From 93dc22a71f62e28b28788974f5474c6331e9fb6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=20=7C=20Anton=20R=C3=B6hm?=
 <18481195+AnTheMaker@users.noreply.github.com>
Date: Sun, 7 Sep 2025 16:57:10 +0200
Subject: [PATCH 1/5] Support Nanelo DNS Team- & Workspace-specific API keys

Nanelo Team- and Workspace-specific API keys require the "domain" parameter to be set containing the DNS zone name (unlike the Domain-specific API keys).
So I've added a function to detect the root DNS zone and set the required parameter as described here: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide#3-detect-which-part-is-your-root-zone
---
 dnsapi/dns_nanelo.sh | 62 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 60 insertions(+), 2 deletions(-)

diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh
index 1ab47a89..cc3573a0 100644
--- a/dnsapi/dns_nanelo.sh
+++ b/dnsapi/dns_nanelo.sh
@@ -27,8 +27,16 @@ dns_nanelo_add() {
   fi
   _saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN"
 
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
   _info "Adding TXT record to ${fulldomain}"
-  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/addrecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")"
+  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/addrecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}")"
   if _contains "${response}" 'success'; then
     return 0
   fi
@@ -51,8 +59,16 @@ dns_nanelo_rm() {
   fi
   _saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN"
 
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
   _info "Deleting resource record $fulldomain"
-  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/deleterecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")"
+  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/deleterecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}")"
   if _contains "${response}" 'success'; then
     return 0
   fi
@@ -60,3 +76,45 @@ dns_nanelo_rm() {
   _err "${response}"
   return 1
 }
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+
+_get_root() {
+  fulldomain=$1
+
+  # Fetch all zones from Nanelo
+  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/getzones")" || return 1
+
+  # Extract "zones" array into space-separated list
+  zones=$(echo "$response" \
+    | tr -d ' \n' \
+    | sed -n 's/.*"zones":\[\([^]]*\)\].*/\1/p' \
+    | tr -d '"' \
+    | tr , ' ')
+  _debug zones "$zones"
+
+  bestzone=""
+  for z in $zones; do
+    case "$fulldomain" in
+      *.$z|$z)
+        if [ ${#z} -gt ${#bestzone} ]; then
+          bestzone=$z
+        fi
+        ;;
+    esac
+  done
+
+  if [ -z "$bestzone" ]; then
+    _err "No matching zone found for $fulldomain"
+    return 1
+  fi
+
+  _domain="$bestzone"
+  _sub_domain=$(printf "%s" "$fulldomain" | sed "s/\\.$_domain\$//")
+
+  return 0
+}

From 31d72645838a1781dc5e38c0b1291e94b30ad0dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=20=7C=20Anton=20R=C3=B6hm?=
 <18481195+AnTheMaker@users.noreply.github.com>
Date: Sun, 7 Sep 2025 17:14:06 +0200
Subject: [PATCH 2/5] Fix pattern matching for best zone selection

---
 dnsapi/dns_nanelo.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh
index cc3573a0..abf3cf47 100644
--- a/dnsapi/dns_nanelo.sh
+++ b/dnsapi/dns_nanelo.sh
@@ -100,7 +100,7 @@ _get_root() {
   bestzone=""
   for z in $zones; do
     case "$fulldomain" in
-      *.$z|$z)
+      *."$z"|"$z")
         if [ ${#z} -gt ${#bestzone} ]; then
           bestzone=$z
         fi

From 5aa964cde997a091b47af6a0b355f236d8631391 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=20=7C=20Anton=20R=C3=B6hm?=
 <18481195+AnTheMaker@users.noreply.github.com>
Date: Sun, 7 Sep 2025 17:14:40 +0200
Subject: [PATCH 3/5] Formatting

using shfmt to format the code
---
 dnsapi/dns_nanelo.sh | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh
index abf3cf47..8bb95136 100644
--- a/dnsapi/dns_nanelo.sh
+++ b/dnsapi/dns_nanelo.sh
@@ -90,21 +90,21 @@ _get_root() {
   response="$(_get "$NANELO_API$NANELO_TOKEN/dns/getzones")" || return 1
 
   # Extract "zones" array into space-separated list
-  zones=$(echo "$response" \
-    | tr -d ' \n' \
-    | sed -n 's/.*"zones":\[\([^]]*\)\].*/\1/p' \
-    | tr -d '"' \
-    | tr , ' ')
+  zones=$(echo "$response" |
+    tr -d ' \n' |
+    sed -n 's/.*"zones":\[\([^]]*\)\].*/\1/p' |
+    tr -d '"' |
+    tr , ' ')
   _debug zones "$zones"
 
   bestzone=""
   for z in $zones; do
     case "$fulldomain" in
-      *."$z"|"$z")
-        if [ ${#z} -gt ${#bestzone} ]; then
-          bestzone=$z
-        fi
-        ;;
+    *."$z" | "$z")
+      if [ ${#z} -gt ${#bestzone} ]; then
+        bestzone=$z
+      fi
+      ;;
     esac
   done
 

From d8a92a2e658d4ea120dd71d41928e55dc713deb9 Mon Sep 17 00:00:00 2001
From: An <18481195+AnTheMaker@users.noreply.github.com>
Date: Mon, 8 Sep 2025 21:27:57 +0200
Subject: [PATCH 4/5] switch nanelo api to post requests

---
 dnsapi/dns_nanelo.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh
index 8bb95136..23f306a7 100644
--- a/dnsapi/dns_nanelo.sh
+++ b/dnsapi/dns_nanelo.sh
@@ -36,7 +36,7 @@ dns_nanelo_add() {
   _debug _domain "$_domain"
 
   _info "Adding TXT record to ${fulldomain}"
-  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/addrecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}")"
+  response="$(_post "" "$NANELO_API$NANELO_TOKEN/dns/addrecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}" "" "" "")"
   if _contains "${response}" 'success'; then
     return 0
   fi
@@ -68,7 +68,7 @@ dns_nanelo_rm() {
   _debug _domain "$_domain"
 
   _info "Deleting resource record $fulldomain"
-  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/deleterecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}")"
+  response="$(_post "" "$NANELO_API$NANELO_TOKEN/dns/deleterecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}" "" "" "")"
   if _contains "${response}" 'success'; then
     return 0
   fi

From 65bd3d67b41d975019f194bdf3cb9e01680ba771 Mon Sep 17 00:00:00 2001
From: An <18481195+AnTheMaker@users.noreply.github.com>
Date: Tue, 14 Oct 2025 15:51:28 +0200
Subject: [PATCH 5/5] nanelo dns: minor log improvements

---
 dnsapi/dns_nanelo.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh
index 23f306a7..0c42989b 100644
--- a/dnsapi/dns_nanelo.sh
+++ b/dnsapi/dns_nanelo.sh
@@ -59,7 +59,7 @@ dns_nanelo_rm() {
   fi
   _saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN"
 
-  _debug "First detect the root zone"
+  _debug "First, let's detect the root zone:"
   if ! _get_root "$fulldomain"; then
     _err "invalid domain"
     return 1