Merge branch 'dev' into master

.github/workflows/DNS.yml

@@ -66,7 +66,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - name: Set env file
@@ -114,7 +114,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run:  brew install socat
     - name: Clone acmetest
@@ -165,7 +165,7 @@ jobs:
     - name: Set git to use LF
       run: |
           git config --global core.autocrlf false
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install cygwin base packages with chocolatey
       run: |
           choco config get cacheLocation
@@ -224,7 +224,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/freebsd-vm@v1
@@ -279,7 +279,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/openbsd-vm@v1
@@ -334,7 +334,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/netbsd-vm@v1
@@ -390,7 +390,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/dragonflybsd-vm@v1
@@ -450,7 +450,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/solaris-vm@v1
@@ -508,7 +508,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/omnios-vm@v1
@@ -563,7 +563,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/openindiana-vm@v1
@@ -618,7 +618,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/haiku-vm@v1

.github/workflows/DragonFlyBSD.yml

@@ -45,7 +45,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/FreeBSD.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Haiku.yml

@@ -52,7 +52,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Linux.yml

@@ -33,7 +33,7 @@ jobs:
       TEST_PREFERRED_CHAIN: (STAGING)
       TEST_ACME_Server: "LetsEncrypt.org_test"
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: |
           cd .. \

.github/workflows/MacOS.yml

@@ -44,7 +44,7 @@ jobs:
       CA_EMAIL: ${{ matrix.CA_EMAIL }}
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run:  brew install socat
     - name: Clone acmetest

.github/workflows/NetBSD.yml

@@ -45,7 +45,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Omnios.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/OpenBSD.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/OpenIndiana.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/PebbleStrict.yml

@@ -33,7 +33,7 @@ jobs:
       TEST_CA: "Pebble Intermediate CA"
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run: sudo apt-get install -y socat
     - name: Run Pebble
@@ -58,7 +58,7 @@ jobs:
       TEST_IPCERT: 1
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run: sudo apt-get install -y socat
     - name: Run Pebble

.github/workflows/Solaris.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Ubuntu.yml

@@ -70,7 +70,7 @@ jobs:
       TestingDomain: ${{ matrix.TestingDomain }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run: sudo apt-get install -y socat wget
     - name: Start StepCA

.github/workflows/Windows.yml

@@ -49,7 +49,7 @@ jobs:
     - name: Set git to use LF
       run: |
           git config --global core.autocrlf false
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install cygwin base packages with chocolatey
       run: |
           choco config get cacheLocation

.github/workflows/dockerhub.yml

@@ -43,7 +43,7 @@ jobs:
     if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
     steps:
       - name: checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Set up QEMU

.github/workflows/shellcheck.yml

@@ -22,7 +22,7 @@ jobs:
   ShellCheck:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install Shellcheck
       run: sudo apt-get install -y shellcheck
     - name: DoShellcheck
@@ -31,7 +31,7 @@ jobs:
   shfmt:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install shfmt
       run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
     - name: shfmt

.github/workflows/wiki-monitor.yml

@@ -9,7 +9,7 @@ jobs:
     if: github.actor != 'neilpang'
     steps:
       - name: Checkout wiki repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.repository }}.wiki
           path: wiki

acme.sh

@@ -595,11 +595,6 @@ if [ "$(printf '\x41')" != 'A' ]; then
   _URGLY_PRINTF=1
 fi
 
-_ESCAPE_XARGS=""
-if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then
-  _ESCAPE_XARGS=1
-fi
-
 _h2b() {
   if _exists xxd; then
     if _contains "$(xxd --help 2>&1)" "assumes -c30"; then
@@ -618,17 +613,8 @@ _h2b() {
   jc=""
   _debug2 _URGLY_PRINTF "$_URGLY_PRINTF"
   if [ -z "$_URGLY_PRINTF" ]; then
-    if [ "$_ESCAPE_XARGS" ] && _exists xargs; then
-      _debug2 "xargs"
-      echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/g' | xargs printf
-    else
-      for h in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/ \1/g'); do
-        if [ -z "$h" ]; then
-          break
-        fi
-        printf "\x$h%s"
-      done
-    fi
+    # shellcheck disable=SC2059
+    printf "$(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\x\1/g')"
   else
     for c in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\)/ \1/g'); do
       if [ -z "$ic" ]; then
@@ -5675,7 +5661,7 @@ renewAll() {
   _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT}
   _debug "_set_level" "$_set_level"
   export _ACME_IN_RENEWALL=1
-  for di in "${CERT_HOME}"/*.*/; do
+  for di in "${CERT_HOME}"/*[.:]*/; do
     _debug di "$di"
     if ! [ -d "$di" ]; then
       _debug "Not a directory, skipping: $di"

deploy/ssh.sh

@@ -238,6 +238,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
         return $_err_code
       fi
     else
+      # If file doesn't exist, create it and change its permissions.
+      _cmdstr="$_cmdstr test ! -f $DEPLOY_SSH_KEYFILE && touch $DEPLOY_SSH_KEYFILE && chmod 600 $DEPLOY_SSH_KEYFILE;"
       # ssh echo to the file
       _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $DEPLOY_SSH_KEYFILE;"
       _info "will copy private key to remote file $DEPLOY_SSH_KEYFILE"

dnsapi/dns_cyon.sh

@@ -332,11 +332,11 @@ _cyon_get_response_message() {
 }
 
 _cyon_get_response_status() {
-  _egrep_o '"status":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"status":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_get_validation_status() {
-  _egrep_o '"valid":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"valid":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_get_response_success() {
@@ -344,7 +344,7 @@ _cyon_get_response_success() {
 }
 
 _cyon_get_environment_change_status() {
-  _egrep_o '"authenticated":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"authenticated":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_check_if_2fa_missed() {

dnsapi/dns_infomaniak.sh

@@ -6,14 +6,16 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak
 Options:
  INFOMANIAK_API_TOKEN API Token
 Issues: github.com/acmesh-official/acme.sh/issues/3188
+
 '
 
-# To use this API you need visit the API dashboard of your account
-# once logged into https://manager.infomaniak.com add /api/dashboard to the URL
-#
+# To use this API you need visit the API dashboard of your account.
 # Note: the URL looks like this:
-# https://manager.infomaniak.com/v3/<account_id>/api/dashboard
-# Then generate a token with the scope Domain
+# https://manager.infomaniak.com/v3/<account_id>/ng/profile/user/token/list
+# Then generate a token with following scopes :
+#  - domain:read
+#  - dns:read
+#  - dns:write
 # this is given as an environment variable INFOMANIAK_API_TOKEN
 
 # base variables
@@ -65,33 +67,32 @@ dns_infomaniak_add() {
   _debug fulldomain "$fulldomain"
   _debug txtvalue "$txtvalue"
 
-  fqdn=${fulldomain#_acme-challenge.}
-
   # guess which base domain to add record to
-  zone_and_id=$(_find_zone "$fqdn")
-  if [ -z "$zone_and_id" ]; then
-    _err "cannot find zone to modify"
+  zone=$(_get_zone "$fulldomain")
+  if [ -z "$zone" ]; then
+    _err "cannot find zone:<${zone}> to modify"
     return 1
   fi
-  zone=${zone_and_id% *}
-  domain_id=${zone_and_id#* }
 
   # extract first part of domain
   key=${fulldomain%."$zone"}
 
-  _debug "zone:$zone id:$domain_id key:$key"
+  _debug "key:$key"
+  _debug "txtvalue: $txtvalue"
 
   # payload
   data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}"
 
   # API call
-  response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record")
-  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
-    _info "Record added"
-    _debug "Response: $response"
-    return 0
+  response=$(_post "$data" "${INFOMANIAK_API_URL}/2/zones/${zone}/records")
+  if [ -n "$response" ]; then
+    if [ ! "$(echo "$response" | _contains '"result":"success"')" ]; then
+      _info "Record added"
+      _debug "response: $response"
+      return 0
+    fi
   fi
-  _err "could not create record"
+  _err "Could not create record."
   _debug "Response: $response"
   return 1
 }
@@ -106,7 +107,7 @@ dns_infomaniak_rm() {
 
   if [ -z "$INFOMANIAK_API_TOKEN" ]; then
     INFOMANIAK_API_TOKEN=""
-    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN"
+    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN."
     return 1
   fi
 
@@ -138,63 +139,53 @@ dns_infomaniak_rm() {
   _debug fulldomain "$fulldomain"
   _debug txtvalue "$txtvalue"
 
-  fqdn=${fulldomain#_acme-challenge.}
-
   # guess which base domain to add record to
-  zone_and_id=$(_find_zone "$fqdn")
-  if [ -z "$zone_and_id" ]; then
-    _err "cannot find zone to modify"
+  zone=$(_get_zone "$fulldomain")
+  if [ -z "$zone" ]; then
+    _err "cannot find zone:<$zone> to modify"
     return 1
   fi
-  zone=${zone_and_id% *}
-  domain_id=${zone_and_id#* }
 
   # extract first part of domain
   key=${fulldomain%."$zone"}
+  key=$(echo "$key" | _lower_case)
 
-  _debug "zone:$zone id:$domain_id key:$key"
+  _debug "zone:$zone"
+  _debug "key:$key"
 
   # find previous record
-  # shellcheck disable=SC1004
-  record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\
-{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p')
+  # shellcheck disable=SC2086
+  response=$(_get "${INFOMANIAK_API_URL}/2/zones/${zone}/records" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}{/g')
+  record_id=$(echo "$response" | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source":"'"$key"'".*"target":"\\"'"$txtvalue"'\\"".*/\1/p')
+  _debug "key: $key"
+  _debug "txtvalue: $txtvalue"
+  _debug "record_id: $record_id"
+
   if [ -z "$record_id" ]; then
     _err "could not find record to delete"
+    _debug "response: $response"
     return 1
   fi
-  _debug "record_id: $record_id"
 
   # API call
-  response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE)
-  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
-    _info "Record deleted"
-    return 0
+  response=$(_post "" "${INFOMANIAK_API_URL}/2/zones/${zone}/records/${record_id}" "" DELETE)
+  if [ -n "$response" ]; then
+    if [ ! "$(echo "$response" | _contains '"result":"success"')" ]; then
+      _info "Record deleted"
+      return 0
+    fi
   fi
-  _err "could not delete record"
+  _err "Could not delete record."
+  _debug "Response: $response"
   return 1
 }
 
 ####################  Private functions below ##################################
 
-_get_domain_id() {
+_get_zone() {
   domain="$1"
-
+  # Whatever the domain is, you can get the fqdn with the following.
   # shellcheck disable=SC1004
-  _get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\
-/g' | sed -n 's/^"id":\(.*\)/\1/p'
-}
-
-_find_zone() {
-  zone="$1"
-
-  # find domain in list, removing . parts sequentialy
-  while _contains "$zone" '\.'; do
-    _debug "testing $zone"
-    id=$(_get_domain_id "$zone")
-    if [ -n "$id" ]; then
-      echo "$zone $id"
-      return
-    fi
-    zone=${zone#*.}
-  done
+  response=$(_get "${INFOMANIAK_API_URL}/2/domains/${domain}/zones" | sed 's/.*\[{"fqdn"\:"\(.*\)/\1/')
+  echo "${response%%\"*}"
 }

dnsapi/dns_opusdns.sh

@@ -0,0 +1,158 @@
+#!/usr/bin/env sh
+
+# shellcheck disable=SC2034
+dns_opusdns_info='OpusDNS.com
+Site: OpusDNS.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_opusdns
+Options:
+ OPUSDNS_API_Key API Key. Can be created at https://dashboard.opusdns.com/settings/api-keys
+ OPUSDNS_API_Endpoint API Endpoint URL. Default "https://api.opusdns.com". Optional.
+ OPUSDNS_TTL TTL for DNS challenge records in seconds. Default "60". Optional.
+Issues: github.com/acmesh-official/acme.sh/issues/XXXX
+Author: OpusDNS Team <https://github.com/opusdns>
+'
+
+OPUSDNS_API_Endpoint_Default="https://api.opusdns.com"
+OPUSDNS_TTL_Default=60
+
+######## Public functions ###########
+
+# Add DNS TXT record
+dns_opusdns_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using OpusDNS DNS API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    return 1
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"upsert\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Failed to add TXT record"
+    return 1
+  fi
+
+  _info "TXT record added successfully"
+  return 0
+}
+
+# Remove DNS TXT record
+dns_opusdns_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Removing OpusDNS DNS record"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    _err "Zone not found, cleanup skipped"
+    return 0
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"remove\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Warning: Failed to remove TXT record"
+    return 0
+  fi
+
+  _info "TXT record removed successfully"
+  return 0
+}
+
+######## Private functions ###########
+
+# Initialize and validate configuration
+_opusdns_init() {
+  OPUSDNS_API_Key="${OPUSDNS_API_Key:-$(_readaccountconf_mutable OPUSDNS_API_Key)}"
+  OPUSDNS_API_Endpoint="${OPUSDNS_API_Endpoint:-$(_readaccountconf_mutable OPUSDNS_API_Endpoint)}"
+  OPUSDNS_TTL="${OPUSDNS_TTL:-$(_readaccountconf_mutable OPUSDNS_TTL)}"
+
+  if [ -z "$OPUSDNS_API_Key" ]; then
+    _err "OPUSDNS_API_Key not set"
+    return 1
+  fi
+
+  [ -z "$OPUSDNS_API_Endpoint" ] && OPUSDNS_API_Endpoint="$OPUSDNS_API_Endpoint_Default"
+  [ -z "$OPUSDNS_TTL" ] && OPUSDNS_TTL="$OPUSDNS_TTL_Default"
+
+  _saveaccountconf_mutable OPUSDNS_API_Key "$OPUSDNS_API_Key"
+  _saveaccountconf_mutable OPUSDNS_API_Endpoint "$OPUSDNS_API_Endpoint"
+  _saveaccountconf_mutable OPUSDNS_TTL "$OPUSDNS_TTL"
+
+  _debug "Endpoint: $OPUSDNS_API_Endpoint"
+  return 0
+}
+
+# Make API request
+# Usage: _opusdns_api METHOD PATH [DATA]
+_opusdns_api() {
+  method=$1
+  path=$2
+  data=$3
+
+  export _H1="X-Api-Key: $OPUSDNS_API_Key"
+  export _H2="Content-Type: application/json"
+
+  url="$OPUSDNS_API_Endpoint$path"
+  _debug2 "API: $method $url"
+  [ -n "$data" ] && _debug2 "Data: $data"
+
+  if [ -n "$data" ]; then
+    response=$(_post "$data" "$url" "" "$method")
+  else
+    response=$(_get "$url")
+  fi
+
+  if [ $? -ne 0 ]; then
+    _err "API request failed"
+    _debug "Response: $response"
+    return 1
+  fi
+
+  _debug2 "Response: $response"
+  return 0
+}
+
+# Detect zone from FQDN
+# Sets: _zone, _record_name
+_get_zone() {
+  domain=$(echo "$1" | sed 's/\.$//')
+  _debug "Finding zone for: $domain"
+
+  i=1
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
+
+    if [ -z "$h" ]; then
+      _err "No valid zone found for: $domain"
+      return 1
+    fi
+
+    _debug "Trying: $h"
+    if _opusdns_api GET "/v1/dns/$h" && _contains "$response" '"dnssec_status"'; then
+      _zone="$h"
+      _record_name=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
+      [ -z "$_record_name" ] && _record_name="@"
+      return 0
+    fi
+
+    p="$i"
+    i=$(_math "$i" + 1)
+  done
+}