Merge pull request #1 from acmesh-official/master

Rebase
4 years ago · 64fd9c8cc8
83 changed files with 6145 additions and 1584 deletions
--- a/.github/auto-comment.yml
+++ b/.github/auto-comment.yml
@ -0,0 +1,40 @@
 # Comment to a new issue.
 issuesOpened: >
  If this is a bug report, please upgrade to the latest code and try again:
  如果有 bug, 请先更新到最新版试试:
  ```
  acme.sh --upgrade
  ```
  please also provide the log with `--debug 2`.
  同时请提供调试输出 `--debug 2`
  see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
  Without `--debug 2` log, your issue will NEVER get replied.
  没有调试输出, 你的 issue 不会得到任何解答.
 pullRequestOpened: >
  First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead.
  If this is a PR to support new DNS API or new notification API, please read this guide first:
  https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide
  Please check the guide items one by one.
  Then add your usage here:
  https://github.com/acmesh-official/acme.sh/wiki/dnsapi
  Or some other wiki pages:
  https://github.com/acmesh-official/acme.sh/wiki/deployhooks
  https://github.com/acmesh-official/acme.sh/wiki/notify
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@ -0,0 +1,249 @@
 name: DNS
 on:
  push:
    paths:
      - 'dnsapi/*.sh'
      - '.github/workflows/DNS.yml'
  pull_request:
    branches:
      - 'dev'
    paths:
      - 'dnsapi/*.sh'
      - '.github/workflows/DNS.yml'
 jobs:
  CheckToken:
    runs-on: ubuntu-latest
    outputs:
      hasToken: ${{ steps.step_one.outputs.hasToken }}
    steps:
      - name: Set the value
        id: step_one
        run: |
          if [ "${{secrets.TokenName1}}" ] ; then
            echo "::set-output name=hasToken::true"
          else
            echo "::set-output name=hasToken::false"
          fi
      - name: Check the value
        run: echo ${{ steps.step_one.outputs.hasToken }}
  Fail:
    runs-on: ubuntu-latest
    needs: CheckToken
    if: "contains(needs.CheckToken.outputs.hasToken, 'false')"
    steps:
    - name: "Read this:   https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
      run: |
        echo "Read this:   https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
        if [ "${{github.actor}}" != "Neilpang" ]; then
          false
        fi
  Docker:
    runs-on: ubuntu-latest
    needs: CheckToken
    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
      TestingDomain: ${{ secrets.TestingDomain }}
      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
      CASE: le_test_dnsapi
      TEST_LOCAL: 1
      DEBUG: 1
    steps:
    - uses: actions/checkout@v2
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Set env file
      run: |
        cd ../acmetest 
        if [ "${{ secrets.TokenName1}}" ] ; then
          echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list
        fi
        if [ "${{ secrets.TokenName2}}" ] ; then
          echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list
        fi
        if [ "${{ secrets.TokenName3}}" ] ; then
          echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list
        fi
        if [ "${{ secrets.TokenName4}}" ] ; then
          echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list
        fi
        if [ "${{ secrets.TokenName5}}" ] ; then
          echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list
        fi
        echo "TEST_DNS_NO_WILDCARD" >> env.list 
        echo "TEST_DNS_SLEEP" >> env.list
    - name: Run acmetest
      run: cd ../acmetest && ./rundocker.sh  testall
  MacOS:
    runs-on: macos-latest
    needs: Docker
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
      TestingDomain: ${{ secrets.TestingDomain }}
      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
      CASE: le_test_dnsapi
      TEST_LOCAL: 1
      DEBUG: 1
    steps:
    - uses: actions/checkout@v2
    - name: Install tools
      run:  brew install socat
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      run: |
        if [ "${{ secrets.TokenName1}}" ] ; then
          export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
        fi
        if [ "${{ secrets.TokenName2}}" ] ; then
          export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}
        fi
        if [ "${{ secrets.TokenName3}}" ] ; then
          export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}
        fi
        if [ "${{ secrets.TokenName4}}" ] ; then
          export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}
        fi
        if [ "${{ secrets.TokenName5}}" ] ; then
          export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}
        fi
        cd ../acmetest
        ./letest.sh
  Windows:
    runs-on: windows-latest
    needs: MacOS
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
      TestingDomain: ${{ secrets.TestingDomain }}
      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
      CASE: le_test_dnsapi
      TEST_LOCAL: 1
      DEBUG: 1
    steps:
    - name: Set git to use LF
      run: |
          git config --global core.autocrlf false
    - uses: actions/checkout@v2
    - name: Install cygwin base packages with chocolatey
      run: |
          choco config get cacheLocation
          choco install --no-progress cygwin
      shell: cmd
    - name: Install cygwin additional packages
      run: |
          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
      shell: cmd
    - name: Set ENV
      shell: cmd
      run: |
          echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      shell: bash
      run: |
        if [ "${{ secrets.TokenName1}}" ] ; then
          export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
        fi
        if [ "${{ secrets.TokenName2}}" ] ; then
          export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}
        fi
        if [ "${{ secrets.TokenName3}}" ] ; then
          export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}
        fi
        if [ "${{ secrets.TokenName4}}" ] ; then
          export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}
        fi
        if [ "${{ secrets.TokenName5}}" ] ; then
          export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}
        fi
        cd ../acmetest
        ./letest.sh
  FreeBSD:
    runs-on: macos-latest
    needs: Windows
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
      TestingDomain: ${{ secrets.TestingDomain }}
      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
      CASE: le_test_dnsapi
      TEST_LOCAL: 1
      DEBUG: 1
    steps:
    - uses: actions/checkout@v2
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/freebsd-vm@v0.0.7
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        prepare: pkg install -y socat curl
        usesh: true
        run: |
          if [ "${{ secrets.TokenName1}}" ] ; then
            export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
          fi
          if [ "${{ secrets.TokenName2}}" ] ; then
            export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}
          fi
          if [ "${{ secrets.TokenName3}}" ] ; then
            export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}
          fi
          if [ "${{ secrets.TokenName4}}" ] ; then
            export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}
          fi
          if [ "${{ secrets.TokenName5}}" ] ; then
            export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}
          fi
          cd ../acmetest
          ./letest.sh
  Solaris:
    runs-on: macos-latest
    needs: FreeBSD
    env:
      TEST_DNS : ${{ secrets.TEST_DNS }}
      TestingDomain: ${{ secrets.TestingDomain }}
      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
      CASE: le_test_dnsapi
      TEST_LOCAL: 1
      DEBUG: 1
    steps:
    - uses: actions/checkout@v2
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/solaris-vm@v0.0.1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
        prepare: pkgutil -y -i socat curl
        run: |
          if [ "${{ secrets.TokenName1}}" ] ; then
            export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
          fi
          if [ "${{ secrets.TokenName2}}" ] ; then
            export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}
          fi
          if [ "${{ secrets.TokenName3}}" ] ; then
            export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}
          fi
          if [ "${{ secrets.TokenName4}}" ] ; then
            export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}
          fi
          if [ "${{ secrets.TokenName5}}" ] ; then
            export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}
          fi
          cd ../acmetest
          ./letest.sh
--- a/.github/workflows/LetsEncrypt.yml
+++ b/.github/workflows/LetsEncrypt.yml
@ -0,0 +1,147 @@
 name: LetsEncrypt
 on:
  push:
    branches:
      - '*'
    paths:
      - '**.sh'
      - '**.yml'
  pull_request:
    branches:
      - dev
    paths:
      - '**.sh'
      - '**.yml'
 jobs:
  CheckToken:
    runs-on: ubuntu-latest
    outputs:
      hasToken: ${{ steps.step_one.outputs.hasToken }}
    env: 
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
    steps:
      - name: Set the value
        id: step_one
        run: |
          if [ "$NGROK_TOKEN" ] ; then
            echo "::set-output name=hasToken::true"
          else
            echo "::set-output name=hasToken::false"
          fi
      - name: Check the value
        run: echo ${{ steps.step_one.outputs.hasToken }}
  Ubuntu:
    runs-on: ubuntu-latest
    needs: CheckToken
    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      run: cd ../acmetest && sudo --preserve-env ./letest.sh
  MacOS:
    runs-on: macos-latest
    needs: Ubuntu
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - name: Install tools
      run:  brew install socat
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      run: cd ../acmetest && sudo --preserve-env ./letest.sh
  Windows:
    runs-on: windows-latest
    needs: MacOS
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
      #The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port.
      Le_HTTPPort: 8888
    steps:
    - name: Set git to use LF
      run: |
          git config --global core.autocrlf false
    - uses: actions/checkout@v2
    - name: Install cygwin base packages with chocolatey
      run: |
          choco config get cacheLocation
          choco install --no-progress cygwin
      shell: cmd
    - name: Install cygwin additional packages
      run: |
          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
      shell: cmd
    - name: Set ENV
      shell: cmd
      run: |
          echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
    - name: Check ENV
      shell: cmd
      run: |
          echo "PATH=%PATH%"
    - name: Clone acmetest
      shell: cmd
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      shell: cmd
      run: cd ../acmetest && bash.exe -c ./letest.sh
  FreeBSD:
    runs-on: macos-latest
    needs: Windows
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/freebsd-vm@v0.0.7
      with:
        envs: 'NGROK_TOKEN TEST_LOCAL'
        prepare: pkg install -y socat curl
        usesh: true
        run: |
          cd ../acmetest && ./letest.sh
  Solaris:
    runs-on: macos-latest
    needs: FreeBSD
    env:
      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
    - uses: vmactions/ngrok-tunnel@v0.0.1
      id: ngrok
      with:
        protocol: http
        port: 8080
    - name: Set envs
      run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/solaris-vm@v0.0.1
      with:
        envs: 'TEST_LOCAL TestingDomain'
        nat: |
          "8080": "80"
        prepare: pkgutil -y -i socat curl
        run: |
          cd ../acmetest && ./letest.sh
--- a/.github/workflows/PebbleStrict.yml
+++ b/.github/workflows/PebbleStrict.yml
@ -0,0 +1,39 @@
 name: PebbleStrict
 on:
  push:
    branches:
      - '*'
    paths:
      - '**.sh'
      - '**.yml'
  pull_request:
    branches:
      - dev
    paths:
      - '**.sh'
      - '**.yml'
 jobs:
  PebbleStrict:
    runs-on: ubuntu-latest
    env:
      TestingDomain: example.com
      TestingAltDomains: www.example.com
      ACME_DIRECTORY: https://localhost:14000/dir
      HTTPS_INSECURE: 1
      Le_HTTPPort: 5002
      TEST_LOCAL: 1
      TEST_CA: "Pebble Intermediate CA"
    steps:
    - uses: actions/checkout@v2
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Run Pebble
      run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
    - name: Set up Pebble
      run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
    - name: Clone acmetest
      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Run acmetest
      run: cd ../acmetest && ./letest.sh
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@ -0,0 +1,66 @@
 name: Build DockerHub
 on:
  push:
    branches:
      - '*'
    tags:
      - '*'
 jobs:
  CheckToken:
    runs-on: ubuntu-latest
    outputs:
      hasToken: ${{ steps.step_one.outputs.hasToken }}
    env: 
      DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }}
    steps:
      - name: Set the value
        id: step_one
        run: |
          if [ "$DOCKER_PASSWORD" ] ; then
            echo "::set-output name=hasToken::true"
          else
            echo "::set-output name=hasToken::false"
          fi
      - name: Check the value
        run: echo ${{ steps.step_one.outputs.hasToken }}
  build:
    runs-on: ubuntu-latest
    needs: CheckToken
    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
    steps:
      - name: checkout code
        uses: actions/checkout@v2
      - name: install buildx
        id: buildx
        uses: crazy-max/ghaction-docker-buildx@v3
        with:
          buildx-version: latest
          qemu-version: latest
      - name: login to docker hub
        run: |
          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
      - name: build and push the image
        run: |
          DOCKER_IMAGE=neilpang/acme.sh
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/}
          fi
          if [[ $GITHUB_REF == refs/heads/* ]]; then
            DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/}
            if [[ $DOCKER_IMAGE_TAG == master ]]; then
              DOCKER_IMAGE_TAG=latest
              AUTO_UPGRADE=1
            fi
          fi
          docker buildx build \
            --tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
            --output "type=image,push=true" \
            --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
            --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x .
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@ -0,0 +1,33 @@
 name: Shellcheck
 on:
  push:
    branches:
      - '*'
    paths:
      - '**.sh'
      - '**.yml'
  pull_request:
    branches:
      - dev
    paths:
      - '**.sh'
      - '**.yml'
 jobs:
  ShellCheck:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Install Shellcheck
      run: sudo apt-get install -y shellcheck
    - name: DoShellcheck
      run: shellcheck -V  && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK"
  shfmt:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Install shfmt
      run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
    - name: shfmt
      run: ~/shfmt -l -w -i 2 . ; git diff --exit-code && echo "shfmt OK"
--- a/.travis.yml
+++ b/.travis.yml
@ -1,38 +0,0 @@
 language: shell
 sudo: required
 dist: trusty
 os:
  - linux
  - osx
 services:
  - docker
 env:
  global:
    - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64
 install:
  - if [ "$TRAVIS_OS_NAME" = 'osx' ]; then
      brew update && brew install socat;
      export PATH="/usr/local/opt/openssl@1.1/bin:$PATH" ;
    fi
 script:
  - echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)"
  - command -V openssl && openssl version
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi
  - cd ..
  - git clone --depth 1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest
  - if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi
  - if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi
 matrix:
  fast_finish: true
--- a/8
+++ b/8
@ -1,4 +1,4 @@
 FROM alpine:3.10
 FROM alpine:3.12
 RUN apk update -f \
  && apk --no-cache add -f \
@ -7,6 +7,7 @@ RUN apk update -f \
  coreutils \
  bind-tools \
  curl \
  sed \
  socat \
  tzdata \
  oath-toolkit-oathtool \
@ -15,7 +16,9 @@ RUN apk update -f \
 ENV LE_CONFIG_HOME /acme.sh
 ENV AUTO_UPGRADE 1
 ARG AUTO_UPGRADE=1
 ENV AUTO_UPGRADE $AUTO_UPGRADE
 #Install
 ADD ./ /install_acme.sh/
@ -52,6 +55,7 @@ RUN for verb in help \
  deactivate \
  deactivate-account \
  set-notify \
  set-default-ca \
  ; do \
    printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
  ; done
--- a/README.md
+++ b/README.md
@ -1,13 +1,24 @@
 # An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)
 # An ACME Shell script: acme.sh 
 ![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
 ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
 ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
 ![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
 <a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> 
 [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
 [![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
 <a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 - An ACME protocol client written purely in Shell (Unix shell) language.
 - Full ACME protocol implementation.
 - Support ACME v1 and ACME v2
 - Support ACME v2 wildcard certs
 - Simple, powerful and very easy to use. You only need 3 minutes to learn it.
 - Bash, dash and sh compatible.
 - Simplest shell script for Let's Encrypt free certificate client.
 - Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
 - Just one script to issue, renew and install your certificates automatically.
 - DOES NOT require `root/sudoer` access.
@ -29,7 +40,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
 # Who:
 - [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/)
 - [ruby-china.org](https://ruby-china.org/topics/31983)
 - [Proxmox](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer))
 - [Proxmox](https://pve.proxmox.com/wiki/Certificate_Management)
 - [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89)
 - [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt)
 - [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty)
@ -46,27 +57,27 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
 | NO | Status| Platform|
 |----|-------|---------|
 |1|[![](https://acmesh-official.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Ubuntu
 |2|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Debian
 |3|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|CentOS
 |4|[![](https://acmesh-official.github.io/acmetest/status/windows-cygwin.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included)
 |5|[![](https://acmesh-official.github.io/acmetest/status/freebsd.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|FreeBSD
 |6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|pfsense
 |7|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|openSUSE
 |8|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Alpine Linux (with curl)
 |9|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Archlinux
 |10|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|fedora
 |11|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Kali Linux
 |12|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Oracle Linux
 |13|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration#Let.27s_Encrypt_using_acme.sh
 |14|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
 |15|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|OpenBSD
 |16|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Mageia
 |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
 |18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|SunOS/Solaris
 |19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Gentoo Linux
 |20|[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)|Mac OSX
 |21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|ClearLinux
 |1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX
 |2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included)
 |3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD
 |4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris
 |5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu
 |6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense
 |7|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD
 |8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian
 |9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS
 |10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE
 |11|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Alpine Linux (with curl)
 |12|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Archlinux
 |13|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|fedora
 |14|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Kali Linux
 |15|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Oracle Linux
 |16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
 |17|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
 |18|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Mageia
 |19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
 |20|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux
 |21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux
 For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest):
@ -75,6 +86,7 @@ https://github.com/acmesh-official/acmetest
 # Supported CA
 - Letsencrypt.org CA(default)
 - [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)
 - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
 - [Pebble strict Mode](https://github.com/letsencrypt/pebble)
@ -246,7 +258,7 @@ More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-ce
 **(requires you to be root/sudoer, since it is required to interact with Apache server)**
 If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`.
 If you are running a web server, it is recommended to use the `Webroot mode`.
 Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder.
@ -266,7 +278,7 @@ More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-ce
 **(requires you to be root/sudoer, since it is required to interact with Nginx server)**
 If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`.
 If you are running a web server, it is recommended to use the `Webroot mode`.
 Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder.
@ -300,7 +312,7 @@ https://github.com/acmesh-official/acme.sh/wiki/dnsapi
 See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first.
 If your dns provider doesn't support any api access, you can add the txt record by your hand.
 If your dns provider doesn't support any api access, you can add the txt record by hand.
 ```bash
 acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
--- a/acme.sh
+++ b/acme.sh
--- a/deploy/docker.sh
+++ b/deploy/docker.sh
@ -91,7 +91,7 @@ docker_deploy() {
  _getdeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD
  _debug2 DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
  if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
    _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
    _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" "base64"
  fi
  _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")"
--- a/deploy/exim4.sh
+++ b/deploy/exim4.sh
@ -69,8 +69,8 @@ exim4_deploy() {
    cp "$_exim4_conf" "$_backup_conf"
    _info "Modify exim4 conf: $_exim4_conf"
    if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" \
      && _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
    if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" &&
      _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
      _info "Set config success!"
    else
      _err "Config exim4 server error, please report bug to us."
--- a/deploy/fritzbox.sh
+++ b/deploy/fritzbox.sh
@ -64,9 +64,9 @@ fritzbox_deploy() {
  _info "Log in to the FRITZ!Box"
  _fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')"
  if _exists iconv; then
    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | md5sum | awk '{print $1}')"
    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)"
  else
    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | md5sum | awk '{print $1}')"
    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)"
  fi
  _fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')"
--- a/deploy/haproxy.sh
+++ b/deploy/haproxy.sh
@ -233,7 +233,6 @@ haproxy_deploy() {
          -header Host${_header_sep}\"${_ocsp_host}\" \
          -respout \"${_ocsp}\" \
          -verify_other \"${_issuer}\" \
          -no_nonce \
          ${_cafile_argument} \
          | grep -q \"${_pem}: good\""
        _debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}"
--- a/deploy/kong.sh
+++ b/deploy/kong.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 # If certificate already exist it will update only cert and key not touching other parameter
 # If certificate  doesn't exist it will only upload cert and key and not set other parameter
 # If certificate already exists it will update only cert and key, not touching other parameters
 # If certificate doesn't exist it will only upload cert and key, and not set other parameters
 # Note that we deploy full chain
 # Written by Geoffroi Genot <ggenot@voxbone.com>
--- a/deploy/openstack.sh
+++ b/deploy/openstack.sh
@ -0,0 +1,262 @@
 #!/usr/bin/env sh
 # OpenStack Barbican deploy hook
 #
 # This requires you to have OpenStackClient and python-barbicanclient
 # installed.
 #
 # You will require Keystone V3 credentials loaded into your environment, which
 # could be either password or v3applicationcredential type.
 #
 # Author: Andy Botting <andy@andybotting.com>
 openstack_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"
  if ! _exists openstack; then
    _err "OpenStack client not found"
    return 1
  fi
  _openstack_credentials || return $?
  _info "Generate import pkcs12"
  _import_pkcs12="$(_mktemp)"
  if ! _openstack_to_pkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca"; then
    _err "Error creating pkcs12 certificate"
    return 1
  fi
  _debug _import_pkcs12 "$_import_pkcs12"
  _base64_pkcs12=$(_base64 "multiline" <"$_import_pkcs12")
  secretHrefs=$(_openstack_get_secrets)
  _debug secretHrefs "$secretHrefs"
  _openstack_store_secret || return $?
  if [ -n "$secretHrefs" ]; then
    _info "Cleaning up existing secret"
    _openstack_delete_secrets || return $?
  fi
  _info "Certificate successfully deployed"
  return 0
 }
 _openstack_store_secret() {
  if ! openstack secret store --name "$_cdomain." -t 'application/octet-stream' -e base64 --payload "$_base64_pkcs12"; then
    _err "Failed to create OpenStack secret"
    return 1
  fi
  return
 }
 _openstack_delete_secrets() {
  echo "$secretHrefs" | while read -r secretHref; do
    _info "Deleting old secret $secretHref"
    if ! openstack secret delete "$secretHref"; then
      _err "Failed to delete OpenStack secret"
      return 1
    fi
  done
  return
 }
 _openstack_get_secrets() {
  if ! secretHrefs=$(openstack secret list -f value --name "$_cdomain." | cut -d' ' -f1); then
    _err "Failed to list secrets"
    return 1
  fi
  echo "$secretHrefs"
 }
 _openstack_to_pkcs() {
  # The existing _toPkcs command can't allow an empty password, due to sh
  # -z test, so copied here and forcing the empty password.
  _cpfx="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  ${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca" -password "pass:"
 }
 _openstack_credentials() {
  _debug "Check OpenStack credentials"
  # If we have OS_AUTH_URL already set in the environment, then assume we want
  # to use those, otherwise use stored credentials
  if [ -n "$OS_AUTH_URL" ]; then
    _debug "OS_AUTH_URL env var found, using environment"
  else
    _debug "OS_AUTH_URL not found, loading stored credentials"
    OS_AUTH_URL="${OS_AUTH_URL:-$(_readaccountconf_mutable OS_AUTH_URL)}"
    OS_IDENTITY_API_VERSION="${OS_IDENTITY_API_VERSION:-$(_readaccountconf_mutable OS_IDENTITY_API_VERSION)}"
    OS_AUTH_TYPE="${OS_AUTH_TYPE:-$(_readaccountconf_mutable OS_AUTH_TYPE)}"
    OS_APPLICATION_CREDENTIAL_ID="${OS_APPLICATION_CREDENTIAL_ID:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID)}"
    OS_APPLICATION_CREDENTIAL_SECRET="${OS_APPLICATION_CREDENTIAL_SECRET:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET)}"
    OS_USERNAME="${OS_USERNAME:-$(_readaccountconf_mutable OS_USERNAME)}"
    OS_PASSWORD="${OS_PASSWORD:-$(_readaccountconf_mutable OS_PASSWORD)}"
    OS_PROJECT_NAME="${OS_PROJECT_NAME:-$(_readaccountconf_mutable OS_PROJECT_NAME)}"
    OS_PROJECT_ID="${OS_PROJECT_ID:-$(_readaccountconf_mutable OS_PROJECT_ID)}"
    OS_USER_DOMAIN_NAME="${OS_USER_DOMAIN_NAME:-$(_readaccountconf_mutable OS_USER_DOMAIN_NAME)}"
    OS_USER_DOMAIN_ID="${OS_USER_DOMAIN_ID:-$(_readaccountconf_mutable OS_USER_DOMAIN_ID)}"
    OS_PROJECT_DOMAIN_NAME="${OS_PROJECT_DOMAIN_NAME:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_NAME)}"
    OS_PROJECT_DOMAIN_ID="${OS_PROJECT_DOMAIN_ID:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_ID)}"
  fi
  # Check each var and either save or clear it depending on whether its set.
  # The helps us clear out old vars in the case where a user may want
  # to switch between password and app creds
  _debug "OS_AUTH_URL" "$OS_AUTH_URL"
  if [ -n "$OS_AUTH_URL" ]; then
    export OS_AUTH_URL
    _saveaccountconf_mutable OS_AUTH_URL "$OS_AUTH_URL"
  else
    unset OS_AUTH_URL
    _clearaccountconf SAVED_OS_AUTH_URL
  fi
  _debug "OS_IDENTITY_API_VERSION" "$OS_IDENTITY_API_VERSION"
  if [ -n "$OS_IDENTITY_API_VERSION" ]; then
    export OS_IDENTITY_API_VERSION
    _saveaccountconf_mutable OS_IDENTITY_API_VERSION "$OS_IDENTITY_API_VERSION"
  else
    unset OS_IDENTITY_API_VERSION
    _clearaccountconf SAVED_OS_IDENTITY_API_VERSION
  fi
  _debug "OS_AUTH_TYPE" "$OS_AUTH_TYPE"
  if [ -n "$OS_AUTH_TYPE" ]; then
    export OS_AUTH_TYPE
    _saveaccountconf_mutable OS_AUTH_TYPE "$OS_AUTH_TYPE"
  else
    unset OS_AUTH_TYPE
    _clearaccountconf SAVED_OS_AUTH_TYPE
  fi
  _debug "OS_APPLICATION_CREDENTIAL_ID" "$OS_APPLICATION_CREDENTIAL_ID"
  if [ -n "$OS_APPLICATION_CREDENTIAL_ID" ]; then
    export OS_APPLICATION_CREDENTIAL_ID
    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID "$OS_APPLICATION_CREDENTIAL_ID"
  else
    unset OS_APPLICATION_CREDENTIAL_ID
    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_ID
  fi
  _secure_debug "OS_APPLICATION_CREDENTIAL_SECRET" "$OS_APPLICATION_CREDENTIAL_SECRET"
  if [ -n "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
    export OS_APPLICATION_CREDENTIAL_SECRET
    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET "$OS_APPLICATION_CREDENTIAL_SECRET"
  else
    unset OS_APPLICATION_CREDENTIAL_SECRET
    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_SECRET
  fi
  _debug "OS_USERNAME" "$OS_USERNAME"
  if [ -n "$OS_USERNAME" ]; then
    export OS_USERNAME
    _saveaccountconf_mutable OS_USERNAME "$OS_USERNAME"
  else
    unset OS_USERNAME
    _clearaccountconf SAVED_OS_USERNAME
  fi
  _secure_debug "OS_PASSWORD" "$OS_PASSWORD"
  if [ -n "$OS_PASSWORD" ]; then
    export OS_PASSWORD
    _saveaccountconf_mutable OS_PASSWORD "$OS_PASSWORD"
  else
    unset OS_PASSWORD
    _clearaccountconf SAVED_OS_PASSWORD
  fi
  _debug "OS_PROJECT_NAME" "$OS_PROJECT_NAME"
  if [ -n "$OS_PROJECT_NAME" ]; then
    export OS_PROJECT_NAME
    _saveaccountconf_mutable OS_PROJECT_NAME "$OS_PROJECT_NAME"
  else
    unset OS_PROJECT_NAME
    _clearaccountconf SAVED_OS_PROJECT_NAME
  fi
  _debug "OS_PROJECT_ID" "$OS_PROJECT_ID"
  if [ -n "$OS_PROJECT_ID" ]; then
    export OS_PROJECT_ID
    _saveaccountconf_mutable OS_PROJECT_ID "$OS_PROJECT_ID"
  else
    unset OS_PROJECT_ID
    _clearaccountconf SAVED_OS_PROJECT_ID
  fi
  _debug "OS_USER_DOMAIN_NAME" "$OS_USER_DOMAIN_NAME"
  if [ -n "$OS_USER_DOMAIN_NAME" ]; then
    export OS_USER_DOMAIN_NAME
    _saveaccountconf_mutable OS_USER_DOMAIN_NAME "$OS_USER_DOMAIN_NAME"
  else
    unset OS_USER_DOMAIN_NAME
    _clearaccountconf SAVED_OS_USER_DOMAIN_NAME
  fi
  _debug "OS_USER_DOMAIN_ID" "$OS_USER_DOMAIN_ID"
  if [ -n "$OS_USER_DOMAIN_ID" ]; then
    export OS_USER_DOMAIN_ID
    _saveaccountconf_mutable OS_USER_DOMAIN_ID "$OS_USER_DOMAIN_ID"
  else
    unset OS_USER_DOMAIN_ID
    _clearaccountconf SAVED_OS_USER_DOMAIN_ID
  fi
  _debug "OS_PROJECT_DOMAIN_NAME" "$OS_PROJECT_DOMAIN_NAME"
  if [ -n "$OS_PROJECT_DOMAIN_NAME" ]; then
    export OS_PROJECT_DOMAIN_NAME
    _saveaccountconf_mutable OS_PROJECT_DOMAIN_NAME "$OS_PROJECT_DOMAIN_NAME"
  else
    unset OS_PROJECT_DOMAIN_NAME
    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_NAME
  fi
  _debug "OS_PROJECT_DOMAIN_ID" "$OS_PROJECT_DOMAIN_ID"
  if [ -n "$OS_PROJECT_DOMAIN_ID" ]; then
    export OS_PROJECT_DOMAIN_ID
    _saveaccountconf_mutable OS_PROJECT_DOMAIN_ID "$OS_PROJECT_DOMAIN_ID"
  else
    unset OS_PROJECT_DOMAIN_ID
    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_ID
  fi
  if [ "$OS_AUTH_TYPE" = "v3applicationcredential" ]; then
    # Application Credential auth
    if [ -z "$OS_APPLICATION_CREDENTIAL_ID" ] || [ -z "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
      _err "When using OpenStack application credentials, OS_APPLICATION_CREDENTIAL_ID"
      _err "and OS_APPLICATION_CREDENTIAL_SECRET must be set."
      _err "Please check your credentials and try again."
      return 1
    fi
  else
    # Password auth
    if [ -z "$OS_USERNAME" ] || [ -z "$OS_PASSWORD" ]; then
      _err "OpenStack username or password not found."
      _err "Please check your credentials and try again."
      return 1
    fi
    if [ -z "$OS_PROJECT_NAME" ] && [ -z "$OS_PROJECT_ID" ]; then
      _err "When using password authentication, OS_PROJECT_NAME or"
      _err "OS_PROJECT_ID must be set."
      _err "Please check your credentials and try again."
      return 1
    fi
  fi
  return 0
 }
--- a/deploy/panos.sh
+++ b/deploy/panos.sh
@ -47,24 +47,24 @@ deployer() {
    #Set Header
    export _H1="Content-Type: multipart/form-data; boundary=$delim"
    if [ "$type" = 'cert' ]; then
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\ncertificate"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
      panos_url="${panos_url}?type=import"
      content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
    fi
    if [ "$type" = 'key' ]; then
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\nprivate-key"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n\r\n123456"
      panos_url="${panos_url}?type=import"
      content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
    fi
    #Close multipart
    content="$content${nl}--$delim--${nl}"
    content="$content${nl}--$delim--${nl}${nl}"
    #Convert CRLF
    content=$(printf %b "$content")
  fi
--- a/deploy/qiniu.sh
+++ b/deploy/qiniu.sh
@ -6,6 +6,8 @@
 # export QINIU_AK="QINIUACCESSKEY"
 # export QINIU_SK="QINIUSECRETKEY"
 # export QINIU_CDN_DOMAIN="cdn.example.com"
 # If you have more than one domain, just
 # export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
 QINIU_API_BASE="https://api.qiniu.com"
@ -67,21 +69,23 @@ qiniu_deploy() {
  _debug certId "$_certId"
  ## update domain ssl config
  update_path="/domain/$QINIU_CDN_DOMAIN/httpsconf"
  update_body="{\"certid\":$_certId,\"forceHttps\":false}"
  for domain in $QINIU_CDN_DOMAIN; do
    update_path="/domain/$domain/httpsconf"
    update_access_token="$(_make_access_token "$update_path")"
    _debug update_access_token "$update_access_token"
    export _H1="Authorization: QBox $update_access_token"
    update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64 "multiline")
    if _contains "$update_response" "error"; then
    _err "Error in updating domain httpsconf:"
      _err "Error in updating domain $domain httpsconf:"
      _err "$update_response"
      return 1
    fi
    _debug update_response "$update_response"
  _info "Certificate successfully deployed"
    _info "Domain $domain certificate has been deployed successfully"
  done
  return 0
 }
--- a/deploy/ssh.sh
+++ b/deploy/ssh.sh
@ -12,7 +12,7 @@
 # Only a username is required.  All others are optional.
 #
 # The following examples are for QNAP NAS running QTS 4.2
 # export DEPLOY_SSH_CMD=""  # defaults to ssh
 # export DEPLOY_SSH_CMD=""  # defaults to "ssh -T"
 # export DEPLOY_SSH_USER="admin"  # required
 # export DEPLOY_SSH_SERVER="qnap"  # defaults to domain name
 # export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
@ -20,7 +20,9 @@
 # export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
 # export DEPLOY_SSH_FULLCHAIN=""
 # export DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
 # export DEPLOY_SSH_BACKUP=""  # yes or no, default to yes
 # export DEPLOY_SSH_BACKUP=""  # yes or no, default to yes or previously saved value
 # export DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy"  # path on remote system. Defaults to .acme_ssh_deploy
 # export DEPLOY_SSH_MULTI_CALL=""  # yes or no, default to no or previously saved value
 #
 ########  Public functions #####################
@ -31,10 +33,7 @@ ssh_deploy() {
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _cmdstr=""
  _homedir='~'
  _backupprefix="$_homedir/.acme_ssh_deploy/$_cdomain-backup"
  _backupdir="$_backupprefix-$(_utc_date | tr ' ' '-')"
  _deploy_ssh_servers=""
  if [ -f "$DOMAIN_CONF" ]; then
    # shellcheck disable=SC1090
@ -71,18 +70,74 @@ ssh_deploy() {
    Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD"
    _savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd"
  elif [ -z "$Le_Deploy_ssh_cmd" ]; then
    Le_Deploy_ssh_cmd="ssh"
    Le_Deploy_ssh_cmd="ssh -T"
  fi
  # BACKUP is optional. If not provided then default to yes
  # BACKUP is optional. If not provided then default to previously saved value or yes.
  if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then
    Le_Deploy_ssh_backup="no"
  elif [ -z "$Le_Deploy_ssh_backup" ]; then
  elif [ -z "$Le_Deploy_ssh_backup" ] || [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
    Le_Deploy_ssh_backup="yes"
  fi
  _savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup"
  # BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy
  if [ -n "$DEPLOY_SSH_BACKUP_PATH" ]; then
    Le_Deploy_ssh_backup_path="$DEPLOY_SSH_BACKUP_PATH"
  elif [ -z "$Le_Deploy_ssh_backup_path" ]; then
    Le_Deploy_ssh_backup_path=".acme_ssh_deploy"
  fi
  _savedomainconf Le_Deploy_ssh_backup_path "$Le_Deploy_ssh_backup_path"
  # MULTI_CALL is optional. If not provided then default to previously saved
  # value (which may be undefined... equivalent to "no").
  if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
    Le_Deploy_ssh_multi_call="yes"
    _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call"
  elif [ "$DEPLOY_SSH_MULTI_CALL" = "no" ]; then
    Le_Deploy_ssh_multi_call=""
    _cleardomainconf Le_Deploy_ssh_multi_call
  fi
  _deploy_ssh_servers=$Le_Deploy_ssh_server
  for Le_Deploy_ssh_server in $_deploy_ssh_servers; do
    _ssh_deploy
  done
 }
 _ssh_deploy() {
  _err_code=0
  _cmdstr=""
  _backupprefix=""
  _backupdir=""
  _info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server"
  if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
    _info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host"
  else
    _info "Required commands batched and sent in single call to remote host"
  fi
  if [ "$Le_Deploy_ssh_backup" = "yes" ]; then
    _backupprefix="$Le_Deploy_ssh_backup_path/$_cdomain-backup"
    _backupdir="$_backupprefix-$(_utc_date | tr ' ' '-')"
    # run cleanup on the backup directory, erase all older
    # than 180 days (15552000 seconds).
    _cmdstr="{ now=\"\$(date -u +%s)\"; for fn in $_backupprefix*; \
 do if [ -d \"\$fn\" ] && [ \"\$(expr \$now - \$(date -ur \$fn +%s) )\" -ge \"15552000\" ]; \
 then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; done; }; $_cmdstr"
    # Alternate version of above... _cmdstr="find $_backupprefix* -type d -mtime +180 2>/dev/null | xargs rm -rf; $_cmdstr"
    # Create our backup directory for overwritten cert files.
    _cmdstr="mkdir -p $_backupdir; $_cmdstr"
    _info "Backup of old certificate files will be placed in remote directory $_backupdir"
    _info "Backup directories erased after 180 days."
    if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
      if ! _ssh_remote_cmd "$_cmdstr"; then
        return $_err_code
      fi
      _cmdstr=""
    fi
  fi
  # KEYFILE is optional.
  # If provided then private key will be copied to provided filename.
@ -98,6 +153,12 @@ ssh_deploy() {
    # copy new certificate into file.
    _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile;"
    _info "will copy private key to remote file $Le_Deploy_ssh_keyfile"
    if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
      if ! _ssh_remote_cmd "$_cmdstr"; then
        return $_err_code
      fi
      _cmdstr=""
    fi
  fi
  # CERTFILE is optional.
@ -118,6 +179,12 @@ ssh_deploy() {
    # copy new certificate into file.
    _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile;"
    _info "will copy certificate to remote file $Le_Deploy_ssh_certfile"
    if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
      if ! _ssh_remote_cmd "$_cmdstr"; then
        return $_err_code
      fi
      _cmdstr=""
    fi
  fi
  # CAFILE is optional.
@ -128,8 +195,8 @@ ssh_deploy() {
  fi
  if [ -n "$Le_Deploy_ssh_cafile" ]; then
    _pipe=">"
    if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] \
      || [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
    if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] ||
      [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
      # if filename is same as previous file then append.
      _pipe=">>"
    elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
@ -139,6 +206,12 @@ ssh_deploy() {
    # copy new certificate into file.
    _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile;"
    _info "will copy CA file to remote file $Le_Deploy_ssh_cafile"
    if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
      if ! _ssh_remote_cmd "$_cmdstr"; then
        return $_err_code
      fi
      _cmdstr=""
    fi
  fi
  # FULLCHAIN is optional.
@ -149,9 +222,9 @@ ssh_deploy() {
  fi
  if [ -n "$Le_Deploy_ssh_fullchain" ]; then
    _pipe=">"
    if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] \
      || [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] \
      || [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
    if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] ||
      [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] ||
      [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
      # if filename is same as previous file then append.
      _pipe=">>"
    elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
@ -161,6 +234,12 @@ ssh_deploy() {
    # copy new certificate into file.
    _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain;"
    _info "will copy fullchain to remote file $Le_Deploy_ssh_fullchain"
    if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
      if ! _ssh_remote_cmd "$_cmdstr"; then
        return $_err_code
      fi
      _cmdstr=""
    fi
  fi
  # REMOTE_CMD is optional.
@ -172,34 +251,36 @@ ssh_deploy() {
  if [ -n "$Le_Deploy_ssh_remote_cmd" ]; then
    _cmdstr="$_cmdstr $Le_Deploy_ssh_remote_cmd;"
    _info "Will execute remote command $Le_Deploy_ssh_remote_cmd"
    if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
      if ! _ssh_remote_cmd "$_cmdstr"; then
        return $_err_code
      fi
      _cmdstr=""
    fi
  fi
  if [ -z "$_cmdstr" ]; then
    _err "No remote commands to excute. Failed to deploy certificates to remote server"
    return 1
  elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
    # run cleanup on the backup directory, erase all older
    # than 180 days (15552000 seconds).
    _cmdstr="{ now=\"\$(date -u +%s)\"; for fn in $_backupprefix*; \
 do if [ -d \"\$fn\" ] && [ \"\$(expr \$now - \$(date -ur \$fn +%s) )\" -ge \"15552000\" ]; \
 then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; done; }; $_cmdstr"
    # Alternate version of above... _cmdstr="find $_backupprefix* -type d -mtime +180 2>/dev/null | xargs rm -rf; $_cmdstr"
    # Create our backup directory for overwritten cert files.
    _cmdstr="mkdir -p $_backupdir; $_cmdstr"
    _info "Backup of old certificate files will be placed in remote directory $_backupdir"
    _info "Backup directories erased after 180 days."
  # if commands not all sent in multiple calls then all commands sent in a single SSH call now...
  if [ -n "$_cmdstr" ]; then
    if ! _ssh_remote_cmd "$_cmdstr"; then
      return $_err_code
    fi
  fi
  return 0
 }
  _secure_debug "Remote commands to execute: " "$_cmdstr"
 #cmd
 _ssh_remote_cmd() {
  _cmd="$1"
  _secure_debug "Remote commands to execute: $_cmd"
  _info "Submitting sequence of commands to remote server by ssh"
  # quotations in bash cmd below intended.  Squash travis spellcheck error
  # shellcheck disable=SC2029
  $Le_Deploy_ssh_cmd -T "$Le_Deploy_ssh_user@$Le_Deploy_ssh_server" sh -c "'$_cmdstr'"
  _ret="$?"
  $Le_Deploy_ssh_cmd "$Le_Deploy_ssh_user@$Le_Deploy_ssh_server" sh -c "'$_cmd'"
  _err_code="$?"
  if [ "$_ret" != "0" ]; then
    _err "Error code $_ret returned from $Le_Deploy_ssh_cmd"
  if [ "$_err_code" != "0" ]; then
    _err "Error code $_err_code returned from ssh"
  fi
  return $_ret
  return $_err_code
 }
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@ -15,13 +15,14 @@
 # SYNO_Scheme - defaults to http
 # SYNO_Hostname - defaults to localhost
 # SYNO_Port - defaults to 5000
 # SYNO_DID - device ID to skip OTP - defaults to empty
 #
 #returns 0 means success, otherwise error.
 ########  Public functions #####################
 _syno_get_cookie_data() {
  grep "\W$1=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
  grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
 }
 #domain keyfile certfile cafile fullchain
@ -38,9 +39,8 @@ synology_dsm_deploy() {
  _getdeployconf SYNO_Username
  _getdeployconf SYNO_Password
  _getdeployconf SYNO_Create
  if [ -z "$SYNO_Username" ] || [ -z "$SYNO_Password" ]; then
    SYNO_Username=""
    SYNO_Password=""
  _getdeployconf SYNO_DID
  if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then
    _err "SYNO_Username & SYNO_Password must be set"
    return 1
  fi
@ -68,20 +68,20 @@ synology_dsm_deploy() {
  # Get the certificate description, but don't save it until we verfiy it's real
  _getdeployconf SYNO_Certificate
  if [ -z "${SYNO_Certificate:?}" ]; then
    _err "SYNO_Certificate needs to be defined (with the Certificate description name)"
    return 1
  fi
  _debug SYNO_Certificate "$SYNO_Certificate"
  _debug SYNO_Certificate "${SYNO_Certificate:-}"
  _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
  _debug _base_url "$_base_url"
  # Login, get the token from JSON and session id from cookie
  _info "Logging into $SYNO_Hostname:$SYNO_Port"
  response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes")
  token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
  encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
  encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
  encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)"
  response=$(_get "$_base_url/webman/login.cgi?username=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_id=$encoded_did" 1)
  token=$(echo "$response" | grep -i "X-SYNO-TOKEN:" | sed -n 's/^X-SYNO-TOKEN: \(.*\)$/\1/pI' | tr -d "\r\n")
  _debug3 response "$response"
  _debug token "$token"
  if [ -z "$token" ]; then
    _err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
@ -89,7 +89,7 @@ synology_dsm_deploy() {
    return 1
  fi
  _H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")"
  _H1="Cookie: $(echo "$response" | _syno_get_cookie_data "id"); $(echo "$response" | _syno_get_cookie_data "smid")"
  _H2="X-SYNO-TOKEN: $token"
  export _H1
  export _H2
@ -99,7 +99,7 @@ synology_dsm_deploy() {
  # Now that we know the username and password are good, save them
  _savedeployconf SYNO_Username "$SYNO_Username"
  _savedeployconf SYNO_Password "$SYNO_Password"
  _debug token "$token"
  _savedeployconf SYNO_DID "$SYNO_DID"
  _info "Getting certificates in Synology DSM"
  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi")
@ -107,7 +107,7 @@ synology_dsm_deploy() {
  id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
  _debug2 id "$id"
  if [ -z "$id" ] && [ -z "${SYNO_Create:?}" ]; then
  if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then
    _err "Unable to find certificate: $SYNO_Certificate and \$SYNO_Create is not set"
    return 1
  fi
@ -122,11 +122,11 @@ synology_dsm_deploy() {
  _debug2 default "$default"
  _info "Generate form POST request"
  nl="\015\012"
  nl="\0015\0012"
  delim="--------------------------$(_utc_date | tr -d -- '-: ')"
  content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\012"
  content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}${default}"
--- a/deploy/vault.sh
+++ b/deploy/vault.sh
@ -0,0 +1,67 @@
 #!/usr/bin/env sh
 # Here is a script to deploy cert to hashicorp vault using curl
 # (https://www.vaultproject.io/)
 #
 # it requires following environment variables:
 #
 # VAULT_PREFIX - this contains the prefix path in vault
 # VAULT_ADDR - vault requires this to find your vault server
 #
 # additionally, you need to ensure that VAULT_TOKEN is avialable
 # to access the vault server
 #returns 0 means success, otherwise error.
 ########  Public functions #####################
 #domain keyfile certfile cafile fullchain
 vault_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"
  # validate required env vars
  _getdeployconf VAULT_PREFIX
  if [ -z "$VAULT_PREFIX" ]; then
    _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
    return 1
  fi
  _savedeployconf VAULT_PREFIX "$VAULT_PREFIX"
  _getdeployconf VAULT_ADDR
  if [ -z "$VAULT_ADDR" ]; then
    _err "VAULT_ADDR needs to be defined (contains vault connection address)"
    return 1
  fi
  _savedeployconf VAULT_ADDR "$VAULT_ADDR"
  # JSON does not allow multiline strings.
  # So replacing new-lines with "\n" here
  _ckey=$(sed -z 's/\n/\\n/g' <"$2")
  _ccert=$(sed -z 's/\n/\\n/g' <"$3")
  _cca=$(sed -z 's/\n/\\n/g' <"$4")
  _cfullchain=$(sed -z 's/\n/\\n/g' <"$5")
  URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain"
  export _H1="X-Vault-Token: $VAULT_TOKEN"
  if [ -n "$FABIO" ]; then
    _post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL"
  else
    _post "{\"value\": \"$_ccert\"}" "$URL/cert.pem"
    _post "{\"value\": \"$_ckey\"}" "$URL/cert.key"
    _post "{\"value\": \"$_cca\"}" "$URL/chain.pem"
    _post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem"
  fi
 }
--- a/deploy/vault_cli.sh
+++ b/deploy/vault_cli.sh
@ -43,7 +43,7 @@ vault_cli_deploy() {
    return 1
  fi
  VAULT_CMD=$(which vault)
  VAULT_CMD=$(command -v vault)
  if [ ! $? ]; then
    _err "cannot find vault binary!"
    return 1
--- a/deploy/vsftpd.sh
+++ b/deploy/vsftpd.sh
@ -65,9 +65,9 @@ vsftpd_deploy() {
    cp "$_vsftpd_conf" "$_backup_conf"
    _info "Modify vsftpd conf: $_vsftpd_conf"
    if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" \
      && _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" \
      && _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
    if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" &&
      _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" &&
      _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
      _info "Set config success!"
    else
      _err "Config vsftpd server error, please report bug to us."
--- a/dnsapi/dns_1984hosting.sh
+++ b/dnsapi/dns_1984hosting.sh
@ -0,0 +1,236 @@
 #!/usr/bin/env sh
 #This file name is "dns_1984hosting.sh"
 #So, here must be a method dns_1984hosting_add()
 #Which will be called by acme.sh to add the txt record to your api system.
 #returns 0 means success, otherwise error.
 #Author: Adrian Fedoreanu
 #Report Bugs here: https://github.com/acmesh-official/acme.sh
 # or here... https://github.com/acmesh-official/acme.sh/issues/2851
 #
 ########  Public functions #####################
 # Export 1984HOSTING username and password in following variables
 #
 #  One984HOSTING_Username=username
 #  One984HOSTING_Password=password
 #
 # sessionid cookie is saved in ~/.acme.sh/account.conf
 # username/password need to be set only when changed.
 #Usage: dns_1984hosting_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_1984hosting_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Add TXT record using 1984Hosting"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  if ! _1984hosting_login; then
    _err "1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file"
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain" "$fulldomain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Add TXT record $fulldomain with value '$txtvalue'"
  value="$(printf '%s' "$txtvalue" | _url_encode)"
  url="https://management.1984hosting.com/domains/entry/"
  postdata="entry=new"
  postdata="$postdata&type=TXT"
  postdata="$postdata&ttl=3600"
  postdata="$postdata&zone=$_domain"
  postdata="$postdata&host=$_sub_domain"
  postdata="$postdata&rdata=%22$value%22"
  _debug2 postdata "$postdata"
  _authpost "$postdata" "$url"
  response="$(echo "$_response" | _normalizeJson)"
  _debug2 response "$response"
  if _contains "$response" '"haserrors": true'; then
    _err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
    return 1
  elif _contains "$response" "<html>"; then
    _err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
    return 1
  elif _contains "$response" '"auth": false'; then
    _err "1984Hosting failed to add TXT record for $_sub_domain. Invalid or expired cookie"
    return 1
  fi
  _info "Added acme challenge TXT record for $fulldomain at 1984Hosting"
  return 0
 }
 #Usage: fulldomain txtvalue
 #Remove the txt record after validation.
 dns_1984hosting_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Delete TXT record using 1984Hosting"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  if ! _1984hosting_login; then
    _err "1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file"
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain" "$fulldomain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Delete $fulldomain TXT record"
  url="https://management.1984hosting.com/domains"
  _htmlget "$url" "$_domain"
  _debug2 _response "$_response"
  zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')"
  _debug2 zone_id "$zone_id"
  if [ -z "$zone_id" ]; then
    _err "Error getting zone_id for $1"
    return 1
  fi
  _htmlget "$url/$zone_id" "$_sub_domain"
  _debug2 _response "$_response"
  entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')"
  _debug2 entry_id "$entry_id"
  if [ -z "$entry_id" ]; then
    _err "Error getting TXT entry_id for $1"
    return 1
  fi
  _authpost "entry=$entry_id" "$url/delentry/"
  response="$(echo "$_response" | _normalizeJson)"
  _debug2 response "$response"
  if ! _contains "$response" '"ok": true'; then
    _err "1984Hosting failed to delete TXT record for $entry_id bad RC from _post"
    return 1
  fi
  _info "Deleted acme challenge TXT record for $fulldomain at 1984Hosting"
  return 0
 }
 ####################  Private functions below ##################################
 # usage: _1984hosting_login username password
 # returns 0 success
 _1984hosting_login() {
  if ! _check_credentials; then return 1; fi
  if _check_cookie; then
    _debug "Already logged in"
    return 0
  fi
  _debug "Login to 1984Hosting as user $One984HOSTING_Username"
  username=$(printf '%s' "$One984HOSTING_Username" | _url_encode)
  password=$(printf '%s' "$One984HOSTING_Password" | _url_encode)
  url="https://management.1984hosting.com/accounts/checkuserauth/"
  response="$(_post "username=$username&password=$password&otpkey=" "$url")"
  response="$(echo "$response" | _normalizeJson)"
  _debug2 response "$response"
  if _contains "$response" '"loggedin": true'; then
    One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _tail_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
    export One984HOSTING_COOKIE
    _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE"
    return 0
  fi
  return 1
 }
 _check_credentials() {
  if [ -z "$One984HOSTING_Username" ] || [ -z "$One984HOSTING_Password" ]; then
    One984HOSTING_Username=""
    One984HOSTING_Password=""
    _err "You haven't specified 1984Hosting username or password yet."
    _err "Please export as One984HOSTING_Username / One984HOSTING_Password and try again."
    return 1
  fi
  return 0
 }
 _check_cookie() {
  One984HOSTING_COOKIE="${One984HOSTING_COOKIE:-$(_readaccountconf_mutable One984HOSTING_COOKIE)}"
  if [ -z "$One984HOSTING_COOKIE" ]; then
    _debug "No cached cookie found"
    return 1
  fi
  _authget "https://management.1984hosting.com/accounts/loginstatus/"
  response="$(echo "$_response" | _normalizeJson)"
  if _contains "$response" '"ok": true'; then
    _debug "Cached cookie still valid"
    return 0
  fi
  _debug "Cached cookie no longer valid"
  One984HOSTING_COOKIE=""
  _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE"
  return 1
 }
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 _get_root() {
  domain="$1"
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    _authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
    if _contains "$_response" "serial"; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      return 0
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 # add extra headers to request
 _authget() {
  export _H1="Cookie: $One984HOSTING_COOKIE"
  _response=$(_get "$1")
 }
 # truncate huge HTML response
 # echo: Argument list too long
 _htmlget() {
  export _H1="Cookie: $One984HOSTING_COOKIE"
  _response=$(_get "$1" | grep "$2" | _head_n 1)
 }
 # add extra headers to request
 _authpost() {
  export _H1="Cookie: $One984HOSTING_COOKIE"
  _response=$(_post "$1" "$2")
 }
--- a/dnsapi/dns_ali.sh
+++ b/dnsapi/dns_ali.sh
@ -181,6 +181,7 @@ _describe_records_query() {
 _clean() {
  _check_exist_query "$_domain" "$_sub_domain"
  # do not correct grammar here
  if ! _ali_rest "Check exist records" "ignore"; then
    return 1
  fi
--- a/dnsapi/dns_anx.sh
+++ b/dnsapi/dns_anx.sh
@ -0,0 +1,150 @@
 #!/usr/bin/env sh
 # Anexia CloudDNS acme.sh hook
 # Author: MA
 #ANX_Token="xxxx"
 ANX_API='https://engine.anexia-it.com/api/clouddns/v1'
 ########  Public functions #####################
 dns_anx_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using ANX CDNS API"
  ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  if [ "$ANX_Token" ]; then
    _saveaccountconf_mutable ANX_Token "$ANX_Token"
  else
    _err "You didn't specify a ANEXIA Engine API token."
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  # Always add records, wildcard need two records with the same name
  _anx_rest POST "zone.json/${_domain}/records" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"rdata\":\"$txtvalue\"}"
  if _contains "$response" "$txtvalue"; then
    return 0
  else
    return 1
  fi
 }
 dns_anx_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Using ANX CDNS API"
  ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _get_record_id
  if _is_uuid "$_record_id"; then
    if ! _anx_rest DELETE "zone.json/${_domain}/records/$_record_id"; then
      _err "Delete record"
      return 1
    fi
  else
    _info "No record found."
  fi
  echo "$response" | tr -d " " | grep \"status\":\"OK\" >/dev/null
 }
 ####################  Private functions below ##################################
 _is_uuid() {
  pattern='^\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\}?$'
  if echo "$1" | _egrep_o "$pattern" >/dev/null; then
    return 0
  fi
  return 1
 }
 _get_record_id() {
  _debug subdomain "$_sub_domain"
  _debug domain "$_domain"
  if _anx_rest GET "zone.json/${_domain}/records?name=$_sub_domain&type=TXT"; then
    _debug response "$response"
    if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then
      _record_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"identifier\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
    else
      _record_id=''
    fi
  else
    _err "Search existing record"
  fi
 }
 _anx_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"
  export _H1="Content-Type: application/json"
  export _H2="Authorization: Token $ANX_Token"
  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "${ANX_API}/$ep" "" "$m")"
  else
    response="$(_get "${ANX_API}/$ep")"
  fi
  # shellcheck disable=SC2181
  if [ "$?" != "0" ]; then
    _err "error $ep"
    return 1
  fi
  _debug response "$response"
  return 0
 }
 _get_root() {
  domain=$1
  i=1
  p=1
  _anx_rest GET "zone.json"
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if _contains "$response" "\"name\":\"$h\""; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain=$h
      return 0
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
--- a/dnsapi/dns_arvan.sh
+++ b/dnsapi/dns_arvan.sh
@ -0,0 +1,163 @@
 #!/usr/bin/env sh
 #Arvan_Token="xxxx"
 ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains"
 #Author: Ehsan Aliakbar
 #Report Bugs here: https://github.com/Neilpang/acme.sh
 #
 ########  Public functions #####################
 #Usage: dns_arvan_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_arvan_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using Arvan"
  Arvan_Token="${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}"
  if [ -z "$Arvan_Token" ]; then
    _err "You didn't specify \"Arvan_Token\" token yet."
    _err "You can get yours from here https://npanel.arvancloud.com/profile/api-keys"
    return 1
  fi
  #save the api token to the account conf file.
  _saveaccountconf_mutable Arvan_Token "$Arvan_Token"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _info "Adding record"
  if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then
    if _contains "$response" "$txtvalue"; then
      _info "Added, OK"
      return 0
    elif _contains "$response" "Record Data is Duplicated"; then
      _info "Already exists, OK"
      return 0
    else
      _err "Add txt record error."
      return 1
    fi
  fi
  _err "Add txt record error."
  return 1
 }
 #Usage: fulldomain txtvalue
 #Remove the txt record after validation.
 dns_arvan_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Using Arvan"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  Arvan_Token="${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Getting txt records"
  shorted_txtvalue=$(printf "%s" "$txtvalue" | cut -d "-" -d "_" -f1)
  _arvan_rest GET "${_domain}/dns-records?search=$shorted_txtvalue"
  if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then
    _err "Error on Arvan Api"
    _err "Please create a github issue with debbug log"
    return 1
  fi
  count=$(printf "%s\n" "$response" | _egrep_o "\"total\":[^,]*" | cut -d : -f 2)
  _debug count "$count"
  if [ "$count" = "0" ]; then
    _info "Don't need to remove."
  else
    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
    _debug "record_id" "$record_id"
    if [ -z "$record_id" ]; then
      _err "Can not get record id to remove."
      return 1
    fi
    if ! _arvan_rest "DELETE" "${_domain}/dns-records/$record_id"; then
      _err "Delete record error."
      return 1
    fi
    _debug "$response"
    _contains "$response" 'dns record deleted'
  fi
 }
 ####################  Private functions below ##################################
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 # _domain_id=sdjkglgdfewsdfg
 _get_root() {
  domain=$1
  i=1
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if ! _arvan_rest GET "?search=$h"; then
      return 1
    fi
    if _contains "$response" "\"domain\":\"$h\"" || _contains "$response" '"total":1'; then
      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 _arvan_rest() {
  mtd="$1"
  ep="$2"
  data="$3"
  token_trimmed=$(echo "$Arvan_Token" | tr -d '"')
  export _H1="Authorization: $token_trimmed"
  if [ "$mtd" = "DELETE" ]; then
    #DELETE Request shouldn't have Content-Type
    _debug data "$data"
    response="$(_post "$data" "$ARVAN_API_URL/$ep" "" "$mtd")"
  elif [ "$mtd" = "POST" ]; then
    export _H2="Content-Type: application/json"
    _debug data "$data"
    response="$(_post "$data" "$ARVAN_API_URL/$ep" "" "$mtd")"
  else
    response="$(_get "$ARVAN_API_URL/$ep$data")"
  fi
 }
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@ -23,6 +23,7 @@ dns_aws_add() {
  AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
  AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
  AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
  if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
    _use_container_role || _use_instance_role
@ -40,6 +41,7 @@ dns_aws_add() {
  if [ -z "$_using_role" ]; then
    _saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
    _saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
    _saveaccountconf_mutable AWS_DNS_SLOWRATE "$AWS_DNS_SLOWRATE"
  fi
  _debug "First detect the root zone"
@ -77,7 +79,13 @@ dns_aws_add() {
  if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
    _info "TXT record updated successfully."
    if [ -n "$AWS_DNS_SLOWRATE" ]; then
      _info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
      _sleep "$AWS_DNS_SLOWRATE"
    else
      _sleep 1
    fi
    return 0
  fi
  _sleep 1
@ -91,6 +99,7 @@ dns_aws_rm() {
  AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
  AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
  AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
  if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
    _use_container_role || _use_instance_role
@ -125,7 +134,13 @@ dns_aws_rm() {
  if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
    _info "TXT record deleted successfully."
    if [ -n "$AWS_DNS_SLOWRATE" ]; then
      _info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
      _sleep "$AWS_DNS_SLOWRATE"
    else
      _sleep 1
    fi
    return 0
  fi
  _sleep 1
@ -207,10 +222,10 @@ _use_instance_role() {
 _use_metadata() {
  _aws_creds="$(
    _get "$1" "" 1 \
      | _normalizeJson \
      | tr '{,}' '\n' \
      | while read -r _line; do
    _get "$1" "" 1 |
      _normalizeJson |
      tr '{,}' '\n' |
      while read -r _line; do
        _key="$(echo "${_line%%:*}" | tr -d '"')"
        _value="${_line#*:}"
        _debug3 "_key" "$_key"
@ -220,8 +235,8 @@ _use_metadata() {
        SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;;
        Token) echo "AWS_SESSION_TOKEN=$_value" ;;
        esac
      done \
        | paste -sd' ' -
      done |
      paste -sd' ' -
  )"
  _secure_debug "_aws_creds" "$_aws_creds"
--- a/dnsapi/dns_azure.sh
+++ b/dnsapi/dns_azure.sh
@ -172,7 +172,7 @@ dns_azure_rm() {
  _azure_rest GET "$acmeRecordURI" "" "$accesstoken"
  timestamp="$(_time)"
  if [ "$_code" = "200" ]; then
    vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v "$txtvalue")"
    vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v -- "$txtvalue")"
    values=""
    comma=""
    for v in $vlist; do
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@ -59,7 +59,7 @@ dns_cf_add() {
  _debug "Getting txt records"
  _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
  if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
  if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
    _err "Error"
    return 1
  fi
@ -94,6 +94,7 @@ dns_cf_rm() {
  CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
  CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
@ -109,17 +110,17 @@ dns_cf_rm() {
  _debug "Getting txt records"
  _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
  if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
    _err "Error"
  if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
    _err "Error: $response"
    return 1
  fi
  count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ")
  _debug count "$count"
  if [ "$count" = "0" ]; then
    _info "Don't need to remove."
  else
    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
    record_id=$(echo "$response" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
    _debug "record_id" "$record_id"
    if [ -z "$record_id" ]; then
      _err "Can not get record id to remove."
@ -129,7 +130,7 @@ dns_cf_rm() {
      _err "Delete record error."
      return 1
    fi
    _contains "$response" '"success":true'
    echo "$response" | tr -d " " | grep \"success\":true >/dev/null
  fi
 }
@ -150,8 +151,8 @@ _get_root() {
    if ! _cf_rest GET "zones/$CF_Zone_ID"; then
      return 1
    else
      if _contains "$response" '"success":true'; then
        _domain=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
      if echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
        _domain=$(echo "$response" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
        if [ "$_domain" ]; then
          _cutlength=$((${#domain} - ${#_domain} - 1))
          _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
@ -185,7 +186,7 @@ _get_root() {
    fi
    if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
--- a/dnsapi/dns_cloudns.sh
+++ b/dnsapi/dns_cloudns.sh
@ -69,7 +69,7 @@ dns_cloudns_rm() {
  for i in $(echo "$response" | tr '{' "\n" | grep "$record"); do
    record_id=$(echo "$i" | tr ',' "\n" | grep -E '^"id"' | sed -re 's/^\"id\"\:\"([0-9]+)\"$/\1/g')
    if [ ! -z "$record_id" ]; then
    if [ -n "$record_id" ]; then
      _debug zone "$zone"
      _debug host "$host"
      _debug record "$record"
@ -91,7 +91,7 @@ dns_cloudns_rm() {
 ####################  Private functions below ##################################
 _dns_cloudns_init_check() {
  if [ ! -z "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then
  if [ -n "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then
    return 0
  fi
@ -164,7 +164,7 @@ _dns_cloudns_http_api_call() {
  _debug CLOUDNS_SUB_AUTH_ID "$CLOUDNS_SUB_AUTH_ID"
  _debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD"
  if [ ! -z "$CLOUDNS_SUB_AUTH_ID" ]; then
  if [ -n "$CLOUDNS_SUB_AUTH_ID" ]; then
    auth_user="sub-auth-id=$CLOUDNS_SUB_AUTH_ID"
  else
    auth_user="auth-id=$CLOUDNS_AUTH_ID"
--- a/dnsapi/dns_conoha.sh
+++ b/dnsapi/dns_conoha.sh
@ -115,9 +115,9 @@ dns_conoha_rm() {
    return 1
  fi
  record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' \
    | grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" \
    | _head_n 1 | cut -d : -f 2 | tr -d \")
  record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
    grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
    _head_n 1 | cut -d : -f 2 | tr -d \")
  if [ -z "$record_id" ]; then
    _err "Can not get record id to remove."
    return 1
--- a/dnsapi/dns_constellix.sh
+++ b/dnsapi/dns_constellix.sh
@ -86,12 +86,12 @@ _get_root() {
      return 1
    fi
    if ! _constellix_rest GET "domains"; then
    if ! _constellix_rest GET "domains/search?exact=$h"; then
      return 1
    fi
    if _contains "$response" "\"name\":\"$h\""; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | head -n 1 | cut -d ':' -f 2 | tr -d '}')
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]+" | cut -d ':' -f 2)
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p)
        _domain="$h"
--- a/dnsapi/dns_cyon.sh
+++ b/dnsapi/dns_cyon.sh
@ -18,23 +18,23 @@
 ########
 dns_cyon_add() {
  _cyon_load_credentials \
    && _cyon_load_parameters "$@" \
    && _cyon_print_header "add" \
    && _cyon_login \
    && _cyon_change_domain_env \
    && _cyon_add_txt \
    && _cyon_logout
  _cyon_load_credentials &&
    _cyon_load_parameters "$@" &&
    _cyon_print_header "add" &&
    _cyon_login &&
    _cyon_change_domain_env &&
    _cyon_add_txt &&
    _cyon_logout
 }
 dns_cyon_rm() {
  _cyon_load_credentials \
    && _cyon_load_parameters "$@" \
    && _cyon_print_header "delete" \
    && _cyon_login \
    && _cyon_change_domain_env \
    && _cyon_delete_txt \
    && _cyon_logout
  _cyon_load_credentials &&
    _cyon_load_parameters "$@" &&
    _cyon_print_header "delete" &&
    _cyon_login &&
    _cyon_change_domain_env &&
    _cyon_delete_txt &&
    _cyon_logout
 }
 #########################
@ -66,7 +66,7 @@ _cyon_load_credentials() {
  _debug "Save credentials to account.conf"
  _saveaccountconf CY_Username "${CY_Username}"
  _saveaccountconf CY_Password_B64 "$CY_Password_B64"
  if [ ! -z "${CY_OTP_Secret}" ]; then
  if [ -n "${CY_OTP_Secret}" ]; then
    _saveaccountconf CY_OTP_Secret "$CY_OTP_Secret"
  else
    _clearaccountconf CY_OTP_Secret
@ -164,7 +164,7 @@ _cyon_login() {
  # todo: instead of just checking if the env variable is defined, check if we actually need to do a 2FA auth request.
  # 2FA authentication with OTP?
  if [ ! -z "${CY_OTP_Secret}" ]; then
  if [ -n "${CY_OTP_Secret}" ]; then
    _info "  - Authorising with OTP code..."
    if ! _exists oathtool; then
--- a/dnsapi/dns_ddnss.sh
+++ b/dnsapi/dns_ddnss.sh
@ -119,7 +119,7 @@ _ddnss_rest() {
  # DDNSS uses GET to update domain info
  if [ "$method" = "GET" ]; then
    response="$(_get "$url" | sed 's/<[a-zA-Z\/][^>]*>//g' | _tail_n 1)"
    response="$(_get "$url" | sed 's/<[a-zA-Z\/][^>]*>//g' | tr -s "\n" | _tail_n 1)"
  else
    _err "Unsupported method"
    return 1
--- a/dnsapi/dns_df.sh
+++ b/dnsapi/dns_df.sh
@ -0,0 +1,65 @@
 #!/usr/bin/env sh
 ########################################################################
 # https://dyndnsfree.de hook script for acme.sh
 #
 # Environment variables:
 #
 #  - $DF_user      (your dyndnsfree.de username)
 #  - $DF_password  (your dyndnsfree.de password)
 #
 # Author: Thilo Gass <thilo.gass@gmail.com>
 # Git repo: https://github.com/ThiloGa/acme.sh
 #-- dns_df_add() - Add TXT record --------------------------------------
 # Usage: dns_df_add _acme-challenge.subdomain.domain.com "XyZ123..."
 dyndnsfree_api="https://dynup.de/acme.php"
 dns_df_add() {
  fulldomain=$1
  txt_value=$2
  _info "Using DNS-01 dyndnsfree.de hook"
  DF_user="${DF_user:-$(_readaccountconf_mutable DF_user)}"
  DF_password="${DF_password:-$(_readaccountconf_mutable DF_password)}"
  if [ -z "$DF_user" ] || [ -z "$DF_password" ]; then
    DF_user=""
    DF_password=""
    _err "No auth details provided. Please set user credentials using the \$DF_user and \$DF_password environment variables."
    return 1
  fi
  #save the api user and password to the account conf file.
  _debug "Save user and password"
  _saveaccountconf_mutable DF_user "$DF_user"
  _saveaccountconf_mutable DF_password "$DF_password"
  domain="$(printf "%s" "$fulldomain" | cut -d"." -f2-)"
  get="$dyndnsfree_api?username=$DF_user&password=$DF_password&hostname=$domain&add_hostname=$fulldomain&txt=$txt_value"
  if ! erg="$(_get "$get")"; then
    _err "error Adding $fulldomain TXT: $txt_value"
    return 1
  fi
  if _contains "$erg" "success"; then
    _info "Success, TXT Added, OK"
  else
    _err "error Adding $fulldomain TXT: $txt_value erg: $erg"
    return 1
  fi
  _debug "ok Auto $fulldomain TXT: $txt_value erg: $erg"
  return 0
 }
 dns_df_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "TXT enrty in $fulldomain is deleted automatically"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
 }
--- a/dnsapi/dns_dgon.sh
+++ b/dnsapi/dns_dgon.sh
@ -22,7 +22,7 @@ dns_dgon_add() {
  txtvalue=$2
  DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
  # Check if API Key Exist
  # Check if API Key Exists
  if [ -z "$DO_API_KEY" ]; then
    DO_API_KEY=""
    _err "You did not specify DigitalOcean API key."
@ -77,7 +77,7 @@ dns_dgon_rm() {
  txtvalue=$2
  DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
  # Check if API Key Exist
  # Check if API Key Exists
  if [ -z "$DO_API_KEY" ]; then
    DO_API_KEY=""
    _err "You did not specify DigitalOcean API key."
@ -122,12 +122,12 @@ dns_dgon_rm() {
    ## check for what we are looking for: "type":"A","name":"$_sub_domain"
    record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
    if [ ! -z "$record" ]; then
    if [ -n "$record" ]; then
      ## we found records
      rec_ids="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
      _debug rec_ids "$rec_ids"
      if [ ! -z "$rec_ids" ]; then
      if [ -n "$rec_ids" ]; then
        echo "$rec_ids" | while IFS= read -r rec_id; do
          ## delete the record
          ## delete URL for removing the one we dont want
@ -218,7 +218,7 @@ _get_base_domain() {
      ## we got part of a domain back - grep it out
      found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")"
      ## check if it exists
      if [ ! -z "$found" ]; then
      if [ -n "$found" ]; then
        ## exists - exit loop returning the parts
        sub_point=$(_math $i - 1)
        _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point")
--- a/dnsapi/dns_do.sh
+++ b/dnsapi/dns_do.sh
@ -67,14 +67,14 @@ _dns_do_list_rrs() {
    _err "getRRList origin ${_domain} failed"
    return 1
  fi
  _rr_list="$(echo "${response}" \
    | tr -d "\n\r\t" \
    | sed -e 's/<item xsi:type="ns2:Map">/\n/g' \
    | grep ">$(_regexcape "$fulldomain")</value>" \
    | sed -e 's/<\/item>/\n/g' \
    | grep '>id</key><value' \
    | _egrep_o '>[0-9]{1,16}<' \
    | tr -d '><')"
  _rr_list="$(echo "${response}" |
    tr -d "\n\r\t" |
    sed -e 's/<item xsi:type="ns2:Map">/\n/g' |
    grep ">$(_regexcape "$fulldomain")</value>" |
    sed -e 's/<\/item>/\n/g' |
    grep '>id</key><value' |
    _egrep_o '>[0-9]{1,16}<' |
    tr -d '><')"
  [ "${_rr_list}" ]
 }
@ -120,10 +120,10 @@ _get_root() {
  i=1
  _dns_do_soap getDomainList
  _all_domains="$(echo "${response}" \
    | tr -d "\n\r\t " \
    | _egrep_o 'domain</key><value[^>]+>[^<]+' \
    | sed -e 's/^domain<\/key><value[^>]*>//g')"
  _all_domains="$(echo "${response}" |
    tr -d "\n\r\t " |
    _egrep_o 'domain</key><value[^>]+>[^<]+' |
    sed -e 's/^domain<\/key><value[^>]*>//g')"
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
--- a/dnsapi/dns_dp.sh
+++ b/dnsapi/dns_dp.sh
@ -53,7 +53,7 @@ dns_dp_rm() {
    return 1
  fi
  if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
  if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
    _err "Record.Lis error."
    return 1
  fi
@ -70,12 +70,12 @@ dns_dp_rm() {
    return 1
  fi
  if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then
  if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&record_id=$record_id"; then
    _err "Record.Remove error."
    return 1
  fi
  _contains "$response" "Action completed successful"
  _contains "$response" "successful"
 }
@ -89,11 +89,11 @@ add_record() {
  _info "Adding record"
  if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then
  if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then
    return 1
  fi
  _contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists"
  _contains "$response" "successful" || _contains "$response" "Domain record already exists"
 }
 ####################  Private functions below ##################################
@ -113,11 +113,11 @@ _get_root() {
      return 1
    fi
    if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&domain=$h"; then
    if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain=$h"; then
      return 1
    fi
    if _contains "$response" "Action completed successful"; then
    if _contains "$response" "successful"; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
      _debug _domain_id "$_domain_id"
      if [ "$_domain_id" ]; then
--- a/dnsapi/dns_dpi.sh
+++ b/dnsapi/dns_dpi.sh
@ -75,7 +75,7 @@ dns_dpi_rm() {
    return 1
  fi
  _contains "$response" "Action completed successful"
  _contains "$response" "Operation successful"
 }
@ -93,7 +93,7 @@ add_record() {
    return 1
  fi
  _contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists"
  _contains "$response" "Operation successful" || _contains "$response" "Domain record already exists"
 }
 ####################  Private functions below ##################################
@ -117,7 +117,7 @@ _get_root() {
      return 1
    fi
    if _contains "$response" "Action completed successful"; then
    if _contains "$response" "Operation successful"; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
      _debug _domain_id "$_domain_id"
      if [ "$_domain_id" ]; then
--- a/dnsapi/dns_duckdns.sh
+++ b/dnsapi/dns_duckdns.sh
@ -91,13 +91,12 @@ dns_duckdns_rm() {
 ####################  Private functions below ##################################
 #fulldomain=_acme-challenge.domain.duckdns.org
 #returns
 # _duckdns_domain=domain
 # fulldomain may be 'domain.duckdns.org' (if using --domain-alias) or '_acme-challenge.domain.duckdns.org'
 # either way, return 'domain'. (duckdns does not allow further subdomains and restricts domains to [a-z0-9-].)
 _duckdns_get_domain() {
  # We'll extract the domain/username from full domain
  _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '[.][^.][^.]*[.]duckdns.org' | cut -d . -f 2)"
  _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?[a-z0-9-]*\.duckdns\.org' | sed 's/^\(_acme-challenge\.\)\?\([a-z0-9-]*\)\.duckdns\.org/\2/')"
  if [ -z "$_duckdns_domain" ]; then
    _err "Error extracting the domain."
@ -113,16 +112,21 @@ _duckdns_rest() {
  param="$2"
  _debug param "$param"
  url="$DuckDNS_API?$param"
  if [ "$DEBUG" -gt 0 ]; then
    url="$url&verbose=true"
  fi
  _debug url "$url"
  # DuckDNS uses GET to update domain info
  if [ "$method" = "GET" ]; then
    response="$(_get "$url")"
    _debug2 response "$response"
    if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then
      response="OK"
    fi
  else
    _err "Unsupported method"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_dynu.sh
+++ b/dnsapi/dns_dynu.sh
@ -216,6 +216,10 @@ _dynu_authentication() {
    _err "Authentication failed."
    return 1
  fi
  if _contains "$response" "Authentication Exception"; then
    _err "Authentication failed."
    return 1
  fi
  if _contains "$response" "access_token"; then
    Dynu_Token=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2)
  fi
--- a/dnsapi/dns_dynv6.sh
+++ b/dnsapi/dns_dynv6.sh
@ -1,35 +1,41 @@
 #!/usr/bin/env sh
 #Author StefanAbl
 #Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"'
 #or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value"
 #if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub
 dynv6_api="https://dynv6.com/api/v2"
 ########  Public functions #####################
 # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
 #Usage: dns_myapi_add  _acme-challenge.www.domain.com  "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 #Usage: dns_dynv6_add  _acme-challenge.www.domain.com  "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_dynv6_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using dynv6 api"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _get_keyfile
  _get_authentication
  if [ "$dynv6_token" ]; then
    _dns_dynv6_add_http
    return $?
  else
    _info "using key file $dynv6_keyfile"
  _get_domain "$fulldomain"
    _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
  if ! _contains "$_your_hosts" "$_host"; then
    _debug "The host is $_host and the record $_record"
    _debug "Dynv6 returned $_your_hosts"
    _err "The host $_host does not exists on your dynv6 account"
    if ! _get_domain "$fulldomain" "$_your_hosts"; then
      _err "Host not found on your account"
      return 1
    fi
    _debug "found host on your account"
    returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")"
  _debug "Dynv6 returend this after record was added: $returnval"
    _debug "Dynv6 returned this after record was added: $returnval"
    if _contains "$returnval" "created"; then
      return 0
    elif _contains "$returnval" "updated"; then
      return 0
    else
    _err "Something went wrong! it does not seem like the record was added succesfully"
      _err "Something went wrong! it does not seem like the record was added successfully"
      return 1
    fi
    return 1
  fi
  return 1
@ -39,23 +45,24 @@ dns_dynv6_add() {
 dns_dynv6_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Using dynv6 api"
  _info "Using dynv6 API"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _get_keyfile
  _get_authentication
  if [ "$dynv6_token" ]; then
    _dns_dynv6_rm_http
    return $?
  else
    _info "using key file $dynv6_keyfile"
  _get_domain "$fulldomain"
    _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
  if ! _contains "$_your_hosts" "$_host"; then
    _debug "The host is $_host and the record $_record"
    _debug "Dynv6 returned $_your_hosts"
    _err "The host $_host does not exists on your dynv6 account"
    if ! _get_domain "$fulldomain" "$_your_hosts"; then
      _err "Host not found on your account"
      return 1
    fi
    _debug "found host on your account"
    _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)"
    return 0
  fi
 }
 #################### Private functions below ##################################
 #Usage: No Input required
@ -72,45 +79,53 @@ _generate_new_key() {
    return 1
  fi
 }
 #Usage: _acme-challenge.www.example.dynv6.net
 #Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts"
 #where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts
 #returns
 #_host= example.dynv6.net
 #_record=_acme-challenge.www
 #aborts if not a valid domain
 _get_domain() {
  #_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)"
  _full_domain="$1"
  _debug "getting domain for $_full_domain"
  if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy'; then
    _err "The hosts does not seem to be a dynv6 host"
    return 1
  _your_hosts="$2"
  _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')"
  for l in $_your_hosts; do
    #echo "host: $l"
    if test "${_full_domain#*$l}" != "$_full_domain"; then
      _record="${_full_domain%.$l}"
      _host=$l
      _debug "The host is $_host and the record $_record"
      return 0
    fi
  _record="${_full_domain%.*}"
  _record="${_record%.*}"
  _record="${_record%.*}"
  _debug "The record we are ging to use is $_record"
  _host="$_full_domain"
  while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do
    _host="${_host#*.}"
  done
  _debug "And the host is $_host"
  return 0
  _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key"
  return 1
 }
 # Usage: No input required
 #returns
 #dynv6_keyfile path to the key that will be used
 _get_keyfile() {
  _debug "get keyfile method called"
 _get_authentication() {
  dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}"
  if [ "$dynv6_token" ]; then
    _debug "Found HTTP Token. Going to use the HTTP API and not the SSH API"
    if [ "$DYNV6_TOKEN" ]; then
      _saveaccountconf_mutable dynv6_token "$dynv6_token"
    fi
  else
    _debug "no HTTP token found. Looking for an SSH key"
    dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}"
  _debug Your key is "$dynv6_keyfile"
    _debug "Your key is $dynv6_keyfile"
    if [ -z "$dynv6_keyfile" ]; then
      if [ -z "$KEY" ]; then
        _err "You did not specify a key to use with dynv6"
      _info "Creating new dynv6 api key to add to dynv6.com"
        _info "Creating new dynv6 API key to add to dynv6.com"
        _generate_new_key
        _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")"
      _info "Hit Enter to contiue"
        _info "Hit Enter to continue"
        read -r _
        #save the credentials to the account conf file.
      else
@ -118,4 +133,153 @@ _get_keyfile() {
      fi
      _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile"
    fi
  fi
 }
 _dns_dynv6_add_http() {
  _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
  if ! _get_zone_id "$fulldomain"; then
    _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
    return 1
  fi
  _get_zone_name "$_zone_id"
  record="${fulldomain%%.$_zone_name}"
  _set_record TXT "$record" "$txtvalue"
  if _contains "$response" "$txtvalue"; then
    _info "Successfully added record"
    return 0
  else
    _err "Something went wrong while adding the record"
    return 1
  fi
 }
 _dns_dynv6_rm_http() {
  _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
  if ! _get_zone_id "$fulldomain"; then
    _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
    return 1
  fi
  _get_zone_name "$_zone_id"
  record="${fulldomain%%.$_zone_name}"
  _get_record_id "$_zone_id" "$record" "$txtvalue"
  _del_record "$_zone_id" "$_record_id"
  if [ -z "$response" ]; then
    _info "Successfully deleted record"
    return 0
  else
    _err "Something went wrong while deleting the record"
    return 1
  fi
 }
 #get the zoneid for a specifc record or zone
 #usage: _get_zone_id §record
 #where $record is the record to get the id for
 #returns _zone_id the id of the zone
 _get_zone_id() {
  record="$1"
  _debug "getting zone id for $record"
  _dynv6_rest GET zones
  zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')"
  #echo $zones
  selected=""
  for z in $zones; do
    z="${z#name:}"
    _debug zone: "$z"
    if _contains "$record" "$z"; then
      _debug "$z found in $record"
      selected="$z"
    fi
  done
  if [ -z "$selected" ]; then
    _err "no zone found"
    return 1
  fi
  zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')"
  _zone_id="${zone_id#id:}"
  _debug "zone id: $_zone_id"
 }
 _get_zone_name() {
  _zone_id="$1"
  _dynv6_rest GET zones/"$_zone_id"
  _zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')"
  _zone_name="${_zone_name#name:}"
 }
 #usaage _get_record_id $zone_id $record
 # where zone_id is thevalue returned by _get_zone_id
 # and record ist in the form _acme.www for an fqdn of _acme.www.example.com
 # returns _record_id
 _get_record_id() {
  _zone_id="$1"
  record="$2"
  value="$3"
  _dynv6_rest GET "zones/$_zone_id/records"
  if ! _get_record_id_from_response "$response"; then
    _err "no such record $record found in zone $_zone_id"
    return 1
  fi
 }
 _get_record_id_from_response() {
  response="$1"
  _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')"
  #_record_id="${_record_id#id:}"
  if [ -z "$_record_id" ]; then
    _err "no such record: $record found in zone $_zone_id"
    return 1
  fi
  _debug "record id: $_record_id"
  return 0
 }
 #usage: _set_record TXT _acme_challenge.www longvalue 12345678
 #zone id is optional can also be set as vairable bevor calling this method
 _set_record() {
  type="$1"
  record="$2"
  value="$3"
  if [ "$4" ]; then
    _zone_id="$4"
  fi
  data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}"
  #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}'
  echo "$data"
  #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"
  _dynv6_rest POST "zones/$_zone_id/records" "$data"
 }
 _del_record() {
  _zone_id=$1
  _record_id=$2
  _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id"
 }
 _dynv6_rest() {
  m=$1    #method GET,POST,DELETE or PUT
  ep="$2" #the endpoint
  data="$3"
  _debug "$ep"
  token_trimmed=$(echo "$dynv6_token" | tr -d '"')
  export _H1="Authorization: Bearer $token_trimmed"
  export _H2="Content-Type: application/json"
  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$dynv6_api/$ep" "" "$m")"
  else
    response="$(_get "$dynv6_api/$ep")"
  fi
  if [ "$?" != "0" ]; then
    _err "error $ep"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_easydns.sh
+++ b/dnsapi/dns_easydns.sh
@ -4,8 +4,7 @@
 #
 # easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh
 #
 # Please note: # API is currently beta and subject to constant change
 # http://sandbox.rest.easydns.net:3000/
 # API Documentation: https://sandbox.rest.easydns.net:3001/
 #
 # Author: wurzelpanzer [wurzelpanzer@maximolider.net]
 # Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2647
@ -25,7 +24,7 @@ dns_easydns_add() {
  EASYDNS_Key="${EASYDNS_Key:-$(_readaccountconf_mutable EASYDNS_Key)}"
  if [ -z "$EASYDNS_Token" ] || [ -z "$EASYDNS_Key" ]; then
    _err "You didn't specify an easydns.net token or api key. Please sign up at http://docs.sandbox.rest.easydns.net/beta_signup.php"
    _err "You didn't specify an easydns.net token or api key. Signup at https://cp.easydns.com/manage/security/api/signup.php"
    return 1
  else
    _saveaccountconf_mutable EASYDNS_Token "$EASYDNS_Token"
--- a/dnsapi/dns_edgedns.sh
+++ b/dnsapi/dns_edgedns.sh
@ -0,0 +1,466 @@
 #!/usr/bin/env sh
 # Akamai Edge DNS v2  API
 # User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to
 # Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization
 # Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support
 # Values to export:
 # --EITHER--
 # *** TBD. NOT IMPLEMENTED YET ***
 # specify Edgegrid credentials file and section
 # AKAMAI_EDGERC=<full file path>
 # AKAMAI_EDGERC_SECTION="default"
 ## --OR--
 # specify indiviual credentials
 # export AKAMAI_HOST = <host>
 # export AKAMAI_ACCESS_TOKEN = <access token>
 # export AKAMAI_CLIENT_TOKEN = <client token>
 # export AKAMAI_CLIENT_SECRET = <client secret>
 ACME_EDGEDNS_VERSION="0.1.0"
 ########  Public functions #####################
 # Usage: dns_edgedns_add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Used to add txt record
 #
 dns_edgedns_add() {
  fulldomain=$1
  txtvalue=$2
  _debug "ENTERING DNS_EDGEDNS_ADD"
  _debug2 "fulldomain" "$fulldomain"
  _debug2 "txtvalue" "$txtvalue"
  if ! _EDGEDNS_credentials; then
    _err "$@"
    return 1
  fi
  if ! _EDGEDNS_getZoneInfo "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi
  _debug2 "Add: zone" "$zone"
  acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain")
  _debug3 "Add URL" "$acmeRecordURI"
  # Get existing TXT record
  _edge_result=$(_edgedns_rest GET "$acmeRecordURI")
  _api_status="$?"
  _debug3 "_edge_result" "$_edge_result"
  if [ "$_api_status" -ne 0 ]; then
    if [ "$curResult" = "FATAL" ]; then
      _err "$(printf "Fatal error: acme API function call : %s" "$retVal")"
    fi
    if [ "$_edge_result" != "404" ]; then
      _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")"
      return 1
    fi
  fi
  rdata="\"${txtvalue}\""
  record_op="POST"
  if [ "$_api_status" -eq 0 ]; then
    # record already exists. Get existing record data and update
    record_op="PUT"
    rdlist="${_edge_result#*\"rdata\":[}"
    rdlist="${rdlist%%]*}"
    rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\")
    _debug3 "existing TXT found"
    _debug3 "record data" "$rdlist"
    # value already there?
    if _contains "$rdlist" "$txtvalue"; then
      return 0
    fi
    _txt_val=""
    while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do
      _txt_val="${rdlist%%,*}"
      rdlist="${rdlist#*,}"
      rdata="${rdata},\"${_txt_val}\""
    done
  fi
  # Add the txtvalue TXT Record
  body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}"
  _debug3 "Add body '${body}'"
  _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body")
  _api_status="$?"
  if [ "$_api_status" -eq 0 ]; then
    _log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")"
    return 0
  else
    _err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")"
    return 1
  fi
 }
 # Usage: dns_edgedns_rm   _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Used to delete txt record
 #
 dns_edgedns_rm() {
  fulldomain=$1
  txtvalue=$2
  _debug "ENTERING DNS_EDGEDNS_RM"
  _debug2 "fulldomain" "$fulldomain"
  _debug2 "txtvalue" "$txtvalue"
  if ! _EDGEDNS_credentials; then
    _err "$@"
    return 1
  fi
  if ! _EDGEDNS_getZoneInfo "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi
  _debug2 "RM: zone" "${zone}"
  acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain")
  _debug3 "RM URL" "$acmeRecordURI"
  # Get existing TXT record
  _edge_result=$(_edgedns_rest GET "$acmeRecordURI")
  _api_status="$?"
  if [ "$_api_status" -ne 0 ]; then
    if [ "$curResult" = "FATAL" ]; then
      _err "$(printf "Fatal error: acme API function call : %s" "$retVal")"
    fi
    if [ "$_edge_result" != "404" ]; then
      _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")"
      return 1
    fi
  fi
  _debug3 "_edge_result" "$_edge_result"
  record_op="DELETE"
  body=""
  if [ "$_api_status" -eq 0 ]; then
    # record already exists. Get existing record data and update
    rdlist="${_edge_result#*\"rdata\":[}"
    rdlist="${rdlist%%]*}"
    rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\")
    _debug3 "rdlist" "$rdlist"
    if [ -n "$rdlist" ]; then
      record_op="PUT"
      comma=""
      rdata=""
      _txt_val=""
      while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do
        _txt_val="${rdlist%%,*}"
        rdlist="${rdlist#*,}"
        _debug3 "_txt_val" "$_txt_val"
        _debug3 "txtvalue" "$txtvalue"
        if ! _contains "$_txt_val" "$txtvalue"; then
          rdata="${rdata}${comma}\"${_txt_val}\""
          comma=","
        fi
      done
      if [ -z "$rdata" ]; then
        record_op="DELETE"
      else
        # Recreate the txtvalue TXT Record
        body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}"
        _debug3 "body" "$body"
      fi
    fi
  fi
  _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body")
  _api_status="$?"
  if [ "$_api_status" -eq 0 ]; then
    _log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")"
    return 0
  else
    _err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")"
    return 1
  fi
 }
 ####################  Private functions below ##################################
 _EDGEDNS_credentials() {
  _debug "GettingEdge DNS credentials"
  _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})"
  args_missing=0
  if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then
    AKAMAI_ACCESS_TOKEN=""
    AKAMAI_CLIENT_TOKEN=""
    AKAMAI_HOST=""
    AKAMAI_CLIENT_SECRET=""
    _err "AKAMAI_ACCESS_TOKEN is missing"
    args_missing=1
  fi
  if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then
    AKAMAI_ACCESS_TOKEN=""
    AKAMAI_CLIENT_TOKEN=""
    AKAMAI_HOST=""
    AKAMAI_CLIENT_SECRET=""
    _err "AKAMAI_CLIENT_TOKEN is missing"
    args_missing=1
  fi
  if [ -z "$AKAMAI_HOST" ]; then
    AKAMAI_ACCESS_TOKEN=""
    AKAMAI_CLIENT_TOKEN=""
    AKAMAI_HOST=""
    AKAMAI_CLIENT_SECRET=""
    _err "AKAMAI_HOST is missing"
    args_missing=1
  fi
  if [ -z "$AKAMAI_CLIENT_SECRET" ]; then
    AKAMAI_ACCESS_TOKEN=""
    AKAMAI_CLIENT_TOKEN=""
    AKAMAI_HOST=""
    AKAMAI_CLIENT_SECRET=""
    _err "AKAMAI_CLIENT_SECRET is missing"
    args_missing=1
  fi
  if [ "$args_missing" = 1 ]; then
    _err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again."
    return 1
  else
    _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN"
    _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN"
    _saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST"
    _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET"
    # Set whether curl should use secure or insecure mode
  fi
  export HTTPS_INSECURE=0 # All Edgegrid API calls are secure
  edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST")
  _debug3 "Edge API Endpoint:" "$edge_endpoint"
 }
 _EDGEDNS_getZoneInfo() {
  _debug "Getting Zoneinfo"
  zoneEnd=false
  curZone=$1
  while [ -n "$zoneEnd" ]; do
    # we can strip the first part of the fulldomain, since its just the _acme-challenge string
    curZone="${curZone#*.}"
    # suffix . needed for zone -> domain.tld.
    # create zone get url
    get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone")
    _debug3 "Zone Get: " "${get_zone_url}"
    curResult=$(_edgedns_rest GET "$get_zone_url")
    retVal=$?
    if [ "$retVal" -ne 0 ]; then
      if [ "$curResult" = "FATAL" ]; then
        _err "$(printf "Fatal error: acme API function call : %s" "$retVal")"
      fi
      if [ "$curResult" != "404" ]; then
        _err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")"
        return 1
      fi
    fi
    if _contains "$curResult" "\"zone\":"; then
      _debug2 "Zone data" "${curResult}"
      zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")
      _debug3 "Zone" "${zone}"
      zoneEnd=""
      return 0
    fi
    if [ "${curZone#*.}" != "$curZone" ]; then
      _debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")"
    else
      zoneEnd=true
      _err "Couldn't retrieve zone data."
      return 1
    fi
  done
  _err "Failed to  retrieve zone data."
  return 2
 }
 _edgedns_headers=""
 _edgedns_rest() {
  _debug "Handling API Request"
  m=$1
  # Assume endpoint is complete path, including query args if applicable
  ep=$2
  body_data=$3
  _edgedns_content_type=""
  _request_url_path="$ep"
  _request_body="$body_data"
  _request_method="$m"
  _edgedns_headers=""
  tab=""
  _edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}"
  tab="\t"
  # Set in acme.sh _post/_get
  #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}"
  _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*"
  if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then
    _edgedns_content_type="application/json"
    _debug3 "_request_body" "$_request_body"
    _body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}')
    _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}"
  fi
  _edgedns_make_auth_header
  _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}"
  _secure_debug2 "Made Auth Header" "$_signed_auth_header"
  hdr_indx=1
  work_header="${_edgedns_headers}${tab}"
  _debug3 "work_header" "$work_header"
  while [ "$work_header" ]; do
    entry="${work_header%%\\t*}"
    work_header="${work_header#*\\t}"
    export "$(printf "_H%s=%s" "$hdr_indx" "$entry")"
    _debug2 "Request Header " "$entry"
    hdr_indx=$((hdr_indx + 1))
  done
  # clear headers from previous request to avoid getting wrong http code on timeouts
  : >"$HTTP_HEADER"
  _debug2 "$ep"
  if [ "$m" != "GET" ]; then
    _debug3 "Method data" "$data"
    # body  url [needbase64] [POST|PUT|DELETE] [ContentType]
    response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type")
  else
    response=$(_get "$ep")
  fi
  _ret="$?"
  if [ "$_ret" -ne 0 ]; then
    _err "$(printf "acme.sh API function call failed. Error: %s" "$_ret")"
    echo "FATAL"
    return "$_ret"
  fi
  _debug2 "response" "${response}"
  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  _debug2 "http response code" "$_code"
  if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then
    # All good
    response="$(echo "${response}" | _normalizeJson)"
    echo "$response"
    return 0
  fi
  if [ "$_code" = "204" ]; then
    # Success, no body
    echo "$_code"
    return 0
  fi
  if [ "$_code" = "400" ]; then
    _err "Bad request presented"
    _log "$(printf "Headers: %s" "$_edgedns_headers")"
    _log "$(printf "Method: %s" "$_request_method")"
    _log "$(printf "URL: %s" "$ep")"
    _log "$(printf "Data: %s" "$data")"
  fi
  if [ "$_code" = "403" ]; then
    _err "access denied make sure your Edgegrid cedentials are correct."
  fi
  echo "$_code"
  return 1
 }
 _edgedns_eg_timestamp() {
  _debug "Generating signature Timestamp"
  _debug3 "Retriving ntp time"
  _timeheaders="$(_get "https://www.ntp.org" "onlyheader")"
  _debug3 "_timeheaders" "$_timeheaders"
  _ntpdate="$(echo "$_timeheaders" | grep -i "Date:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")"
  _debug3 "_ntpdate" "$_ntpdate"
  _ntpdate="$(echo "${_ntpdate}" | sed -e 's/^[[:space:]]*//')"
  _debug3 "_NTPDATE" "$_ntpdate"
  _ntptime="$(echo "${_ntpdate}" | _head_n 1 | cut -d " " -f 5 | tr -d "\r\n")"
  _debug3 "_ntptime" "$_ntptime"
  _eg_timestamp=$(date -u "+%Y%m%dT")
  _eg_timestamp="$(printf "%s%s+0000" "$_eg_timestamp" "$_ntptime")"
  _debug "_eg_timestamp" "$_eg_timestamp"
 }
 _edgedns_new_nonce() {
  _debug "Generating Nonce"
  _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32)
  _debug3 "_nonce" "$_nonce"
 }
 _edgedns_make_auth_header() {
  _debug "Constructing Auth Header"
  _edgedns_new_nonce
  _edgedns_eg_timestamp
  # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'"
  _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")"
  _secure_debug2 "Unsigned Auth Header: " "$_auth_header"
  _edgedns_sign_request
  _signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")"
  _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}"
 }
 _edgedns_sign_request() {
  _debug2 "Signing http request"
  _edgedns_make_data_to_sign "$_auth_header"
  _secure_debug2 "Returned signed data" "$_mdata"
  _edgedns_make_signing_key "$_eg_timestamp"
  _edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key"
  _signed_req="$_hmac_out"
  _secure_debug2 "Signed Request" "$_signed_req"
 }
 _edgedns_make_signing_key() {
  _debug2 "Creating sigining key"
  ts=$1
  _edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET"
  _signing_key="$_hmac_out"
  _secure_debug2 "Signing Key" "$_signing_key"
 }
 _edgedns_make_data_to_sign() {
  _debug2 "Processing data to sign"
  hdr=$1
  _secure_debug2 "hdr" "$hdr"
  _edgedns_make_content_hash
  path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')"
  path="${path#*$AKAMAI_HOST}"
  _debug "hier path" "$path"
  # dont expose headers to sign so use MT string
  _mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")"
  _secure_debug2 "Data to Sign" "$_mdata"
 }
 _edgedns_make_content_hash() {
  _debug2 "Generating content hash"
  _hash=""
  _debug2 "Request method" "${_request_method}"
  if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then
    return 0
  fi
  _debug2 "Req body" "$_request_body"
  _edgedns_base64_sha256 "$_request_body"
  _hash="$_sha256_out"
  _debug2 "Content hash" "$_hash"
 }
 _edgedns_base64_hmac_sha256() {
  _debug2 "Generating hmac"
  data=$1
  key=$2
  encoded_data="$(echo "$data" | iconv -t utf-8)"
  encoded_key="$(echo "$key" | iconv -t utf-8)"
  _secure_debug2 "encoded data" "$encoded_data"
  _secure_debug2 "encoded key" "$encoded_key"
  encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ')
  data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 "$encoded_key_hex" | _base64)"
  _secure_debug2 "data_sig:" "$data_sig"
  _hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)"
  _secure_debug2 "hmac" "$_hmac_out"
 }
 _edgedns_base64_sha256() {
  _debug2 "Creating sha256 digest"
  trg=$1
  _secure_debug2 "digest data" "$trg"
  digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")"
  _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)"
  _secure_debug2 "digest decode" "$_sha256_out"
 }
 #_edgedns_parse_edgerc() {
 #  filepath=$1
 #  section=$2
 #}
--- a/dnsapi/dns_freedns.sh
+++ b/dnsapi/dns_freedns.sh
@ -303,10 +303,10 @@ _freedns_domain_id() {
      return 1
    fi
    domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
      | grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" \
      | sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' \
      | cut -d = -f 2)"
    domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
      grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" |
      sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' |
      cut -d = -f 2)"
    # The above beauty extracts domain ID from the html page...
    # strip out all blank space and new lines. Then insert newlines
    # before each table row <tr>
@ -349,11 +349,11 @@ _freedns_data_id() {
      return 1
    fi
    data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
      | grep "<td[a-zA-Z=#]*>$record_type</td>" \
      | grep "<ahref.*>$search_domain</a>" \
      | sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' \
      | cut -d = -f 2)"
    data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
      grep "<td[a-zA-Z=#]*>$record_type</td>" |
      grep "<ahref.*>$search_domain</a>" |
      sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' |
      cut -d = -f 2)"
    # The above beauty extracts data ID from the html page...
    # strip out all blank space and new lines. Then insert newlines
    # before each table row <tr>
--- a/dnsapi/dns_gandi_livedns.sh
+++ b/dnsapi/dns_gandi_livedns.sh
@ -69,9 +69,9 @@ dns_gandi_livedns_rm() {
  _gandi_livedns_rest PUT \
    "domains/$_domain/records/$_sub_domain/TXT" \
    "{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" \
    && _contains "$response" '{"message": "DNS Record Created"}' \
    && _info "Removing record $(__green "success")"
    "{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
    _contains "$response" '{"message": "DNS Record Created"}' &&
    _info "Removing record $(__green "success")"
 }
 ####################  Private functions below ##################################
@ -125,9 +125,9 @@ _dns_gandi_append_record() {
  fi
  _debug new_rrset_values "$_rrset_values"
  _gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
    "{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" \
    && _contains "$response" '{"message": "DNS Record Created"}' \
    && _info "Adding record $(__green "success")"
    "{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
    _contains "$response" '{"message": "DNS Record Created"}' &&
    _info "Adding record $(__green "success")"
 }
 _dns_gandi_existing_rrset_values() {
@ -145,8 +145,8 @@ _dns_gandi_existing_rrset_values() {
    return 1
  fi
  _debug "Already has TXT record."
  _rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' \
    | _egrep_o '\[".*\"]')
  _rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' |
    _egrep_o '\[".*\"]')
  return 0
 }
--- a/dnsapi/dns_gcloud.sh
+++ b/dnsapi/dns_gcloud.sh
@ -78,8 +78,8 @@ _dns_gcloud_execute_tr() {
  for i in $(seq 1 120); do
    if gcloud dns record-sets changes list \
      --zone="$managedZone" \
      --filter='status != done' \
      | grep -q '^.*'; then
      --filter='status != done' |
      grep -q '^.*'; then
      _info "_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)..."
      sleep 5
    else
@ -137,11 +137,11 @@ _dns_gcloud_find_zone() {
  # List domains and find the zone with the deepest sub-domain (in case of some levels of delegation)
  if ! match=$(gcloud dns managed-zones list \
    --format="value(name, dnsName)" \
    --filter="$filter" \
    | while read -r dnsName name; do
    --filter="$filter" |
    while read -r dnsName name; do
      printf "%s\t%s\t%s\n" "$(echo "$name" | awk -F"." '{print NF-1}')" "$dnsName" "$name"
    done \
      | sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
    done |
    sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
    _err "_dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?"
    return 1
  fi
--- a/dnsapi/dns_gd.sh
+++ b/dnsapi/dns_gd.sh
@ -91,7 +91,7 @@ dns_gd_rm() {
  fi
  if ! _contains "$response" "$txtvalue"; then
    _info "The record is not existing, skip"
    _info "The record does not exist, skip"
    return 0
  fi
--- a/dnsapi/dns_gdnsdk.sh
+++ b/dnsapi/dns_gdnsdk.sh
@ -157,9 +157,18 @@ _successful_update() {
 }
 _findentry() {
  #args    $1: fulldomain, $2: txtvalue
  #returns id of dns entry, if it exists
  _myget "action=dns_primary_changeDNSsetup&user_domain=$_domain"
  _id=$(echo "$_result" | _egrep_o "<td>$1</td>\s*<td>$2</td>[^?]*[^&]*&id=[^&]*" | sed 's/^.*=//')
  _debug3 "_result: $_result"
  _tmp_result=$(echo "$_result" | tr -d '\n\r' | _egrep_o "<td>$1</td>\s*<td>$2</td>[^?]*[^&]*&id=[^&]*")
  _debug _tmp_result "$_tmp_result"
  if [ -z "${_tmp_result:-}" ]; then
    _debug "The variable is _tmp_result is not supposed to be empty, there may be something wrong with the script"
  fi
  _id=$(echo "$_tmp_result" | sed 's/^.*=//')
  if [ -n "$_id" ]; then
    _debug "Entry found with _id=$_id"
    return 0
--- a/dnsapi/dns_he.sh
+++ b/dnsapi/dns_he.sh
@ -24,7 +24,7 @@ dns_he_add() {
  if [ -z "$HE_Username" ] || [ -z "$HE_Password" ]; then
    HE_Username=
    HE_Password=
    _err "No auth details provided. Please set user credentials using the \$HE_Username and \$HE_Password envoronment variables."
    _err "No auth details provided. Please set user credentials using the \$HE_Username and \$HE_Password environment variables."
    return 1
  fi
  _saveaccountconf_mutable HE_Username "$HE_Username"
@ -101,8 +101,8 @@ dns_he_rm() {
  body="$body&hosted_dns_editzone=1"
  body="$body&hosted_dns_delrecord=1"
  body="$body&hosted_dns_delconfirm=delete"
  _post "$body" "https://dns.he.net/" \
    | grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
  _post "$body" "https://dns.he.net/" |
    grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
      >/dev/null
  exit_code="$?"
  if [ "$exit_code" -eq 0 ]; then
--- a/dnsapi/dns_hetzner.sh
+++ b/dnsapi/dns_hetzner.sh
@ -0,0 +1,252 @@
 #!/usr/bin/env sh
 #
 #HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
 #
 HETZNER_Api="https://dns.hetzner.com/api/v1"
 ########  Public functions #####################
 # Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Used to add txt record
 # Ref: https://dns.hetzner.com/api-docs/
 dns_hetzner_add() {
  full_domain=$1
  txt_value=$2
  HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}"
  if [ -z "$HETZNER_Token" ]; then
    HETZNER_Token=""
    _err "You didn't specify a Hetzner api token."
    _err "You can get yours from here https://dns.hetzner.com/settings/api-token."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable HETZNER_Token "$HETZNER_Token"
  _debug "First detect the root zone"
  if ! _get_root "$full_domain"; then
    _err "Invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Getting TXT records"
  if ! _find_record "$_sub_domain" "$txt_value"; then
    return 1
  fi
  if [ -z "$_record_id" ]; then
    _info "Adding record"
    if _hetzner_rest POST "records" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then
      if _contains "$response" "$txt_value"; then
        _info "Record added, OK"
        _sleep 2
        return 0
      fi
    fi
    _err "Add txt record error${_response_error}"
    return 1
  else
    _info "Found record id: $_record_id."
    _info "Record found, do nothing."
    return 0
    # we could modify a record, if the names for txt records for *.example.com and example.com would be not the same
    #if _hetzner_rest PUT "records/${_record_id}" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$full_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then
    #  if _contains "$response" "$txt_value"; then
    #    _info "Modified, OK"
    #    return 0
    #  fi
    #fi
    #_err "Add txt record error (modify)."
    #return 1
  fi
 }
 # Usage: full_domain txt_value
 # Used to remove the txt record after validation
 dns_hetzner_rm() {
  full_domain=$1
  txt_value=$2
  HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}"
  _debug "First detect the root zone"
  if ! _get_root "$full_domain"; then
    _err "Invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Getting TXT records"
  if ! _find_record "$_sub_domain" "$txt_value"; then
    return 1
  fi
  if [ -z "$_record_id" ]; then
    _info "Remove not needed. Record not found."
  else
    if ! _hetzner_rest DELETE "records/$_record_id"; then
      _err "Delete record error${_response_error}"
      return 1
    fi
    _sleep 2
    _info "Record deleted"
  fi
 }
 ####################  Private functions below ##################################
 #returns
 # _record_id=a8d58f22d6931bf830eaa0ec6464bf81  if found; or 1 if error
 _find_record() {
  unset _record_id
  _record_name=$1
  _record_value=$2
  if [ -z "$_record_value" ]; then
    _record_value='[^"]*'
  fi
  _debug "Getting all records"
  _hetzner_rest GET "records?zone_id=${_domain_id}"
  if _response_has_error; then
    _err "Error${_response_error}"
    return 1
  else
    _record_id=$(
      echo "$response" |
        grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" |
        grep "\"value\":\"$_record_value\"" |
        while read -r record; do
          # test for type and
          if [ -n "$(echo "$record" | _egrep_o '"type":"TXT"')" ]; then
            echo "$record" | _egrep_o '"id":"[^"]*"' | cut -d : -f 2 | tr -d \"
            break
          fi
        done
    )
  fi
 }
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 # _domain_id=sdjkglgdfewsdfg
 _get_root() {
  domain=$1
  i=1
  p=1
  domain_without_acme=$(echo "$domain" | cut -d . -f 2-)
  domain_param_name=$(echo "HETZNER_Zone_ID_for_${domain_without_acme}" | sed 's/[\.\-]/_/g')
  _debug "Reading zone_id for '$domain_without_acme' from config..."
  HETZNER_Zone_ID=$(_readdomainconf "$domain_param_name")
  if [ "$HETZNER_Zone_ID" ]; then
    _debug "Found, using: $HETZNER_Zone_ID"
    if ! _hetzner_rest GET "zones/${HETZNER_Zone_ID}"; then
      _debug "Zone with id '$HETZNER_Zone_ID' does not exist."
      _cleardomainconf "$domain_param_name"
      unset HETZNER_Zone_ID
    else
      if _contains "$response" "\"id\":\"$HETZNER_Zone_ID\""; then
        _domain=$(printf "%s\n" "$response" | _egrep_o '"name":"[^"]*"' | cut -d : -f 2 | tr -d \" | head -n 1)
        if [ "$_domain" ]; then
          _cut_length=$((${#domain} - ${#_domain} - 1))
          _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cut_length")
          _domain_id="$HETZNER_Zone_ID"
          return 0
        else
          return 1
        fi
      else
        return 1
      fi
    fi
  fi
  _debug "Trying to get zone id by domain name for '$domain_without_acme'."
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    _debug h "$h"
    _hetzner_rest GET "zones?name=$h"
    if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_entries":1'; then
      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
        HETZNER_Zone_ID=$_domain_id
        _savedomainconf "$domain_param_name" "$HETZNER_Zone_ID"
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 #returns
 # _response_error
 _response_has_error() {
  unset _response_error
  err_part="$(echo "$response" | _egrep_o '"error":{[^}]*}')"
  if [ -n "$err_part" ]; then
    err_code=$(echo "$err_part" | _egrep_o '"code":[0-9]+' | cut -d : -f 2)
    err_message=$(echo "$err_part" | _egrep_o '"message":"[^"]+"' | cut -d : -f 2 | tr -d \")
    if [ -n "$err_code" ] && [ -n "$err_message" ]; then
      _response_error=" - message: ${err_message}, code: ${err_code}"
      return 0
    fi
  fi
  return 1
 }
 #returns
 # response
 _hetzner_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"
  key_trimmed=$(echo "$HETZNER_Token" | tr -d \")
  export _H1="Content-TType: application/json"
  export _H2="Auth-API-Token: $key_trimmed"
  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$HETZNER_Api/$ep" "" "$m")"
  else
    response="$(_get "$HETZNER_Api/$ep")"
  fi
  if [ "$?" != "0" ] || _response_has_error; then
    _debug "Error$_response_error"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_hexonet.sh
+++ b/dnsapi/dns_hexonet.sh
@ -42,7 +42,7 @@ dns_hexonet_add() {
  _debug _domain "$_domain"
  _debug "Getting txt records"
  _hexonet_rest "&command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT"
  _hexonet_rest "command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT"
  if ! _contains "$response" "CODE=200"; then
    _err "Error"
@ -88,7 +88,7 @@ dns_hexonet_rm() {
  _debug _domain "$_domain"
  _debug "Getting txt records"
  _hexonet_rest "&command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT&RR=${txtvalue}"
  _hexonet_rest "command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT&RR=${_sub_domain}%20IN%20TXT%20\"${txtvalue}\""
  if ! _contains "$response" "CODE=200"; then
    _err "Error"
@ -100,7 +100,7 @@ dns_hexonet_rm() {
  if [ "$count" = "0" ]; then
    _info "Don't need to remove."
  else
    if ! _hexonet_rest "&command=UpdateDNSZone&dnszone=${_domain}.&delrr0='${_sub_domain}%20IN%20TXT%20\"${txtvalue}\""; then
    if ! _hexonet_rest "command=UpdateDNSZone&dnszone=${_domain}.&delrr0=${_sub_domain}%20IN%20TXT%20\"${txtvalue}\""; then
      _err "Delete record error."
      return 1
    fi
@ -126,7 +126,7 @@ _get_root() {
      return 1
    fi
    if ! _hexonet_rest "&command=QueryDNSZoneRRList&dnszone=${h}."; then
    if ! _hexonet_rest "command=QueryDNSZoneRRList&dnszone=${h}."; then
      return 1
    fi
--- a/dnsapi/dns_infomaniak.sh
+++ b/dnsapi/dns_infomaniak.sh
@ -0,0 +1,199 @@
 #!/usr/bin/env sh
 ###############################################################################
 # Infomaniak API integration
 #
 # To use this API you need visit the API dashboard of your account
 # once logged into https://manager.infomaniak.com add /api/dashboard to the URL
 #
 # Please report bugs to
 # https://github.com/acmesh-official/acme.sh/issues/3188
 #
 # Note: the URL looks like this:
 # https://manager.infomaniak.com/v3/<account_id>/api/dashboard
 # Then generate a token with the scope Domain
 # this is given as an environment variable INFOMANIAK_API_TOKEN
 ###############################################################################
 # base variables
 DEFAULT_INFOMANIAK_API_URL="https://api.infomaniak.com"
 DEFAULT_INFOMANIAK_TTL=300
 ########  Public functions #####################
 #Usage: dns_infomaniak_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_infomaniak_add() {
  INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}"
  INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}"
  INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}"
  if [ -z "$INFOMANIAK_API_TOKEN" ]; then
    INFOMANIAK_API_TOKEN=""
    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN"
    return 1
  fi
  if [ -z "$INFOMANIAK_API_URL" ]; then
    INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL"
  fi
  if [ -z "$INFOMANIAK_TTL" ]; then
    INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL"
  fi
  #save the token to the account conf file.
  _saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN"
  if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then
    _saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL"
  fi
  if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then
    _saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL"
  fi
  export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN"
  export _H2="Content-Type: application/json"
  fulldomain="$1"
  txtvalue="$2"
  _info "Infomaniak DNS API"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  fqdn=${fulldomain#_acme-challenge.}
  # guess which base domain to add record to
  zone_and_id=$(_find_zone "$fqdn")
  if [ -z "$zone_and_id" ]; then
    _err "cannot find zone to modify"
    return 1
  fi
  zone=${zone_and_id% *}
  domain_id=${zone_and_id#* }
  # extract first part of domain
  key=${fulldomain%.$zone}
  _debug "zone:$zone id:$domain_id key:$key"
  # payload
  data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}"
  # API call
  response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record")
  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
    _info "Record added"
    _debug "Response: $response"
    return 0
  fi
  _err "could not create record"
  _debug "Response: $response"
  return 1
 }
 #Usage: fulldomain txtvalue
 #Remove the txt record after validation.
 dns_infomaniak_rm() {
  INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}"
  INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}"
  INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}"
  if [ -z "$INFOMANIAK_API_TOKEN" ]; then
    INFOMANIAK_API_TOKEN=""
    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN"
    return 1
  fi
  if [ -z "$INFOMANIAK_API_URL" ]; then
    INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL"
  fi
  if [ -z "$INFOMANIAK_TTL" ]; then
    INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL"
  fi
  #save the token to the account conf file.
  _saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN"
  if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then
    _saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL"
  fi
  if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then
    _saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL"
  fi
  export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN"
  export _H2="ContentType: application/json"
  fulldomain=$1
  txtvalue=$2
  _info "Infomaniak DNS API"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  fqdn=${fulldomain#_acme-challenge.}
  # guess which base domain to add record to
  zone_and_id=$(_find_zone "$fqdn")
  if [ -z "$zone_and_id" ]; then
    _err "cannot find zone to modify"
    return 1
  fi
  zone=${zone_and_id% *}
  domain_id=${zone_and_id#* }
  # extract first part of domain
  key=${fulldomain%.$zone}
  _debug "zone:$zone id:$domain_id key:$key"
  # find previous record
  # shellcheck disable=SC1004
  record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\
 {/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p')
  if [ -z "$record_id" ]; then
    _err "could not find record to delete"
    return 1
  fi
  _debug "record_id: $record_id"
  # API call
  response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE)
  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
    _info "Record deleted"
    return 0
  fi
  _err "could not delete record"
  return 1
 }
 ####################  Private functions below ##################################
 _get_domain_id() {
  domain="$1"
  # shellcheck disable=SC1004
  _get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\
 /g' | sed -n 's/^"id":\(.*\)/\1/p'
 }
 _find_zone() {
  zone="$1"
  # find domain in list, removing . parts sequentialy
  while _contains "$zone" '\.'; do
    _debug "testing $zone"
    id=$(_get_domain_id "$zone")
    if [ -n "$id" ]; then
      echo "$zone $id"
      return
    fi
    zone=${zone#*.}
  done
 }
--- a/dnsapi/dns_inwx.sh
+++ b/dnsapi/dns_inwx.sh
@ -34,6 +34,10 @@ dns_inwx_add() {
  _saveaccountconf_mutable INWX_Password "$INWX_Password"
  _saveaccountconf_mutable INWX_Shared_Secret "$INWX_Shared_Secret"
  if ! _inwx_login; then
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
@ -55,6 +59,7 @@ dns_inwx_rm() {
  INWX_User="${INWX_User:-$(_readaccountconf_mutable INWX_User)}"
  INWX_Password="${INWX_Password:-$(_readaccountconf_mutable INWX_Password)}"
  INWX_Shared_Secret="${INWX_Shared_Secret:-$(_readaccountconf_mutable INWX_Shared_Secret)}"
  if [ -z "$INWX_User" ] || [ -z "$INWX_Password" ]; then
    INWX_User=""
    INWX_Password=""
@ -63,9 +68,9 @@ dns_inwx_rm() {
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable INWX_User "$INWX_User"
  _saveaccountconf_mutable INWX_Password "$INWX_Password"
  if ! _inwx_login; then
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
@ -126,8 +131,42 @@ dns_inwx_rm() {
 ####################  Private functions below ##################################
 _inwx_check_cookie() {
  INWX_Cookie="${INWX_Cookie:-$(_readaccountconf_mutable INWX_Cookie)}"
  if [ -z "$INWX_Cookie" ]; then
    _debug "No cached cookie found"
    return 1
  fi
  _H1="$INWX_Cookie"
  export _H1
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>account.info</methodName>
  </methodCall>')
  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
  if _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>"; then
    _debug "Cached cookie still valid"
    return 0
  fi
  _debug "Cached cookie no longer valid"
  _H1=""
  export _H1
  INWX_Cookie=""
  _saveaccountconf_mutable INWX_Cookie "$INWX_Cookie"
  return 1
 }
 _inwx_login() {
  if _inwx_check_cookie; then
    _debug "Already logged in"
    return 0
  fi
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>account.login</methodName>
@ -151,17 +190,25 @@ _inwx_login() {
    </value>
   </param>
  </params>
  </methodCall>' $INWX_User $INWX_Password)
  </methodCall>' "$INWX_User" "$INWX_Password")
  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
  _H1=$(printf "Cookie: %s" "$(grep "domrobot=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'domrobot=[^;]*;' | tr -d ';')")
  INWX_Cookie=$(printf "Cookie: %s" "$(grep "domrobot=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'domrobot=[^;]*;' | tr -d ';')")
  _H1=$INWX_Cookie
  export _H1
  export INWX_Cookie
  _saveaccountconf_mutable INWX_Cookie "$INWX_Cookie"
  if ! _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>"; then
    _err "INWX API: Authentication error (username/password correct?)"
    return 1
  fi
  #https://github.com/inwx/php-client/blob/master/INWX/Domrobot.php#L71
  if _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>" \
    && _contains "$response" "<member><name>tfa</name><value><string>GOOGLE-AUTH</string></value></member>"; then
  if _contains "$response" "<member><name>tfa</name><value><string>GOOGLE-AUTH</string></value></member>"; then
    if [ -z "$INWX_Shared_Secret" ]; then
      _err "Mobile TAN detected."
      _err "INWX API: Mobile TAN detected."
      _err "Please define a shared secret."
      return 1
    fi
@ -194,6 +241,11 @@ _inwx_login() {
    </methodCall>' "$tan")
    response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
    if ! _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>"; then
      _err "INWX API: Mobile TAN not correct."
      return 1
    fi
  fi
 }
@ -206,11 +258,23 @@ _get_root() {
  i=2
  p=1
  _inwx_login
  xml_content='<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>nameserver.list</methodName>
  <params>
   <param>
    <value>
     <struct>
      <member>
       <name>pagelimit</name>
       <value>
        <int>9999</int>
       </value>
      </member>
     </struct>
    </value>
   </param>
  </params>
  </methodCall>'
  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
--- a/dnsapi/dns_joker.sh
+++ b/dnsapi/dns_joker.sh
@ -0,0 +1,129 @@
 #!/usr/bin/env sh
 # Joker.com API for acme.sh
 #
 # This script adds the necessary TXT record to a domain in Joker.com.
 #
 # You must activate Dynamic DNS in Joker.com DNS configuration first.
 # Username and password below refer to Dynamic DNS authentication,
 # not your Joker.com login credentials.
 # See: https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html
 #
 # NOTE: This script does not support wildcard certificates, because
 # Joker.com API does not support adding two TXT records with the same
 # subdomain. Adding the second record will overwrite the first one.
 # See: https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html
 #   "... this request will replace all TXT records for the specified
 #    label by the provided content"
 #
 # Author: aattww (https://github.com/aattww/)
 #
 # Report bugs to https://github.com/acmesh-official/acme.sh/issues/2840
 #
 # JOKER_USERNAME="xxxx"
 # JOKER_PASSWORD="xxxx"
 JOKER_API="https://svc.joker.com/nic/replace"
 ########  Public functions #####################
 #Usage: dns_joker_add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_joker_add() {
  fulldomain=$1
  txtvalue=$2
  JOKER_USERNAME="${JOKER_USERNAME:-$(_readaccountconf_mutable JOKER_USERNAME)}"
  JOKER_PASSWORD="${JOKER_PASSWORD:-$(_readaccountconf_mutable JOKER_PASSWORD)}"
  if [ -z "$JOKER_USERNAME" ] || [ -z "$JOKER_PASSWORD" ]; then
    _err "No Joker.com username and password specified."
    return 1
  fi
  _saveaccountconf_mutable JOKER_USERNAME "$JOKER_USERNAME"
  _saveaccountconf_mutable JOKER_PASSWORD "$JOKER_PASSWORD"
  if ! _get_root "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi
  _info "Adding TXT record"
  if _joker_rest "username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$_domain&label=$_sub_domain&type=TXT&value=$txtvalue"; then
    if _startswith "$response" "OK"; then
      _info "Added, OK"
      return 0
    fi
  fi
  _err "Error adding TXT record."
  return 1
 }
 #fulldomain txtvalue
 dns_joker_rm() {
  fulldomain=$1
  txtvalue=$2
  JOKER_USERNAME="${JOKER_USERNAME:-$(_readaccountconf_mutable JOKER_USERNAME)}"
  JOKER_PASSWORD="${JOKER_PASSWORD:-$(_readaccountconf_mutable JOKER_PASSWORD)}"
  if ! _get_root "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi
  _info "Removing TXT record"
  # TXT record is removed by setting its value to empty.
  if _joker_rest "username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$_domain&label=$_sub_domain&type=TXT&value="; then
    if _startswith "$response" "OK"; then
      _info "Removed, OK"
      return 0
    fi
  fi
  _err "Error removing TXT record."
  return 1
 }
 ####################  Private functions below ##################################
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 _get_root() {
  fulldomain=$1
  i=1
  while true; do
    h=$(printf "%s" "$fulldomain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      return 1
    fi
    # Try to remove a test record. With correct root domain, username and password this will return "OK: ..." regardless
    # of record in question existing or not.
    if _joker_rest "username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$h&label=jokerTXTUpdateTest&type=TXT&value="; then
      if _startswith "$response" "OK"; then
        _sub_domain="$(echo "$fulldomain" | sed "s/\\.$h\$//")"
        _domain=$h
        return 0
      fi
    fi
    i=$(_math "$i" + 1)
  done
  _debug "Root domain not found"
  return 1
 }
 _joker_rest() {
  data="$1"
  _debug data "$data"
  if ! response="$(_post "$data" "$JOKER_API" "" "POST")"; then
    _err "Error POSTing"
    return 1
  fi
  _debug response "$response"
  return 0
 }
--- a/dnsapi/dns_kappernet.sh
+++ b/dnsapi/dns_kappernet.sh
@ -0,0 +1,150 @@
 #!/usr/bin/env sh
 # kapper.net domain api
 # for further questions please contact: support@kapper.net
 # please report issues here: https://github.com/acmesh-official/acme.sh/issues/2977
 #KAPPERNETDNS_Key="yourKAPPERNETapikey"
 #KAPPERNETDNS_Secret="yourKAPPERNETapisecret"
 KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
 ###############################################################################
 # called with
 # fullhostname: something.example.com
 # txtvalue:     someacmegenerated string
 dns_kappernet_add() {
  fullhostname=$1
  txtvalue=$2
  KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
  KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
  if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
    KAPPERNETDNS_Key=""
    KAPPERNETDNS_Secret=""
    _err "Please specify your kapper.net api key and secret."
    _err "If you have not received yours - send your mail to"
    _err "support@kapper.net to get  your key and secret."
    return 1
  fi
  #store the api key and email to the account conf file.
  _saveaccountconf_mutable KAPPERNETDNS_Key "$KAPPERNETDNS_Key"
  _saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret"
  _debug "Checking Domain ..."
  if ! _get_root "$fullhostname"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "SUBDOMAIN: $_sub_domain"
  _debug _domain "DOMAIN: $_domain"
  _info "Trying to add TXT DNS Record"
  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
  if _kappernet_api GET "action=new&subject=$_domain&data=$data"; then
    if _contains "$response" "{\"OK\":true"; then
      _info "Waiting 120 seconds for DNS to spread the new record"
      _sleep 120
      return 0
    else
      _err "Error creating a TXT DNS Record: $fullhostname TXT $txtvalue"
      _err "Error Message: $response"
      return 1
    fi
  fi
  _err "Failed creating TXT Record"
 }
 ###############################################################################
 # called with
 # fullhostname: something.example.com
 dns_kappernet_rm() {
  fullhostname=$1
  txtvalue=$2
  KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
  KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
  if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
    KAPPERNETDNS_Key=""
    KAPPERNETDNS_Secret=""
    _err "Please specify your kapper.net api key and secret."
    _err "If you have not received yours - send your mail to"
    _err "support@kapper.net to get  your key and secret."
    return 1
  fi
  #store the api key and email to the account conf file.
  _saveaccountconf_mutable KAPPERNETDNS_Key "$KAPPERNETDNS_Key"
  _saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret"
  _info "Trying to remove the TXT Record: $fullhostname containing $txtvalue"
  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
  if _kappernet_api GET "action=del&subject=$fullhostname&data=$data"; then
    if _contains "$response" "{\"OK\":true"; then
      return 0
    else
      _err "Error deleting DNS Record: $fullhostname containing $txtvalue"
      _err "Problem: $response"
      return 1
    fi
  fi
  _err "Problem deleting TXT DNS record"
 }
 ####################  Private functions below ##################################
 # called with hostname
 # e.g._acme-challenge.www.domain.com returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 _get_root() {
  domain=$1
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if ! _kappernet_api GET "action=list&subject=$h"; then
      return 1
    fi
    if _contains "$response" '"OK":false'; then
      _debug "$h not found"
    else
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      return 0
    fi
    p="$i"
    i=$(_math "$i" + 1)
  done
  return 1
 }
 ################################################################################
 # calls the kapper.net DNS Panel API
 # with
 # method
 # param
 _kappernet_api() {
  method=$1
  param="$2"
  _debug param "PARAMETER=$param"
  url="$KAPPERNETDNS_Api&$param"
  _debug url "URL=$url"
  if [ "$method" = "GET" ]; then
    response="$(_get "$url")"
  else
    _err "Unsupported method"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_kinghost.sh
+++ b/dnsapi/dns_kinghost.sh
@ -37,7 +37,7 @@ dns_kinghost_add() {
  _debug "Getting txt records"
  _kinghost_rest GET "dns" "name=$fulldomain&content=$txtvalue"
  #This API call returns "status":"ok" if dns record does not exists
  #This API call returns "status":"ok" if dns record does not exist
  #We are creating a new txt record here, so we expect the "ok" status
  if ! echo "$response" | grep '"status":"ok"' >/dev/null; then
    _err "Error"
--- a/dnsapi/dns_lexicon.sh
+++ b/dnsapi/dns_lexicon.sh
@ -92,7 +92,7 @@ dns_lexicon_add() {
  _savedomainconf LEXICON_OPTS "$LEXICON_OPTS"
  # shellcheck disable=SC2086
  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS create "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}"
  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS create "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}" --output QUIET
 }
@ -108,6 +108,6 @@ dns_lexicon_rm() {
  domain=$(printf "%s" "$fulldomain" | cut -d . -f 2-999)
  # shellcheck disable=SC2086
  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS delete "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}"
  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS delete "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}" --output QUIET
 }
--- a/dnsapi/dns_loopia.sh
+++ b/dnsapi/dns_loopia.sh
@ -217,7 +217,7 @@ _loopia_add_record() {
          </member>
          <member>
            <name>ttl</name>
            <value><int>60</int></value>
            <value><int>300</int></value>
          </member>
          <member>
            <name>rdata</name>
--- a/dnsapi/dns_me.sh
+++ b/dnsapi/dns_me.sh
@ -114,7 +114,7 @@ _get_root() {
    fi
    if _contains "$response" "\"name\":\"$h\""; then
      _domain_id=$(printf "%s\n" "$response" | cut -c 2- | head -c -2 | sed 's/{.*}//' | sed -r 's/^.*"id":([0-9]+).*$/\1/')
      _domain_id=$(printf "%s\n" "$response" | sed 's/^{//; s/}$//; s/{.*}//' | sed -r 's/^.*"id":([0-9]+).*$/\1/')
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain="$h"
--- a/dnsapi/dns_misaka.sh
+++ b/dnsapi/dns_misaka.sh
@ -47,7 +47,7 @@ dns_misaka_add() {
  if [ "$count" = "0" ]; then
    _info "Adding record"
    if _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then
    if _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then
      _debug response "$response"
      if _contains "$response" "$_sub_domain"; then
        _info "Added"
@ -61,7 +61,7 @@ dns_misaka_add() {
  else
    _info "Updating record"
    _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}"
    _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}"
    if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then
      _info "Updated!"
      #todo: check if the record takes effect
--- a/dnsapi/dns_netlify.sh
+++ b/dnsapi/dns_netlify.sh
@ -0,0 +1,162 @@
 #!/usr/bin/env sh
 #NETLIFY_ACCESS_TOKEN="xxxx"
 NETLIFY_HOST="api.netlify.com/api/v1/"
 NETLIFY_URL="https://$NETLIFY_HOST"
 ########  Public functions #####################
 #Usage: dns_myapi_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_netlify_add() {
  fulldomain=$1
  txtvalue=$2
  NETLIFY_ACCESS_TOKEN="${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}"
  if [ -z "$NETLIFY_ACCESS_TOKEN" ]; then
    NETLIFY_ACCESS_TOKEN=""
    _err "Please specify your Netlify Access Token and try again."
    return 1
  fi
  _info "Using Netlify"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
  if ! _get_root "$fulldomain" "$accesstoken"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  dnsRecordURI="dns_zones/$_domain_id/dns_records"
  body="{\"type\":\"TXT\", \"hostname\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"ttl\":\"10\"}"
  _netlify_rest POST "$dnsRecordURI" "$body" "$NETLIFY_ACCESS_TOKEN"
  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
    _info "validation value added"
    return 0
  else
    _err "error adding validation value ($_code)"
    return 1
  fi
  _err "Not fully implemented!"
  return 1
 }
 #Usage: dns_myapi_rm   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 #Remove the txt record after validation.
 dns_netlify_rm() {
  _info "Using Netlify"
  txtdomain="$1"
  txt="$2"
  _debug txtdomain "$txtdomain"
  _debug txt "$txt"
  _saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
  if ! _get_root "$txtdomain" "$accesstoken"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  dnsRecordURI="dns_zones/$_domain_id/dns_records"
  _netlify_rest GET "$dnsRecordURI" "" "$NETLIFY_ACCESS_TOKEN"
  _record_id=$(echo "$response" | _egrep_o "\"type\":\"TXT\",[^\}]*\"value\":\"$txt\"" | head -n 1 | _egrep_o "\"id\":\"[^\"\}]*\"" | cut -d : -f 2 | tr -d \")
  _debug _record_id "$_record_id"
  if [ "$_record_id" ]; then
    _netlify_rest DELETE "$dnsRecordURI/$_record_id" "" "$NETLIFY_ACCESS_TOKEN"
    _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
    if [ "$_code" = "200" ] || [ "$_code" = '204' ]; then
      _info "validation value removed"
      return 0
    else
      _err "error removing validation value ($_code)"
      return 1
    fi
    return 0
  fi
  return 1
 }
 ####################  Private functions below ##################################
 _get_root() {
  domain=$1
  accesstoken=$2
  i=1
  p=1
  _netlify_rest GET "dns_zones" "" "$accesstoken"
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug2 "Checking domain: $h"
    if [ -z "$h" ]; then
      #not valid
      _err "Invalid domain"
      return 1
    fi
    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
      _domain_id=$(echo "$response" | _egrep_o "\"[^\"]*\",\"name\":\"$h" | cut -d , -f 1 | tr -d \")
      if [ "$_domain_id" ]; then
        if [ "$i" = 1 ]; then
          #create the record at the domain apex (@) if only the domain name was provided as --domain-alias
          _sub_domain="@"
        else
          _sub_domain=$(echo "$domain" | cut -d . -f 1-$p)
        fi
        _domain=$h
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 _netlify_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"
  token_trimmed=$(echo "$NETLIFY_ACCESS_TOKEN" | tr -d '"')
  export _H1="Content-Type: application/json"
  export _H2="Authorization: Bearer $token_trimmed"
  : >"$HTTP_HEADER"
  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$NETLIFY_URL$ep" "" "$m")"
  else
    response="$(_get "$NETLIFY_URL$ep")"
  fi
  if [ "$?" != "0" ]; then
    _err "error $ep"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_nic.sh
+++ b/dnsapi/dns_nic.sh
@ -166,7 +166,7 @@ _get_root() {
    if _contains "$_all_domains" "^$h$"; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain=$h
      _service=$(printf "%s" "$response" | grep "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
      _service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
      return 0
    fi
    p="$i"
--- a/dnsapi/dns_njalla.sh
+++ b/dnsapi/dns_njalla.sh
@ -0,0 +1,168 @@
 #!/usr/bin/env sh
 #
 #NJALLA_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
 NJALLA_Api="https://njal.la/api/1/"
 ########  Public functions #####################
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_njalla_add() {
  fulldomain=$1
  txtvalue=$2
  NJALLA_Token="${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}"
  if [ "$NJALLA_Token" ]; then
    _saveaccountconf_mutable NJALLA_Token "$NJALLA_Token"
  else
    NJALLA_Token=""
    _err "You didn't specify a Njalla api token yet."
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
  # we can not use updating anymore.
  #  count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  #  _debug count "$count"
  #  if [ "$count" = "0" ]; then
  _info "Adding record"
  if _njalla_rest "{\"method\":\"add-record\",\"params\":{\"domain\":\"$_domain\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}}"; then
    if _contains "$response" "$txtvalue"; then
      _info "Added, OK"
      return 0
    else
      _err "Add txt record error."
      return 1
    fi
  fi
  _err "Add txt record error."
  return 1
 }
 #fulldomain txtvalue
 dns_njalla_rm() {
  fulldomain=$1
  txtvalue=$2
  NJALLA_Token="${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}"
  if [ "$NJALLA_Token" ]; then
    _saveaccountconf_mutable NJALLA_Token "$NJALLA_Token"
  else
    NJALLA_Token=""
    _err "You didn't specify a Njalla api token yet."
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Getting records for domain"
  if ! _njalla_rest "{\"method\":\"list-records\",\"params\":{\"domain\":\"${_domain}\"}}"; then
    return 1
  fi
  if ! echo "$response" | tr -d " " | grep "\"id\":" >/dev/null; then
    _err "Error: $response"
    return 1
  fi
  records=$(echo "$response" | _egrep_o "\"records\":\s?\[(.*)\]\}" | _egrep_o "\[.*\]" | _egrep_o "\{[^\{\}]*\"id\":[^\{\}]*\}")
  count=$(echo "$records" | wc -l)
  _debug count "$count"
  if [ "$count" = "0" ]; then
    _info "Don't need to remove."
  else
    echo "$records" | while read -r record; do
      record_name=$(echo "$record" | _egrep_o "\"name\":\s?\"[^\"]*\"" | cut -d : -f 2 | tr -d " " | tr -d \")
      record_content=$(echo "$record" | _egrep_o "\"content\":\s?\"[^\"]*\"" | cut -d : -f 2 | tr -d " " | tr -d \")
      record_id=$(echo "$record" | _egrep_o "\"id\":\s?[0-9]+" | cut -d : -f 2 | tr -d " " | tr -d \")
      if [ "$_sub_domain" = "$record_name" ]; then
        if [ "$txtvalue" = "$record_content" ]; then
          _debug "record_id" "$record_id"
          if ! _njalla_rest "{\"method\":\"remove-record\",\"params\":{\"domain\":\"${_domain}\",\"id\":${record_id}}}"; then
            _err "Delete record error."
            return 1
          fi
          echo "$response" | tr -d " " | grep "\"result\"" >/dev/null
        fi
      fi
    done
  fi
 }
 ####################  Private functions below ##################################
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 # _domain_id=sdjkglgdfewsdfg
 _get_root() {
  domain=$1
  i=1
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if ! _njalla_rest "{\"method\":\"get-domain\",\"params\":{\"domain\":\"${h}\"}}"; then
      return 1
    fi
    if _contains "$response" "\"$h\""; then
      _domain_returned=$(echo "$response" | _egrep_o "\{\"name\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
      if [ "$_domain_returned" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 _njalla_rest() {
  data="$1"
  token_trimmed=$(echo "$NJALLA_Token" | tr -d '"')
  export _H1="Content-Type: application/json"
  export _H2="Accept: application/json"
  export _H3="Authorization: Njalla $token_trimmed"
  _debug data "$data"
  response="$(_post "$data" "$NJALLA_Api" "" "POST")"
  if [ "$?" != "0" ]; then
    _err "error $data"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_nm.sh
+++ b/dnsapi/dns_nm.sh
@ -0,0 +1,88 @@
 #!/usr/bin/env sh
 ########################################################################
 # https://namemaster.de hook script for acme.sh
 #
 # Environment variables:
 #
 #  - $NM_user      (your namemaster.de API username)
 #  - $NM_sha256       (your namemaster.de API password_as_sha256hash)
 #
 # Author: Thilo Gass <thilo.gass@gmail.com>
 # Git repo: https://github.com/ThiloGa/acme.sh
 #-- dns_nm_add() - Add TXT record --------------------------------------
 # Usage: dns_nm_add _acme-challenge.subdomain.domain.com "XyZ123..."
 namemaster_api="https://namemaster.de/api/api.php"
 dns_nm_add() {
  fulldomain=$1
  txt_value=$2
  _info "Using DNS-01 namemaster hook"
  NM_user="${NM_user:-$(_readaccountconf_mutable NM_user)}"
  NM_sha256="${NM_sha256:-$(_readaccountconf_mutable NM_sha256)}"
  if [ -z "$NM_user" ] || [ -z "$NM_sha256" ]; then
    NM_user=""
    NM_sha256=""
    _err "No auth details provided. Please set user credentials using the \$NM_user and \$NM_sha256 environment variables."
    return 1
  fi
  #save the api user and sha256 password to the account conf file.
  _debug "Save user and hash"
  _saveaccountconf_mutable NM_user "$NM_user"
  _saveaccountconf_mutable NM_sha256 "$NM_sha256"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain" "$fulldomain"
    return 1
  fi
  _info "die Zone lautet:" "$zone"
  get="$namemaster_api?User=$NM_user&Password=$NM_sha256&Antwort=csv&Typ=ACME&zone=$zone&hostname=$fulldomain&TXT=$txt_value&Action=Auto&Lifetime=3600"
  if ! erg="$(_get "$get")"; then
    _err "error Adding $fulldomain TXT: $txt_value"
    return 1
  fi
  if _contains "$erg" "Success"; then
    _info "Success, TXT Added, OK"
  else
    _err "error Adding $fulldomain TXT: $txt_value erg: $erg"
    return 1
  fi
  _debug "ok Auto $fulldomain TXT: $txt_value erg: $erg"
  return 0
 }
 dns_nm_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "TXT enrty in $fulldomain is deleted automatically"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
 }
 _get_root() {
  domain=$1
  get="$namemaster_api?User=$NM_user&Password=$NM_sha256&Typ=acme&hostname=$domain&Action=getzone&antwort=csv"
  if ! zone="$(_get "$get")"; then
    _err "error getting Zone"
    return 1
  else
    if _contains "$zone" "hostname not found"; then
      return 1
    fi
  fi
 }
--- a/dnsapi/dns_one.sh
+++ b/dnsapi/dns_one.sh
@ -5,7 +5,10 @@
 # Author: github: @diseq
 # Created: 2019-02-17
 # Fixed by: @der-berni
 # Modified: 2019-05-31
 # Modified: 2020-04-07
 #
 #     Use ONECOM_KeepCnameProxy to keep the CNAME DNS record
 #     export ONECOM_KeepCnameProxy="1"
 #
 #     export ONECOM_User="username"
 #     export ONECOM_Password="password"
@ -30,32 +33,45 @@ dns_one_add() {
    return 1
  fi
  mysubdomain=$_sub_domain
  mydomain=$_domain
  _debug mysubdomain "$mysubdomain"
  _debug mydomain "$mydomain"
  subdomain="${_sub_domain}"
  maindomain=${_domain}
  # get entries
  response="$(_get "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records")"
  _debug response "$response"
  useProxy=0
  if [ "${_sub_domain}" = "_acme-challenge" ]; then
    subdomain="proxy${_sub_domain}"
    useProxy=1
  fi
  # Update the IP address for domain entry
  postdata="{\"type\":\"dns_custom_records\",\"attributes\":{\"priority\":0,\"ttl\":600,\"type\":\"TXT\",\"prefix\":\"$mysubdomain\",\"content\":\"$txtvalue\"}}"
  _debug postdata "$postdata"
  response="$(_post "$postdata" "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records" "" "POST" "application/json")"
  response="$(echo "$response" | _normalizeJson)"
  _debug response "$response"
  _debug subdomain "$subdomain"
  _debug maindomain "$maindomain"
  if [ $useProxy -eq 1 ]; then
    #Check if the CNAME exists
    _dns_one_getrecord "CNAME" "$_sub_domain" "$subdomain.$maindomain"
    if [ -z "$id" ]; then
      _info "$(__red "Add CNAME Proxy record: '$(__green "\"$_sub_domain\" => \"$subdomain.$maindomain\"")'")"
      _dns_one_addrecord "CNAME" "$_sub_domain" "$subdomain.$maindomain"
      _info "Not valid yet, let's wait 1 hour to take effect."
      _sleep 3600
    fi
  fi
  id=$(echo "$response" | sed -n "s/{\"result\":{\"data\":{\"type\":\"dns_custom_records\",\"id\":\"\([^\"]*\)\",\"attributes\":{\"prefix\":\"$mysubdomain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"priority\":0,\"ttl\":600}}},\"metadata\":null}/\1/p")
  #Check if the TXT exists
  _dns_one_getrecord "TXT" "$subdomain" "$txtvalue"
  if [ -n "$id" ]; then
    _info "$(__green "Txt record with the same value found. Skip adding.")"
    return 0
  fi
  _dns_one_addrecord "TXT" "$subdomain" "$txtvalue"
  if [ -z "$id" ]; then
    _err "Add txt record error."
    _err "Add TXT record error."
    return 1
  else
    _info "Added, OK ($id)"
    _info "$(__green "Added, OK ($id)")"
    return 0
  fi
 }
 dns_one_rm() {
@ -73,36 +89,45 @@ dns_one_rm() {
    return 1
  fi
  mysubdomain=$_sub_domain
  mydomain=$_domain
  _debug mysubdomain "$mysubdomain"
  _debug mydomain "$mydomain"
  subdomain="${_sub_domain}"
  maindomain=${_domain}
  # get entries
  response="$(_get "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records")"
  response="$(echo "$response" | _normalizeJson)"
  _debug response "$response"
  useProxy=0
  if [ "${_sub_domain}" = "_acme-challenge" ]; then
    subdomain="proxy${_sub_domain}"
    useProxy=1
  fi
  id=$(printf -- "%s" "$response" | sed -n "s/.*{\"type\":\"dns_custom_records\",\"id\":\"\([^\"]*\)\",\"attributes\":{\"prefix\":\"$mysubdomain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"priority\":0,\"ttl\":600}.*/\1/p")
  _debug subdomain "$subdomain"
  _debug maindomain "$maindomain"
  if [ $useProxy -eq 1 ]; then
    if [ "$ONECOM_KeepCnameProxy" = "1" ]; then
      _info "$(__red "Keeping CNAME Proxy record: '$(__green "\"$_sub_domain\" => \"$subdomain.$maindomain\"")'")"
    else
      #Check if the CNAME exists
      _dns_one_getrecord "CNAME" "$_sub_domain" "$subdomain.$maindomain"
      if [ -n "$id" ]; then
        _info "$(__red "Removing CNAME Proxy record: '$(__green "\"$_sub_domain\" => \"$subdomain.$maindomain\"")'")"
        _dns_one_delrecord "$id"
      fi
    fi
  fi
  #Check if the TXT exists
  _dns_one_getrecord "TXT" "$subdomain" "$txtvalue"
  if [ -z "$id" ]; then
    _err "Txt record not found."
    return 1
  fi
  # delete entry
  response="$(_post "$postdata" "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records/$id" "" "DELETE" "application/json")"
  response="$(echo "$response" | _normalizeJson)"
  _debug response "$response"
  if [ "$response" = '{"result":null,"metadata":null}' ]; then
    _info "Removed, OK"
  if _dns_one_delrecord "$id"; then
    _info "$(__green Removed, OK)"
    return 0
  else
    _err "Removing txt record error."
    return 1
  fi
 }
 #_acme-challenge.www.domain.com
@ -138,6 +163,8 @@ _get_root() {
 _dns_one_login() {
  # get credentials
  ONECOM_KeepCnameProxy="${ONECOM_KeepCnameProxy:-$(_readaccountconf_mutable ONECOM_KeepCnameProxy)}"
  ONECOM_KeepCnameProxy="${ONECOM_KeepCnameProxy:-0}"
  ONECOM_User="${ONECOM_User:-$(_readaccountconf_mutable ONECOM_User)}"
  ONECOM_Password="${ONECOM_Password:-$(_readaccountconf_mutable ONECOM_Password)}"
  if [ -z "$ONECOM_User" ] || [ -z "$ONECOM_Password" ]; then
@ -149,6 +176,7 @@ _dns_one_login() {
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable ONECOM_KeepCnameProxy "$ONECOM_KeepCnameProxy"
  _saveaccountconf_mutable ONECOM_User "$ONECOM_User"
  _saveaccountconf_mutable ONECOM_Password "$ONECOM_Password"
@ -177,3 +205,75 @@ _dns_one_login() {
  return 0
 }
 _dns_one_getrecord() {
  type="$1"
  name="$2"
  value="$3"
  if [ -z "$type" ]; then
    type="TXT"
  fi
  if [ -z "$name" ]; then
    _err "Record name is empty."
    return 1
  fi
  response="$(_get "https://www.one.com/admin/api/domains/$maindomain/dns/custom_records")"
  response="$(echo "$response" | _normalizeJson)"
  _debug response "$response"
  if [ -z "${value}" ]; then
    id=$(printf -- "%s" "$response" | sed -n "s/.*{\"type\":\"dns_custom_records\",\"id\":\"\([^\"]*\)\",\"attributes\":{\"prefix\":\"${name}\",\"type\":\"${type}\",\"content\":\"[^\"]*\",\"priority\":0,\"ttl\":600}.*/\1/p")
    response=$(printf -- "%s" "$response" | sed -n "s/.*{\"type\":\"dns_custom_records\",\"id\":\"[^\"]*\",\"attributes\":{\"prefix\":\"${name}\",\"type\":\"${type}\",\"content\":\"\([^\"]*\)\",\"priority\":0,\"ttl\":600}.*/\1/p")
  else
    id=$(printf -- "%s" "$response" | sed -n "s/.*{\"type\":\"dns_custom_records\",\"id\":\"\([^\"]*\)\",\"attributes\":{\"prefix\":\"${name}\",\"type\":\"${type}\",\"content\":\"${value}\",\"priority\":0,\"ttl\":600}.*/\1/p")
  fi
  if [ -z "$id" ]; then
    return 1
  fi
  return 0
 }
 _dns_one_addrecord() {
  type="$1"
  name="$2"
  value="$3"
  if [ -z "$type" ]; then
    type="TXT"
  fi
  if [ -z "$name" ]; then
    _err "Record name is empty."
    return 1
  fi
  postdata="{\"type\":\"dns_custom_records\",\"attributes\":{\"priority\":0,\"ttl\":600,\"type\":\"${type}\",\"prefix\":\"${name}\",\"content\":\"${value}\"}}"
  _debug postdata "$postdata"
  response="$(_post "$postdata" "https://www.one.com/admin/api/domains/$maindomain/dns/custom_records" "" "POST" "application/json")"
  response="$(echo "$response" | _normalizeJson)"
  _debug response "$response"
  id=$(echo "$response" | sed -n "s/{\"result\":{\"data\":{\"type\":\"dns_custom_records\",\"id\":\"\([^\"]*\)\",\"attributes\":{\"prefix\":\"$subdomain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"priority\":0,\"ttl\":600}}},\"metadata\":null}/\1/p")
  if [ -z "$id" ]; then
    return 1
  else
    return 0
  fi
 }
 _dns_one_delrecord() {
  id="$1"
  if [ -z "$id" ]; then
    return 1
  fi
  response="$(_post "" "https://www.one.com/admin/api/domains/$maindomain/dns/custom_records/$id" "" "DELETE" "application/json")"
  response="$(echo "$response" | _normalizeJson)"
  _debug response "$response"
  if [ "$response" = '{"result":null,"metadata":null}' ]; then
    return 0
  else
    return 1
  fi
 }
--- a/dnsapi/dns_openprovider.sh
+++ b/dnsapi/dns_openprovider.sh
@ -59,16 +59,17 @@ dns_openprovider_add() {
        break
      fi
      items="$(echo "$items" | sed "s|${item}||")"
      tmpitem="$(echo "$item" | sed 's/\*/\\*/g')"
      items="$(echo "$items" | sed "s|${tmpitem}||")"
      results_retrieved="$(_math "$results_retrieved" + 1)"
      new_item="$(echo "$item" | sed -n 's/.*<item>.*\(<name>\(.*\)\.'"$_domain_name"'\.'"$_domain_extension"'<\/name>.*\(<type>.*<\/type>\).*\(<value>.*<\/value>\).*\(<prio>.*<\/prio>\).*\(<ttl>.*<\/ttl>\)\).*<\/item>.*/<item><name>\2<\/name>\3\4\5\6<\/item>/p')"
      if [ -z "$new_item" ]; then
        # Base record
        # Domain apex
        new_item="$(echo "$item" | sed -n 's/.*<item>.*\(<name>\(.*\)'"$_domain_name"'\.'"$_domain_extension"'<\/name>.*\(<type>.*<\/type>\).*\(<value>.*<\/value>\).*\(<prio>.*<\/prio>\).*\(<ttl>.*<\/ttl>\)\).*<\/item>.*/<item><name>\2<\/name>\3\4\5\6<\/item>/p')"
      fi
      if [ -z "$(echo "$new_item" | _egrep_o ".*<type>(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA)<\/type>.*")" ]; then
      if [ -z "$(echo "$new_item" | _egrep_o ".*<type>(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA|NS)<\/type>.*")" ]; then
        _debug "not an allowed record type, skipping" "$new_item"
        continue
      fi
@ -86,7 +87,7 @@ dns_openprovider_add() {
  _debug "Creating acme record"
  acme_record="$(echo "$fulldomain" | sed -e "s/.$_domain_name.$_domain_extension$//")"
  _openprovider_request "$(printf '<modifyZoneDnsRequest><domain><name>%s</name><extension>%s</extension></domain><type>master</type><records><array>%s<item><name>%s</name><type>TXT</type><value>%s</value><ttl>86400</ttl></item></array></records></modifyZoneDnsRequest>' "$_domain_name" "$_domain_extension" "$existing_items" "$acme_record" "$txtvalue")"
  _openprovider_request "$(printf '<modifyZoneDnsRequest><domain><name>%s</name><extension>%s</extension></domain><type>master</type><records><array>%s<item><name>%s</name><type>TXT</type><value>%s</value><ttl>600</ttl></item></array></records></modifyZoneDnsRequest>' "$_domain_name" "$_domain_extension" "$existing_items" "$acme_record" "$txtvalue")"
  return 0
 }
@ -136,7 +137,8 @@ dns_openprovider_rm() {
        break
      fi
      items="$(echo "$items" | sed "s|${item}||")"
      tmpitem="$(echo "$item" | sed 's/\*/\\*/g')"
      items="$(echo "$items" | sed "s|${tmpitem}||")"
      results_retrieved="$(_math "$results_retrieved" + 1)"
      if ! echo "$item" | grep -v "$fulldomain"; then
@ -147,11 +149,11 @@ dns_openprovider_rm() {
      new_item="$(echo "$item" | sed -n 's/.*<item>.*\(<name>\(.*\)\.'"$_domain_name"'\.'"$_domain_extension"'<\/name>.*\(<type>.*<\/type>\).*\(<value>.*<\/value>\).*\(<prio>.*<\/prio>\).*\(<ttl>.*<\/ttl>\)\).*<\/item>.*/<item><name>\2<\/name>\3\4\5\6<\/item>/p')"
      if [ -z "$new_item" ]; then
        # Base record
        # domain apex
        new_item="$(echo "$item" | sed -n 's/.*<item>.*\(<name>\(.*\)'"$_domain_name"'\.'"$_domain_extension"'<\/name>.*\(<type>.*<\/type>\).*\(<value>.*<\/value>\).*\(<prio>.*<\/prio>\).*\(<ttl>.*<\/ttl>\)\).*<\/item>.*/<item><name>\2<\/name>\3\4\5\6<\/item>/p')"
      fi
      if [ -z "$(echo "$new_item" | _egrep_o ".*<type>(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA)<\/type>.*")" ]; then
      if [ -z "$(echo "$new_item" | _egrep_o ".*<type>(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA|NS)<\/type>.*")" ]; then
        _debug "not an allowed record type, skipping" "$new_item"
        continue
      fi
@ -205,7 +207,8 @@ _get_root() {
        break
      fi
      items="$(echo "$items" | sed "s|${item}||")"
      tmpitem="$(echo "$item" | sed 's/\*/\\*/g')"
      items="$(echo "$items" | sed "s|${tmpitem}||")"
      results_retrieved="$(_math "$results_retrieved" + 1)"
--- a/dnsapi/dns_openstack.sh
+++ b/dnsapi/dns_openstack.sh
@ -0,0 +1,348 @@
 #!/usr/bin/env sh
 # OpenStack Designate API plugin
 #
 # This requires you to have OpenStackClient and python-desginateclient
 # installed.
 #
 # You will require Keystone V3 credentials loaded into your environment, which
 # could be either password or v3applicationcredential type.
 #
 # Author: Andy Botting <andy@andybotting.com>
 ########  Public functions #####################
 # Usage: dns_openstack_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_openstack_add() {
  fulldomain=$1
  txtvalue=$2
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _dns_openstack_credentials || return $?
  _dns_openstack_check_setup || return $?
  _dns_openstack_find_zone || return $?
  _dns_openstack_get_recordset || return $?
  _debug _recordset_id "$_recordset_id"
  if [ -n "$_recordset_id" ]; then
    _dns_openstack_get_records || return $?
    _debug _records "$_records"
  fi
  _dns_openstack_create_recordset || return $?
 }
 # Usage: dns_openstack_rm   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Remove the txt record after validation.
 dns_openstack_rm() {
  fulldomain=$1
  txtvalue=$2
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _dns_openstack_credentials || return $?
  _dns_openstack_check_setup || return $?
  _dns_openstack_find_zone || return $?
  _dns_openstack_get_recordset || return $?
  _debug _recordset_id "$_recordset_id"
  if [ -n "$_recordset_id" ]; then
    _dns_openstack_get_records || return $?
    _debug _records "$_records"
  fi
  _dns_openstack_delete_recordset || return $?
 }
 ####################  Private functions below ##################################
 _dns_openstack_create_recordset() {
  if [ -z "$_recordset_id" ]; then
    _info "Creating a new recordset"
    if ! _recordset_id=$(openstack recordset create -c id -f value --type TXT --record "$txtvalue" "$_zone_id" "$fulldomain."); then
      _err "No recordset ID found after create"
      return 1
    fi
  else
    _info "Updating existing recordset"
    # Build new list of --record <rec> args for update
    _record_args="--record $txtvalue"
    for _rec in $_records; do
      _record_args="$_record_args --record $_rec"
    done
    # shellcheck disable=SC2086
    if ! _recordset_id=$(openstack recordset set -c id -f value $_record_args "$_zone_id" "$fulldomain."); then
      _err "Recordset update failed"
      return 1
    fi
  fi
  _max_retries=60
  _sleep_sec=5
  _retry_times=0
  while [ "$_retry_times" -lt "$_max_retries" ]; do
    _retry_times=$(_math "$_retry_times" + 1)
    _debug3 _retry_times "$_retry_times"
    _record_status=$(openstack recordset show -c status -f value "$_zone_id" "$_recordset_id")
    _info "Recordset status is $_record_status"
    if [ "$_record_status" = "ACTIVE" ]; then
      return 0
    elif [ "$_record_status" = "ERROR" ]; then
      return 1
    else
      _sleep $_sleep_sec
    fi
  done
  _err "Recordset failed to become ACTIVE"
  return 1
 }
 _dns_openstack_delete_recordset() {
  if [ "$_records" = "$txtvalue" ]; then
    _info "Only one record found, deleting recordset"
    if ! openstack recordset delete "$_zone_id" "$fulldomain." >/dev/null; then
      _err "Failed to delete recordset"
      return 1
    fi
  else
    _info "Found existing records, updating recordset"
    # Build new list of --record <rec> args for update
    _record_args=""
    for _rec in $_records; do
      if [ "$_rec" = "$txtvalue" ]; then
        continue
      fi
      _record_args="$_record_args --record $_rec"
    done
    # shellcheck disable=SC2086
    if ! openstack recordset set -c id -f value $_record_args "$_zone_id" "$fulldomain." >/dev/null; then
      _err "Recordset update failed"
      return 1
    fi
  fi
 }
 _dns_openstack_get_root() {
  # Take the full fqdn and strip away pieces until we get an exact zone name
  # match. For example, _acme-challenge.something.domain.com might need to go
  # into something.domain.com or domain.com
  _zone_name=$1
  _zone_list=$2
  while [ "$_zone_name" != "" ]; do
    _zone_name="$(echo "$_zone_name" | sed 's/[^.]*\.*//')"
    echo "$_zone_list" | while read -r id name; do
      if _startswith "$_zone_name." "$name"; then
        echo "$id"
      fi
    done
  done | _head_n 1
 }
 _dns_openstack_find_zone() {
  if ! _zone_list="$(openstack zone list -c id -c name -f value)"; then
    _err "Can't list zones. Check your OpenStack credentials"
    return 1
  fi
  _debug _zone_list "$_zone_list"
  if ! _zone_id="$(_dns_openstack_get_root "$fulldomain" "$_zone_list")"; then
    _err "Can't find a matching zone. Check your OpenStack credentials"
    return 1
  fi
  _debug _zone_id "$_zone_id"
 }
 _dns_openstack_get_records() {
  if ! _records=$(openstack recordset show -c records -f value "$_zone_id" "$fulldomain."); then
    _err "Failed to get records"
    return 1
  fi
  return 0
 }
 _dns_openstack_get_recordset() {
  if ! _recordset_id=$(openstack recordset list -c id -f value --name "$fulldomain." "$_zone_id"); then
    _err "Failed to get recordset"
    return 1
  fi
  return 0
 }
 _dns_openstack_check_setup() {
  if ! _exists openstack; then
    _err "OpenStack client not found"
    return 1
  fi
 }
 _dns_openstack_credentials() {
  _debug "Check OpenStack credentials"
  # If we have OS_AUTH_URL already set in the environment, then assume we want
  # to use those, otherwise use stored credentials
  if [ -n "$OS_AUTH_URL" ]; then
    _debug "OS_AUTH_URL env var found, using environment"
  else
    _debug "OS_AUTH_URL not found, loading stored credentials"
    OS_AUTH_URL="${OS_AUTH_URL:-$(_readaccountconf_mutable OS_AUTH_URL)}"
    OS_IDENTITY_API_VERSION="${OS_IDENTITY_API_VERSION:-$(_readaccountconf_mutable OS_IDENTITY_API_VERSION)}"
    OS_AUTH_TYPE="${OS_AUTH_TYPE:-$(_readaccountconf_mutable OS_AUTH_TYPE)}"
    OS_APPLICATION_CREDENTIAL_ID="${OS_APPLICATION_CREDENTIAL_ID:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID)}"
    OS_APPLICATION_CREDENTIAL_SECRET="${OS_APPLICATION_CREDENTIAL_SECRET:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET)}"
    OS_USERNAME="${OS_USERNAME:-$(_readaccountconf_mutable OS_USERNAME)}"
    OS_PASSWORD="${OS_PASSWORD:-$(_readaccountconf_mutable OS_PASSWORD)}"
    OS_PROJECT_NAME="${OS_PROJECT_NAME:-$(_readaccountconf_mutable OS_PROJECT_NAME)}"
    OS_PROJECT_ID="${OS_PROJECT_ID:-$(_readaccountconf_mutable OS_PROJECT_ID)}"
    OS_USER_DOMAIN_NAME="${OS_USER_DOMAIN_NAME:-$(_readaccountconf_mutable OS_USER_DOMAIN_NAME)}"
    OS_USER_DOMAIN_ID="${OS_USER_DOMAIN_ID:-$(_readaccountconf_mutable OS_USER_DOMAIN_ID)}"
    OS_PROJECT_DOMAIN_NAME="${OS_PROJECT_DOMAIN_NAME:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_NAME)}"
    OS_PROJECT_DOMAIN_ID="${OS_PROJECT_DOMAIN_ID:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_ID)}"
  fi
  # Check each var and either save or clear it depending on whether its set.
  # The helps us clear out old vars in the case where a user may want
  # to switch between password and app creds
  _debug "OS_AUTH_URL" "$OS_AUTH_URL"
  if [ -n "$OS_AUTH_URL" ]; then
    export OS_AUTH_URL
    _saveaccountconf_mutable OS_AUTH_URL "$OS_AUTH_URL"
  else
    unset OS_AUTH_URL
    _clearaccountconf SAVED_OS_AUTH_URL
  fi
  _debug "OS_IDENTITY_API_VERSION" "$OS_IDENTITY_API_VERSION"
  if [ -n "$OS_IDENTITY_API_VERSION" ]; then
    export OS_IDENTITY_API_VERSION
    _saveaccountconf_mutable OS_IDENTITY_API_VERSION "$OS_IDENTITY_API_VERSION"
  else
    unset OS_IDENTITY_API_VERSION
    _clearaccountconf SAVED_OS_IDENTITY_API_VERSION
  fi
  _debug "OS_AUTH_TYPE" "$OS_AUTH_TYPE"
  if [ -n "$OS_AUTH_TYPE" ]; then
    export OS_AUTH_TYPE
    _saveaccountconf_mutable OS_AUTH_TYPE "$OS_AUTH_TYPE"
  else
    unset OS_AUTH_TYPE
    _clearaccountconf SAVED_OS_AUTH_TYPE
  fi
  _debug "OS_APPLICATION_CREDENTIAL_ID" "$OS_APPLICATION_CREDENTIAL_ID"
  if [ -n "$OS_APPLICATION_CREDENTIAL_ID" ]; then
    export OS_APPLICATION_CREDENTIAL_ID
    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID "$OS_APPLICATION_CREDENTIAL_ID"
  else
    unset OS_APPLICATION_CREDENTIAL_ID
    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_ID
  fi
  _secure_debug "OS_APPLICATION_CREDENTIAL_SECRET" "$OS_APPLICATION_CREDENTIAL_SECRET"
  if [ -n "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
    export OS_APPLICATION_CREDENTIAL_SECRET
    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET "$OS_APPLICATION_CREDENTIAL_SECRET"
  else
    unset OS_APPLICATION_CREDENTIAL_SECRET
    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_SECRET
  fi
  _debug "OS_USERNAME" "$OS_USERNAME"
  if [ -n "$OS_USERNAME" ]; then
    export OS_USERNAME
    _saveaccountconf_mutable OS_USERNAME "$OS_USERNAME"
  else
    unset OS_USERNAME
    _clearaccountconf SAVED_OS_USERNAME
  fi
  _secure_debug "OS_PASSWORD" "$OS_PASSWORD"
  if [ -n "$OS_PASSWORD" ]; then
    export OS_PASSWORD
    _saveaccountconf_mutable OS_PASSWORD "$OS_PASSWORD"
  else
    unset OS_PASSWORD
    _clearaccountconf SAVED_OS_PASSWORD
  fi
  _debug "OS_PROJECT_NAME" "$OS_PROJECT_NAME"
  if [ -n "$OS_PROJECT_NAME" ]; then
    export OS_PROJECT_NAME
    _saveaccountconf_mutable OS_PROJECT_NAME "$OS_PROJECT_NAME"
  else
    unset OS_PROJECT_NAME
    _clearaccountconf SAVED_OS_PROJECT_NAME
  fi
  _debug "OS_PROJECT_ID" "$OS_PROJECT_ID"
  if [ -n "$OS_PROJECT_ID" ]; then
    export OS_PROJECT_ID
    _saveaccountconf_mutable OS_PROJECT_ID "$OS_PROJECT_ID"
  else
    unset OS_PROJECT_ID
    _clearaccountconf SAVED_OS_PROJECT_ID
  fi
  _debug "OS_USER_DOMAIN_NAME" "$OS_USER_DOMAIN_NAME"
  if [ -n "$OS_USER_DOMAIN_NAME" ]; then
    export OS_USER_DOMAIN_NAME
    _saveaccountconf_mutable OS_USER_DOMAIN_NAME "$OS_USER_DOMAIN_NAME"
  else
    unset OS_USER_DOMAIN_NAME
    _clearaccountconf SAVED_OS_USER_DOMAIN_NAME
  fi
  _debug "OS_USER_DOMAIN_ID" "$OS_USER_DOMAIN_ID"
  if [ -n "$OS_USER_DOMAIN_ID" ]; then
    export OS_USER_DOMAIN_ID
    _saveaccountconf_mutable OS_USER_DOMAIN_ID "$OS_USER_DOMAIN_ID"
  else
    unset OS_USER_DOMAIN_ID
    _clearaccountconf SAVED_OS_USER_DOMAIN_ID
  fi
  _debug "OS_PROJECT_DOMAIN_NAME" "$OS_PROJECT_DOMAIN_NAME"
  if [ -n "$OS_PROJECT_DOMAIN_NAME" ]; then
    export OS_PROJECT_DOMAIN_NAME
    _saveaccountconf_mutable OS_PROJECT_DOMAIN_NAME "$OS_PROJECT_DOMAIN_NAME"
  else
    unset OS_PROJECT_DOMAIN_NAME
    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_NAME
  fi
  _debug "OS_PROJECT_DOMAIN_ID" "$OS_PROJECT_DOMAIN_ID"
  if [ -n "$OS_PROJECT_DOMAIN_ID" ]; then
    export OS_PROJECT_DOMAIN_ID
    _saveaccountconf_mutable OS_PROJECT_DOMAIN_ID "$OS_PROJECT_DOMAIN_ID"
  else
    unset OS_PROJECT_DOMAIN_ID
    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_ID
  fi
  if [ "$OS_AUTH_TYPE" = "v3applicationcredential" ]; then
    # Application Credential auth
    if [ -z "$OS_APPLICATION_CREDENTIAL_ID" ] || [ -z "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
      _err "When using OpenStack application credentials, OS_APPLICATION_CREDENTIAL_ID"
      _err "and OS_APPLICATION_CREDENTIAL_SECRET must be set."
      _err "Please check your credentials and try again."
      return 1
    fi
  else
    # Password auth
    if [ -z "$OS_USERNAME" ] || [ -z "$OS_PASSWORD" ]; then
      _err "OpenStack username or password not found."
      _err "Please check your credentials and try again."
      return 1
    fi
    if [ -z "$OS_PROJECT_NAME" ] && [ -z "$OS_PROJECT_ID" ]; then
      _err "When using password authentication, OS_PROJECT_NAME or"
      _err "OS_PROJECT_ID must be set."
      _err "Please check your credentials and try again."
      return 1
    fi
  fi
  return 0
 }
--- a/dnsapi/dns_opnsense.sh
+++ b/dnsapi/dns_opnsense.sh
@ -150,7 +150,7 @@ _get_root() {
      return 1
    fi
    _debug h "$h"
    id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\",\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2)
    id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\"(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2)
    if [ -n "$id" ]; then
      _debug id "$id"
--- a/dnsapi/dns_ovh.sh
+++ b/dnsapi/dns_ovh.sh
@ -248,7 +248,7 @@ _ovh_authentication() {
 # _domain=domain.com
 _get_root() {
  domain=$1
  i=2
  i=1
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@ -136,11 +136,12 @@ dns_pleskxml_rm() {
  # Reduce output to one line per DNS record, filtered for TXT records with a record ID only (which they should all have)
  # Also strip out spaces between tags, redundant <data> and </data> group tags and any <self-closing/> tags
  reclist="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' \
    | sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' \
    | grep "<site-id>${root_domain_id}</site-id>" \
    | grep '<id>[0-9]\{1,\}</id>' \
    | grep '<type>TXT</type>'
  reclist="$(
    _api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' |
      sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' |
      grep "<site-id>${root_domain_id}</site-id>" |
      grep '<id>[0-9]\{1,\}</id>' |
      grep '<type>TXT</type>'
  )"
  if [ -z "$reclist" ]; then
@ -151,10 +152,11 @@ dns_pleskxml_rm() {
  _debug "Got list of DNS TXT records for root domain '$root_domain_name':"
  _debug "$reclist"
  recid="$(_value "$reclist" \
    | grep "<host>${fulldomain}.</host>" \
    | grep "<value>${txtvalue}</value>" \
    | sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
  recid="$(
    _value "$reclist" |
      grep "<host>${fulldomain}.</host>" |
      grep "<value>${txtvalue}</value>" |
      sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
  )"
  if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
@ -220,11 +222,11 @@ _countdots() {
 #       Last line could change to <sed -n '/.../p'> instead, with suitable escaping of ['"/$],
 #       if future Plesk XML API changes ever require extended regex
 _api_response_split() {
  printf '%s' "$1" \
    | sed 's/^ +//;s/ +$//' \
    | tr -d '\n\r' \
    | sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" \
    | grep "$3"
  printf '%s' "$1" |
    sed 's/^ +//;s/ +$//' |
    tr -d '\n\r' |
    sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" |
    grep "$3"
 }
 ####################  Private functions below (DNS functions) ##################################
@ -265,10 +267,11 @@ _call_api() {
    #   - filter output to keep only lines like this: "SPACES<TAG>text</TAG>SPACES" (shouldn't be necessary with prettyprint but guarantees subsequent code is ok)
    #   - then edit the 3 "useful" error tokens individually and remove closing tags on all lines
    #   - then filter again to remove all lines not edited (which will be the lines not starting A-Z)
    errtext="$(_value "$pleskxml_prettyprint_result" \
      | grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' \
      | sed 's/^ *<status>/Status:     /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' \
      | grep '^[A-Z]'
    errtext="$(
      _value "$pleskxml_prettyprint_result" |
        grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' |
        sed 's/^ *<status>/Status:     /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' |
        grep '^[A-Z]'
    )"
  fi
--- a/dnsapi/dns_rackspace.sh
+++ b/dnsapi/dns_rackspace.sh
@ -73,7 +73,7 @@ _get_root_zone() {
      #not valid
      return 1
    fi
    if ! _rackspace_rest GET "$RACKSPACE_Tenant/domains"; then
    if ! _rackspace_rest GET "$RACKSPACE_Tenant/domains/search?name=$h"; then
      return 1
    fi
    _debug2 response "$response"
--- a/dnsapi/dns_regru.sh
+++ b/dnsapi/dns_regru.sh
@ -5,7 +5,6 @@
 #
 # REGRU_API_Password="test"
 #
 _domain=$_domain
 REGRU_API_URL="https://api.reg.ru/api/regru2"
@ -27,10 +26,20 @@ dns_regru_add() {
  _saveaccountconf_mutable REGRU_API_Username "$REGRU_API_Username"
  _saveaccountconf_mutable REGRU_API_Password "$REGRU_API_Password"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain "$_domain"
  _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
  _debug _subdomain "$_subdomain"
  _info "Adding TXT record to ${fulldomain}"
  response="$(_get "$REGRU_API_URL/zone/add_txt?input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json")"
  _regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json"
  if _contains "${response}" 'success'; then
  if ! _contains "${response}" 'error'; then
    return 0
  fi
  _err "Could not create resource record, check logs"
@ -51,13 +60,67 @@ dns_regru_rm() {
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain "$_domain"
  _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
  _debug _subdomain "$_subdomain"
  _info "Deleting resource record $fulldomain"
  response="$(_get "$REGRU_API_URL/zone/remove_record?input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json")"
  _regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json"
  if _contains "${response}" 'success'; then
  if ! _contains "${response}" 'error'; then
    return 0
  fi
  _err "Could not delete resource record, check logs"
  _err "${response}"
  return 1
 }
 ####################  Private functions below ##################################
 #_acme-challenge.www.domain.com
 #returns
 # _domain=domain.com
 _get_root() {
  domain=$1
  _regru_rest POST "service/get_list" "username=${REGRU_API_Username}&password=${REGRU_API_Password}&output_format=xml&servtype=domain"
  domains_list=$(echo "${response}" | grep dname | sed -r "s/.*dname=\"([^\"]+)\".*/\\1/g")
  for ITEM in ${domains_list}; do
    case "${domain}" in
    *${ITEM}*)
      _domain=${ITEM}
      _debug _domain "${_domain}"
      return 0
      ;;
    esac
  done
  return 1
 }
 #returns
 # response
 _regru_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"
  export _H1="Content-Type: application/x-www-form-urlencoded"
  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$REGRU_API_URL/$ep" "" "$m")"
  else
    response="$(_get "$REGRU_API_URL/$ep?$data")"
  fi
  _debug response "${response}"
  return 0
 }
--- a/dnsapi/dns_transip.sh
+++ b/dnsapi/dns_transip.sh
@ -0,0 +1,162 @@
 #!/usr/bin/env sh
 TRANSIP_Api_Url="https://api.transip.nl/v6"
 TRANSIP_Token_Read_Only="false"
 TRANSIP_Token_Global_Key="false"
 TRANSIP_Token_Expiration="30 minutes"
 # You can't reuse a label token, so we leave this empty normally
 TRANSIP_Token_Label=""
 ########  Public functions #####################
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_transip_add() {
  fulldomain="$1"
  _debug fulldomain="$fulldomain"
  txtvalue="$2"
  _debug txtvalue="$txtvalue"
  _transip_setup "$fulldomain" || return 1
  _info "Creating TXT record."
  if ! _transip_rest POST "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then
    _err "Could not add TXT record."
    return 1
  fi
  return 0
 }
 dns_transip_rm() {
  fulldomain=$1
  _debug fulldomain="$fulldomain"
  txtvalue=$2
  _debug txtvalue="$txtvalue"
  _transip_setup "$fulldomain" || return 1
  _info "Removing TXT record."
  if ! _transip_rest DELETE "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then
    _err "Could not remove TXT record $_sub_domain for $domain"
    return 1
  fi
  return 0
 }
 ####################  Private functions below ##################################
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 _get_root() {
  domain="$1"
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
    _domain="$h"
    if _transip_rest GET "domains/$h/dns" && _contains "$response" "dnsEntries"; then
      return 0
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  _err "Unable to parse this domain"
  return 1
 }
 _transip_rest() {
  m="$1"
  ep="$2"
  data="$3"
  _debug ep "$ep"
  export _H1="Accept: application/json"
  export _H2="Authorization: Bearer $_token"
  export _H4="Content-Type: application/json"
  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$TRANSIP_Api_Url/$ep" "" "$m")"
    retcode=$?
  else
    response="$(_get "$TRANSIP_Api_Url/$ep")"
    retcode=$?
  fi
  if [ "$retcode" != "0" ]; then
    _err "error $ep"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
 _transip_get_token() {
  nonce=$(echo "TRANSIP$(_time)" | _digest sha1 hex | cut -c 1-32)
  _debug nonce "$nonce"
  data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key}\"}"
  _debug data "$data"
  #_signature=$(printf "%s" "$data" | openssl dgst -sha512 -sign "$TRANSIP_Key_File" | _base64)
  _signature=$(printf "%s" "$data" | _sign "$TRANSIP_Key_File" "sha512")
  _debug2 _signature "$_signature"
  export _H1="Signature: $_signature"
  export _H2="Content-Type: application/json"
  response="$(_post "$data" "$TRANSIP_Api_Url/auth" "" "POST")"
  retcode=$?
  _debug2 response "$response"
  if [ "$retcode" != "0" ]; then
    _err "Authentication failed."
    return 1
  fi
  if _contains "$response" "token"; then
    _token="$(echo "$response" | _normalizeJson | sed -n 's/^{"token":"\(.*\)"}/\1/p')"
    _debug _token "$_token"
    return 0
  fi
  return 1
 }
 _transip_setup() {
  fulldomain=$1
  # retrieve the transip creds
  TRANSIP_Username="${TRANSIP_Username:-$(_readaccountconf_mutable TRANSIP_Username)}"
  TRANSIP_Key_File="${TRANSIP_Key_File:-$(_readaccountconf_mutable TRANSIP_Key_File)}"
  # check their vals for null
  if [ -z "$TRANSIP_Username" ] || [ -z "$TRANSIP_Key_File" ]; then
    TRANSIP_Username=""
    TRANSIP_Key_File=""
    _err "You didn't specify a TransIP username and api key file location"
    _err "Please set those values and try again."
    return 1
  fi
  # save the username and api key to the account conf file.
  _saveaccountconf_mutable TRANSIP_Username "$TRANSIP_Username"
  _saveaccountconf_mutable TRANSIP_Key_File "$TRANSIP_Key_File"
  if [ -f "$TRANSIP_Key_File" ]; then
    if ! grep "BEGIN PRIVATE KEY" "$TRANSIP_Key_File" >/dev/null 2>&1; then
      _err "Key file doesn't seem to be a valid key: ${TRANSIP_Key_File}"
      return 1
    fi
  else
    _err "Can't read private key file: ${TRANSIP_Key_File}"
    return 1
  fi
  if [ -z "$_token" ]; then
    if ! _transip_get_token; then
      _err "Can not get token."
      return 1
    fi
  fi
  _get_root "$fulldomain" || return 1
  return 0
 }
--- a/dnsapi/dns_unoeuro.sh
+++ b/dnsapi/dns_unoeuro.sh
@ -5,7 +5,7 @@
 #
 #UNO_User="UExxxxxx"
 Uno_Api="https://api.unoeuro.com/1"
 Uno_Api="https://api.simply.com/1"
 ########  Public functions #####################
@ -24,12 +24,6 @@ dns_unoeuro_add() {
    return 1
  fi
  if ! _contains "$UNO_User" "UE"; then
    _err "It seems that the UNO_User=$UNO_User is not a valid username."
    _err "Please check and retry."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable UNO_Key "$UNO_Key"
  _saveaccountconf_mutable UNO_User "$UNO_User"
--- a/dnsapi/dns_yandex.sh
+++ b/dnsapi/dns_yandex.sh
@ -25,7 +25,7 @@ dns_yandex_add() {
  _PDD_get_record_ids || return 1
  _debug "Record_ids: $record_ids"
  if [ ! -z "$record_ids" ]; then
  if [ -n "$record_ids" ]; then
    _info "All existing $subdomain records from $domain will be removed at the very end."
  fi
--- a/notify/mail.sh
+++ b/notify/mail.sh
@ -6,6 +6,7 @@
 #MAIL_FROM="yyyy@gmail.com"
 #MAIL_TO="yyyy@gmail.com"
 #MAIL_NOVALIDATE=""
 #MAIL_MSMTP_ACCOUNT=""
 mail_send() {
  _subject="$1"
@ -76,18 +77,17 @@ mail_send() {
 }
 _mail_bin() {
  if [ -n "$MAIL_BIN" ]; then
    _MAIL_BIN="$MAIL_BIN"
  elif _exists "sendmail"; then
    _MAIL_BIN="sendmail"
  elif _exists "ssmtp"; then
    _MAIL_BIN="ssmtp"
  elif _exists "mutt"; then
    _MAIL_BIN="mutt"
  elif _exists "mail"; then
    _MAIL_BIN="mail"
  else
    _err "Please install sendmail, ssmtp, mutt or mail first."
  _MAIL_BIN=""
  for b in "$MAIL_BIN" sendmail ssmtp mutt mail msmtp; do
    if _exists "$b"; then
      _MAIL_BIN="$b"
      break
    fi
  done
  if [ -z "$_MAIL_BIN" ]; then
    _err "Please install sendmail, ssmtp, mutt, mail or msmtp first."
    return 1
  fi
@ -95,30 +95,35 @@ _mail_bin() {
 }
 _mail_cmnd() {
  _MAIL_ARGS=""
  case $(basename "$_MAIL_BIN") in
  sendmail)
    if [ -n "$MAIL_FROM" ]; then
        echo "'$_MAIL_BIN' -f '$MAIL_FROM' '$MAIL_TO'"
      else
        echo "'$_MAIL_BIN' '$MAIL_TO'"
      _MAIL_ARGS="-f '$MAIL_FROM'"
    fi
    ;;
    ssmtp)
      echo "'$_MAIL_BIN' '$MAIL_TO'"
      ;;
  mutt | mail)
      echo "'$_MAIL_BIN' -s '$_subject' '$MAIL_TO'"
    _MAIL_ARGS="-s '$_subject'"
    ;;
    *)
      _err "Command $MAIL_BIN is not supported, use sendmail, ssmtp, mutt or mail."
      return 1
  msmtp)
    if [ -n "$MAIL_FROM" ]; then
      _MAIL_ARGS="-f '$MAIL_FROM'"
    fi
    if [ -n "$MAIL_MSMTP_ACCOUNT" ]; then
      _MAIL_ARGS="$_MAIL_ARGS -a '$MAIL_MSMTP_ACCOUNT'"
    fi
    ;;
  *) ;;
  esac
  echo "'$_MAIL_BIN' $_MAIL_ARGS '$MAIL_TO'"
 }
 _mail_body() {
  case $(basename "$_MAIL_BIN") in
    sendmail | ssmtp)
  sendmail | ssmtp | msmtp)
    if [ -n "$MAIL_FROM" ]; then
      echo "From: $MAIL_FROM"
    fi
--- a/notify/teams.sh
+++ b/notify/teams.sh
@ -0,0 +1,86 @@
 #!/usr/bin/env sh
 #Support Microsoft Teams webhooks
 #TEAMS_WEBHOOK_URL=""
 #TEAMS_THEME_COLOR=""
 #TEAMS_SUCCESS_COLOR=""
 #TEAMS_ERROR_COLOR=""
 #TEAMS_SKIP_COLOR=""
 teams_send() {
  _subject="$1"
  _content="$2"
  _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
  _debug "_statusCode" "$_statusCode"
  _color_success="2cbe4e" # green
  _color_danger="cb2431"  # red
  _color_muted="586069"   # gray
  TEAMS_WEBHOOK_URL="${TEAMS_WEBHOOK_URL:-$(_readaccountconf_mutable TEAMS_WEBHOOK_URL)}"
  if [ -z "$TEAMS_WEBHOOK_URL" ]; then
    TEAMS_WEBHOOK_URL=""
    _err "You didn't specify a Microsoft Teams webhook url TEAMS_WEBHOOK_URL yet."
    return 1
  fi
  _saveaccountconf_mutable TEAMS_WEBHOOK_URL "$TEAMS_WEBHOOK_URL"
  TEAMS_THEME_COLOR="${TEAMS_THEME_COLOR:-$(_readaccountconf_mutable TEAMS_THEME_COLOR)}"
  if [ -n "$TEAMS_THEME_COLOR" ]; then
    _saveaccountconf_mutable TEAMS_THEME_COLOR "$TEAMS_THEME_COLOR"
  fi
  TEAMS_SUCCESS_COLOR="${TEAMS_SUCCESS_COLOR:-$(_readaccountconf_mutable TEAMS_SUCCESS_COLOR)}"
  if [ -n "$TEAMS_SUCCESS_COLOR" ]; then
    _saveaccountconf_mutable TEAMS_SUCCESS_COLOR "$TEAMS_SUCCESS_COLOR"
  fi
  TEAMS_ERROR_COLOR="${TEAMS_ERROR_COLOR:-$(_readaccountconf_mutable TEAMS_ERROR_COLOR)}"
  if [ -n "$TEAMS_ERROR_COLOR" ]; then
    _saveaccountconf_mutable TEAMS_ERROR_COLOR "$TEAMS_ERROR_COLOR"
  fi
  TEAMS_SKIP_COLOR="${TEAMS_SKIP_COLOR:-$(_readaccountconf_mutable TEAMS_SKIP_COLOR)}"
  if [ -n "$TEAMS_SKIP_COLOR" ]; then
    _saveaccountconf_mutable TEAMS_SKIP_COLOR "$TEAMS_SKIP_COLOR"
  fi
  export _H1="Content-Type: application/json"
  _subject=$(echo "$_subject" | _json_encode)
  _content=$(echo "$_content" | _json_encode)
  case "$_statusCode" in
  0)
    _color="${TEAMS_SUCCESS_COLOR:-$_color_success}"
    ;;
  1)
    _color="${TEAMS_ERROR_COLOR:-$_color_danger}"
    ;;
  2)
    _color="${TEAMS_SKIP_COLOR:-$_color_muted}"
    ;;
  esac
  _color=$(echo "$_color" | tr -cd 'a-fA-F0-9')
  if [ -z "$_color" ]; then
    _color=$(echo "${TEAMS_THEME_COLOR:-$_color_muted}" | tr -cd 'a-fA-F0-9')
  fi
  _data="{\"title\": \"$_subject\","
  if [ -n "$_color" ]; then
    _data="$_data\"themeColor\": \"$_color\", "
  fi
  _data="$_data\"text\": \"$_content\"}"
  if response=$(_post "$_data" "$TEAMS_WEBHOOK_URL"); then
    if ! _contains "$response" error; then
      _info "teams send success."
      return 0
    fi
  fi
  _err "teams send error."
  _err "$response"
  return 1
 }