Merge pull request #5123 from acmesh-official/dev

sync
Merge pull request #5049 from hknet/patch-2
2024-04-29 20:15:14 +02:00 · 2024-04-29 20:14:01 +02:00 · 2024-04-25 09:19:08 +02:00 · 2024-04-25 13:39:05 +08:00 · 2024-04-24 23:16:49 +02:00 · 2024-04-25 04:02:49 +08:00
33 changed files with 1222 additions and 583 deletions
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@ -65,7 +65,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Set env file
@ -113,7 +113,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install tools
      run:  brew install socat
    - name: Clone acmetest
@ -164,7 +164,7 @@ jobs:
    - name: Set git to use LF
      run: |
          git config --global core.autocrlf false
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install cygwin base packages with chocolatey
      run: |
          choco config get cacheLocation
@ -204,7 +204,7 @@ jobs:
  FreeBSD:
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    needs: Windows
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
@ -223,10 +223,10 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/freebsd-vm@v0
+    - uses: vmactions/freebsd-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        prepare: pkg install -y socat curl
@ -255,7 +255,7 @@ jobs:
  OpenBSD:
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    needs: FreeBSD
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
@ -274,10 +274,10 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/openbsd-vm@v0
+    - uses: vmactions/openbsd-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        prepare: pkg_add socat curl
@ -306,7 +306,7 @@ jobs:
  NetBSD:
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    needs: OpenBSD
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
@ -325,14 +325,14 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/netbsd-vm@v0
+    - uses: vmactions/netbsd-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        prepare: |
-          pkg_add curl socat
+          /usr/sbin/pkg_add curl socat
        usesh: true
        copyback: false
        run: |
@ -358,7 +358,7 @@ jobs:
  DragonFlyBSD:
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    needs: NetBSD
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
@ -377,10 +377,10 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/dragonflybsd-vm@v0
+    - uses: vmactions/dragonflybsd-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        prepare: |
@ -413,7 +413,7 @@ jobs:
  Solaris:
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    needs: DragonFlyBSD
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
@ -433,10 +433,10 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/solaris-vm@v0
+    - uses: vmactions/solaris-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        copyback: false
@ -463,3 +463,52 @@ jobs:
          ./letest.sh
  Omnios:
    runs-on: ubuntu-latest
    needs: Solaris
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
      TestingDomain: ${{ secrets.TestingDomain }}
      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
      TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
      CASE: le_test_dnsapi
      TEST_LOCAL: 1
      DEBUG: ${{ secrets.DEBUG }}
      http_proxy: ${{ secrets.http_proxy }}
      https_proxy: ${{ secrets.https_proxy }}
      HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Omnios doesn't accept the expired ISRG X1 root
      TokenName1: ${{ secrets.TokenName1}}
      TokenName2: ${{ secrets.TokenName2}}
      TokenName3: ${{ secrets.TokenName3}}
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/omnios-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        copyback: false
        prepare: pkg install socat
        run: |
          if [ "${{ secrets.TokenName1}}" ] ; then
            export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
          fi
          if [ "${{ secrets.TokenName2}}" ] ; then
            export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
          fi
          if [ "${{ secrets.TokenName3}}" ] ; then
            export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
          fi
          if [ "${{ secrets.TokenName4}}" ] ; then
            export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
          fi
          if [ "${{ secrets.TokenName5}}" ] ; then
            export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
          fi
          cd ../acmetest
          ./letest.sh
--- a/.github/workflows/DragonFlyBSD.yml
+++ b/.github/workflows/DragonFlyBSD.yml
@ -20,7 +20,6 @@ concurrency:
 jobs:
  DragonFlyBSD:
    strategy:
@ -36,7 +35,7 @@ jobs:
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
         #  CA_EMAIL: "githubtest@acme.sh"
         #  TEST_PREFERRED_CHAIN: ""
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    env:
      TEST_LOCAL: 1
      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@ -44,8 +43,9 @@ jobs:
      CA: ${{ matrix.CA }}
      CA_EMAIL: ${{ matrix.CA_EMAIL }}
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
@ -55,15 +55,15 @@ jobs:
      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/dragonflybsd-vm@v0
+    - uses: vmactions/dragonflybsd-vm@v1
      with:
-        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN'
+        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
        copyback: "false"
        nat: |
          "8080": "80"
        prepare: |
          pkg install -y curl socat libnghttp2
        usesh: true
        copyback: false
        run: |
          cd ../acmetest \
          && ./letest.sh
--- a/.github/workflows/FreeBSD.yml
+++ b/.github/workflows/FreeBSD.yml
@ -41,7 +41,7 @@ jobs:
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
         #  CA_EMAIL: "githubtest@acme.sh"
         #  TEST_PREFERRED_CHAIN: ""
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    env:
      TEST_LOCAL: 1
      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
@ -61,7 +61,7 @@ jobs:
      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/freebsd-vm@v0
+    - uses: vmactions/freebsd-vm@v1
      with:
        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
        nat: |
--- a/.github/workflows/Linux.yml
+++ b/.github/workflows/Linux.yml
@ -33,7 +33,7 @@ jobs:
      TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
      TEST_ACME_Server: "LetsEncrypt.org_test"
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Clone acmetest
      run: |
          cd .. \
--- a/.github/workflows/MacOS.yml
+++ b/.github/workflows/MacOS.yml
@ -44,7 +44,7 @@ jobs:
      CA_EMAIL: ${{ matrix.CA_EMAIL }}
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install tools
      run:  brew install socat
    - name: Clone acmetest
--- a/.github/workflows/NetBSD.yml
+++ b/.github/workflows/NetBSD.yml
@ -20,7 +20,6 @@ concurrency:
 jobs:
  NetBSD:
    strategy:
@ -36,7 +35,7 @@ jobs:
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
         #  CA_EMAIL: "githubtest@acme.sh"
         #  TEST_PREFERRED_CHAIN: ""
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    env:
      TEST_LOCAL: 1
      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@ -44,8 +43,9 @@ jobs:
      CA: ${{ matrix.CA }}
      CA_EMAIL: ${{ matrix.CA_EMAIL }}
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
@ -55,13 +55,13 @@ jobs:
      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/netbsd-vm@v0
+    - uses: vmactions/netbsd-vm@v1
      with:
-        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN'
+        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
        nat: |
          "8080": "80"
        prepare: |
-          pkg_add curl socat
+          /usr/sbin/pkg_add curl socat
        usesh: true
        copyback: false
        run: |
--- a/.github/workflows/Omnios.yml
+++ b/.github/workflows/Omnios.yml
@ -0,0 +1,75 @@
 name: Omnios
 on:
  push:
    branches:
      - '*'
    paths:
      - '*.sh'
      - '.github/workflows/Omnios.yml'
  pull_request:
    branches:
      - dev
    paths:
      - '*.sh'
      - '.github/workflows/Omnios.yml'
 concurrency: 
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  Omnios:
    strategy:
      matrix:
        include:
         - TEST_ACME_Server: "LetsEncrypt.org_test"
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
         - TEST_ACME_Server: "LetsEncrypt.org_test"
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
           ACME_USE_WGET: 1
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
         #  CA_EMAIL: "githubtest@acme.sh"
         #  TEST_PREFERRED_CHAIN: ""
    runs-on: ubuntu-latest
    env:
      TEST_LOCAL: 1
      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
      CA_ECDSA: ${{ matrix.CA_ECDSA }}
      CA: ${{ matrix.CA }}
      CA_EMAIL: ${{ matrix.CA_EMAIL }}
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
    - uses: actions/checkout@v4
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
        protocol: http
        port: 8080
    - name: Set envs
      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/omnios-vm@v1
      with:
        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
        nat: |
          "8080": "80"
        prepare: pkg install socat wget
        copyback: false
        run: |
          cd ../acmetest \
          && ./letest.sh
--- a/.github/workflows/OpenBSD.yml
+++ b/.github/workflows/OpenBSD.yml
@ -41,7 +41,7 @@ jobs:
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
         #  CA_EMAIL: "githubtest@acme.sh"
         #  TEST_PREFERRED_CHAIN: ""
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    env:
      TEST_LOCAL: 1
      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
@ -61,7 +61,7 @@ jobs:
      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/openbsd-vm@v0
+    - uses: vmactions/openbsd-vm@v1
      with:
        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
        nat: |
--- a/.github/workflows/PebbleStrict.yml
+++ b/.github/workflows/PebbleStrict.yml
@ -33,7 +33,7 @@ jobs:
      TEST_CA: "Pebble Intermediate CA"
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Run Pebble
@ -58,7 +58,7 @@ jobs:
      TEST_IPCERT: 1
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Run Pebble
--- a/.github/workflows/Solaris.yml
+++ b/.github/workflows/Solaris.yml
@ -14,12 +14,12 @@ on:
      - '*.sh'
      - '.github/workflows/Solaris.yml'
 concurrency: 
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  Solaris:
    strategy:
@ -41,7 +41,7 @@ jobs:
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
         #  CA_EMAIL: "githubtest@acme.sh"
         #  TEST_PREFERRED_CHAIN: ""
-    runs-on: macos-12
+    runs-on: ubuntu-latest
    env:
      TEST_LOCAL: 1
      TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
@ -61,14 +61,15 @@ jobs:
      run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/solaris-vm@v0
+    - uses: vmactions/solaris-vm@v1
      with:
        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
        copyback: "false"
        nat: |
          "8080": "80"
        prepare: pkgutil -y -i socat curl wget
        copyback: false
        run: |
          cd ../acmetest \
          && ./letest.sh
--- a/.github/workflows/Ubuntu.yml
+++ b/.github/workflows/Ubuntu.yml
@ -70,7 +70,7 @@ jobs:
      TestingDomain: ${{ matrix.TestingDomain }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install tools
      run: sudo apt-get install -y socat wget
    - name: Start StepCA
--- a/.github/workflows/Windows.yml
+++ b/.github/workflows/Windows.yml
@ -49,7 +49,7 @@ jobs:
    - name: Set git to use LF
      run: |
          git config --global core.autocrlf false
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install cygwin base packages with chocolatey
      run: |
          choco config get cacheLocation
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@ -41,7 +41,7 @@ jobs:
    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
    steps:
      - name: checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
--- a/.github/workflows/pr_dns.yml
+++ b/.github/workflows/pr_dns.yml
@ -4,8 +4,6 @@ on:
  pull_request_target:
    types:
      - opened
    branches:
      - 'dev'
    paths:
      - 'dnsapi/*.sh'
@ -22,9 +20,11 @@ jobs:
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: `**Welcome**
-                Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test).
+                First thing: don't send PR to the master branch, please send to the dev branch instead.
                Please make sure you've read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test).
                Then reply on this message, otherwise, your code will not be reviewed or merged.
                We look forward to reviewing your Pull request shortly ✨
                注意: 必须通过了 [DNS-API-Test](../wiki/DNS-API-Test) 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试.
                `
            })
--- a/.github/workflows/pr_notify.yml
+++ b/.github/workflows/pr_notify.yml
@ -22,7 +22,7 @@ jobs:
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: `**Welcome**
-                Please make sure you're read our [Code-of-conduct](../wiki/Code-of-conduct) and  add the usage here: [notify](../wiki/notify).
+                Please make sure you've read our [Code-of-conduct](../wiki/Code-of-conduct) and  add the usage here: [notify](../wiki/notify).
                Then reply on this message, otherwise, your code will not be reviewed or merged.
                We look forward to reviewing your Pull request shortly ✨
                `
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@ -22,7 +22,7 @@ jobs:
  ShellCheck:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install Shellcheck
      run: sudo apt-get install -y shellcheck
    - name: DoShellcheck
@ -31,7 +31,7 @@ jobs:
  shfmt:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
    - name: Install shfmt
      run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
    - name: shfmt
--- a/README.md
+++ b/README.md
@ -8,7 +8,7 @@
 [![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)
 [![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)
 [![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)
-
+[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml)
 ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
 ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
@ -73,20 +73,21 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
 |7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD
 |8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD
 |9|[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)|DragonFlyBSD
-|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
+|10|[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml)|Omnios
-|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS
+|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
-|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE
+|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS
-|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl)
+|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE
-|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux
+|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl)
-|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
+|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux
-|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
+|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
-|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
+|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
-|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
+|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
-|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
+|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
-|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
+|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
-|11|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
+|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
-|22|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
+|22|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
-|23|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
+|23|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
 |24|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
 Check our [testing project](https://github.com/acmesh-official/acmetest):
--- a/acme.sh
+++ b/acme.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env sh
-VER=3.0.7
+VER=3.0.8
 PROJECT_NAME="acme.sh"
@ -931,7 +931,7 @@ fi
 _egrep_o() {
  if [ "$__USE_EGREP" ]; then
-    egrep -o -- "$1"
+    egrep -o -- "$1" 2>/dev/null
  else
    sed -n 's/.*\('"$1"'\).*/\1/p'
  fi
@ -1430,6 +1430,9 @@ _toPkcs() {
  else
    ${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca"
  fi
  if [ "$?" == "0" ]; then
    _savedomainconf "Le_PFXPassword" "$pfxPassword"
  fi
 }
@ -1795,6 +1798,10 @@ _date2time() {
  if date -u -j -f "%Y-%m-%d %H:%M:%S" "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then
    return
  fi
  #Omnios
  if da="$(echo "$1" | tr -d "Z" | tr "T" ' ')" perl -MTime::Piece -e 'print Time::Piece->strptime($ENV{da}, "%Y-%m-%d %H:%M:%S")->epoch, "\n";' 2>/dev/null; then
    return
  fi
  _err "Can not parse _date2time $1"
  return 1
 }
@ -2392,13 +2399,18 @@ _migratedomainconf() {
  _old_key="$1"
  _new_key="$2"
  _b64encode="$3"
-  _value=$(_readdomainconf "$_old_key")
+  _old_value=$(_readdomainconf "$_old_key")
  if [ -z "$_value" ]; then
    return 1 # oldkey is not found
  fi
  _savedomainconf "$_new_key" "$_value" "$_b64encode"
  _cleardomainconf "$_old_key"
-  _debug "Domain config $_old_key has been migrated to $_new_key"
+  if [ -z "$_old_value" ]; then
    return 1 # migrated failed: old value is empty
  fi
  _new_value=$(_readdomainconf "$_new_key")
  if [ -n "$_new_value" ]; then
    _debug "Domain config new key exists, old key $_old_key='$_old_value' has been removed."
    return 1 # migrated failed: old value replaced by new value
  fi
  _savedomainconf "$_new_key" "$_old_value" "$_b64encode"
  _debug "Domain config $_old_key has been migrated to $_new_key."
 }
 #_migratedeployconf   oldkey  newkey  base64encode
@ -2495,10 +2507,10 @@ _startserver() {
  _debug Le_Listen_V6 "$Le_Listen_V6"
  _NC="socat"
-  if [ "$Le_Listen_V4" ]; then
+  if [ "$Le_Listen_V6" ]; then
    _NC="$_NC -4"
  elif [ "$Le_Listen_V6" ]; then
    _NC="$_NC -6"
  else
    _NC="$_NC -4"
  fi
  if [ "$DEBUG" ] && [ "$DEBUG" -gt "1" ]; then
@ -2515,22 +2527,34 @@ _startserver() {
  _content_len="$(printf "%s" "$content" | wc -c)"
  _debug _content_len "$_content_len"
  _debug "_NC" "$_NC $SOCAT_OPTIONS"
  export _SOCAT_ERR="$(_mktemp)"
  $_NC $SOCAT_OPTIONS SYSTEM:"sleep 1; \
 echo 'HTTP/1.0 200 OK'; \
 echo 'Content-Length\: $_content_len'; \
 echo ''; \
-printf '%s' '$content';" &
+printf '%s' '$content';" 2>"$_SOCAT_ERR" &
  serverproc="$!"
  if [ -f "$_SOCAT_ERR" ]; then
    if grep "Permission denied" "$_SOCAT_ERR" >/dev/null; then
      _err "socat: $(cat $_SOCAT_ERR)"
      _err "Can not listen for user: $(whoami)"
      _err "Maybe try with root again?"
      rm -f "$_SOCAT_ERR"
      return 1
    fi
  fi
 }
 _stopserver() {
  pid="$1"
  _debug "pid" "$pid"
  if [ -z "$pid" ]; then
    rm -f "$_SOCAT_ERR"
    return
  fi
  kill $pid
  rm -f "$_SOCAT_ERR"
 }
@ -3179,7 +3203,8 @@ _setNginx() {
    return 1
  fi
  _info "Check the nginx conf before setting up."
-  if ! nginx -t >/dev/null; then
+  if ! nginx -t >/dev/null 2>&1; then
    _err "It seems that nginx conf is not correct, cannot continue."
    return 1
  fi
@ -3206,14 +3231,14 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
  fi
  _debug3 "Modified config:$(cat $FOUND_REAL_NGINX_CONF)"
  _info "nginx conf is done, let's check it again."
-  if ! nginx -t >/dev/null; then
+  if ! nginx -t >/dev/null 2>&1; then
    _err "It seems that nginx conf was broken, let's restore."
    cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
    return 1
  fi
  _info "Reload nginx"
-  if ! nginx -s reload >/dev/null; then
+  if ! nginx -s reload >/dev/null 2>&1; then
    _err "It seems that nginx reload error, let's restore."
    cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
    return 1
@ -3751,7 +3776,7 @@ _regAccount() {
    eab_sign_t="$eab_protected64.$eab_payload64"
    _debug3 eab_sign_t "$eab_sign_t"
-    key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')"
+    key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')"
    _debug3 key_hex "$key_hex"
    eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace)
@ -4511,7 +4536,7 @@ issue() {
  vlist="$Le_Vlist"
  _cleardomainconf "Le_Vlist"
-  _info "Getting domain auth token for each domain"
+  _debug "Getting domain auth token for each domain"
  sep='#'
  dvsep=','
  if [ -z "$vlist" ]; then
@ -4567,12 +4592,22 @@ issue() {
    if [ "$_notAfter" ]; then
      _newOrderObj="$_newOrderObj,\"notAfter\": \"$_notAfter\""
    fi
    _debug "STEP 1, Ordering a Certificate"
    if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then
      _err "Create new order error."
      _clearup
      _on_issue_err "$_post_hook"
      return 1
    fi
    if _contains "$response" "invalid"; then
      if echo "$response" | _normalizeJson | grep '"status":"invalid"' >/dev/null 2>&1; then
        _err "Create new order with invalid status."
        _err "$response"
        _clearup
        _on_issue_err "$_post_hook"
        return 1
      fi
    fi
    Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)"
    _debug Le_LinkOrder "$Le_LinkOrder"
@ -4597,6 +4632,7 @@ issue() {
      return 1
    fi
    _debug "STEP 2, Get the authorizations of each domain"
    #domain and authz map
    _authorizations_map=""
    for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do
@ -4605,6 +4641,7 @@ issue() {
        _err "get to authz error."
        _err "_authorizations_seg" "$_authorizations_seg"
        _err "_authz_url" "$_authz_url"
        _err "$response"
        _clearup
        _on_issue_err "$_post_hook"
        return 1
@ -4612,6 +4649,14 @@ issue() {
      response="$(echo "$response" | _normalizeJson)"
      _debug2 response "$response"
      if echo "$response" | grep '"status":"invalid"' >/dev/null 2>&1; then
        _err "get authz objec with invalid status, please try again later."
        _err "_authorizations_seg" "$_authorizations_seg"
        _err "$response"
        _clearup
        _on_issue_err "$_post_hook"
        return 1
      fi
      _d="$(echo "$response" | _egrep_o '"value" *: *"[^"]*"' | cut -d : -f 2- | tr -d ' "')"
      if _contains "$response" "\"wildcard\" *: *true"; then
        _d="*.$_d"
@ -5296,6 +5341,12 @@ $_authorizations_map"
  _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr"
  _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime"
  #convert to pkcs12
  if [ "$Le_PFXPassword" ]; then
    _toPkcs "$CERT_PFX_PATH" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$Le_PFXPassword"
  fi
  export CERT_PFX_PATH
  if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then
    _savedomainconf "Le_RealCertPath" "$_real_cert"
    _savedomainconf "Le_RealCACertPath" "$_real_ca"
--- a/deploy/haproxy.sh
+++ b/deploy/haproxy.sh
@ -36,6 +36,19 @@
 # Note: This functionality requires HAProxy was compiled against
 # a version of OpenSSL that supports this.
 #
 # export DEPLOY_HAPROXY_HOT_UPDATE="yes"
 # export DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock"
 #
 # OPTIONAL: Deploy the certificate over the HAProxy stats socket without
 # needing to reload HAProxy. Default is "no".
 #
 # Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat
 # address format.
 #
 # export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock"
 #
 # OPTIONAL: To use the master CLI with DEPLOY_HAPROXY_HOT_UPDATE="yes" instead
 # of a stats socket, use this variable.
 ########  Public functions #####################
@ -46,6 +59,7 @@ haproxy_deploy() {
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _cmdpfx=""
  # Some defaults
  DEPLOY_HAPROXY_PEM_PATH_DEFAULT="/etc/haproxy"
@ -53,6 +67,8 @@ haproxy_deploy() {
  DEPLOY_HAPROXY_BUNDLE_DEFAULT="no"
  DEPLOY_HAPROXY_ISSUER_DEFAULT="no"
  DEPLOY_HAPROXY_RELOAD_DEFAULT="true"
  DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT="no"
  DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT="UNIX:/run/haproxy/admin.sock"
  _debug _cdomain "${_cdomain}"
  _debug _ckey "${_ckey}"
@ -86,6 +102,11 @@ haproxy_deploy() {
    _savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}"
  elif [ -z "${Le_Deploy_haproxy_pem_name}" ]; then
    Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
    # We better not have '*' as the first character
    if [ "${Le_Deploy_haproxy_pem_name%%"${Le_Deploy_haproxy_pem_name#?}"}" = '*' ]; then
      # removes the first characters and add a _ instead
      Le_Deploy_haproxy_pem_name="_${Le_Deploy_haproxy_pem_name#?}"
    fi
  fi
  # BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
@ -118,6 +139,36 @@ haproxy_deploy() {
    Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
  fi
  # HOT_UPDATE is optional. If not provided then assume "${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}"
  _getdeployconf DEPLOY_HAPROXY_HOT_UPDATE
  _debug2 DEPLOY_HAPROXY_HOT_UPDATE "${DEPLOY_HAPROXY_HOT_UPDATE}"
  if [ -n "${DEPLOY_HAPROXY_HOT_UPDATE}" ]; then
    Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE}"
    _savedomainconf Le_Deploy_haproxy_hot_update "${Le_Deploy_haproxy_hot_update}"
  elif [ -z "${Le_Deploy_haproxy_hot_update}" ]; then
    Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}"
  fi
  # STATS_SOCKET is optional. If not provided then assume "${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}"
  _getdeployconf DEPLOY_HAPROXY_STATS_SOCKET
  _debug2 DEPLOY_HAPROXY_STATS_SOCKET "${DEPLOY_HAPROXY_STATS_SOCKET}"
  if [ -n "${DEPLOY_HAPROXY_STATS_SOCKET}" ]; then
    Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET}"
    _savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}"
  elif [ -z "${Le_Deploy_haproxy_stats_socket}" ]; then
    Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}"
  fi
  # MASTER_CLI is optional. No defaults are used. When the master CLI is used,
  # all commands are sent with a prefix.
  _getdeployconf DEPLOY_HAPROXY_MASTER_CLI
  _debug2 DEPLOY_HAPROXY_MASTER_CLI "${DEPLOY_HAPROXY_MASTER_CLI}"
  if [ -n "${DEPLOY_HAPROXY_MASTER_CLI}" ]; then
    Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_MASTER_CLI}"
    _savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}"
    _cmdpfx="@1 " # command prefix used for master CLI only.
  fi
  # Set the suffix depending if we are creating a bundle or not
  if [ "${Le_Deploy_haproxy_bundle}" = "yes" ]; then
    _info "Bundle creation requested"
@ -142,12 +193,13 @@ haproxy_deploy() {
  _issuer="${_pem}.issuer"
  _ocsp="${_pem}.ocsp"
  _reload="${Le_Deploy_haproxy_reload}"
  _statssock="${Le_Deploy_haproxy_stats_socket}"
  _info "Deploying PEM file"
  # Create a temporary PEM file
  _temppem="$(_mktemp)"
  _debug _temppem "${_temppem}"
-  cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}"
+  cat "${_ccert}" "${_cca}" "${_ckey}" | grep . >"${_temppem}"
  _ret="$?"
  # Check that we could create the temporary file
@ -265,15 +317,86 @@ haproxy_deploy() {
    fi
  fi
-  # Reload HAProxy
+  if [ "${Le_Deploy_haproxy_hot_update}" = "yes" ]; then
-  _debug _reload "${_reload}"
+    # set the socket name for messages
-  eval "${_reload}"
+    if [ -n "${_cmdpfx}" ]; then
-  _ret=$?
+      _socketname="master CLI"
-  if [ "${_ret}" != "0" ]; then
+    else
-    _err "Error code ${_ret} during reload"
+      _socketname="stats socket"
-    return ${_ret}
+    fi
    # Update certificate over HAProxy stats socket or master CLI.
    if _exists socat; then
      # look for the certificate on the stats socket, to chose between updating or creating one
      _socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'"
      _debug _socat_cert_cmd "${_socat_cert_cmd}"
      eval "${_socat_cert_cmd}"
      _ret=$?
      if [ "${_ret}" != "0" ]; then
        _newcert="1"
        _info "Creating new certificate '${_pem}' over HAProxy ${_socketname}."
        # certificate wasn't found, it's a new one. We should check if the crt-list exists and creates/inserts the certificate.
        _socat_crtlist_show_cmd="echo '${_cmdpfx}show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'"
        _debug _socat_crtlist_show_cmd "${_socat_crtlist_show_cmd}"
        eval "${_socat_crtlist_show_cmd}"
        _ret=$?
        if [ "${_ret}" != "0" ]; then
          _err "Couldn't find '${Le_Deploy_haproxy_pem_path}' in haproxy 'show ssl crt-list'"
          return "${_ret}"
        fi
        # create a new certificate
        _socat_new_cmd="echo '${_cmdpfx}new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'"
        _debug _socat_new_cmd "${_socat_new_cmd}"
        eval "${_socat_new_cmd}"
        _ret=$?
        if [ "${_ret}" != "0" ]; then
          _err "Couldn't create '${_pem}' in haproxy"
          return "${_ret}"
        fi
      else
        _info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
      fi
      _socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
      _debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
      eval "${_socat_cert_set_cmd}"
      _ret=$?
      if [ "${_ret}" != "0" ]; then
        _err "Can't update '${_pem}' in haproxy"
        return "${_ret}"
      fi
      _socat_cert_commit_cmd="echo '${_cmdpfx}commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'"
      _debug _socat_cert_commit_cmd "${_socat_cert_commit_cmd}"
      eval "${_socat_cert_commit_cmd}"
      _ret=$?
      if [ "${_ret}" != "0" ]; then
        _err "Can't commit '${_pem}' in haproxy"
        return ${_ret}
      fi
      if [ "${_newcert}" = "1" ]; then
        # if this is a new certificate, it needs to be inserted into the crt-list`
        _socat_cert_add_cmd="echo '${_cmdpfx}add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'"
        _debug _socat_cert_add_cmd "${_socat_cert_add_cmd}"
        eval "${_socat_cert_add_cmd}"
        _ret=$?
        if [ "${_ret}" != "0" ]; then
          _err "Can't update '${_pem}' in haproxy"
          return "${_ret}"
        fi
      fi
    else
      _err "'socat' is not available, couldn't update over ${_socketname}"
    fi
  else
-    _info "Reload successful"
+    # Reload HAProxy
    _debug _reload "${_reload}"
    eval "${_reload}"
    _ret=$?
    if [ "${_ret}" != "0" ]; then
      _err "Error code ${_ret} during reload"
      return ${_ret}
    else
      _info "Reload successful"
    fi
  fi
  return 0
--- a/deploy/panos.sh
+++ b/deploy/panos.sh
@ -12,6 +12,9 @@
 #     export PANOS_USER=""    #User *MUST* have Commit and Import Permissions in XML API for Admin Role
 #     export PANOS_PASS=""
 #
 # OPTIONAL
 #    export PANOS_TEMPLATE="" #Template Name of panorama managed devices
 #
 # The script will automatically generate a new API key if
 # no key is found, or if a saved key has expired or is invalid.
@ -78,6 +81,9 @@ deployer() {
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
      if [ "$_panos_template" ]; then
        content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
      fi
    fi
    if [ "$type" = 'key' ]; then
      panos_url="${panos_url}?type=import"
@ -87,6 +93,9 @@ deployer() {
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cdomain.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
      if [ "$_panos_template" ]; then
        content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
      fi
    fi
    #Close multipart
    content="$content${nl}--$delim--${nl}${nl}"
@ -173,10 +182,20 @@ panos_deploy() {
    unset _panos_key
  fi
  # PANOS_TEMPLATE
  if [ "$PANOS_TEMPLATE" ]; then
    _debug "Detected ENV variable PANOS_TEMPLATE. Saving to file."
    _savedeployconf PANOS_TEMPLATE "$PANOS_TEMPLATE" 1
  else
    _debug "Attempting to load variable PANOS_TEMPLATE from file."
    _getdeployconf PANOS_TEMPLATE
  fi
  #Store variables
  _panos_host=$PANOS_HOST
  _panos_user=$PANOS_USER
  _panos_pass=$PANOS_PASS
  _panos_template=$PANOS_TEMPLATE
  #Test API Key if found.  If the key is invalid, the variable _panos_key will be unset.
  if [ "$_panos_host" ] && [ "$_panos_key" ]; then
--- a/deploy/proxmoxve.sh
+++ b/deploy/proxmoxve.sh
@ -99,11 +99,11 @@ proxmoxve_deploy() {
    _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
    _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
  fi
-  _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key
+  _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY "$_proxmoxve_api_token_key"
  # PVE API Token header value. Used in "Authorization: PVEAPIToken".
  _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
-  _debug2 "Auth Header" _proxmoxve_header_api_token
+  _debug2 "Auth Header" "$_proxmoxve_header_api_token"
  # Ugly. I hate putting heredocs inside functions because heredocs don't
  # account for whitespace correctly but it _does_ work and is several times
@ -124,8 +124,8 @@ HEREDOC
  )
  _debug2 Payload "$_json_payload"
-  # Push certificates to server.
+  _info "Push certificates to server"
-  export _HTTPS_INSECURE=1
+  export HTTPS_INSECURE=1
  export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
  _post "$_json_payload" "$_target_url" "" POST "application/json"
--- a/deploy/routeros.sh
+++ b/deploy/routeros.sh
@ -137,7 +137,7 @@ routeros_deploy() {
    return $_err_code
  fi
-  DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USERNAME \
+  DEPLOY_SCRIPT_CMD="/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \
 comment=\"generated by routeros deploy script in acme.sh\" \
 source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
 \n/certificate remove [ find name=$_cdomain.cer_1 ];\
@ -158,11 +158,11 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
    return $_err_code
  fi
-  if ! _ssh_remote_cmd "/system script run \"LE Cert Deploy - $_cdomain\""; then
+  if ! _ssh_remote_cmd "/system script run \"LECertDeploy-$_cdomain\""; then
    return $_err_code
  fi
-  if ! _ssh_remote_cmd "/system script remove \"LE Cert Deploy - $_cdomain\""; then
+  if ! _ssh_remote_cmd "/system script remove \"LECertDeploy-$_cdomain\""; then
    return $_err_code
  fi
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@ -8,20 +8,38 @@
 # Updated: 2023-07-03
 # Issues:  https://github.com/acmesh-official/acme.sh/issues/2727
 ################################################################################
-# Usage:
+# Usage (shown values are the examples):
-# 1. export SYNO_Username="adminUser"
+# 1. Set required environment variables:
-# 2. export SYNO_Password="adminPassword"
+# - use automatically created temp admin user to authenticate
-# Optional exports (shown values are the defaults):
+#   export SYNO_USE_TEMP_ADMIN=1
-# - export SYNO_Certificate="" to replace a specific certificate via description
+# - or provide your own admin user credential to authenticate
-# - export SYNO_Scheme="http"
+#   1. export SYNO_USERNAME="adminUser"
-# - export SYNO_Hostname="localhost"
+#   2. export SYNO_PASSWORD="adminPassword"
-# - export SYNO_Port="5000"
+# 2. Set optional environment variables
-# - export SYNO_Device_Name="CertRenewal" - required for skipping 2FA-OTP
+# - common optional variables
-# - export SYNO_Device_ID=""              - required for skipping 2FA-OTP
+#   - export SYNO_SCHEME="http"         - defaults to "http"
-# 3. acme.sh --deploy --deploy-hook synology_dsm -d example.com
+#   - export SYNO_HOSTNAME="localhost"  - defaults to "localhost"
 #   - export SYNO_PORT="5000"           - defaults to "5000"
 #   - export SYNO_CREATE=1 - to allow creating the cert if it doesn't exist
 #   - export SYNO_CERTIFICATE="" - to replace a specific cert by its
 #                                    description
 # - temp admin optional variables
 #   - export SYNO_LOCAL_HOSTNAME=1   - if set to 1, force to treat hostname is
 #                                      targeting current local machine (since
 #                                      this method only locally supported)
 # - exsiting admin 2FA-OTP optional variables
 #   - export SYNO_OTP_CODE="XXXXXX" - if set, script won't require to
 #                                     interactive input the OTP code
 #   - export SYNO_DEVICE_NAME="CertRenewal" - if set, script won't require to
 #                                             interactive input the device name
 #   - export SYNO_DEVICE_ID=""      - (deprecated, auth with OTP code instead)
 #                                     required for omitting 2FA-OTP
 # 3. Run command:
 # acme.sh --deploy --deploy-hook synology_dsm -d example.com
 ################################################################################
 # Dependencies:
-# - jq & curl
+# - curl
 # - synouser & synogroup (When available and SYNO_USE_TEMP_ADMIN is set)
 ################################################################################
 # Return value:
 # 0 means success, otherwise error.
@ -37,59 +55,85 @@ synology_dsm_deploy() {
  _debug _cdomain "$_cdomain"
-  # Get username & password, but don't save until we authenticated successfully
+  # Get username and password, but don't save until we authenticated successfully
-  _getdeployconf SYNO_Username
+  _migratedeployconf SYNO_Username SYNO_USERNAME
-  _getdeployconf SYNO_Password
+  _migratedeployconf SYNO_Password SYNO_PASSWORD
-  _getdeployconf SYNO_Create
+  _migratedeployconf SYNO_Device_ID SYNO_DEVICE_ID
-  _getdeployconf SYNO_DID
+  _migratedeployconf SYNO_Device_Name SYNO_DEVICE_NAME
-  _getdeployconf SYNO_TOTP_SECRET
+  _getdeployconf SYNO_USERNAME
-  _getdeployconf SYNO_Device_Name
+  _getdeployconf SYNO_PASSWORD
-  _getdeployconf SYNO_Device_ID
+  _getdeployconf SYNO_DEVICE_ID
-  if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then
+  _getdeployconf SYNO_DEVICE_NAME
-    _err "SYNO_Username & SYNO_Password must be set"
+
  # Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set
  _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
  _getdeployconf SYNO_USE_TEMP_ADMIN
  _check2cleardeployconfexp SYNO_USE_TEMP_ADMIN
  _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
  if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
    if ! _exists synouser || ! _exists synogroup; then
      _err "Tools are missing for creating temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
      return 1
    fi
    [ -n "$SYNO_USERNAME" ] || _savedeployconf SYNO_USERNAME ""
    [ -n "$SYNO_PASSWORD" ] || _savedeployconf SYNO_PASSWORD ""
    _debug "Setting temp admin user credential..."
    SYNO_USERNAME=sc-acmesh-tmp
    SYNO_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16)
    # Set 2FA-OTP settings to empty consider they won't be needed.
    SYNO_DEVICE_ID=
    SYNO_DEVICE_NAME=
    SYNO_OTP_CODE=
  else
    _debug2 SYNO_USERNAME "$SYNO_USERNAME"
    _secure_debug2 SYNO_PASSWORD "$SYNO_PASSWORD"
    _debug2 SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME"
    _secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
  fi
  if [ -z "$SYNO_USERNAME" ] || [ -z "$SYNO_PASSWORD" ]; then
    _err "You must set either SYNO_USE_TEMP_ADMIN, or set both SYNO_USERNAME and SYNO_PASSWORD."
    return 1
  fi
  if [ -n "${SYNO_Device_Name:-}" ] && [ -z "${SYNO_Device_ID:-}" ]; then
    _err "SYNO_Device_Name set, but SYNO_Device_ID is empty"
    return 1
  fi
  _debug2 SYNO_Username "$SYNO_Username"
  _secure_debug2 SYNO_Password "$SYNO_Password"
  _debug2 SYNO_Create "$SYNO_Create"
  _debug2 SYNO_Device_Name "$SYNO_Device_Name"
  _secure_debug2 SYNO_Device_ID "$SYNO_Device_ID"
-  # Optional scheme, hostname & port for Synology DSM
+  # Optional scheme, hostname and port for Synology DSM
-  _getdeployconf SYNO_Scheme
+  _migratedeployconf SYNO_Scheme SYNO_SCHEME
-  _getdeployconf SYNO_Hostname
+  _migratedeployconf SYNO_Hostname SYNO_HOSTNAME
-  _getdeployconf SYNO_Port
+  _migratedeployconf SYNO_Port SYNO_PORT
  _getdeployconf SYNO_SCHEME
  _getdeployconf SYNO_HOSTNAME
  _getdeployconf SYNO_PORT
-  # Default values for scheme, hostname & port
+  # Default values for scheme, hostname and port
-  # Defaulting to localhost & http, because it's localhost…
+  # Defaulting to localhost and http, because it's localhost…
-  [ -n "${SYNO_Scheme}" ] || SYNO_Scheme="http"
+  [ -n "$SYNO_SCHEME" ] || SYNO_SCHEME="http"
-  [ -n "${SYNO_Hostname}" ] || SYNO_Hostname="localhost"
+  [ -n "$SYNO_HOSTNAME" ] || SYNO_HOSTNAME="localhost"
-  [ -n "${SYNO_Port}" ] || SYNO_Port="5000"
+  [ -n "$SYNO_PORT" ] || SYNO_PORT="5000"
-  _savedeployconf SYNO_Scheme "$SYNO_Scheme"
+  _savedeployconf SYNO_SCHEME "$SYNO_SCHEME"
-  _savedeployconf SYNO_Hostname "$SYNO_Hostname"
+  _savedeployconf SYNO_HOSTNAME "$SYNO_HOSTNAME"
-  _savedeployconf SYNO_Port "$SYNO_Port"
+  _savedeployconf SYNO_PORT "$SYNO_PORT"
-  _debug2 SYNO_Scheme "$SYNO_Scheme"
+  _debug2 SYNO_SCHEME "$SYNO_SCHEME"
-  _debug2 SYNO_Hostname "$SYNO_Hostname"
+  _debug2 SYNO_HOSTNAME "$SYNO_HOSTNAME"
-  _debug2 SYNO_Port "$SYNO_Port"
+  _debug2 SYNO_PORT "$SYNO_PORT"
  # Get the certificate description, but don't save it until we verify it's real
-  _getdeployconf SYNO_Certificate
+  _migratedeployconf SYNO_Certificate SYNO_CERTIFICATE "base64"
-  _debug SYNO_Certificate "${SYNO_Certificate:-}"
+  _getdeployconf SYNO_CERTIFICATE
  _check2cleardeployconfexp SYNO_CERTIFICATE
  _debug SYNO_CERTIFICATE "${SYNO_CERTIFICATE:-}"
  # shellcheck disable=SC1003 # We are not trying to escape a single quote
-  if printf "%s" "$SYNO_Certificate" | grep '\\'; then
+  if printf "%s" "$SYNO_CERTIFICATE" | grep '\\'; then
    _err "Do not use a backslash (\) in your certificate description"
    return 1
  fi
-  _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
+  _debug "Getting API version..."
  _base_url="$SYNO_SCHEME://$SYNO_HOSTNAME:$SYNO_PORT"
  _debug _base_url "$_base_url"
  _debug "Getting API version"
  response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
  api_path=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"path" *: *"\([^"]*\)".*/\1/p')
  api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
@ -97,63 +141,160 @@ synology_dsm_deploy() {
  _debug3 api_path "$api_path"
  _debug3 api_version "$api_version"
-  # Login, get the session ID & SynoToken from JSON
+  # Login, get the session ID and SynoToken from JSON
-  _info "Logging into $SYNO_Hostname:$SYNO_Port"
+  _info "Logging into $SYNO_HOSTNAME:$SYNO_PORT..."
-  encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
+  encoded_username="$(printf "%s" "$SYNO_USERNAME" | _url_encode)"
-  encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
+  encoded_password="$(printf "%s" "$SYNO_PASSWORD" | _url_encode)"
  # ## START ## - DEPRECATED, for backward compatibility
  _getdeployconf SYNO_TOTP_SECRET
  otp_code=""
  # START - DEPRECATED, only kept for legacy compatibility reasons
  if [ -n "$SYNO_TOTP_SECRET" ]; then
    _info "WARNING: Usage of SYNO_TOTP_SECRET is deprecated!"
    _info "         See synology_dsm.sh script or ACME.sh Wiki page for details:"
    _info "         https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide"
-    DEPRECATED_otp_code=""
+    if ! _exists oathtool; then
    if _exists oathtool; then
      DEPRECATED_otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)"
    else
      _err "oathtool could not be found, install oathtool to use SYNO_TOTP_SECRET"
      return 1
    fi
    DEPRECATED_otp_code="$(oathtool --base32 --totp "$SYNO_TOTP_SECRET" 2>/dev/null)"
-    if [ -n "$SYNO_DID" ]; then
+    if [ -z "$SYNO_DEVICE_ID" ]; then
-      _H1="Cookie: did=$SYNO_DID"
+      _getdeployconf SYNO_DID
      [ -n "$SYNO_DID" ] || SYNO_DEVICE_ID="$SYNO_DID"
    fi
    if [ -n "$SYNO_DEVICE_ID" ]; then
      _H1="Cookie: did=$SYNO_DEVICE_ID"
      export _H1
      _debug3 H1 "${_H1}"
    fi
-    response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
+    response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
    _debug3 response "$response"
-  # END - DEPRECATED, only kept for legacy compatibility reasons
+  # ## END ## - DEPRECATED, for backward compatibility
-  # Get device ID if still empty first, otherwise log in right away
+  # If SYNO_DEVICE_ID or SYNO_OTP_CODE is set, we treat current account enabled 2FA-OTP.
-  elif [ -z "${SYNO_Device_ID:-}" ]; then
+  # Notice that if SYNO_USE_TEMP_ADMIN=1, both variables will be unset
-    printf "Enter OTP code for user '%s': " "$SYNO_Username"
+  else
-    read -r otp_code
+    if [ -n "$SYNO_DEVICE_ID" ] || [ -n "$SYNO_OTP_CODE" ]; then
-    if [ -z "${SYNO_Device_Name:-}" ]; then
+      response='{"error":{"code":403}}'
    # Assume the current account disabled 2FA-OTP, try to log in right away.
    else
      if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
        _getdeployconf SYNO_LOCAL_HOSTNAME
        _debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}"
        if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then
          if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
            _err "SYNO_USE_TEMP_ADMIN=1 Only support locally deployment, if you are sure that hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
            return 1
          fi
        fi
        _debug "Creating temp admin user in Synology DSM..."
        if synogroup --help | grep -q '\-\-memberadd '; then
          _temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD"
          synogroup --memberadd administrators "$SYNO_USERNAME" >/dev/null
        elif synogroup --help | grep -q '\-\-member '; then
          # For supporting DSM 6.x which only has `--member` parameter.
          cur_admins=$(synogroup --get administrators | awk -F '[][]' '/Group Members/,0{if(NF>1)printf "%s ", $2}')
          if [ -n "$cur_admins" ]; then
            _temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD"
            _secure_debug3 admin_users "$cur_admins$SYNO_USERNAME"
            # shellcheck disable=SC2086
            synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null
          else
            _err "Tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
            return 1
          fi
        else
          _err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead."
          return 1
        fi
        # havig a workaround to temporary disable enforce 2FA-OTP
        otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option)
        if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then
          synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none
          _info "Temporary disabled enforce 2FA-OTP to complete authentication."
          _info "previous_otp_enforce_option" "$otp_enforce_option"
        else
          otp_enforce_option=""
        fi
      fi
      response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes")
      if [ -n "$SYNO_USE_TEMP_ADMIN" ] && [ -n "$otp_enforce_option" ]; then
        synosetkeyvalue /etc/synoinfo.conf otp_enforce_option "$otp_enforce_option"
        _info "Restored previous enforce 2FA-OTP option."
      fi
      _debug3 response "$response"
    fi
  fi
  error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
  _debug2 error_code "$error_code"
  # Account has 2FA-OTP enabled, since error 403 reported.
  # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_Administration_CLI_Guide.pdf
  if [ "$error_code" == "403" ]; then
    if [ -z "$SYNO_DEVICE_NAME" ]; then
      printf "Enter device name or leave empty for default (CertRenewal): "
-      read -r SYNO_Device_Name
+      read -r SYNO_DEVICE_NAME
-      [ -n "${SYNO_Device_Name}" ] || SYNO_Device_Name="CertRenewal"
+      [ -n "$SYNO_DEVICE_NAME" ] || SYNO_DEVICE_NAME="CertRenewal"
    fi
-    response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&otp_code=$otp_code&enable_syno_token=yes&enable_device_token=yes&device_name=$SYNO_Device_Name")
+    if [ -n "$SYNO_DEVICE_ID" ]; then
-    _secure_debug3 response "$response"
+      # Omit OTP code with SYNO_DEVICE_ID.
      response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_name=$SYNO_DEVICE_NAME&device_id=$SYNO_DEVICE_ID")
      _secure_debug3 response "$response"
    else
      # Require the OTP code if still unset.
      if [ -z "$SYNO_OTP_CODE" ]; then
        printf "Enter OTP code for user '%s': " "$SYNO_USERNAME"
        read -r SYNO_OTP_CODE
      fi
      _secure_debug SYNO_OTP_CODE "${SYNO_OTP_CODE:-}"
-    id_property='device_id'
+      if [ -z "$SYNO_OTP_CODE" ]; then
-    [ "${api_version}" -gt '6' ] || id_property='did'
+        response='{"error":{"code":404}}'
-    SYNO_Device_ID=$(echo "$response" | grep "$id_property" | sed -n 's/.*"'$id_property'" *: *"\([^"]*\).*/\1/p')
+      else
-    _secure_debug2 SYNO_Device_ID "$SYNO_Device_ID"
+        response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&enable_device_token=yes&device_name=$SYNO_DEVICE_NAME&otp_code=$SYNO_OTP_CODE")
-  else
+        _secure_debug3 response "$response"
-    response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_name=$SYNO_Device_Name&device_id=$SYNO_Device_ID")
+
-    _debug3 response "$response"
+        id_property='device_id'
        [ "${api_version}" -gt '6' ] || id_property='did'
        SYNO_DEVICE_ID=$(echo "$response" | grep "$id_property" | sed -n 's/.*"'$id_property'" *: *"\([^"]*\).*/\1/p')
        _secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
      fi
    fi
    error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
    _debug2 error_code "$error_code"
  fi
  if [ -n "$error_code" ]; then
    if [ "$error_code" == "403" ] && [ -n "$SYNO_DEVICE_ID" ]; then
      _cleardeployconf SYNO_DEVICE_ID
      _err "Failed to authenticate with SYNO_DEVICE_ID (may expired or invalid), please try again in a new terminal window."
    elif [ "$error_code" == "404" ]; then
      _err "Failed to authenticate with provided 2FA-OTP code, please try again in a new terminal window."
    elif [ "$error_code" == "406" ]; then
      if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
        _err "SYNO_USE_TEMP_ADMIN=1 is not supported if enforce auth with 2FA-OTP is enabled."
      else
        _err "Enforce auth with 2FA-OTP enabled, please configure the user to enable 2FA-OTP to continue."
      fi
    elif [ "$error_code" == "400" ] || [ "$error_code" == "401" ] || [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then
      _err "Failed to authenticate with a non-existent or disabled account, or the account password is incorrect or has expired."
    else
      _err "Failed to authenticate with error: $error_code."
    fi
    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    return 1
  fi
  sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
  token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
  _debug "Session ID" "$sid"
  _debug SynoToken "$token"
-  if [ -z "$SYNO_DID" ] && [ -z "$SYNO_Device_ID" ] || [ -z "$sid" ] || [ -z "$token" ]; then
+  if [ -z "$sid" ] || [ -z "$token" ]; then
-    _err "Unable to authenticate to $_base_url - check your username & password."
+    # Still can't get necessary info even got no errors, may Synology have API updated?
-    _err "If two-factor authentication is enabled for the user, set SYNO_Device_ID."
+    _err "Unable to authenticate to $_base_url, you may report the full log to the community."
    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    return 1
  fi
@ -161,36 +302,62 @@ synology_dsm_deploy() {
  export _H1
  _debug2 H1 "${_H1}"
-  # Now that we know the username & password are good, save them
+  # Now that we know the username and password are good, save them if not in temp admin mode.
-  _savedeployconf SYNO_Username "$SYNO_Username"
+  if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
-  _savedeployconf SYNO_Password "$SYNO_Password"
+    _cleardeployconf SYNO_USERNAME
-  _savedeployconf SYNO_Device_Name "$SYNO_Device_Name"
+    _cleardeployconf SYNO_PASSWORD
-  _savedeployconf SYNO_Device_ID "$SYNO_Device_ID"
+    _cleardeployconf SYNO_DEVICE_ID
    _cleardeployconf SYNO_DEVICE_NAME
    _savedeployconf SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
    _savedeployconf SYNO_LOCAL_HOSTNAME "$SYNO_HOSTNAME"
  else
    _savedeployconf SYNO_USERNAME "$SYNO_USERNAME"
    _savedeployconf SYNO_PASSWORD "$SYNO_PASSWORD"
    _savedeployconf SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
    _savedeployconf SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME"
  fi
-  _info "Getting certificates in Synology DSM"
+  _info "Getting certificates in Synology DSM..."
  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
  _debug3 response "$response"
-  escaped_certificate="$(printf "%s" "$SYNO_Certificate" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
+  escaped_certificate="$(printf "%s" "$SYNO_CERTIFICATE" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
  _debug escaped_certificate "$escaped_certificate"
  id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p")
  _debug2 id "$id"
-  if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then
+  error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
-    _err "Unable to find certificate: $SYNO_Certificate & \$SYNO_Create is not set"
+  _debug2 error_code "$error_code"
  if [ -n "$error_code" ]; then
    if [ "$error_code" -eq 105 ]; then
      _err "Current user is not administrator and does not have sufficient permission for deploying."
    else
      _err "Failed to fetch certificate info with error: $error_code, please try again or contact Synology to learn more."
    fi
    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    return 1
  fi
  _migratedeployconf SYNO_Create SYNO_CREATE
  _getdeployconf SYNO_CREATE
  _debug2 SYNO_CREATE "$SYNO_CREATE"
  if [ -z "$id" ] && [ -z "$SYNO_CREATE" ]; then
    _err "Unable to find certificate: $SYNO_CERTIFICATE and $SYNO_CREATE is not set."
    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    return 1
  fi
  # We've verified this certificate description is a thing, so save it
-  _savedeployconf SYNO_Certificate "$SYNO_Certificate" "base64"
+  _savedeployconf SYNO_CERTIFICATE "$SYNO_CERTIFICATE" "base64"
-  _info "Generate form POST request"
+  _info "Generating form POST request..."
  nl="\0015\0012"
  delim="--------------------------$(_utc_date | tr -d -- '-: ')"
  content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
-  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
+  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_CERTIFICATE}"
  if echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
    _debug2 default "This is the default certificate"
    content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true"
@ -201,21 +368,22 @@ synology_dsm_deploy() {
  content="$(printf "%b_" "$content")"
  content="${content%_}" # protect trailing \n
-  _info "Upload certificate to the Synology DSM"
+  _info "Upload certificate to the Synology DSM."
  response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
  _debug3 response "$response"
  if ! echo "$response" | grep '"error":' >/dev/null; then
    if echo "$response" | grep '"restart_httpd":true' >/dev/null; then
-      _info "Restarting HTTP services succeeded"
+      _info "Restart HTTP services succeeded."
    else
-      _info "Restarting HTTP services failed"
+      _info "Restart HTTP services failed."
    fi
-
+    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    _logout
    return 0
  else
-    _err "Unable to update certificate, error code $response"
+    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    _err "Unable to update certificate, got error response: $response."
    _logout
    return 1
  fi
@ -223,7 +391,44 @@ synology_dsm_deploy() {
 ####################  Private functions below ##################################
 _logout() {
-  # Logout to not occupy a permanent session, e.g. in DSM's "Connected Users" widget
+  # Logout CERT user only to not occupy a permanent session, e.g. in DSM's "Connected Users" widget (based on previous variables)
-  response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=logout")
+  response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=logout&_sid=$sid")
  _debug3 response "$response"
 }
 _temp_admin_create() {
  _username="$1"
  _password="$2"
  synouser --del "$_username" >/dev/null 2>/dev/null
  synouser --add "$_username" "$_password" "" 0 "scruelt@hotmail.com" 0 >/dev/null
 }
 _temp_admin_cleanup() {
  _flag=$1
  _username=$2
  if [ -n "${_flag}" ]; then
    _debug "Cleanuping temp admin info..."
    synouser --del "$_username" >/dev/null
  fi
 }
 #_cleardeployconf   key
 _cleardeployconf() {
  _cleardomainconf "SAVED_$1"
 }
 # key
 _check2cleardeployconfexp() {
  _key="$1"
  _clear_key="CLEAR_$_key"
  # Clear saved settings if explicitly requested
  if [ -n "$(eval echo \$"$_clear_key")" ]; then
    _debug2 "$_key: value cleared from config, exported value will be ignored."
    _cleardeployconf "$_key"
    eval "$_key"=
    export "$_key"=
    eval SAVED_"$_key"=
    export SAVED_"$_key"=
  fi
 }
--- a/dnsapi/dns_1984hosting.sh
+++ b/dnsapi/dns_1984hosting.sh
@ -128,7 +128,7 @@ _1984hosting_login() {
  _debug "Login to 1984Hosting as user $One984HOSTING_Username."
  username=$(printf '%s' "$One984HOSTING_Username" | _url_encode)
  password=$(printf '%s' "$One984HOSTING_Password" | _url_encode)
-  url="https://1984.hosting/accounts/checkuserauth/"
+  url="https://1984.hosting/api/auth/"
  _get "https://1984.hosting/accounts/login/" | grep "csrfmiddlewaretoken"
  csrftoken="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
@ -185,7 +185,7 @@ _check_cookies() {
    return 1
  fi
-  _authget "https://1984.hosting/accounts/loginstatus/"
+  _authget "https://1984.hosting/api/auth/"
  if _contains "$_response" '"ok": true'; then
    _debug "Cached cookies still valid."
    return 0
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@ -145,7 +145,6 @@ dns_aws_rm() {
  fi
  _sleep 1
  return 1
 }
 ####################  Private functions below ##################################
@ -157,7 +156,7 @@ _get_root() {
  # iterate over names (a.b.c.d -> b.c.d -> c.d -> d)
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100 | sed 's/\./\\./g')
    _debug "Checking domain: $h"
    if [ -z "$h" ]; then
      _error "invalid domain"
@ -207,24 +206,40 @@ _use_container_role() {
 }
 _use_instance_role() {
-  _url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
+  _instance_role_name_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
-  _debug "_url" "$_url"
+
-  if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then
+  if _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 401; then
    _debug "Using IMDSv2"
    _token_url="http://169.254.169.254/latest/api/token"
    export _H1="X-aws-ec2-metadata-token-ttl-seconds: 21600"
    _token="$(_post "" "$_token_url" "" "PUT")"
    _secure_debug3 "_token" "$_token"
    if [ -z "$_token" ]; then
      _debug "Unable to fetch IMDSv2 token from instance metadata"
      return 1
    fi
    export _H1="X-aws-ec2-metadata-token: $_token"
  fi
  if ! _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 200; then
    _debug "Unable to fetch IAM role from instance metadata"
    return 1
  fi
-  _aws_role=$(_get "$_url" "" 1)
+
-  _debug "_aws_role" "$_aws_role"
+  _instance_role_name=$(_get "$_instance_role_name_url" "" 1)
-  _use_metadata "$_url$_aws_role"
+  _debug "_instance_role_name" "$_instance_role_name"
  _use_metadata "$_instance_role_name_url$_instance_role_name" "$_token"
 }
 _use_metadata() {
  export _H1="X-aws-ec2-metadata-token: $2"
  _aws_creds="$(
    _get "$1" "" 1 |
      _normalizeJson |
      tr '{,}' '\n' |
      while read -r _line; do
-        _key="$(echo "${_line%%:*}" | tr -d '"')"
+        _key="$(echo "${_line%%:*}" | tr -d '\"')"
        _value="${_line#*:}"
        _debug3 "_key" "$_key"
        _secure_debug3 "_value" "$_value"
--- a/dnsapi/dns_do.sh
+++ b/dnsapi/dns_do.sh
@ -1,148 +0,0 @@
 #!/usr/bin/env sh
 # DNS API for Domain-Offensive / Resellerinterface / Domainrobot
 # Report bugs at https://github.com/seidler2547/acme.sh/issues
 # set these environment variables to match your customer ID and password:
 # DO_PID="KD-1234567"
 # DO_PW="cdfkjl3n2"
 DO_URL="https://soap.resellerinterface.de/"
 ########  Public functions #####################
 #Usage: dns_myapi_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_do_add() {
  fulldomain=$1
  txtvalue=$2
  if _dns_do_authenticate; then
    _info "Adding TXT record to ${_domain} as ${fulldomain}"
    _dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300
    if _contains "${response}" '>success<'; then
      return 0
    fi
    _err "Could not create resource record, check logs"
  fi
  return 1
 }
 #fulldomain
 dns_do_rm() {
  fulldomain=$1
  if _dns_do_authenticate; then
    if _dns_do_list_rrs; then
      _dns_do_had_error=0
      for _rrid in ${_rr_list}; do
        _info "Deleting resource record $_rrid for $_domain"
        _dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}"
        if ! _contains "${response}" '>success<'; then
          _dns_do_had_error=1
          _err "Could not delete resource record for ${_domain}, id ${_rrid}"
        fi
      done
      return $_dns_do_had_error
    fi
  fi
  return 1
 }
 ####################  Private functions below ##################################
 _dns_do_authenticate() {
  _info "Authenticating as ${DO_PID}"
  _dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}"
  if _contains "${response}" '>success<'; then
    _get_root "$fulldomain"
    _debug "_domain $_domain"
    return 0
  else
    _err "Authentication failed, are DO_PID and DO_PW set correctly?"
  fi
  return 1
 }
 _dns_do_list_rrs() {
  _dns_do_soap getRRList origin "${_domain}"
  if ! _contains "${response}" 'SOAP-ENC:Array'; then
    _err "getRRList origin ${_domain} failed"
    return 1
  fi
  _rr_list="$(echo "${response}" |
    tr -d "\n\r\t" |
    sed -e 's/<item xsi:type="ns2:Map">/\n/g' |
    grep ">$(_regexcape "$fulldomain")</value>" |
    sed -e 's/<\/item>/\n/g' |
    grep '>id</key><value' |
    _egrep_o '>[0-9]{1,16}<' |
    tr -d '><')"
  [ "${_rr_list}" ]
 }
 _dns_do_soap() {
  func="$1"
  shift
  # put the parameters to xml
  body="<tns:${func} xmlns:tns=\"${DO_URL}\">"
  while [ "$1" ]; do
    _k="$1"
    shift
    _v="$1"
    shift
    body="$body<$_k>$_v</$_k>"
  done
  body="$body</tns:${func}>"
  _debug2 "SOAP request ${body}"
  # build SOAP XML
  _xml='<?xml version="1.0" encoding="UTF-8"?>
 <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Body>'"$body"'</env:Body>
 </env:Envelope>'
  # set SOAP headers
  export _H1="SOAPAction: ${DO_URL}#${func}"
  if ! response="$(_post "${_xml}" "${DO_URL}")"; then
    _err "Error <$1>"
    return 1
  fi
  _debug2 "SOAP response $response"
  # retrieve cookie header
  _H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)"
  export _H2
  return 0
 }
 _get_root() {
  domain=$1
  i=1
  _dns_do_soap getDomainList
  _all_domains="$(echo "${response}" |
    tr -d "\n\r\t " |
    _egrep_o 'domain</key><value[^>]+>[^<]+' |
    sed -e 's/^domain<\/key><value[^>]*>//g')"
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      return 1
    fi
    if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then
      _domain="$h"
      return 0
    fi
    i=$(_math $i + 1)
  done
  _debug "$domain not found"
  return 1
 }
 _regexcape() {
  echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g'
 }
--- a/dnsapi/dns_gandi_livedns.sh
+++ b/dnsapi/dns_gandi_livedns.sh
@ -13,7 +13,7 @@
 #
 ########  Public functions #####################
-GANDI_LIVEDNS_API="https://dns.api.gandi.net/api/v5"
+GANDI_LIVEDNS_API="https://api.gandi.net/v5/livedns"
 #Usage: dns_gandi_livedns_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_gandi_livedns_add() {
@ -78,7 +78,7 @@ dns_gandi_livedns_rm() {
  _gandi_livedns_rest PUT \
    "domains/$_domain/records/$_sub_domain/TXT" \
    "{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
-    _contains "$response" '{"message": "DNS Record Created"}' &&
+    _contains "$response" '{"message":"DNS Record Created"}' &&
    _info "Removing record $(__green "success")"
 }
@ -134,7 +134,7 @@ _dns_gandi_append_record() {
  _debug new_rrset_values "$_rrset_values"
  _gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
    "{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
-    _contains "$response" '{"message": "DNS Record Created"}' &&
+    _contains "$response" '{"message":"DNS Record Created"}' &&
    _info "Adding record $(__green "success")"
 }
@ -144,11 +144,11 @@ _dns_gandi_existing_rrset_values() {
  if ! _gandi_livedns_rest GET "domains/$domain/records/$sub_domain"; then
    return 1
  fi
-  if ! _contains "$response" '"rrset_type": "TXT"'; then
+  if ! _contains "$response" '"rrset_type":"TXT"'; then
    _debug "Does not have a _acme-challenge TXT record yet."
    return 1
  fi
-  if _contains "$response" '"rrset_values": \[\]'; then
+  if _contains "$response" '"rrset_values":\[\]'; then
    _debug "Empty rrset_values for TXT record, no previous TXT record."
    return 1
  fi
@ -169,7 +169,7 @@ _gandi_livedns_rest() {
  if [ -n "$GANDI_LIVEDNS_TOKEN" ]; then
    export _H2="Authorization: Bearer $GANDI_LIVEDNS_TOKEN"
  else
-    export _H2="X-Api-Key: $GANDI_LIVEDNS_KEY"
+    export _H2="Authorization: Apikey $GANDI_LIVEDNS_KEY"
  fi
  if [ "$m" = "GET" ]; then
--- a/dnsapi/dns_gcloud.sh
+++ b/dnsapi/dns_gcloud.sh
@ -42,7 +42,7 @@ dns_gcloud_rm() {
  echo "$rrdatas" | grep -F -v -- "\"$txtvalue\"" | _dns_gcloud_add_rrs || return $?
  _dns_gcloud_execute_tr || return $?
-  _info "$fulldomain record added"
+  _info "$fulldomain record removed"
 }
 ####################  Private functions below ##################################
--- a/dnsapi/dns_gcore.sh
+++ b/dnsapi/dns_gcore.sh
@ -4,8 +4,8 @@
 #GCORE_Key='773$7b7adaf2a2b32bfb1b83787b4ff32a67eb178e3ada1af733e47b1411f2461f7f4fa7ed7138e2772a46124377bad7384b3bb8d87748f87b3f23db4b8bbe41b2bb'
 #
-GCORE_Api="https://api.gcorelabs.com/dns/v2"
+GCORE_Api="https://api.gcore.com/dns/v2"
-GCORE_Doc="https://apidocs.gcore.com/dns"
+GCORE_Doc="https://api.gcore.com/docs/dns"
 ########  Public functions #####################
--- a/dnsapi/dns_kappernet.sh
+++ b/dnsapi/dns_kappernet.sh
@ -6,8 +6,7 @@
 #KAPPERNETDNS_Key="yourKAPPERNETapikey"
 #KAPPERNETDNS_Secret="yourKAPPERNETapisecret"
-
+#KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
 KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
 ###############################################################################
 # called with
@ -19,10 +18,9 @@ dns_kappernet_add() {
  KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
  KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
  KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
  if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
    KAPPERNETDNS_Key=""
    KAPPERNETDNS_Secret=""
    _err "Please specify your kapper.net api key and secret."
    _err "If you have not received yours - send your mail to"
    _err "support@kapper.net to get  your key and secret."
@ -41,7 +39,7 @@ dns_kappernet_add() {
  _debug _domain "DOMAIN: $_domain"
  _info "Trying to add TXT DNS Record"
-  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
+  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D"
  if _kappernet_api GET "action=new&subject=$_domain&data=$data"; then
    if _contains "$response" "{\"OK\":true"; then
@ -66,10 +64,9 @@ dns_kappernet_rm() {
  KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
  KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
  KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
  if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
    KAPPERNETDNS_Key=""
    KAPPERNETDNS_Secret=""
    _err "Please specify your kapper.net api key and secret."
    _err "If you have not received yours - send your mail to"
    _err "support@kapper.net to get  your key and secret."
@ -81,7 +78,7 @@ dns_kappernet_rm() {
  _saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret"
  _info "Trying to remove the TXT Record: $fullhostname containing $txtvalue"
-  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
+  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D"
  if _kappernet_api GET "action=del&subject=$fullhostname&data=$data"; then
    if _contains "$response" "{\"OK\":true"; then
      return 0
@ -141,7 +138,7 @@ _kappernet_api() {
  if [ "$method" = "GET" ]; then
    response="$(_get "$url")"
  else
-    _err "Unsupported method"
+    _err "Unsupported method or missing Secret/Key"
    return 1
  fi
--- a/dnsapi/dns_limacity.sh
+++ b/dnsapi/dns_limacity.sh
@ -0,0 +1,94 @@
 #!/usr/bin/env sh
 # Created by Laraveluser
 #
 # Pass credentials before "acme.sh --issue --dns dns_limacity ..."
 # --
 # export LIMACITY_APIKEY="<API-KEY>"
 # --
 #
 # Pleas note: APIKEY must have following roles: dns.admin, domains.reader
 ########  Public functions #####################
 LIMACITY_APIKEY="${LIMACITY_APIKEY:-$(_readaccountconf_mutable LIMACITY_APIKEY)}"
 AUTH=$(printf "%s" "api:$LIMACITY_APIKEY" | _base64 -w 0)
 export _H1="Authorization: Basic $AUTH"
 export _H2="Content-Type: application/json"
 APIBASE=https://www.lima-city.de/usercp
 #Usage: dns_limacity_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_limacity_add() {
  _debug LIMACITY_APIKEY "$LIMACITY_APIKEY"
  if [ "$LIMACITY_APIKEY" = "" ]; then
    _err "No Credentials given"
    return 1
  fi
  # save the dns server and key to the account conf file.
  _saveaccountconf_mutable LIMACITY_APIKEY "${LIMACITY_APIKEY}"
  fulldomain=$1
  txtvalue=$2
  if ! _lima_get_domain_id "$fulldomain"; then return 1; fi
  msg=$(_post "{\"nameserver_record\":{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\",\"ttl\":60}}" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" "" "POST")
  _debug "$msg"
  if [ "$(echo "$msg" | _egrep_o "\"status\":\"ok\"")" = "" ]; then
    _err "$msg"
    return 1
  fi
  return 0
 }
 #Usage: dns_limacity_rm   _acme-challenge.www.domain.com
 dns_limacity_rm() {
  fulldomain=$1
  txtvalue=$2
  if ! _lima_get_domain_id "$fulldomain"; then return 1; fi
  for recordId in $(_get "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" | _egrep_o "{\"id\":[0-9]*[^}]*,\"name\":\"${fulldomain}\"" | _egrep_o "[0-9]*"); do
    _post "" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records/${recordId}" "" "DELETE"
  done
  return 0
 }
 ####################  Private functions below ##################################
 _lima_get_domain_id() {
  domain="$1"
  _debug "$domain"
  i=2
  p=1
  domains=$(_get "${APIBASE}/domains.json")
  if [ "$(echo "$domains" | _egrep_o "\{.*""domains""")" ]; then
    response="$(echo "$domains" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")"
    while true; do
      h=$(printf "%s" "$domain" | cut -d . -f $i-100)
      _debug h "$h"
      if [ -z "$h" ]; then
        #not valid
        return 1
      fi
      hostedzone="$(echo "$response" | _egrep_o "\{.*""unicode_fqdn""[^,]+""$h"".*\}")"
      if [ "$hostedzone" ]; then
        LIMACITY_DOMAINID=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
        if [ "$LIMACITY_DOMAINID" ]; then
          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
          _domain=$h
          return 0
        fi
        return 1
      fi
      p=$i
      i=$(_math "$i" + 1)
    done
  fi
  return 1
 }
--- a/dnsapi/dns_west_cn.sh
+++ b/dnsapi/dns_west_cn.sh
@ -0,0 +1,105 @@
 #!/usr/bin/env sh
 # West.cn Domain api
 #WEST_Username="username"
 #WEST_Key="sADDsdasdgdsf"
 #Set key at https://www.west.cn/manager/API/APIconfig.asp
 REST_API="https://api.west.cn/API/v2"
 ########  Public functions #####################
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_west_cn_add() {
  fulldomain=$1
  txtvalue=$2
  WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}"
  WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}"
  if [ -z "$WEST_Username" ] || [ -z "$WEST_Key" ]; then
    WEST_Username=""
    WEST_Key=""
    _err "You don't specify west api key and username yet."
    _err "Please set you key and try again."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable WEST_Username "$WEST_Username"
  _saveaccountconf_mutable WEST_Key "$WEST_Key"
  add_record "$fulldomain" "$txtvalue"
 }
 #Usage: rm _acme-challenge.www.domain.com
 dns_west_cn_rm() {
  fulldomain=$1
  txtvalue=$2
  WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}"
  WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}"
  if ! _rest POST "domain/dns/" "act=dnsrec.list&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT"; then
    _err "dnsrec.list error."
    return 1
  fi
  if _contains "$response" 'no records'; then
    _info "Don't need to remove."
    return 0
  fi
  record_id=$(echo "$response" | tr "{" "\n" | grep -- "$txtvalue" | grep '^"record_id"' | cut -d : -f 2 | cut -d ',' -f 1)
  _debug record_id "$record_id"
  if [ -z "$record_id" ]; then
    _err "Can not get record id."
    return 1
  fi
  if ! _rest POST "domain/dns/" "act=dnsrec.remove&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_id=$record_id"; then
    _err "dnsrec.remove error."
    return 1
  fi
  _contains "$response" "success"
 }
 #add the txt record.
 #usage: add fulldomain txtvalue
 add_record() {
  fulldomain=$1
  txtvalue=$2
  _info "Adding record"
  if ! _rest POST "domain/dns/" "act=dnsrec.add&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT&record_value=$txtvalue"; then
    return 1
  fi
  _contains "$response" "success"
 }
 #Usage: method  URI  data
 _rest() {
  m="$1"
  ep="$2"
  data="$3"
  _debug "$ep"
  url="$REST_API/$ep"
  _debug url "$url"
  if [ "$m" = "GET" ]; then
    response="$(_get "$url" | tr -d '\r')"
  else
    _debug2 data "$data"
    response="$(_post "$data" "$url" | tr -d '\r')"
  fi
  if [ "$?" != "0" ]; then
    _err "error $ep"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/notify/mattermost.sh
+++ b/notify/mattermost.sh
@ -0,0 +1,52 @@
 #!/usr/bin/env sh
 # Support mattermost bots
 #MATTERMOST_API_URL=""
 #MATTERMOST_CHANNEL_ID=""
 #MATTERMOST_BOT_TOKEN=""
 mattermost_send() {
  _subject="$1"
  _content="$2"
  _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
  _debug "_statusCode" "$_statusCode"
  MATTERMOST_API_URL="${MATTERMOST_API_URL:-$(_readaccountconf_mutable MATTERMOST_API_URL)}"
  if [ -z "$MATTERMOST_API_URL" ]; then
    _err "You didn't specify a Mattermost API URL MATTERMOST_API_URL yet."
    return 1
  fi
  _saveaccountconf_mutable MATTERMOST_API_URL "$MATTERMOST_API_URL"
  MATTERMOST_CHANNEL_ID="${MATTERMOST_CHANNEL_ID:-$(_readaccountconf_mutable MATTERMOST_CHANNEL_ID)}"
  if [ -z "$MATTERMOST_CHANNEL_ID" ]; then
    _err "You didn't specify a Mattermost channel id MATTERMOST_CHANNEL_ID yet."
    return 1
  fi
  _saveaccountconf_mutable MATTERMOST_CHANNEL_ID "$MATTERMOST_CHANNEL_ID"
  MATTERMOST_BOT_TOKEN="${MATTERMOST_BOT_TOKEN:-$(_readaccountconf_mutable MATTERMOST_BOT_TOKEN)}"
  if [ -z "$MATTERMOST_BOT_TOKEN" ]; then
    _err "You didn't specify a Mattermost bot API token MATTERMOST_BOT_TOKEN yet."
    return 1
  fi
  _saveaccountconf_mutable MATTERMOST_BOT_TOKEN "$MATTERMOST_BOT_TOKEN"
  _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)"
  _data="{\"channel_id\": \"$MATTERMOST_CHANNEL_ID\", "
  _data="$_data\"message\": \"$_content\"}"
  export _H1="Authorization: Bearer $MATTERMOST_BOT_TOKEN"
  response=""
  if _post "$_data" "$MATTERMOST_API_URL" "" "POST" "application/json; charset=utf-8"; then
    MATTERMOST_RESULT_OK=$(echo "$response" | _egrep_o 'create_at')
    if [ "$?" = "0" ] && [ "$MATTERMOST_RESULT_OK" ]; then
      _info "mattermost send success."
      return 0
    fi
  fi
  _err "mattermost send error."
  _err "$response"
  return 1
 }
Author	SHA1	Message	Date
neil	0d8a314bcf	Merge pull request #5123 from acmesh-official/dev sync	2024-04-29 20:15:14 +02:00
neil	e7cfde1904	Merge pull request #5049 from hknet/patch-2 fixed handling of key and secret	2024-04-29 20:14:01 +02:00
neil	8c07af6fc7	Merge pull request #5113 from scruel/dev fix(deploy_dsm): ensure grep get the error code	2024-04-25 09:19:08 +02:00
Scruel Tao	cd01104de9	fix(deploy_dsm): ensure grep get the error code Added grep -o option to ensure the script won't get other digits as the error code result	2024-04-25 13:39:05 +08:00
neil	28f438a6bd	Merge pull request #5111 from scruel/scruel-patch-1	2024-04-24 23:16:49 +02:00
Scruel Tao	9ff89b570f	fix(deploy_dsm): missing gerp -P option on busybox Fixes: #5105	2024-04-25 04:02:49 +08:00
neil	bc90376489	Merge pull request #5102 from acmesh-official/dev sync	2024-04-21 12:11:04 +02:00
neil	43b5ea801f	convert to pkcs12 when renewal fix https://github.com/acmesh-official/acme.sh/issues/3474#issuecomment-2058126129	2024-04-21 11:21:45 +02:00
neil	9863e7ea6e	Merge pull request #5023 from scruel/patch-dsm-deploy Patch Synology DSM deploy: support DSM 6.x & user-friendly refactor.	2024-04-21 09:45:41 +02:00
neil	ebaa39b03f	Merge pull request #5075 from acmesh-official/dev sync	2024-04-01 11:46:18 +02:00
neil	fa3d7ad14b	Merge pull request #5069 from annieoxe/decode-eab_hmac_key Fix: Decode eab_hmac_key as single-line	2024-03-31 23:02:42 +02:00
neil	c51104f956	fix format	2024-03-31 20:33:57 +02:00
neil	84795ff4d9	Merge pull request #4757 from laraveluser/master Add support for Lima-City	2024-03-31 20:20:29 +02:00
neil	cc5c722e29	Merge pull request #5072 from aSauerwein/master feature: add template option for panos deploy hook	2024-03-31 20:15:18 +02:00
asauerwein	4fcddd1893	add template option	2024-03-31 09:16:21 +02:00
laraveluser	c8604255e4	Merge branch 'acmesh-official:master' into master	2024-03-27 21:47:09 +01:00
annieoxi	492826a7f2	Fix: Decode eab_hmac_key as single-line This commit resolves the issue #5068.	2024-03-26 12:35:54 +01:00
neil	2d4b900e33	Merge pull request #5032 from scruel/patch-3 fix(config_migrate): always remove domain old key & replace old value by new value	2024-03-18 21:43:03 +01:00
neil	d2481f5790	Merge pull request #5048 from hknet/patch-1 dns-record TTL set to 300	2024-03-18 21:25:35 +01:00
neil	49f6104f03	Merge pull request #4979 from derytim/aws_dns_imdsv2 Aws dns imdsv2	2024-03-18 21:16:16 +01:00
neil	2728d2aa6e	fix format	2024-03-18 21:09:49 +01:00
neil	0588fc6b7c	Merge pull request #4581 from wlallemand/haproxy-hot-update haproxy deploy hook updates existing certificate over stats socket	2024-03-18 21:07:12 +01:00
Tim Dery	e3cd52cab4	Merge branch 'dev' into aws_dns_imdsv2	2024-03-13 11:06:52 -07:00
Tim Dery	b2c6b9a320	attempt _use_metadata fix from j-c-m	2024-03-11 10:33:14 -07:00
Harald Kapper	39fa40ab12	fixed secret+key storage-usage fixed the key and secret handling via acme account.conf	2024-03-11 03:27:17 +01:00
Harald Kapper	0bf87bf4af	dns-record TTL set to 300 reduce TTL for the TXT record from 3600 to 300 to have an easier way to replicate changes for the dns-verification in case multiple submissions for a specific record/domain are done within an hour.	2024-03-11 00:44:53 +01:00
laraveluser	d3b022fe17	Update dns_limacity.sh	2024-03-03 10:32:21 +01:00
Scruel Tao	79640f6b7d	replace wired space symbol	2024-02-28 20:02:24 +08:00
Scruel Tao	2cbdf274b1	feat(config_migrate): always remove domain old key & replace old value by new value	2024-02-28 18:30:06 +08:00
Scruel Tao	6af5293315	doc: adjust	2024-02-28 02:00:07 +08:00
Scruel Tao	ff090d2f74	fix lint	2024-02-26 23:45:19 +08:00
Scruel Tao	68e3a12a91	feat: improve robustness of the usage of DSM tool `synogroup`	2024-02-26 23:38:44 +08:00
Scruel Tao	50eda6b678	fix: lint	2024-02-26 21:07:15 +08:00
Scruel Tao	192ec598a3	feat: add `SYNO_LOCAL_HOSTNAME` to prevent remote deploy via temp admin method	2024-02-26 21:03:26 +08:00
Scruel Tao	5b449999a5	refactor: unify variable naming convention again (revert some changes)	2024-02-26 20:55:49 +08:00
Scruel Tao	afed62f6de	fix: should save `SYNO_UseTempAdmin` only after login success.	2024-02-26 07:05:00 +08:00
Scruel Tao	59d1e16f9c	feat: bypass enforce temp admin 2FA	2024-02-26 06:23:47 +08:00
Scruel Tao	dbe0d477d6	feat: more user-friendly logic & error messages.	2024-02-26 06:23:46 +08:00
Scruel Tao	7248560169	feat: support DSM 6.x	2024-02-26 06:23:45 +08:00
Scruel Tao	f840f7d75b	refactor: unify variable naming convention	2024-02-26 06:23:42 +08:00
neil	6e14a073ff	Merge pull request #5021 from acmesh-official/dev sync	2024-02-25 19:25:26 +01:00
Scruel Tao	cf3839ecec	doc(deploy): update usage doc	2024-02-22 12:38:51 +08:00
neil	aa8cf76fb1	Merge pull request #4706 from scruel/syno-patch Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic	2024-02-13 09:57:51 +08:00
neil	10b4bb598a	fix https://github.com/acmesh-official/acme.sh/issues/4995#issuecomment-1937486243	2024-02-12 13:16:08 +08:00
neil	de14d59bb3	Merge pull request #4987 from acmesh-official/dev sync	2024-02-04 12:39:06 +08:00
neil	d76272f0ea	fix message	2024-02-04 12:35:07 +08:00
neil	e04093efe2	remove socket err temp file	2024-02-04 12:31:34 +08:00
neil	bd6bbba948	remove socaterr temp file	2024-02-04 12:27:06 +08:00
neil	37e4f35c93	fix format	2024-02-04 12:21:50 +08:00
neil	0084cb7403	fix format	2024-02-04 12:18:58 +08:00
neil	99e5c159a7	check socat "Permission denied"	2024-02-04 12:17:03 +08:00
neil	802121d54a	show dns message on any branch	2024-02-04 11:42:28 +08:00
neil	160b2e95c9	Merge pull request #4986 from acmesh-official/dev sync	2024-02-04 00:11:26 +08:00
neil	7ec692cdef	fix socat for netbsd: listens to ipv4 by default.	2024-02-03 23:59:48 +08:00
neil	3dca67112d	fix netbsd	2024-02-03 18:39:58 +08:00
neil	f8dac5905c	check the status of Order object and the Authorization object.	2024-02-03 18:07:50 +08:00
Tim Dery	48e4e41e05	add cr to force a new gh actions run	2024-01-31 17:32:56 -08:00
Tim Dery	22374b81de	delete a cr to force a workflow run	2024-01-31 16:02:45 -08:00
Tim Dery	b9157e29cb	spacing cleanup	2024-01-31 15:52:59 -08:00
Tim Dery	bd247c35f2	remove comments	2024-01-31 15:48:44 -08:00
Tim Dery	7da9a45c61	combined functions for cleaner code	2024-01-31 15:39:08 -08:00
Tim Dery	122dfa12ac	add imdsv2 support to dns_aws	2024-01-30 15:51:55 -08:00
neil	1905830b20	Merge pull request #4948 from rparenton/gandi-livedns-new-api Fix #4836 (Switch to new Gandi LiveDNS API)	2024-01-14 13:04:51 +01:00
Robert	bfb41ce123	Fix acmesh-official#4836 (Switch to new Gandi LiveDNS API) 1. Updated LiveDNS API URL for the new API to allow Personal Access Tokens to work 2. Updated authorization header syntax to allow deprecated API Keys to work with the new API 3. Removed white space in JSON response parsing to match responses returned by the server	2024-01-13 13:39:09 -06:00
neil	85e3ecfe0b	fix omnios	2024-01-13 20:28:21 +01:00
laraveluser	9e073c954d	Update dns_limacity.sh	2024-01-12 20:39:44 +01:00
neil	b79c3f5cc4	fix pkg_add	2024-01-12 20:36:49 +01:00
laraveluser	ad5acb80fe	Update dns_limacity.sh	2024-01-12 20:33:01 +01:00
laraveluser	7b7c834b08	Update dns_limacity.sh	2024-01-12 19:48:14 +01:00
laraveluser	42827be7c3	Update dns_limacity.sh	2024-01-12 18:39:28 +01:00
laraveluser	7022d27b8e	Update dns_limacity.sh	2024-01-12 17:58:54 +01:00
laraveluser	ab911f1ce9	Update dns_limacity.sh	2024-01-12 17:54:23 +01:00
laraveluser	a6a1de50c8	Merge branch 'acmesh-official:master' into master	2024-01-12 01:07:07 +01:00
laraveluser	97723fbbc9	Update dns_limacity.sh	2024-01-08 01:45:34 +01:00
neil	2e58cf1168	Merge pull request #4940 from dario-pilori/fix-routeros-7 Fix RouterOS deploy hook for 7	2024-01-04 23:15:36 +01:00
Dario Pilori	3ca97d7258	Remove whitespace in script name in routeros.sh deploy hook	2024-01-04 18:28:05 +01:00
neil	9786dccdee	Merge pull request #4161 from seidler2547/seidler2547-remove-do remove dns_do as it does not work anymore	2024-01-02 20:34:15 +01:00
neil	d8e2b96bce	Merge pull request #4925 from LordDarkneo/patch-1 Logout update for DSM Deploy script (2727 issue)	2023-12-24 16:01:25 +01:00
LordDarkneo	6992659ba9	Update synology_dsm.sh	2023-12-22 14:36:52 -05:00
LordDarkneo	05696d443a	Update synology_dsm.sh #2727 issue when logging out on older version - using variables to unlog only for CERT user	2023-12-22 14:34:35 -05:00
LordDarkneo	f59a925897	Update synology_dsm.sh Issue for lougout	2023-12-22 09:09:29 -05:00
neil	afacdfcb95	Merge pull request #4918 from acmesh-official/dev sync	2023-12-17 22:26:04 +01:00
neil	8cb1b6b5d5	update	2023-12-05 20:19:40 +01:00
neil	f7d9d53ad2	Merge pull request #4899 from acmesh-official/dev sync	2023-12-05 20:16:27 +01:00
neil	f4315e2c6f	fix _date2time	2023-12-05 19:33:10 +01:00
neil	f0ac566c93	add Omnios	2023-12-04 23:51:06 +01:00
neil	50f6a459cf	update solaris	2023-12-04 09:41:39 +01:00
neil	179c80ae6d	Merge pull request #4861 from mrbaiwei/master support West.cn Domain	2023-12-04 09:35:18 +01:00
neil	6e72f161a6	Merge pull request #4872 from sandercox/patch-1 Update dns_gcloud.sh rm logs record added	2023-12-03 14:52:58 +01:00
neil	f71d8d7348	minor	2023-12-03 14:44:23 +01:00
neil	a12a3640a7	update	2023-12-03 14:40:32 +01:00
neil	3b7bc5a56a	update dragonflybsd-vm@v1	2023-12-02 22:50:59 +01:00
William Lallemand	e09d45c844	haproxy; don't use '' in the filename for wildcard domain By default acme.sh uses the '' character in the filename for wildcard. That can be confusing within HAProxy since the * character in front of a filename in the stat socket is used to specified an uncommitted transaction. This patch replace the '*' by a '_' in the filename. This is only done when using the default filename, the name can still be forced with an asterisk.	2023-12-01 15:35:31 +01:00
William Lallemand	36fc321096	haproxy: use the master CLI for hot update DEPLOY_HAPROXY_MASTER_CLI allows to use the HAProxy master CLI instead of a stats socket for DEPLOY_HAPROXY_HOT_UPDATE="yes" The syntax of the master CLI is slightly different, a prefix with the process number need to be added before any command. This patch uses ${_cmdpfx} in front of every socat commands which is filled when the master CLI is used.	2023-11-30 15:22:51 +01:00
William Lallemand	98a7a01dbb	haproxy: deploy script can add a new certificate over the stats socket DEPLOY_HAPROXY_HOT_UPDATE="yes" now allows to add a new certificate within HAProxy instead of updating an existing one. In order to work, the ${DEPLOY_HAPROXY_PEM_PATH} value must be used as a parameter to the "crt" keyword in the haproxy configuration. The patch uses the following commands over HAProxy stats socket: - show ssl cert - new ssl cert - set ssl cert - commit ssl cert - add ssl crt-list	2023-11-30 14:00:44 +01:00
William Lallemand	0f7be90500	haproxy: deploy script can update existing certificate over stats socket Since version 2.2, HAProxy is able to update dynamically certificates, without a reload. This patch uses socat to push the certificate into HAProxy in order to achieve hot update. With this method, reloading is not required. This should be used only to update an existing certificate in haproxy. 2 new variables are available: - DEPLOY_HAPROXY_HOT_UPDATE="yes" update over the stats socket instead of reloading - DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock" set the path on the stats socket.	2023-11-30 14:00:44 +01:00
William Lallemand	7aaf4432d4	haproxy: sanitize the PEM in the deploy script Sanitize the PEM of the haproxy deploy script by removing the '\n', this way it could be injected directly over the CLI.	2023-11-30 14:00:41 +01:00
neil	884a8995b4	Merge pull request #4853 from Max13/deploy/proxmoxve Fix typo in proxmoxve deploy hook	2023-11-22 09:19:51 +01:00
neil	bb42595275	Merge pull request #4866 from phedoreanu/dev dns_1984.hosting.sh: update login and account status URLs	2023-11-21 22:23:06 +01:00
neil	a4bd89c938	fix	2023-11-21 09:00:22 +01:00
neil	f364d4fbef	fix	2023-11-21 08:45:54 +01:00
neil	f899d0d8ed	update	2023-11-20 23:39:25 +01:00
Sander Cox	074cf00a7c	Update dns_gcloud.sh rm logs record added The logs show record was added twice but the second time was actual the rm command thus the removal of the record!	2023-11-14 11:28:24 +01:00
Adrian Fedoreanu	15d10eeebc	dns_1984.hosting.sh: update login and account status URLs	2023-11-10 08:22:28 +01:00
mrbaiwei	bea71f3411	Update dns_west_cn.sh Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>	2023-11-07 07:20:25 +08:00
mrbaiwei	eb99803b53	Update west.cn domain api Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>	2023-11-06 13:18:36 +08:00
mrbaiwei	a60d0c4108	Update dns_west_cn.sh Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>	2023-11-06 11:25:09 +08:00
neil	1cc3a13c49	fix comments	2023-11-04 10:04:26 +01:00
mrbaiwei	feffbba6de	Update dns_west.sh Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>	2023-11-04 14:16:11 +08:00
mrbaiwei	6ea09444ec	Update dns_west.sh Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>	2023-11-04 00:04:05 +08:00
neil	f1f486dacf	Merge pull request #4843 from trulyliu/dev Fix https://github.com/acmesh-official/acme.sh/issues/4460	2023-11-03 15:57:49 +01:00
neil	fec4af3194	Merge pull request #4855 from studycom-mrobinson/aws-similar-names Acme2 similar names	2023-11-03 15:56:37 +01:00
mrbaiwei	5342c7c82b	support West.cn Domain Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>	2023-11-03 18:14:26 +08:00
Matthew Robinson	8454ffa331	Fix issue with similar domain names causing an error in selecting the proper root domain to add challenge records in	2023-11-02 08:30:44 -07:00
Gavin Leo	199977be6a	Fix https://github.com/acmesh-official/acme.sh/issues/4460 Update gcore API url.	2023-11-02 09:27:14 +08:00
Adnan RIHAN	00dbc3881f	Fixed variables	2023-11-01 20:02:16 +01:00
neil	d93a5b2d20	Merge pull request #4841 from podguzovvasily/patch-1 Update haproxy.sh	2023-10-29 18:11:51 +01:00
podguzovvasily	8ca5ca6594	Update haproxy.sh resolved issue with HAProxy https://github.com/acmesh-official/acme.sh/issues/4788 according https://serversforhackers.com/c/letsencrypt-with-haproxy	2023-10-24 16:58:47 +03:00
neil	fe890c62f4	fix https://github.com/acmesh-official/acme.sh/issues/4835	2023-10-22 23:07:00 +08:00
neil	e15513bfdd	fix format	2023-10-06 20:05:39 +08:00
neil	dbe569c0d9	Merge pull request #4622 from defragatwork/mattermost Add support for Mattermost notifications (Bot account)	2023-10-06 20:01:50 +08:00
neil	f2e1b589b5	start 3.0.8	2023-10-06 20:01:28 +08:00
Scruel Tao	29b2960805	Optimze comment & remove tail space	2023-09-07 15:01:37 +08:00
Scruel Tao	f7f3a0bf0d	Merge branch 'dev' into syno-patch	2023-09-07 14:57:53 +08:00
laraveluser	ef20a0128f	Add support for Lima-City	2023-08-25 17:22:20 +02:00
Scruel Tao	ba468bb5e4	Fix for shfmt check	2023-07-20 13:38:36 +08:00
Scruel Tao	cf86d57a9f	Fix for shfmt check	2023-07-20 13:34:57 +08:00
Scruel Tao	9e958f4e32	Fix shellcheck	2023-07-20 13:09:21 +08:00
Scruel Tao	c7f6f20c9d	Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic 1. Fix the broken logic in (Sorry for including fix commit in same PR, I'm feeling quite tired and would like to go to sleep right away...) 2. Provides new method to obtain credential info for authentication, it will create a temp admin user if SYNO_USE_TEMP_ADMIN is set, instead of requiring the user's own credentials which will be saved in disk. I do really don't like to have plaintext credentials be saved in disk, and I noticed that you've spent a lot of time fighting with 2FA related stuffs, so why not just get rid of the whole old way. :)	2023-07-20 02:48:29 +08:00
Alexander Pushkarev	bb5f3cc326	Add support for Mattermost notifications.	2023-05-01 23:00:01 +03:00
seidler2547	b3529dc748	remove dns_do as it does not work anymore The API that it uses was shut down in May 2022	2022-06-27 19:42:16 +00:00