The function '_get_root' tries to retrieve the
hostedzone iterating the domains, eg:
1. srv.prod.example.com
2. prod.example.com
3. example.com
This doesn't work if '_acme-challenge' is in it's
own hostedzone for security reasons.
Starting that iteration with '_acme-challenge.srv.prod.example.com'
fixes this issue.
When performing renewals acme.sh checks key length values to determine
if a new key should be created with createDomainKey(). However, older
acme.sh stored key length as an empty value if the default of 2048 was
desired. Now it is explicit and the explict check of 2048 against "" is
causing createDomainKey() to always be called with fails without
--force.
Fix this by converting the keylength value to 2048 if an empty string is
returned from the config file. acme.sh will then write out 2048 updating
old keys and configs to the explicit version.
Issue: 4077
+ShellCheck
+ACME v2 compatible
Example:
- Fist create 2 new TXT records on _acme-challenge.example.com
- Now note the ID in (...) from the edit page behind "_acme-challenge.example.com"
export SELFHOSTDNS_USERNAME=myname
export SELFHOSTDNS_PASSWORD=mypass
export SELFHOSTDNS_RID=id_of_txt_record
export SELFHOSTDNS_RID2=id_of_second_txt_record
acme.sh --issue -d example.com --dns dns_selfhost