certificate will be copied or appended to provided filename.
+  _getdeployconf DEPLOY_SSH_CERTFILE
+  _debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE"
  if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
    Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE"
    _savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile"
@@ -189,6 +200,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d

  # CAFILE is optional.
  # If provided then CA intermediate certificate will be copied or appended to provided filename.
+  _getdeployconf DEPLOY_SSH_CAFILE
+  _debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE"
  if [ -n "$DEPLOY_SSH_CAFILE" ]; then
    Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE"
    _savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile"
@@ -216,6 +229,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d

  # FULLCHAIN is optional.
  # If provided then fullchain certificate will be copied or appended to provided filename.
+  _getdeployconf DEPLOY_SSH_FULLCHAIN
+  _debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN"
  if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
    Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN"
    _savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain"
@@ -244,6 +259,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d

  # REMOTE_CMD is optional.
  # If provided then this command will be executed on remote host.
+  _getdeployconf DEPLOY_SSH_REMOTE_CMD
+  _debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD"
  if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
    Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD"
    _savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd"
--- a/dnsapi/dns_1984hosting.sh
+++ b/dnsapi/dns_1984hosting.sh
@@ -46,7 +46,7 @@ dns_1984hosting_add() {

  postdata="entry=new"
  postdata="$postdata&type=TXT"
-  postdata="$postdata&ttl=3600"
+  postdata="$postdata&ttl=900"
  postdata="$postdata&zone=$_domain"
  postdata="$postdata&host=$_sub_domain"
  postdata="$postdata&rdata=%22$value%22"
@@ -59,7 +59,7 @@ dns_1984hosting_add() {
  if _contains "$response" '"haserrors": true'; then
    _err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
    return 1
-  elif _contains "$response" "<html>"; then
+  elif _contains "$response" "html>"; then
    _err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
    return 1
  elif _contains "$response" '"auth": false'; then
@@ -93,20 +93,15 @@ dns_1984hosting_rm() {
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
-
  _debug "Delete $fulldomain TXT record"
-  url="https://management.1984hosting.com/domains"

-  _htmlget "$url" "$_domain"
-  _debug2 _response "$_response"
-  zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')"
-  _debug2 zone_id "$zone_id"
-  if [ -z "$zone_id" ]; then
-    _err "Error getting zone_id for $1"
+  url="https://management.1984hosting.com/domains"
+  if ! _get_zone_id "$url" "$_domain"; then
+    _err "invalid zone" "$_domain"
    return 1
  fi

-  _htmlget "$url/$zone_id" "$_sub_domain"
+  _htmlget "$url/$_zone_id" "$txtvalue"
  _debug2 _response "$_response"
  entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')"
  _debug2 entry_id "$entry_id"
@@ -135,7 +130,7 @@ dns_1984hosting_rm() {
 _1984hosting_login() {
  if ! _check_credentials; then return 1; fi

-  if _check_cookie; then
+  if _check_cookies; then
    _debug "Already logged in"
    return 0
  fi
@@ -150,9 +145,12 @@ _1984hosting_login() {
  _debug2 response "$response"

  if _contains "$response" '"loggedin": true'; then
-    One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _tail_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
-    export One984HOSTING_COOKIE
-    _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE"
+    One984HOSTING_SESSIONID_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
+    One984HOSTING_CSRFTOKEN_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
+    export One984HOSTING_SESSIONID_COOKIE
+    export One984HOSTING_CSRFTOKEN_COOKIE
+    _saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE"
+    _saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE "$One984HOSTING_CSRFTOKEN_COOKIE"
    return 0
  fi
  return 1
@@ -169,21 +167,24 @@ _check_credentials() {
  return 0
 }

-_check_cookie() {
-  One984HOSTING_COOKIE="${One984HOSTING_COOKIE:-$(_readaccountconf_mutable One984HOSTING_COOKIE)}"
-  if [ -z "$One984HOSTING_COOKIE" ]; then
-    _debug "No cached cookie found"
+_check_cookies() {
+  One984HOSTING_SESSIONID_COOKIE="${One984HOSTING_SESSIONID_COOKIE:-$(_readaccountconf_mutable One984HOSTING_SESSIONID_COOKIE)}"
+  One984HOSTING_CSRFTOKEN_COOKIE="${One984HOSTING_CSRFTOKEN_COOKIE:-$(_readaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE)}"
+  if [ -z "$One984HOSTING_SESSIONID_COOKIE" ] || [ -z "$One984HOSTING_CSRFTOKEN_COOKIE" ]; then
+    _debug "No cached cookie(s) found"
    return 1
  fi

  _authget "https://management.1984hosting.com/accounts/loginstatus/"
  if _contains "$response" '"ok": true'; then
-    _debug "Cached cookie still valid"
+    _debug "Cached cookies still valid"
    return 0
  fi
-  _debug "Cached cookie no longer valid"
-  One984HOSTING_COOKIE=""
-  _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE"
+  _debug "Cached cookies no longer valid"
+  One984HOSTING_SESSIONID_COOKIE=""
+  One984HOSTING_CSRFTOKEN_COOKIE=""
+  _saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE"
+  _saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE "$One984HOSTING_CSRFTOKEN_COOKIE"
  return 1
 }

@@ -204,7 +205,7 @@ _get_root() {
    fi

    _authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
-    if _contains "$_response" "serial" && ! _contains "$_response" 'null}'; then
+    if _contains "$_response" "serial" && ! _contains "$_response" "null"; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      return 0
@@ -215,9 +216,25 @@ _get_root() {
  return 1
 }

+#usage: _get_zone_id url domain.com
+#returns zone id for domain.com
+_get_zone_id() {
+  url=$1
+  domain=$2
+  _htmlget "$url" "$domain"
+  _debug2 _response "$_response"
+  _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+' | _head_n 1)"
+  _debug2 _zone_id "$_zone_id"
+  if [ -z "$_zone_id" ]; then
+    _err "Error getting _zone_id for $2"
+    return 1
+  fi
+  return 0
+}
+
 # add extra headers to request
 _authget() {
-  export _H1="Cookie: $One984HOSTING_COOKIE"
+  export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE"
  _response=$(_get "$1" | _normalizeJson)
  _debug2 _response "$_response"
 }
@@ -225,12 +242,20 @@ _authget() {
 # truncate huge HTML response
 # echo: Argument list too long
 _htmlget() {
-  export _H1="Cookie: $One984HOSTING_COOKIE"
-  _response=$(_get "$1" | grep "$2" | _head_n 1)
+  export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE"
+  _response=$(_get "$1" | grep "$2")
+  if _contains "$_response" "@$2"; then
+    _response=$(echo "$_response" | grep -v "[@]" | _head_n 1)
+  fi
 }

 # add extra headers to request
 _authpost() {
-  export _H1="Cookie: $One984HOSTING_COOKIE"
+  url="https://management.1984hosting.com/domains"
+  _get_zone_id "$url" "$_domain"
+  csrf_header="$(echo "$One984HOSTING_CSRFTOKEN_COOKIE" | _egrep_o "=[^=][0-9a-zA-Z]*" | tr -d "=")"
+  export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE"
+  export _H2="Referer: https://management.1984hosting.com/domains/$_zone_id"
+  export _H3="X-CSRFToken: $csrf_header"
  _response=$(_post "$1" "$2")
 }
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -32,7 +32,7 @@ dns_aws_add() {
  if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
    AWS_ACCESS_KEY_ID=""
    AWS_SECRET_ACCESS_KEY=""
-    _err "You haven't specifed the aws route53 api key id and and api key secret yet."
+    _err "You haven't specified the aws route53 api key id and and api key secret yet."
    _err "Please create your key and try again. see $(__green $AWS_WIKI)"
    return 1
  fi
--- a/dnsapi/dns_azion.sh
+++ b/dnsapi/dns_azion.sh
@@ -0,0 +1,204 @@
+#!/usr/bin/env sh
+
+#
+#AZION_Email=""
+#AZION_Password=""
+#
+
+AZION_Api="https://api.azionapi.net"
+
+########  Public functions ########
+
+# Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to add txt record
+dns_azion_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _debug "Detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "Domain not found"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+  _debug _domain_id "$_domain_id"
+
+  _info "Add or update record"
+  _get_record "$_domain_id" "$_sub_domain"
+  if [ "$record_id" ]; then
+    _payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}"
+    if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then
+      if _contains "$response" "$txtvalue"; then
+        _info "Record updated."
+        return 0
+      fi
+    fi
+  else
+    _payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}"
+    if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then
+      if _contains "$response" "$txtvalue"; then
+        _info "Record added."
+        return 0
+      fi
+    fi
+  fi
+  _err "Failed to add or update record."
+  return 1
+}
+
+# Usage: fulldomain txtvalue
+# Used to remove the txt record after validation
+dns_azion_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _debug "Detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "Domain not found"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+  _debug _domain_id "$_domain_id"
+
+  _info "Removing record"
+  _get_record "$_domain_id" "$_sub_domain"
+  if [ "$record_id" ]; then
+    if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then
+      _info "Record removed."
+      return 0
+    else
+      _err "Failed to remove record."
+      return 1
+    fi
+  else
+    _info "Record not found or already removed."
+    return 0
+  fi
+}
+
+####################  Private functions below ##################################
+# Usage: _acme-challenge.www.domain.com
+# returns
+#  _sub_domain=_acme-challenge.www
+#  _domain=domain.com
+#  _domain_id=sdjkglgdfewsdfg
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+
+  if ! _azion_rest GET "intelligent_dns"; then
+    return 1
+  fi
+
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      # not valid
+      return 1
+    fi
+
+    if _contains "$response" "\"domain\":\"$h\""; then
+      _domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \")
+      _debug _domain_id "$_domain_id"
+      if [ "$_domain_id" ]; then
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _domain=$h
+        return 0
+      fi
+      return 1
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_get_record() {
+  _domain_id=$1
+  _record=$2
+
+  if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then
+    return 1
+  fi
+
+  if _contains "$response" "\"entry\":\"$_record\""; then
+    _json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"")
+    if [ "$_json_record" ]; then
+      record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \")
+      answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\])
+      return 0
+    fi
+    return 1
+  fi
+  return 1
+}
+
+_get_token() {
+  AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}"
+  AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}"
+
+  if ! _contains "$AZION_Email" "@"; then
+    _err "It seems that the AZION_Email is not a valid email address. Revalidate your environments."
+    return 1
+  fi
+
+  if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then
+    _err "You didn't specified a AZION_Email/AZION_Password to generate Azion token."
+    return 1
+  fi
+
+  _saveaccountconf_mutable AZION_Email "$AZION_Email"
+  _saveaccountconf_mutable AZION_Password "$AZION_Password"
+
+  _basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64)
+  _debug _basic_auth "$_basic_auth"
+
+  export _H1="Accept: application/json; version=3"
+  export _H2="Content-Type: application/json"
+  export _H3="Authorization: Basic $_basic_auth"
+
+  response="$(_post "" "$AZION_Api/tokens" "" "POST")"
+  if _contains "$response" "\"token\":\"" >/dev/null; then
+    _azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
+    export AZION_Token="$_azion_token"
+  else
+    _err "Failed to generate Azion token"
+    return 1
+  fi
+}
+
+_azion_rest() {
+  _method=$1
+  _uri="$2"
+  _data="$3"
+
+  if [ -z "$AZION_Token" ]; then
+    _get_token
+  fi
+  _debug2 token "$AZION_Token"
+
+  export _H1="Accept: application/json; version=3"
+  export _H2="Content-Type: application/json"
+  export _H3="Authorization: token $AZION_Token"
+
+  if [ "$_method" != "GET" ]; then
+    _debug _data "$_data"
+    response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")"
+  else
+    response="$(_get "$AZION_Api/$_uri")"
+  fi
+
+  _debug2 response "$response"
+
+  if [ "$?" != "0" ]; then
+    _err "error $_method $_uri $_data"
+    return 1
+  fi
+  return 0
+}
--- a/dnsapi/dns_he.sh
+++ b/dnsapi/dns_he.sh
@@ -85,7 +85,7 @@ dns_he_rm() {
    _debug "The txt record is not found, just skip"
    return 0
  fi
-  _record_id="$(echo "$response" | tr -d "#" | sed "s/<tr/#<tr/g" | tr -d "\n" | tr "#" "\n" | grep "$_full_domain" | grep '"dns_tr"' | grep "$_txt_value" | cut -d '"' -f 4)"
+  _record_id="$(echo "$response" | tr -d "#" | sed "s/<tr/#<tr/g" | tr -d "\n" | tr "#" "\n" | grep "$_full_domain" | grep '"dns_tr"' | grep -- "$_txt_value" | cut -d '"' -f 4)"
  _debug2 _record_id "$_record_id"
  if [ -z "$_record_id" ]; then
    _err "Can not find record id"
--- a/dnsapi/dns_infoblox.sh
+++ b/dnsapi/dns_infoblox.sh
@@ -9,7 +9,6 @@ dns_infoblox_add() {
  ## Nothing to see here, just some housekeeping
  fulldomain=$1
  txtvalue=$2
-  baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View"

  _info "Using Infoblox API"
  _debug fulldomain "$fulldomain"
@@ -19,12 +18,13 @@ dns_infoblox_add() {
  if [ -z "$Infoblox_Creds" ] || [ -z "$Infoblox_Server" ]; then
    Infoblox_Creds=""
    Infoblox_Server=""
-    _err "You didn't specify the credentials, server or infoblox view yet (Infoblox_Creds, Infoblox_Server and Infoblox_View)."
-    _err "Please set them via EXPORT ([username:password], [ip or hostname]) and try again."
+    _err "You didn't specify the Infoblox credentials or server (Infoblox_Creds; Infoblox_Server)."
+    _err "Please set them via EXPORT Infoblox_Creds=username:password or EXPORT Infoblox_server=ip/hostname and try again."
    return 1
  fi

  if [ -z "$Infoblox_View" ]; then
+    _info "No Infoblox_View set, using fallback value 'default'"
    Infoblox_View="default"
  fi

@@ -33,6 +33,9 @@ dns_infoblox_add() {
  _saveaccountconf Infoblox_Server "$Infoblox_Server"
  _saveaccountconf Infoblox_View "$Infoblox_View"

+  ## URLencode Infoblox View to deal with e.g. spaces
+  Infoblox_ViewEncoded=$(printf "%b" "$Infoblox_View" | _url_encode)
+
  ## Base64 encode the credentials
  Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64)

@@ -40,11 +43,14 @@ dns_infoblox_add() {
  export _H1="Accept-Language:en-US"
  export _H2="Authorization: Basic $Infoblox_CredsEncoded"

+  ## Construct the request URL
+  baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}"
+
  ## Add the challenge record to the Infoblox grid member
  result="$(_post "" "$baseurlnObject" "" "POST")"

  ## Let's see if we get something intelligible back from the unit
-  if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then
+  if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then
    _info "Successfully created the txt record"
    return 0
  else
@@ -65,6 +71,9 @@ dns_infoblox_rm() {
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"

+  ## URLencode Infoblox View to deal with e.g. spaces
+  Infoblox_ViewEncoded=$(printf "%b" "$Infoblox_View" | _url_encode)
+
  ## Base64 encode the credentials
  Infoblox_CredsEncoded="$(printf "%b" "$Infoblox_Creds" | _base64)"

@@ -73,18 +82,18 @@ dns_infoblox_rm() {
  export _H2="Authorization: Basic $Infoblox_CredsEncoded"

  ## Does the record exist?  Let's check.
-  baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View&_return_type=xml-pretty"
+  baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}&_return_type=xml-pretty"
  result="$(_get "$baseurlnObject")"

  ## Let's see if we get something intelligible back from the grid
-  if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then
+  if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then
    ## Extract the object reference
-    objRef="$(printf "%b" "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")"
+    objRef="$(printf "%b" "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")"
    objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef"
    ## Delete them! All the stale records!
    rmResult="$(_post "" "$objRmUrl" "" "DELETE")"
    ## Let's see if that worked
-    if [ "$(echo "$rmResult" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then
+    if [ "$(echo "$rmResult" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then
      _info "Successfully deleted $objRef"
      return 0
    else
--- a/dnsapi/dns_netcup.sh
+++ b/dnsapi/dns_netcup.sh
@@ -119,16 +119,16 @@ login() {
  tmp=$(_post "{\"action\": \"login\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apipassword\": \"$NC_Apipw\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST")
  sid=$(echo "$tmp" | tr '{}' '\n' | grep apisessionid | cut -d '"' -f 4)
  _debug "$tmp"
-  if [ "$(_getfield "$msg" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
-    _err "$msg"
+  if [ "$(_getfield "$tmp" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
+    _err "$tmp"
    return 1
  fi
 }
 logout() {
  tmp=$(_post "{\"action\": \"logout\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST")
  _debug "$tmp"
-  if [ "$(_getfield "$msg" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
-    _err "$msg"
+  if [ "$(_getfield "$tmp" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
+    _err "$tmp"
    return 1
  fi
 }
--- a/dnsapi/dns_nsd.sh
+++ b/dnsapi/dns_nsd.sh
@@ -51,7 +51,7 @@ dns_nsd_rm() {
  Nsd_ZoneFile="${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}"
  Nsd_Command="${Nsd_Command:-$(_readdomainconf Nsd_Command)}"

-  sed -i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile"
+  _sed_i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile"
  _info "Removed TXT record for $fulldomain"
  _debug "Running $Nsd_Command"
  if eval "$Nsd_Command"; then
--- a/dnsapi/dns_oci.sh
+++ b/dnsapi/dns_oci.sh
@@ -0,0 +1,324 @@
+#!/usr/bin/env sh
+#
+# Acme.sh DNS API plugin for Oracle Cloud Infrastructure
+# Copyright (c) 2021, Oracle and/or its affiliates
+#
+# The plugin will automatically use the default profile from an OCI SDK and CLI
+# configuration file, if it exists.
+#
+# Alternatively, set the following environment variables:
+# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone
+# - OCI_CLI_USER    : OCID of user with permission to add/remove records from zones
+# - OCI_CLI_REGION  : Should point to the tenancy home region
+#
+# One of the following two variables is required:
+# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or
+# - OCI_CLI_KEY     : The private API signing key in PEM format
+#
+# NOTE: using an encrypted private key that needs a passphrase is not supported.
+#
+
+dns_oci_add() {
+  _fqdn="$1"
+  _rdata="$2"
+
+  if _get_oci_zone; then
+
+    _add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}"
+    response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body")
+    if [ "$response" ]; then
+      _info "Success: added TXT record for ${_sub_domain}.${_domain}."
+    else
+      _err "Error: failed to add TXT record for ${_sub_domain}.${_domain}."
+      _err "Check that the user has permission to add records to this zone."
+      return 1
+    fi
+
+  else
+    return 1
+  fi
+
+}
+
+dns_oci_rm() {
+  _fqdn="$1"
+  _rdata="$2"
+
+  if _get_oci_zone; then
+
+    _remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}"
+    response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body")
+    if [ "$response" ]; then
+      _info "Success: removed TXT record for ${_sub_domain}.${_domain}."
+    else
+      _err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}."
+      _err "Check that the user has permission to remove records from this zone."
+      return 1
+    fi
+
+  else
+    return 1
+  fi
+
+}
+
+####################  Private functions below ##################################
+_get_oci_zone() {
+
+  if ! _oci_config; then
+    return 1
+  fi
+
+  if ! _get_zone "$_fqdn"; then
+    _err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY"
+    return 1
+  fi
+
+  return 0
+
+}
+
+_oci_config() {
+
+  _DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config"
+  OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}"
+
+  if [ -z "$OCI_CLI_CONFIG_FILE" ]; then
+    OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE"
+  fi
+
+  if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then
+    _saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE"
+  else
+    _clearaccountconf_mutable OCI_CLI_CONFIG_FILE
+  fi
+
+  _DEFAULT_OCI_CLI_PROFILE="DEFAULT"
+  OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}"
+  if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then
+    _saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE"
+  else
+    OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE"
+    _clearaccountconf_mutable OCI_CLI_PROFILE
+  fi
+
+  OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}"
+  if [ "$OCI_CLI_TENANCY" ]; then
+    _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY"
+  elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
+    _debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE"
+    OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}"
+  fi
+
+  if [ -z "$OCI_CLI_TENANCY" ]; then
+    _err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable."
+    return 1
+  fi
+
+  OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}"
+  if [ "$OCI_CLI_USER" ]; then
+    _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER"
+  elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
+    _debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE"
+    OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}"
+  fi
+  if [ -z "$OCI_CLI_USER" ]; then
+    _err "Error: unable to read OCI_CLI_USER from config file or environment variable."
+    return 1
+  fi
+
+  OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}"
+  if [ "$OCI_CLI_REGION" ]; then
+    _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION"
+  elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
+    _debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE"
+    OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}"
+  fi
+  if [ -z "$OCI_CLI_REGION" ]; then
+    _err "Error: unable to read OCI_CLI_REGION from config file or environment variable."
+    return 1
+  fi
+
+  OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}"
+  if [ -z "$OCI_CLI_KEY" ]; then
+    _clearaccountconf_mutable OCI_CLI_KEY
+    OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}"
+    if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then
+      _debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE"
+      OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE")
+      _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
+    fi
+  else
+    _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
+  fi
+
+  if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then
+    _err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE."
+    _err "Error: unable to load private API signing key from OCI_CLI_KEY."
+    return 1
+  fi
+
+  if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then
+    OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline)
+  fi
+
+  return 0
+
+}
+
+# _get_zone(): retrieves the Zone name and OCID
+#
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+# _domain_ociid=ocid1.dns-zone.oc1..
+_get_zone() {
+  domain=$1
+  i=1
+  p=1
+
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      # not valid
+      return 1
+    fi
+
+    _domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id")
+    if [ "$_domain_id" ]; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain=$h
+
+      _debug _domain_id "$_domain_id"
+      _debug _sub_domain "$_sub_domain"
+      _debug _domain "$_domain"
+      return 0
+    fi
+
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+
+}
+
+#Usage: privatekey
+#Output MD5 fingerprint
+_fingerprint() {
+
+  pkey="$1"
+  if [ -z "$pkey" ]; then
+    _usage "Usage: _fingerprint privkey"
+    return 1
+  fi
+
+  printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' '
+
+}
+
+_signed_request() {
+
+  _sig_method="$1"
+  _sig_target="$2"
+  _sig_body="$3"
+  _return_field="$4"
+
+  _key_fingerprint=$(_fingerprint "$OCI_CLI_KEY")
+  _sig_host="dns.$OCI_CLI_REGION.oraclecloud.com"
+  _sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint"
+  _sig_alg="rsa-sha256"
+  _sig_version="1"
+  _sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")"
+
+  _request_method=$(printf %s "$_sig_method" | _lower_case)
+  _curl_method=$(printf %s "$_sig_method" | _upper_case)
+
+  _request_target="(request-target): $_request_method $_sig_target"
+  _date_header="date: $_sig_now"
+  _host_header="host: $_sig_host"
+
+  _string_to_sign="$_request_target\n$_date_header\n$_host_header"
+  _sig_headers="(request-target) date host"
+
+  if [ "$_sig_body" ]; then
+    _secure_debug3 _sig_body "$_sig_body"
+    _sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)"
+    _sig_body_type="content-type: application/json"
+    _sig_body_length="content-length: ${#_sig_body}"
+    _string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length"
+    _sig_headers="$_sig_headers x-content-sha256 content-type content-length"
+  fi
+
+  _tmp_file=$(_mktemp)
+  if [ -f "$_tmp_file" ]; then
+    printf '%s' "$OCI_CLI_KEY" >"$_tmp_file"
+    _signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n')
+    rm -f "$_tmp_file"
+  fi
+
+  _signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\""
+  _secure_debug3 _signed_header "$_signed_header"
+
+  if [ "$_curl_method" = "GET" ]; then
+    export _H1="$_date_header"
+    export _H2="$_signed_header"
+    _response="$(_get "https://${_sig_host}${_sig_target}")"
+  elif [ "$_curl_method" = "PATCH" ]; then
+    export _H1="$_date_header"
+    export _H2="$_sig_body_sha256"
+    export _H3="$_sig_body_type"
+    export _H4="$_sig_body_length"
+    export _H5="$_signed_header"
+    _response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")"
+  else
+    _err "Unable to process method: $_curl_method."
+  fi
+
+  _ret="$?"
+  if [ "$_return_field" ]; then
+    _response="$(echo "$_response" | sed 's/\\\"//g'))"
+    _return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")
+  else
+    _return="$_response"
+  fi
+
+  printf "%s" "$_return"
+  return $_ret
+
+}
+
+# file  key  [section]
+_readini() {
+  _file="$1"
+  _key="$2"
+  _section="${3:-DEFAULT}"
+
+  _start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1)
+  _debug3 _start_n "$_start_n"
+  if [ -z "$_start_n" ]; then
+    _err "Can not find section: $_section"
+    return 1
+  fi
+
+  _start_nn=$(_math "$_start_n" + 1)
+  _debug3 "_start_nn" "$_start_nn"
+
+  _left="$(sed -n "${_start_nn},99999p" "$_file")"
+  _debug3 _left "$_left"
+  _end="$(echo "$_left" | grep -n "^\[" | _head_n 1)"
+  _debug3 "_end" "$_end"
+  if [ "$_end" ]; then
+    _end_n=$(echo "$_end" | cut -d : -f 1)
+    _debug3 "_end_n" "$_end_n"
+    _seg_n=$(echo "$_left" | sed -n "1,${_end_n}p")
+  else
+    _seg_n="$_left"
+  fi
+
+  _debug3 "_seg_n" "$_seg_n"
+  _lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")"
+  _inivalue="$(printf "%b" "$(eval "echo $_lineini | sed \"s/^ *${_key} *= *//g\"")")"
+  _debug2 _inivalue "$_inivalue"
+  echo "$_inivalue"
+
+}
--- a/dnsapi/dns_ovh.sh
+++ b/dnsapi/dns_ovh.sh
@@ -261,7 +261,9 @@ _get_root() {
      return 1
    fi

-    if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
+    if ! _contains "$response" "This service does not exist" >/dev/null &&
+      ! _contains "$response" "This call has not been granted" >/dev/null &&
+      ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      return 0
--- a/dnsapi/dns_pdns.sh
+++ b/dnsapi/dns_pdns.sh
@@ -103,7 +103,7 @@ set_record() {
    _build_record_string "$oldchallenge"
  done

-  if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
+  if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then
    _err "Set txt record error."
    return 1
  fi
@@ -126,7 +126,7 @@ rm_record() {

  if _contains "$_existing_challenges" "$txtvalue"; then
    #Delete all challenges (PowerDNS API does not allow to delete content)
-    if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
+    if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}" "application/json"; then
      _err "Delete txt record error."
      return 1
    fi
@@ -140,7 +140,7 @@ rm_record() {
        fi
      done
      #Recreate the existing challenges
-      if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
+      if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then
        _err "Set txt record error."
        return 1
      fi
@@ -203,12 +203,13 @@ _pdns_rest() {
  method=$1
  ep=$2
  data=$3
+  ct=$4

  export _H1="X-API-Key: $PDNS_Token"

  if [ ! "$method" = "GET" ]; then
    _debug data "$data"
-    response="$(_post "$data" "$PDNS_Url$ep" "" "$method")"
+    response="$(_post "$data" "$PDNS_Url$ep" "" "$method" "$ct")"
  else
    response="$(_get "$PDNS_Url$ep")"
  fi
--- a/dnsapi/dns_rackspace.sh
+++ b/dnsapi/dns_rackspace.sh
@@ -7,6 +7,7 @@

 RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0"

+# 20210923 - RS changed the fields in the API response; fix sed
 # 20190213 - The name & id fields swapped in the API response; fix sed
 # 20190101 - Duplicating file for new pull request to dev branch
 # Original - tcocca:rackspace_dnsapi https://github.com/acmesh-official/acme.sh/pull/1297
@@ -79,8 +80,8 @@ _get_root_zone() {
    _debug2 response "$response"
    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
      # Response looks like:
-      #   {"ttl":300,"accountId":12345,"id":1111111,"name":"example.com","emailAddress": ...<and so on>
-      _domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\([^,]*\),\"name\":\"$h\",.*/\1/p")
+      #   {"id":"12345","accountId":"1111111","name": "example.com","ttl":3600,"emailAddress": ... <and so on>
+      _domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\"\([^,]*\)\",\"accountId\":\"[0-9]*\",\"name\":\"$h\",.*/\1/p")
      _debug2 domain_id "$_domain_id"
      if [ -n "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
--- a/dnsapi/dns_veesp.sh
+++ b/dnsapi/dns_veesp.sh
@@ -0,0 +1,158 @@
+#!/usr/bin/env sh
+
+# bug reports to stepan@plyask.in
+
+#
+#     export VEESP_User="username"
+#     export VEESP_Password="password"
+
+VEESP_Api="https://secure.veesp.com/api"
+
+########  Public functions #####################
+
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_veesp_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}"
+  VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}"
+  VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64)
+
+  if [ -z "$VEESP_Password" ] || [ -z "$VEESP_User" ]; then
+    VEESP_Password=""
+    VEESP_User=""
+    _err "You don't specify veesp api key and email yet."
+    _err "Please create you key and try again."
+    return 1
+  fi
+
+  #save the api key and email to the account conf file.
+  _saveaccountconf_mutable VEESP_Password "$VEESP_Password"
+  _saveaccountconf_mutable VEESP_User "$VEESP_User"
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Adding record"
+  if VEESP_rest POST "service/$_service_id/dns/$_domain_id/records" "{\"name\":\"$fulldomain\",\"ttl\":1,\"priority\":0,\"type\":\"TXT\",\"content\":\"$txtvalue\"}"; then
+    if _contains "$response" "\"success\":true"; then
+      _info "Added"
+      #todo: check if the record takes effect
+      return 0
+    else
+      _err "Add txt record error."
+      return 1
+    fi
+  fi
+}
+
+# Usage: fulldomain txtvalue
+# Used to remove the txt record after validation
+dns_veesp_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}"
+  VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}"
+  VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64)
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting txt records"
+  VEESP_rest GET "service/$_service_id/dns/$_domain_id"
+
+  count=$(printf "%s\n" "$response" | _egrep_o "\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | wc -l | tr -d " ")
+  _debug count "$count"
+  if [ "$count" = "0" ]; then
+    _info "Don't need to remove."
+  else
+    record_id=$(printf "%s\n" "$response" | _egrep_o "{\"id\":[^}]*\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | cut -d\" -f4)
+    _debug "record_id" "$record_id"
+    if [ -z "$record_id" ]; then
+      _err "Can not get record id to remove."
+      return 1
+    fi
+    if ! VEESP_rest DELETE "service/$_service_id/dns/$_domain_id/records/$record_id"; then
+      _err "Delete record error."
+      return 1
+    fi
+    _contains "$response" "\"success\":true"
+  fi
+}
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+# _domain_id=sdjkglgdfewsdfg
+_get_root() {
+  domain=$1
+  i=2
+  p=1
+  if ! VEESP_rest GET "dns"; then
+    return 1
+  fi
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    if _contains "$response" "\"name\":\"$h\""; then
+      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"domain_id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1 | cut -d '"' -f 2)
+      _debug _domain_id "$_domain_id"
+      _service_id=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$h\",\"service_id\":[^}]*" | cut -d : -f 3 | cut -d '"' -f 2)
+      _debug _service_id "$_service_id"
+      if [ "$_domain_id" ]; then
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _domain="$h"
+        return 0
+      fi
+      return 1
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+VEESP_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+
+  export _H1="Accept: application/json"
+  export _H2="Authorization: Basic $VEESP_auth"
+  if [ "$m" != "GET" ]; then
+    _debug data "$data"
+    export _H3="Content-Type: application/json"
+    response="$(_post "$data" "$VEESP_Api/$ep" "" "$m")"
+  else
+    response="$(_get "$VEESP_Api/$ep")"
+  fi
+
+  if [ "$?" != "0" ]; then
+    _err "error $ep"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}
--- a/dnsapi/dns_vultr.sh
+++ b/dnsapi/dns_vultr.sh
@@ -33,7 +33,7 @@ dns_vultr_add() {
  _debug 'Getting txt records'
  _vultr_rest GET "dns/records?domain=$_domain"

-  if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
+  if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
    _err 'Error'
    return 1
  fi
@@ -73,12 +73,12 @@ dns_vultr_rm() {
  _debug 'Getting txt records'
  _vultr_rest GET "dns/records?domain=$_domain"

-  if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
+  if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
    _err 'Error'
    return 1
  fi

-  _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
+  _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
  _debug _record_id "$_record_id"
  if [ "$_record_id" ]; then
    _info "Successfully retrieved the record id for ACME challenge."
--- a/notify/pushbullet.sh
+++ b/notify/pushbullet.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env sh
+
+#Support for pushbullet.com's api. Push notification, notification sync and message platform for multiple platforms
+#PUSHBULLET_TOKEN="" Required, pushbullet application token
+#PUSHBULLET_DEVICE="" Optional, Specific device, ignore to send to all devices
+
+PUSHBULLET_URI="https://api.pushbullet.com/v2/pushes"
+pushbullet_send() {
+  _subject="$1"
+  _content="$2"
+  _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
+  _debug "_statusCode" "$_statusCode"
+
+  PUSHBULLET_TOKEN="${PUSHBULLET_TOKEN:-$(_readaccountconf_mutable PUSHBULLET_TOKEN)}"
+  if [ -z "$PUSHBULLET_TOKEN" ]; then
+    PUSHBULLET_TOKEN=""
+    _err "You didn't specify a Pushbullet application token yet."
+    return 1
+  fi
+  _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN"
+
+  PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}"
+  if [ -z "$PUSHBULLET_DEVICE" ]; then
+    _clearaccountconf_mutable PUSHBULLET_DEVICE
+  else
+    _saveaccountconf_mutable PUSHBULLET_DEVICE "$PUSHBULLET_DEVICE"
+  fi
+
+  export _H1="Content-Type: application/json"
+  export _H2="Access-Token: ${PUSHBULLET_TOKEN}"
+  _content="$(printf "*%s*\n" "$_content" | _json_encode)"
+  _subject="$(printf "*%s*\n" "$_subject" | _json_encode)"
+  _data="{\"type\": \"note\",\"title\": \"${_subject}\",\"body\": \"${_content}\",\"device_iden\": \"${PUSHBULLET_DEVICE}\"}"
+  response="$(_post "$_data" "$PUSHBULLET_URI")"
+
+  if [ "$?" != "0" ] || _contains "$response" "\"error_code\""; then
+    _err "PUSHBULLET send error."
+    _err "$response"
+    return 1
+  fi
+
+  _info "PUSHBULLET send success."
+  return 0
+}
--- a/notify/sendgrid.sh
+++ b/notify/sendgrid.sh
@@ -37,11 +37,19 @@ sendgrid_send() {
  fi
  _saveaccountconf_mutable SENDGRID_FROM "$SENDGRID_FROM"

+  SENDGRID_FROM_NAME="${SENDGRID_FROM_NAME:-$(_readaccountconf_mutable SENDGRID_FROM_NAME)}"
+  _saveaccountconf_mutable SENDGRID_FROM_NAME "$SENDGRID_FROM_NAME"
+
  export _H1="Authorization: Bearer $SENDGRID_API_KEY"
  export _H2="Content-Type: application/json"

  _content="$(echo "$_content" | _json_encode)"
-  _data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}"
+
+  if [ -z "$SENDGRID_FROM_NAME" ]; then
+    _data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}"
+  else
+    _data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\", \"name\": \"$SENDGRID_FROM_NAME\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}"
+  fi
  response="$(_post "$_data" "https://api.sendgrid.com/v3/mail/send")"

  if [ "$?" = "0" ] && [ -z "$response" ]; then
--- a/notify/telegram.sh
+++ b/notify/telegram.sh
@@ -27,7 +27,7 @@ telegram_send() {
  fi
  _saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID"

-  _content="$(printf "%s" "$_content" | sed -e 's/*/\\\\*/')"
+  _content="$(printf "%s" "$_content" | sed -e 's/\([_*`\[]\)/\\\\\1/g')"
  _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)"
  _data="{\"text\": \"$_content\", "
  _data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", "
Author	SHA1	Message	Date
neil	8fcecd59a0	Merge pull request #3734 from acmesh-official/dev sync	2021-10-03 22:48:12 +08:00
neil	f5ee618986	Merge pull request #3599 from cirow/dev Pushbullet Webhook notification	2021-10-03 22:34:21 +08:00
neil	f2958818c8	Update pushbullet.sh	2021-10-03 22:33:41 +08:00
neil	20f604948f	Update pushbullet.sh	2021-10-03 22:31:56 +08:00
neil	f72a4f966d	Merge pull request #3664 from shadowlmd/fix-grep-dns-he Fix grep options processing in dns_he module	2021-10-03 22:25:44 +08:00
neil	ae25931b37	Merge pull request #3733 from acmesh-official/dev sync	2021-10-03 21:30:46 +08:00
neil	84fe6654cc	fix for https://github.com/acmesh-official/acme.sh/issues/3717	2021-10-03 20:59:55 +08:00
neil	64908e0080	fix Windows path	2021-10-03 19:28:30 +08:00
neil	d4e1899747	support "--set-default-chain", fix https://github.com/acmesh-official/acme.sh/issues/3717	2021-10-03 19:02:45 +08:00
neil	5b1e849bde	Merge pull request #3725 from acmesh-official/dev sync	2021-10-01 23:02:30 +08:00
neil	fba6de76b1	Merge pull request #3687 from gstrauss/use-getdeployconf use _getdeployconf instead of sourcing DOMAIN_CONF	2021-10-01 12:41:12 +08:00
Glenn Strauss	8419b42e83	use ${ACME_OPENSSL_BIN:-openssl} instead of openssl (requested by @Neilpang in #3687)	2021-09-30 19:00:39 -04:00
neil	5f38c15b1f	Merge pull request #3709 from ToJIka4/add_veesp_api Add Veesp DNS API	2021-09-25 15:52:04 +08:00
neil	c3b72baa8e	Merge pull request #3710 from tcocca/dev Rackspace changed their API response, fixed the sed matching	2021-09-24 10:25:42 +08:00
Tom Cocca	16d0416f22	trigger GH Actions again	2021-09-23 08:50:20 -04:00
Tom Cocca	b9aa4f4478	trigger a GH actions change	2021-09-23 08:20:50 -04:00
Tom Cocca	8d3ad3a8c1	Rackspace changed their API response, fixed the sed matching	2021-09-23 08:10:17 -04:00
Stephen Pliaskin	5a689ce897	Add Veesp DNS API	2021-09-22 23:17:50 +03:00
neil	35e22703af	Merge pull request #3697 from DerVerruckteFuchs/1984-hosting-cookie-fix 1984 hosting cookie fix	2021-09-15 09:27:00 +08:00
DerVerruckteFuchs	41a2d0e06c	reduce ttl	2021-09-13 11:44:39 -04:00
DerVerruckteFuchs	4d95e35c06	get response based on $txtvalue	2021-09-12 17:38:27 -04:00
DerVerruckteFuchs	4e553f34ba	get TXT entry based on $txtvalue	2021-09-12 17:20:01 -04:00
DerVerruckteFuchs	b910726c43	pick first entry if more than one TXT entry exists	2021-09-12 17:05:36 -04:00
DerVerruckteFuchs	64e3cab6ab	add correct number of vars for _get_zone_id	2021-09-12 16:57:32 -04:00
DerVerruckteFuchs	f3196396a2	fix email filtering	2021-09-12 16:49:53 -04:00
DerVerruckteFuchs	148336929d	fix formatting	2021-09-12 16:27:40 -04:00
DerVerruckteFuchs	2f3ec3a77f	filter out instances where email@domain.com exists	2021-09-12 16:25:21 -04:00
Christophe B Billheimer	8d7a487013	change $@ -> $_domain	2021-09-12 14:10:54 -04:00
Christophe B Billheimer	622464ff5e	fix error message for _get_zone_id	2021-09-12 13:49:31 -04:00
Christophe B Billheimer	b45a44e405	fix formatting	2021-09-12 13:33:55 -04:00
Christophe B Billheimer	a196958bd6	add check when getting zone id	2021-09-12 13:13:55 -04:00
Christophe B Billheimer	f101418658	change _url -> url	2021-09-12 13:03:54 -04:00
Christophe B Billheimer	aa05a1e81d	make sure _url gets set where it is needed	2021-09-12 13:00:03 -04:00
Christophe B Billheimer	384bc62f25	make _get_zone_id usage consistent	2021-09-12 12:54:42 -04:00
Christophe B Billheimer	46e62f1a9a	fix typo	2021-09-12 12:50:03 -04:00
Christophe B Billheimer	c5c2014081	add _get_zone_id to dns_1984hosting_rm to get the zone id	2021-09-12 12:48:27 -04:00
Christophe B Billheimer	c668c603cc	add Referer and X-CSRFToken HTTP headers	2021-09-12 12:45:06 -04:00
Christophe B Billheimer	8f3b7c179e	put cookies into a format that the 1984 Hosting website expects	2021-09-12 12:37:56 -04:00
Christophe B Billheimer	ea18c47011	move getting zone id code into its own function	2021-09-12 12:35:20 -04:00
Christophe B Billheimer	ced7110a78	remove -o option from grep and use _egrep_o instead	2021-09-10 08:49:38 -04:00
Christophe B Billheimer	92f13eb8bf	get both the CSRF token and session ID cookies, as they are both needed for login now	2021-09-10 08:02:13 -04:00
Christophe B Billheimer	1312ef7e50	simplify One984HOSTING_COOKIE grep	2021-09-10 07:25:18 -04:00
Christophe B Billheimer	e992979113	Merge branch 'master' of github.com:DerVerruckteFuchs/acme.sh into 1984-hosting-cookie-fix	2021-09-08 22:49:24 -04:00
Christophe B Billheimer	d317b49940	use head instead of tail so that the sessionid cookie gets set correctly	2021-09-08 22:48:43 -04:00
neil	6be53468c5	Merge pull request #3691 from nookery/patch-1 the type of 'snis' is array	2021-09-07 11:55:44 +08:00
neil	046094bdcb	Merge pull request #3696 from TheTyrius/dev [dns_netcup] Fix variable name	2021-09-07 09:34:12 +08:00
Philipp B	1064c270d9	Fix variable name Wrong variable name was used in login() and logout(), preventing operation.	2021-09-06 17:01:31 +02:00
Nookery	2447fccf1e	name="snis" => name="snis[]" kong 2.5.x，snis参数是一个数组	2021-09-04 16:59:50 +08:00
Glenn Strauss	c43c711f72	use _getdeployconf instead of sourcing DOMAIN_CONF (requested by @Neilpang in #3394) github: closes #3394	2021-09-01 16:37:10 -04:00
Michael Weber	f354e6de69	lighttpd deploy hook * verbatim copy from haproxy.sh, s/haproxy/lighttpd * enable issuer	2021-09-01 16:33:24 -04:00
neil	12615c46f8	Merge pull request #3682 from acmesh-official/dev sync	2021-08-29 22:18:31 +08:00
neil	b335840f97	Merge pull request #3657 from Sp1l/extend_pre_hook Make domain names available to pre hook	2021-08-22 11:01:02 +08:00
neilpang	c5efec678e	remove clearlinux	2021-08-18 20:59:47 +08:00
Aleksei Faians	83cb89e4f7	treat variable contents as text, don't process switches	2021-08-17 08:58:04 +03:00
neilpang	6bdf689d0f	fix https://github.com/acmesh-official/acme.sh/issues/3660	2021-08-15 08:52:55 +08:00
Bernard Spil	e164362069	Make domain names available to pre hook Export Le_Domains and Le_Alt so your pre-hook script can run additional checks. Allows running checks on the domain names before the first call to the ACME API. Thereby not counting against the rate-limit when an issue is going to be problematic. Supersedes: #3288	2021-08-10 12:36:29 +02:00
neilpang	72e3f33f28	fix docker test	2021-08-08 08:49:15 +08:00
neilpang	ccfd907914	fix https://github.com/acmesh-official/acme.sh/issues/3649	2021-08-07 21:06:05 +08:00
neilpang	5a44e63cad	fix nginx mode https://github.com/acmesh-official/acme.sh/issues/3648#issuecomment-894045613	2021-08-06 21:22:10 +08:00
neil	d96cca3822	Merge pull request #3647 from acmesh-official/dev sync	2021-08-05 20:14:00 +08:00
neilpang	06580bf0e4	fix https://github.com/acmesh-official/acme.sh/issues/1914#issuecomment-893188476	2021-08-05 20:12:42 +08:00
neil	b21bd64764	Merge pull request #3646 from jonwltn/dev Minor output formatting changes.	2021-08-05 16:54:53 +08:00
jonwltn	6b97dc6734	Minor output formatting changes.	2021-08-04 10:44:48 -07:00
neil	4e3f328a02	Merge pull request #3644 from acmesh-official/dev sync	2021-08-04 21:43:40 +08:00
neil	8380ca2fdd	Merge pull request #3641 from felixonmars/patch-1 Correct a typo in dns_aws.sh	2021-08-03 11:01:59 +08:00
Felix Yan	ec678bc6d2	Correct a typo in dns_aws.sh	2021-08-03 01:36:59 +08:00
neilpang	2b5e2d4760	fix nginx mode	2021-08-01 15:44:14 +08:00
neilpang	89abad7980	fix https://github.com/acmesh-official/acme.sh/issues/3635	2021-08-01 13:11:52 +08:00
neil	d84da5bdbf	Merge pull request #3638 from acmesh-official/dev fix https://github.com/acmesh-official/acme.sh/issues/3624#issuecomme…	2021-08-01 08:47:41 +08:00
neilpang	5cc1d9521c	fix https://github.com/acmesh-official/acme.sh/issues/3624#issuecomment-887689325	2021-07-28 22:14:54 +08:00
neil	a199fc6113	Merge pull request #3621 from acmesh-official/dev sync	2021-07-24 23:42:34 +08:00
neil	655e34b166	minor, clean links for renewal	2021-07-24 16:23:43 +08:00
neil	5ea3a02d6a	Merge pull request #3587 from xpac1985/patch-2 dns_infoblox.sh: Fix Infoblox_View handling + some cleanup	2021-07-24 16:00:55 +08:00
neil	15c68c9594	Merge pull request #3620 from acmesh-official/dev sync	2021-07-24 15:48:36 +08:00
neil	08438608d1	fix format	2021-07-24 15:46:58 +08:00
neil	2da94e0fdf	Merge pull request #3617 from Ivanovitchk/dev dns_ovh: fix random add/remove txt records failures	2021-07-22 14:00:29 +08:00
Ivanovitch_k	63165764dc	dns_ovh: fix random add/remove txt records failures due to inconsistent curl api response json	2021-07-22 00:24:11 +02:00
neilpang	103810ce20	add info	2021-07-20 21:05:17 +08:00
neil	f59356b96b	Merge pull request #3612 from acmesh-official/retry add retry logic for http requests	2021-07-20 20:59:41 +08:00
ciro	4a8511f680	fix wrong variable name	2021-07-17 13:50:45 -03:00
cirow	cd6698c688	Merge branch 'acmesh-official:dev' into dev	2021-07-15 22:56:26 -03:00
ciro	c7ca9d7e36	fix shfmt issues	2021-07-15 22:55:35 -03:00
neil	d70b759cb9	format	2021-07-15 22:47:20 +08:00
neil	ae3dda0f8f	add retry for get() and post()	2021-07-15 22:21:32 +08:00
neil	e229ba5945	Merge pull request #3601 from acmesh-official/3600 fix https://github.com/acmesh-official/acme.sh/issues/3600	2021-07-12 22:27:19 +08:00
neil	dcc50093bb	fix https://github.com/acmesh-official/acme.sh/issues/3600	2021-07-12 21:46:08 +08:00
neil	0831690f79	Merge pull request #3595 from stevenzhu25/patch-1 Feature Request: Add sender name for SendGrid notify hook	2021-07-12 09:11:29 +08:00
ciro	98ef51514f	added pushbullet functionality	2021-07-11 20:29:44 -03:00
neilpang	ac9993394c	update	2021-07-11 21:58:47 +08:00
Steven Zhu	849c3fd9c9	Fix space inconsistency	2021-07-06 22:54:15 -04:00
Steven Zhu	da58fcbfce	Add sender name for SendGrid notify hook	2021-07-06 20:51:51 -04:00
neil	fa3cd9736f	Merge pull request #3593 from jonwltn/fix-dnspod Fix the URL for checking DNSPod availability.	2021-07-05 09:27:41 +08:00
jonwltn	a0c5d17539	Fix the URL for checking DNSPod availability.	2021-07-02 09:23:45 -07:00
xpac1985	224cd04673	Shell formatting, again	2021-07-01 22:59:43 +02:00
xpac1985	52243d0870	Clean up formatting (SHFMT)	2021-07-01 22:54:56 +02:00
xpac1985	d519873fa4	Fix Infoblox_View handling + some cleanup URL is now constructed after possible fallback value for Infoblox_View is being set Infoblox_View is URLencoded to deal with e.g. spaces Some cleanup, clearer log messages etc.	2021-07-01 22:25:49 +02:00
neil	a76dcd4ba1	Merge pull request #3581 from acmesh-official/dev sync	2021-06-28 21:21:04 +08:00
neilpang	2d07185300	use letsencrypt server to renew certs if no server was saved.	2021-06-28 21:16:32 +08:00
neil	518e1df257	sync (#3580 ) sync	2021-06-28 21:10:42 +08:00
neilpang	e0def66959	fix for compatiblity	2021-06-27 11:29:51 +08:00
neil	772d970074	fix CI tests (#3574 ) fix CI tests	2021-06-25 23:20:40 +08:00
neilpang	ba7d85145a	fix env	2021-06-25 23:01:47 +08:00
neilpang	fb73dceab0	fix format	2021-06-25 22:46:55 +08:00
neilpang	13fd83e0ba	fix revoke	2021-06-25 22:44:23 +08:00
neilpang	719ba75fcc	fix test server	2021-06-25 22:29:40 +08:00
neilpang	13ab98440c	fix initapi	2021-06-25 22:23:17 +08:00
neilpang	1752004301	fix deactivate	2021-06-25 22:16:16 +08:00
neilpang	536a5f7cff	fix deactivate	2021-06-25 21:59:38 +08:00
neilpang	a69aece23a	Use TEST_ACME_Server	2021-06-25 21:28:20 +08:00
neilpang	77d3815baa	use TEST_ACME_Server	2021-06-25 21:18:03 +08:00
neilpang	e225e17386	remove unused file	2021-06-25 20:56:46 +08:00
neil	3290208749	Merge pull request #3573 from acmesh-official/dev Dev	2021-06-25 20:13:06 +08:00
neil	3106187aac	Merge pull request #3572 from funzoneq/pdns-fix-content-type Pdns fix content type	2021-06-25 18:25:19 +08:00
Arnoud Vermeer	eae490b5b1	[dns_pdns] Fix: missing content type in PATCH requests #3454	2021-06-25 10:12:23 +02:00
neilpang	bcce77508a	remove buypass test	2021-06-25 00:04:13 +08:00
neilpang	e9bdf02cfc	fix filter	2021-06-25 00:01:46 +08:00
neilpang	77f659c9b9	add NO_ECC_384	2021-06-24 23:57:21 +08:00
neilpang	c66e157a14	fix path filter	2021-06-24 23:30:16 +08:00
neilpang	2c927277e2	fix error	2021-06-24 23:23:46 +08:00
neilpang	29fe1c86da	fix initapi	2021-06-24 23:21:10 +08:00
neilpang	1ae9c48370	fix error	2021-06-24 22:05:43 +08:00
neilpang	078a8b40e9	add buypass test	2021-06-24 22:03:00 +08:00
neilpang	9daeae1695	remove unnecessary check	2021-06-24 20:45:15 +08:00
neilpang	014e016058	add retry for init api	2021-06-24 20:35:49 +08:00
neil	f41f93af3a	Merge pull request #3491 from bgarret/consul-deploy-hook Consul deploy hooks	2021-06-24 20:25:01 +08:00
neil	51539521b1	Merge pull request #3551 from marcusgrando/dev Added Azion DNS API	2021-06-24 20:19:52 +08:00
Marcus Grando	522dec34a5	Added Azion DNS API	2021-06-23 08:45:22 -03:00
neil	ea6d76cce6	Merge pull request #3569 from Habetdin/dev notify/telegram.sh: Fix special characters escaping	2021-06-23 13:27:07 +08:00
Habetdin	7c7d61f61e	Fix special characters escaping To escape characters '_', '*', '`', '[' outside of an entity, prepend the characters '\' before them.	2021-06-23 03:20:07 +03:00
Marcus Grando	184dde92a2	Added Azion DNS API	2021-06-22 14:06:05 -03:00
neil	7e43c794fd	Merge pull request #3567 from acmesh-official/dev support SSL.com	2021-06-22 20:40:43 +08:00
neilpang	c7285967d6	fix for list short name	2021-06-22 20:39:00 +08:00
neilpang	41f4baadb9	minor	2021-06-22 07:59:02 +08:00
neilpang	20082ec9fb	update status	2021-06-22 07:55:12 +08:00
neilpang	8dae8c52c0	split in to multiple files, so that it can pass more.	2021-06-22 07:48:37 +08:00
neil	068076c0d5	Merge pull request #3565 from acmesh-official/dev Dev	2021-06-21 23:42:23 +08:00
neilpang	c0ae44a41b	fix format	2021-06-21 22:59:14 +08:00
neilpang	593e8e1f63	move ca key path	2021-06-21 22:47:22 +08:00
neilpang	707cf35f0a	fix format	2021-06-21 22:29:14 +08:00
neilpang	30f11d0e16	typo	2021-06-21 21:41:56 +08:00
neilpang	53d6ab6c23	support SSL.com	2021-06-21 21:31:00 +08:00
neilpang	280e44304a	fix for compatibility to sslcom	2021-06-21 20:11:15 +08:00
neilpang	79fac4466e	minor	2021-06-20 16:58:20 +08:00
neil	0e9f09e582	Merge pull request #3539 from Djelibeybi/dev Add DNS API plugin for Oracle Cloud Infrastructure DNS Service	2021-06-20 16:05:56 +08:00
Avi Miller	25d0fdf8ff	fix: fix a format issue reported by shellfmt Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-06-20 17:07:04 +10:00
Avi Miller	1d089d4541	fix: refactor the way the config is read from file and envvars The plugin will use the following order of precedence: environment value > file value > default value See the wiki for details on environment variable names. Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-06-20 17:00:53 +10:00
neilpang	1c78663378	exclude test for dns api changes	2021-06-20 12:26:12 +08:00
Avi Miller	7666022840	fix: revert _readini() function to be more generic Also switched [::space::] with a literal space for better cross-platform compatibility. Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-06-20 13:12:14 +10:00
Avi Miller	946c8b498a	feat: enable automatic configuration from an OCI configuration file The individual parameters can still be overridden via the corresponding OCI_CLI environment variable. Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-06-20 09:10:24 +10:00
Marcus Grando	406ca66c8d	Added Azion DNS API	2021-06-19 15:19:56 -03:00
Avi Miller	ed971df93a	fix: add missing else/return 1 to if block Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-06-19 15:41:34 +10:00
neilpang	74c054b2a5	fix https://github.com/acmesh-official/acme.sh/issues/3563	2021-06-19 11:52:11 +08:00
Avi Miller	017a10189c	fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-06-18 12:00:42 +10:00
neil	f1c361855e	Merge pull request #2526 from PeterDaveHello/Refactor_Dockerfile Refactor Dockerfile	2021-06-17 22:01:27 +08:00
neil	3d72df4666	Merge pull request #2529 from PeterDaveHello/UpdateREADME.md Remove invalid "Contribute" link in README.md	2021-06-16 23:11:56 +08:00
Peter Dave Hello	6f732a9957	Use `COPY` instead of `ADD` in Dockerfile for folder Ref: https://docs.docker.com/develop/develop-images/#add-or-copy	2021-06-16 22:47:36 +08:00
Peter Dave Hello	447bf77dfe	Simplify apk command in Dockerfile With apk `--no-cache` parameter, there is no need to run `apk update` and manually clean up the cache, apk will update automatically without leaving local cache files to be cleaned up.	2021-06-16 22:47:33 +08:00
Peter Dave Hello	6621ef6a0b	Remove invalid "Contribute" link in README.md	2021-06-16 19:44:31 +08:00
Marcus Grando	e327c8758e	Merge branch 'acmesh-official:dev' into dev	2021-06-15 17:49:17 -03:00
neil	8a08de5691	Merge pull request #3554 from acmesh-official/dev add linux tests	2021-06-14 12:25:39 +08:00
neilpang	3d7375be8b	update status	2021-06-14 12:00:42 +08:00
neilpang	da754e9a71	fix	2021-06-14 11:52:45 +08:00
neilpang	cc9ec806b2	add all Linux	2021-06-14 11:50:19 +08:00
neil	72cf037c0d	Merge pull request #3553 from acmesh-official/dev fix for solaris	2021-06-13 22:11:27 +08:00
neilpang	8ae08b29e4	fix for solaris	2021-06-13 21:37:26 +08:00
neil	4967fa020f	Merge pull request #3552 from acmesh-official/dev sync	2021-06-13 16:16:11 +08:00
neilpang	54f2640ef2	fix env	2021-06-13 15:52:38 +08:00
neilpang	56246592c7	set ca names in the env	2021-06-13 15:45:33 +08:00
neilpang	1ff5d71e12	fix windows	2021-06-13 15:30:51 +08:00
neilpang	67c42c5911	add zerossl	2021-06-13 15:00:30 +08:00
neilpang	d0b514890a	change default ca to zerossl	2021-06-13 14:29:26 +08:00
Marcus Grando	c0285fbc15	Added Azion DNS API	2021-06-11 11:17:26 -03:00
neil	a438c841e1	Merge pull request #3542 from DerVerruckteFuchs/_get_root()-fix fix _get_root() so that it successfully gets the root domain	2021-06-09 17:50:54 +08:00
neil	19d7c2b336	fix bug	2021-06-06 22:53:39 +08:00
neil	afb6c70909	Merge pull request #3541 from DerVerruckteFuchs/dns_1984hosting_add()-fix fix dns_1984hosting_add() so checks for HTML responses actually find HTML responses	2021-06-06 22:48:40 +08:00
DerVerruckteFuchs	d9af496b13	Merge branch 'dev' into _get_root()-fix	2021-06-05 23:20:01 -04:00
Christophe B Billheimer	a55cf40b1b	fix _get_root() so that it successfully gets the root domain	2021-06-05 23:06:28 -04:00
Christophe B Billheimer	b19008d1b8	fix dns_1984hosting_add() so checks for HTML responses are actually find HTML responses	2021-06-05 22:38:45 -04:00
Avi Miller	6f88c81616	Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller <avi.miller@oracle.com>	2021-06-05 21:55:40 +10:00
neil	43cb230f19	Merge pull request #3535 from sparunakian/dev Fix typo (#3521)	2021-06-02 23:06:36 +08:00
neil	fd6a59202d	start 3.0.0	2021-06-02 23:06:12 +08:00
Stéphane Parunakian	e353f66eaa	Fix typo	2021-06-02 16:06:08 +02:00
Benoit Garret	07afc4953a	Fix the shfmt check	2021-05-07 12:12:30 +02:00
Benoit Garret	c127903127	Add Consul deploy hook	2021-05-05 10:01:09 +02:00