Merge branch 'dev' into dns_nexcess_thermo_fh

2025-05-11 05:32:48 +00:00 · 2018-12-14 14:54:02 -05:00 · 2018-12-14 14:54:02 -05:00 · a09be96d5f
commit a09be96d5f
parent 97d0334b0e b54d6589c3
14 changed files with 697 additions and 60 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@ RUN apk update -f \
  && apk --no-cache add -f \
  openssl \
  coreutils \
  bind-tools \
  curl \
  socat \
  && rm -rf /var/cache/apk/*
--- a/README.md
+++ b/README.md
@ -35,7 +35,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
 - [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709)
 - [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html)
 - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
- [archlinux](https://aur.archlinux.org/packages/acme.sh-git/)
+- [archlinux](https://www.archlinux.org/packages/community/any/acme.sh)
 - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
 - [CentOS Web Panel](http://centos-webpanel.com/)
 - [lnmp.org](https://lnmp.org/)
@ -327,6 +327,9 @@ You don't have to do anything manually!
 1. netcup DNS API (https://www.netcup.de)
 1. GratisDNS.dk (https://gratisdns.dk)
 1. Namecheap API (https://www.namecheap.com/)
 1. MyDNS.JP API (https://www.mydns.jp/)
 1. hosting.de (https://www.hosting.de)
 1. Neodigit.net API (https://www.neodigit.net)
 1. Nexcess API (https://www.nexcess.net)
 1. Thermo.io API (https://www.thermo.io)
 1. Futurehosting API (https://www.futurehosting.com)
--- a/acme.sh
+++ b/acme.sh
@ -124,23 +124,19 @@ if [ -t 1 ]; then
 fi
 __green() {
-  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
+  if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
-    printf '\033[1;31;32m'
+    printf '\033[1;31;32m%b\033[0m' "$1"
    return
  fi
  printf -- "%b" "$1"
  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
    printf '\033[0m'
  fi
 }
 __red() {
-  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
+  if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
-    printf '\033[1;31;40m'
+    printf '\033[1;31;40m%b\033[0m' "$1"
    return
  fi
  printf -- "%b" "$1"
  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
    printf '\033[0m'
  fi
 }
 _printargs() {
@ -1810,14 +1806,14 @@ _send_signed_request() {
    if [ -z "$_CACHED_NONCE" ]; then
      _headers=""
      if [ "$ACME_NEW_NONCE" ]; then
-        _debug2 "Get nonce. ACME_NEW_NONCE" "$ACME_NEW_NONCE"
+        _debug2 "Get nonce with HEAD. ACME_NEW_NONCE" "$ACME_NEW_NONCE"
        nonceurl="$ACME_NEW_NONCE"
        if _post "" "$nonceurl" "" "HEAD" "$__request_conent_type"; then
          _headers="$(cat "$HTTP_HEADER")"
        fi
      fi
      if [ -z "$_headers" ]; then
-        _debug2 "Get nonce. ACME_DIRECTORY" "$ACME_DIRECTORY"
+        _debug2 "Get nonce with GET. ACME_DIRECTORY" "$ACME_DIRECTORY"
        nonceurl="$ACME_DIRECTORY"
        _headers="$(_get "$nonceurl" "onlyheader")"
      fi
@ -2843,7 +2839,7 @@ _isRealNginxConf() {
        _skip_ssl=1
        for _listen_i in $(echo "$_seg_n" | tr "\t" ' ' | grep "^ *listen" | tr -d " "); do
          if [ "$_listen_i" ]; then
-            if [ "$(echo "$_listen_i" | _egrep_o "listen.*ssl[ |;]")" ]; then
+            if [ "$(echo "$_listen_i" | _egrep_o "listen.*ssl")" ]; then
              _debug2 "$_listen_i is ssl"
            else
              _debug2 "$_listen_i is plain text"
@ -2925,6 +2921,7 @@ _clearupdns() {
    _debug txt "$txt"
    if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then
      _debug "$d is already verified, skip $vtype."
      _alias_index="$(_math "$_alias_index" + 1)"
      continue
    fi
@ -3775,6 +3772,7 @@ $_authorizations_map"
      _debug d "$d"
      if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then
        _debug "$d is already verified, skip $vtype."
        _alias_index="$(_math "$_alias_index" + 1)"
        continue
      fi
@ -4602,7 +4600,8 @@ deploy() {
  _initpath "$_d" "$_isEcc"
  if [ ! -d "$DOMAIN_PATH" ]; then
-    _err "Domain is not valid:'$_d'"
+    _err "The domain '$_d' is not a cert name. You must use the cert name to specify the cert to install."
    _err "Can not find path:'$DOMAIN_PATH'"
    return 1
  fi
@ -4629,7 +4628,8 @@ installcert() {
  _initpath "$_main_domain" "$_isEcc"
  if [ ! -d "$DOMAIN_PATH" ]; then
-    _err "Domain is not valid:'$_main_domain'"
+    _err "The domain '$_main_domain' is not a cert name. You must use the cert name to specify the cert to install."
    _err "Can not find path:'$DOMAIN_PATH'"
    return 1
  fi
@ -5474,7 +5474,7 @@ Parameters:
  --log-level 1|2                   Specifies the log level, default is 1.
  --syslog [0|3|6|7]                Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
-  These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
+  These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
  --cert-file                       After issue/renew, the cert will be copied to this path.
  --key-file                        After issue/renew, the key will be copied to this path.
@ -5485,7 +5485,7 @@ Parameters:
  --server SERVER                   ACME Directory Resource URI. (default: https://acme-v01.api.letsencrypt.org/directory)
  --accountconf                     Specifies a customized account config file.
-  --home                            Specifies the home dir for $PROJECT_NAME .
+  --home                            Specifies the home dir for $PROJECT_NAME.
  --cert-home                       Specifies the home dir to save all the certs, only valid for '--install' command.
  --config-home                     Specifies the home dir to save all the configurations.
  --useragent                       Specifies the user agent string. it will be saved for future use too.
--- a/deploy/README.md
+++ b/deploy/README.md
@ -296,3 +296,39 @@ You can then deploy the certificate as follows
 ```sh
 acme.sh --deploy -d www.mydomain.com --deploy-hook gitlab
 ```
 ## 12. Deploy your cert to Hashicorp Vault
 ```sh
 export VAULT_PREFIX="acme"
 ```
 You can then deploy the certificate as follows
 ```sh
 acme.sh --deploy -d www.mydomain.com --deploy-hook vault_cli
 ```
 Your certs will be saved in Vault using this structure:
 ```sh
 vault write "${VAULT_PREFIX}/${domain}/cert.pem"      value=@"..."
 vault write "${VAULT_PREFIX}/${domain}/cert.key"      value=@"..."
 vault write "${VAULT_PREFIX}/${domain}/chain.pem"     value=@"..."
 vault write "${VAULT_PREFIX}/${domain}/fullchain.pem" value=@"..."
 ```
 You might be using Fabio load balancer (which can get certs from
 Vault). It needs a bit different structure of your certs in Vault. It
 gets certs only from keys that were saved in `prefix/domain`, like this:
 ```bash
 vault write <PREFIX>/www.domain.com cert=@cert.pem key=@key.pem
 ```
 If you want to save certs in Vault this way just set "FABIO" env
 variable to anything (ex: "1") before running `acme.sh`:
 ```sh
 export FABIO="1"
 ```
--- a/deploy/vault_cli.sh
+++ b/deploy/vault_cli.sh
@ -49,9 +49,13 @@ vault_cli_deploy() {
    return 1
  fi
-  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
+  if [ -n "$FABIO" ]; then
-  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
+    $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1
-  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
+  else
-  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
+    $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
    $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
    $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
    $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
  fi
 }
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@ -6,7 +6,7 @@ https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
 ## 1. Use CloudFlare domain API to automatically issue cert
-First you need to login to your CloudFlare account to get your API key.
+First you need to login to your CloudFlare account to get your [API key](https://dash.cloudflare.com/profile). 
 ```
 export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
@ -264,9 +264,18 @@ when needed.
 ## 14. Use Linode domain API
 First you need to login to your Linode account to get your API Key.
 [https://manager.linode.com/profile/api](https://manager.linode.com/profile/api)
-Then add an API key with label *ACME* and copy the new key.
+  * [Classic Manager](https://manager.linode.com/profile/api)
   Under "Add an API key", Give the new key a "Label" (we recommend *ACME*),
   set the expiry to never, "Create API Key", and copy the new key into the `LINODE_API_KEY` command
   below.
  * [Cloud Manager](https://cloud.linode.com/profile/tokens)
   Click on "Add a Personal Access Token". Give the new key a "Label" (we
   recommend *ACME*), give it Read/Write access to "Domains". "Submit", and
   copy the new key into the `LINODE_API_KEY` command below.
 ```sh
 export LINODE_API_KEY="..."
@ -454,7 +463,7 @@ The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.
 First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/).
 ```
-VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
+export VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
 ```
 Ok, let's issue a cert now:
@ -971,6 +980,8 @@ acme.sh --issue --dns dns_netcup -d example.com -d www.example.com
 The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 52. Use GratisDNS.dk
 GratisDNS.dk (https://gratisdns.dk/) does not provide an API to update DNS records (other than IPv4 and IPv6
 dynamic DNS addresses).  The acme.sh plugin therefore retrieves and updates domain TXT records by logging
 into the GratisDNS website to read the HTML and posting updates as HTTP.  The plugin needs to know your
@ -1012,7 +1023,61 @@ Now you can issue a certificate.
 ```sh
 acme.sh --issue --dns dns_namecheap -d example.com -d *.example.com
 ```
-## 53. Use Nexcess API
+
 ## 54. Use MyDNS.JP API
 First, register to MyDNS.JP and get MasterID and Password.
 ```
 export MYDNSJP_MasterID=MasterID
 export MYDNSJP_Password=Password
 ```
 To issue a certificate:
 ```
 acme.sh --issue --dns dns_mydnsjp -d example.com -d www.example.com
 ```
 The `MYDNSJP_MasterID` and `MYDNSJP_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 55. Use hosting.de API
 Create an API key in your hosting.de account here: https://secure.hosting.de
 The key needs the following rights:
 - DNS_ZONES_EDIT
 - DNS_ZONES_LIST
 Set your API Key and endpoint:
 ```
 export HOSTINGDE_APIKEY='xxx'
 export HOSTINGDE_ENDPOINT='https://secure.hosting.de'
 ```
 The plugin can also be used for the http.net API. http.net customers have to set endpoint to https://partner.http.net.
 Ok, let's issue a cert now:
 ```
 acme.sh --issue --dns dns_hostingde -d example.com -d *.example.com
 ```
 The hosting.de API key and endpoint will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 56. Use Neodigit.net API
 ```
 export NEODIGIT_API_TOKEN="eXJxTkdUVUZmcHQ3QWJackQ4ZGlMejRDSklRYmo5VG5zcFFKK2thYnE0WnVnNnMy"
 ```
 Ok, let's issue a cert now:
 ```
 acme.sh --issue --dns dns_neodigit -d example.com -d www.example.com
 ```
 Neodigit API Token will be saved in `~/.acme.sh/account.conf` and will be used when needed.
 ## 57. Use Nexcess API
 First, you'll need to login to the [Nexcess.net Client Portal](https://portal.nexcess.net) and [generate a new API token](https://portal.nexcess.net/api-token).
@ -1029,7 +1094,8 @@ acme.sh --issue --dns dns_nexcess -d example.com --dnssleep 900
 ```
 The `NEXCESS_API_TOKEN will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
-## 54. Use Thermo.io API
+
 ## 58. Use Thermo.io API
 First, you'll need to login to the [Thermo.io Client Portal](https://core.thermo.io) and [generate a new API token](https://core.thermo.io/api-token).
@ -1046,7 +1112,8 @@ acme.sh --issue --dns dns_thermo -d example.com --dnssleep 900
 ```
 The `THERMO_API_TOKEN will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
-## 55. Use Futurehosting API
+
 ## 59. Use Futurehosting API
 First, you'll need to login to the [Futurehosting Client Portal](https://my.futurehosting.com) and [generate a new API token](https://my.futurehosting.com/api-token).
@ -1063,6 +1130,7 @@ acme.sh --issue --dns dns_fh -d example.com --dnssleep 900
 ```
 The `FH_API_TOKEN will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 # Use custom API
 If your API is not supported yet, you can write your own DNS API.
--- a/dnsapi/dns_azure.sh
+++ b/dnsapi/dns_azure.sh
@ -316,7 +316,7 @@ _get_root() {
  ## (ZoneListResult with  continuation token for the next page of results)
  ## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways
  ##
-  _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?api-version=2017-09-01" "" "$accesstoken"
+  _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken"
  # Find matching domain name is Json response
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@ -34,6 +34,9 @@ dns_cf_add() {
  _saveaccountconf_mutable CF_Key "$CF_Key"
  _saveaccountconf_mutable CF_Email "$CF_Email"
  _DOMAIN_CF_ZONES_CACHE_NAME_="$(echo "${CF_Email}_CF_ZONES_" | tr '@.' '__')"
  _cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
@ -58,9 +61,12 @@ dns_cf_add() {
  #  if [ "$count" = "0" ]; then
  _info "Adding record"
  if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
-    if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then
+    if _contains "$response" "$fulldomain"; then
      _info "Added, OK"
      return 0
    elif _contains "$response" "The record already exists"; then
      _info "Already exists, OK"
      return 0
    else
      _err "Add txt record error."
      return 1
@ -99,11 +105,16 @@ dns_cf_rm() {
    return 1
  fi
  _DOMAIN_CF_ZONES_CACHE_NAME_="$(echo "${CF_Email}_CF_ZONES_" | tr '@.' '__')"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
    _err "invalid domain"
    return 1
  fi
  _cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
@ -143,6 +154,21 @@ dns_cf_rm() {
 # _domain=domain.com
 # _domain_id=sdjkglgdfewsdfg
 _get_root() {
  _cf_zones="$(_readdomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_")"
  _debug2 "_cf_zones" "$_cf_zones"
  if [ -z "$_cf_zones" ]; then
    _debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ is none, so get it."
    if ! _cf_rest GET "zones"; then
      return 1
    fi
    _cf_zones="$response"
    _savedomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_" "$(echo "$_cf_zones" | _base64)"
  else
    _debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ found"
    _cf_zones="$(echo "$_cf_zones" | _dbase64)"
  fi
  domain=$1
  i=2
  p=1
@ -154,12 +180,8 @@ _get_root() {
      return 1
    fi
-    if ! _cf_rest GET "zones?name=$h"; then
+    if _contains "$_cf_zones" "\"name\":\"$h\"" >/dev/null; then
-      return 1
+      _domain_id=$(echo "$_cf_zones" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "^\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
    fi
    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
--- a/dnsapi/dns_cx.sh
+++ b/dnsapi/dns_cx.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env sh
-# Cloudxns.com Domain api
+# CloudXNS Domain api
 #
 #CX_Key="1234"
 #
@ -19,7 +19,7 @@ dns_cx_add() {
  if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then
    CX_Key=""
    CX_Secret=""
-    _err "You don't specify cloudxns.com  api key or secret yet."
+    _err "You don't specify cloudxns.net  api key or secret yet."
    _err "Please create you key and try again."
    return 1
  fi
--- a/dnsapi/dns_he.sh
+++ b/dnsapi/dns_he.sh
@ -92,7 +92,9 @@ dns_he_rm() {
    return 1
  fi
  # Remove the record
-  body="email=${HE_Username}&pass=${HE_Password}"
+  username_encoded="$(printf "%s" "${HE_Username}" | _url_encode)"
  password_encoded="$(printf "%s" "${HE_Password}" | _url_encode)"
  body="email=${username_encoded}&pass=${password_encoded}"
  body="$body&menu=edit_zone"
  body="$body&hosted_dns_zoneid=$_zone_id"
  body="$body&hosted_dns_recordid=$_record_id"
--- a/dnsapi/dns_hostingde.sh
+++ b/dnsapi/dns_hostingde.sh
@ -0,0 +1,109 @@
 #!/usr/bin/env sh
 # hosting.de API
 # Values to export:
 # export HOSTINGDE_ENDPOINT='https://secure.hosting.de'
 # export HOSTINGDE_APIKEY='xxxxx'
 ########  Public functions #####################
 dns_hostingde_add() {
  fulldomain="${1}"
  txtvalue="${2}"
  _debug "Calling: _hostingde_addRecord() '${fulldomain}' '${txtvalue}'"
  _hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_addRecord
 }
 dns_hostingde_rm() {
  fulldomain="${1}"
  txtvalue="${2}"
  _debug "Calling: _hostingde_removeRecord() '${fulldomain}' '${txtvalue}'"
  _hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_removeRecord
 }
 #################### own Private functions below ##################################
 _hostingde_apiKey() {
  HOSTINGDE_APIKEY="${HOSTINGDE_APIKEY:-$(_readaccountconf_mutable HOSTINGDE_APIKEY)}"
  if [ -z "$HOSTINGDE_APIKEY" ] || [ -z "$HOSTINGDE_ENDPOINT" ]; then
    HOSTINGDE_APIKEY=""
    HOSTINGDE_ENDPOINT=""
    _err "You haven't specified hosting.de API key or endpoint yet."
    _err "Please create your key and try again."
    return 1
  fi
  _saveaccountconf_mutable HOSTINGDE_APIKEY "$HOSTINGDE_APIKEY"
  _saveaccountconf_mutable HOSTINGDE_ENDPOINT "$HOSTINGDE_ENDPOINT"
 }
 _hostingde_getZoneConfig() {
  _info "Getting ZoneConfig"
  curZone="${fulldomain#*.}"
  returnCode=1
  while _contains "${curZone}" "\\."; do
    curData="{\"filter\":{\"field\":\"zoneName\",\"value\":\"${curZone}\"},\"limit\":1,\"authToken\":\"${HOSTINGDE_APIKEY}\"}"
    curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneConfigsFind")"
    _debug "Calling zoneConfigsFind: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneConfigsFind'"
    _debug "Result of zoneConfigsFind: '$curResult'"
    if _contains "${curResult}" '"status": "error"'; then
      if _contains "${curResult}" '"code": 10109'; then
        _err "The API-Key is invalid or could not be found"
      else
        _err "UNKNOWN API ERROR"
      fi
      returnCode=1
      break
    fi
    if _contains "${curResult}" '"totalEntries": 1'; then
      _info "Retrieved zone data."
      _debug "Zone data: '${curResult}'"
      # read ZoneConfigId for later update
      zoneConfigId=$(echo "${curResult}" | _egrep_o '"id":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
      _debug "zoneConfigId '${zoneConfigId}'"
      returnCode=0
      break
    fi
    curZone="${curZone#*.}"
  done
  if [ $returnCode -ne 0 ]; then
    _info "ZoneEnd reached, Zone ${curZone} not found in hosting.de API"
  fi
  return $returnCode
 }
 _hostingde_addRecord() {
  _info "Adding record to zone"
  curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":\"${zoneConfigId}\"},\"recordsToAdd\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\",\"ttl\":3600}]}"
  curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
  _debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
  _debug "Result of zoneUpdate: '$curResult'"
  if _contains "${curResult}" '"status": "error"'; then
    if _contains "${curResult}" '"code": 10109'; then
      _err "The API-Key is invalid or could not be found"
    else
      _err "UNKNOWN API ERROR"
    fi
    return 1
  fi
  return 0
 }
 _hostingde_removeRecord() {
  _info "Removing record from zone"
  curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":\"${zoneConfigId}\"},\"recordsToDelete\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\"}]}"
  curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
  _debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
  _debug "Result of zoneUpdate: '$curResult'"
  if _contains "${curResult}" '"status": "error"'; then
    if _contains "${curResult}" '"code": 10109'; then
      _err "The API-Key is invalid or could not be found"
    else
      _err "UNKNOWN API ERROR"
    fi
    return 1
  fi
  return 0
 }
--- a/dnsapi/dns_linode.sh
+++ b/dnsapi/dns_linode.sh
@ -2,7 +2,7 @@
 #Author: Philipp Grosswiler <philipp.grosswiler@swiss-design.net>
-LINODE_API_URL="https://api.linode.com/?api_key=$LINODE_API_KEY&api_action="
+LINODE_API_URL="https://api.linode.com/v4/domains"
 ########  Public functions #####################
@ -27,10 +27,14 @@ dns_linode_add() {
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
-  _parameters="&DomainID=$_domain_id&Type=TXT&Name=$_sub_domain&Target=$txtvalue"
+  _payload="{
              \"type\": \"TXT\",
              \"name\": \"$_sub_domain\",
              \"target\": \"$txtvalue\"
            }"
-  if _rest GET "domain.resource.create" "$_parameters" && [ -n "$response" ]; then
+  if _rest POST "/$_domain_id/records" "$_payload" && [ -n "$response" ]; then
-    _resource_id=$(printf "%s\n" "$response" | _egrep_o "\"ResourceID\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1)
+    _resource_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1)
    _debug _resource_id "$_resource_id"
    if [ -z "$_resource_id" ]; then
@ -65,25 +69,21 @@ dns_linode_rm() {
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
-  _parameters="&DomainID=$_domain_id"
+  if _rest GET "/$_domain_id/records" && [ -n "$response" ]; then
  if _rest GET "domain.resource.list" "$_parameters" && [ -n "$response" ]; then
    response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")"
-    resource="$(echo "$response" | _egrep_o "{.*\"NAME\":\s*\"$_sub_domain\".*}")"
+    resource="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$_sub_domain\".*}")"
    if [ "$resource" ]; then
-      _resource_id=$(printf "%s\n" "$resource" | _egrep_o "\"RESOURCEID\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
+      _resource_id=$(printf "%s\n" "$resource" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
      if [ "$_resource_id" ]; then
        _debug _resource_id "$_resource_id"
-        _parameters="&DomainID=$_domain_id&ResourceID=$_resource_id"
+        if _rest DELETE "/$_domain_id/records/$_resource_id" && [ -n "$response" ]; then
          # On 200/OK, empty set is returned. Check for error, if any.
          _error_response=$(printf "%s\n" "$response" | _egrep_o "\"errors\"" | cut -d : -f 2 | tr -d " " | _head_n 1)
-        if _rest GET "domain.resource.delete" "$_parameters" && [ -n "$response" ]; then
+          if [ -n "$_error_response" ]; then
-          _resource_id=$(printf "%s\n" "$response" | _egrep_o "\"ResourceID\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1)
+            _err "Error deleting the domain resource: $_error_response"
          _debug _resource_id "$_resource_id"
          if [ -z "$_resource_id" ]; then
            _err "Error deleting the domain resource."
            return 1
          fi
@ -127,7 +127,7 @@ _get_root() {
  i=2
  p=1
-  if _rest GET "domain.list"; then
+  if _rest GET; then
    response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")"
    while true; do
      h=$(printf "%s" "$domain" | cut -d . -f $i-100)
@ -137,9 +137,9 @@ _get_root() {
        return 1
      fi
-      hostedzone="$(echo "$response" | _egrep_o "{.*\"DOMAIN\":\s*\"$h\".*}")"
+      hostedzone="$(echo "$response" | _egrep_o "{.*\"domain\":\s*\"$h\".*}")"
      if [ "$hostedzone" ]; then
-        _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"DOMAINID\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
+        _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
        if [ "$_domain_id" ]; then
          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
          _domain=$h
@ -165,6 +165,7 @@ _rest() {
  export _H1="Accept: application/json"
  export _H2="Content-Type: application/json"
  export _H3="Authorization: Bearer $LINODE_API_KEY"
  if [ "$mtd" != "GET" ]; then
    # both POST and DELETE.
--- a/dnsapi/dns_mydnsjp.sh
+++ b/dnsapi/dns_mydnsjp.sh
@ -0,0 +1,210 @@
 #!/usr/bin/env sh
 #Here is a api script for MyDNS.JP.
 #This file name is "dns_mydnsjp.sh"
 #So, here must be a method   dns_mydnsjp_add()
 #Which will be called by acme.sh to add the txt record to your api system.
 #returns 0 means success, otherwise error.
 #
 #Author: epgdatacapbon
 #Report Bugs here: https://github.com/epgdatacapbon/acme.sh
 #
 ########  Public functions #####################
 # Export MyDNS.JP MasterID and Password in following variables...
 #  MYDNSJP_MasterID=MasterID
 #  MYDNSJP_Password=Password
 MYDNSJP_API="https://www.mydns.jp"
 #Usage: dns_mydnsjp_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_mydnsjp_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using mydnsjp"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  # Load the credentials from the account conf file
  MYDNSJP_MasterID="${MYDNSJP_MasterID:-$(_readaccountconf_mutable MYDNSJP_MasterID)}"
  MYDNSJP_Password="${MYDNSJP_Password:-$(_readaccountconf_mutable MYDNSJP_Password)}"
  if [ -z "$MYDNSJP_MasterID" ] || [ -z "$MYDNSJP_Password" ]; then
    MYDNSJP_MasterID=""
    MYDNSJP_Password=""
    _err "You don't specify mydnsjp api MasterID and Password yet."
    _err "Please export as MYDNSJP_MasterID / MYDNSJP_Password and try again."
    return 1
  fi
  # Save the credentials to the account conf file
  _saveaccountconf_mutable MYDNSJP_MasterID "$MYDNSJP_MasterID"
  _saveaccountconf_mutable MYDNSJP_Password "$MYDNSJP_Password"
  _debug "First detect the root zone."
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  if _mydnsjp_api "REGIST" "$_domain" "$txtvalue"; then
    if printf -- "%s" "$response" | grep "OK." >/dev/null; then
      _info "Added, OK"
      return 0
    else
      _err "Add txt record error."
      return 1
    fi
  fi
  _err "Add txt record error."
  return 1
 }
 #Usage: fulldomain txtvalue
 #Remove the txt record after validation.
 dns_mydnsjp_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Removing TXT record"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  # Load the credentials from the account conf file
  MYDNSJP_MasterID="${MYDNSJP_MasterID:-$(_readaccountconf_mutable MYDNSJP_MasterID)}"
  MYDNSJP_Password="${MYDNSJP_Password:-$(_readaccountconf_mutable MYDNSJP_Password)}"
  if [ -z "$MYDNSJP_MasterID" ] || [ -z "$MYDNSJP_Password" ]; then
    MYDNSJP_MasterID=""
    MYDNSJP_Password=""
    _err "You don't specify mydnsjp api MasterID and Password yet."
    _err "Please export as MYDNSJP_MasterID / MYDNSJP_Password and try again."
    return 1
  fi
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  if _mydnsjp_api "DELETE" "$_domain" "$txtvalue"; then
    if printf -- "%s" "$response" | grep "OK." >/dev/null; then
      _info "Deleted, OK"
      return 0
    else
      _err "Delete txt record error."
      return 1
    fi
  fi
  _err "Delete txt record error."
  return 1
 }
 ####################  Private functions below ##################################
 # _acme-challenge.www.domain.com
 # returns
 #  _sub_domain=_acme-challenge.www
 #  _domain=domain.com
 _get_root() {
  fulldomain=$1
  i=2
  p=1
  # Get the root domain
  _mydnsjp_retrieve_domain
  if [ "$?" != "0" ]; then
    # not valid
    return 1
  fi
  while true; do
    _domain=$(printf "%s" "$fulldomain" | cut -d . -f $i-100)
    if [ -z "$_domain" ]; then
      # not valid
      return 1
    fi
    if [ "$_domain" = "$_root_domain" ]; then
      _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-$p)
      return 0
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 # Retrieve the root domain
 # returns 0 success
 _mydnsjp_retrieve_domain() {
  _debug "Login to MyDNS.JP"
  response="$(_post "masterid=$MYDNSJP_MasterID&masterpwd=$MYDNSJP_Password" "$MYDNSJP_API/?MENU=100")"
  cookie="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _head_n 1 | cut -d " " -f 2)"
  # If cookies is not empty then logon successful
  if [ -z "$cookie" ]; then
    _err "Fail to get a cookie."
    return 1
  fi
  _debug "Retrieve DOMAIN INFO page"
  export _H1="Cookie:${cookie}"
  response="$(_get "$MYDNSJP_API/?MENU=300")"
  if [ "$?" != "0" ]; then
    _err "Fail to retrieve DOMAIN INFO."
    return 1
  fi
  _root_domain=$(echo "$response" | grep "DNSINFO\[domainname\]" | sed 's/^.*value="\([^"]*\)".*/\1/')
  # Logout
  response="$(_get "$MYDNSJP_API/?MENU=090")"
  _debug _root_domain "$_root_domain"
  if [ -z "$_root_domain" ]; then
    _err "Fail to get the root domain."
    return 1
  fi
  return 0
 }
 _mydnsjp_api() {
  cmd=$1
  domain=$2
  txtvalue=$3
  # Base64 encode the credentials
  credentials=$(printf "%s:%s" "$MYDNSJP_MasterID" "$MYDNSJP_Password" | _base64)
  # Construct the HTTP Authorization header
  export _H1="Content-Type: application/x-www-form-urlencoded"
  export _H2="Authorization: Basic ${credentials}"
  response="$(_post "CERTBOT_DOMAIN=$domain&CERTBOT_VALIDATION=$txtvalue&EDIT_CMD=$cmd" "$MYDNSJP_API/directedit.html")"
  if [ "$?" != "0" ]; then
    _err "error $domain"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_neodigit.sh
+++ b/dnsapi/dns_neodigit.sh
@ -0,0 +1,181 @@
 #!/usr/bin/env sh
 #
 # NEODIGIT_API_TOKEN="jasdfhklsjadhflnhsausdfas"
 # This is Neodigit.net api wrapper for acme.sh
 #
 # Author: Adrian Almenar
 # Report Bugs here: https://github.com/tecnocratica/acme.sh
 #
 NEODIGIT_API_URL="https://api.neodigit.net/v1"
 #
 ########  Public functions #####################
 # Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_neodigit_add() {
  fulldomain=$1
  txtvalue=$2
  NEODIGIT_API_TOKEN="${NEODIGIT_API_TOKEN:-$(_readaccountconf_mutable NEODIGIT_API_TOKEN)}"
  if [ -z "$NEODIGIT_API_TOKEN" ]; then
    NEODIGIT_API_TOKEN=""
    _err "You haven't specified a Token api key."
    _err "Please create the key and try again."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable NEODIGIT_API_TOKEN "$NEODIGIT_API_TOKEN"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _debug domain "$_domain"
  _debug sub_domain "$_sub_domain"
  _debug "Getting txt records"
  _neo_rest GET "dns/zones/${_domain_id}/records?type=TXT&name=$fulldomain"
  _debug _code "$_code"
  if [ "$_code" != "200" ]; then
    _err "error retrieving data!"
    return 1
  fi
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  _debug domain "$_domain"
  _debug sub_domain "$_sub_domain"
  _info "Adding record"
  if _neo_rest POST "dns/zones/$_domain_id/records" "{\"record\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":60}}"; then
    if printf -- "%s" "$response" | grep "$_sub_domain" >/dev/null; then
      _info "Added, OK"
      return 0
    else
      _err "Add txt record error."
      return 1
    fi
  fi
  _err "Add txt record error."
  return 1
 }
 #fulldomain txtvalue
 dns_neodigit_rm() {
  fulldomain=$1
  txtvalue=$2
  NEODIGIT_API_TOKEN="${NEODIGIT_API_TOKEN:-$(_readaccountconf_mutable NEODIGIT_API_TOKEN)}"
  if [ -z "$NEODIGIT_API_TOKEN" ]; then
    NEODIGIT_API_TOKEN=""
    _err "You haven't specified a Token api key."
    _err "Please create the key and try again."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable NEODIGIT_API_TOKEN "$NEODIGIT_API_TOKEN"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Getting txt records"
  _neo_rest GET "dns/zones/${_domain_id}/records?type=TXT&name=$fulldomain&content=$txtvalue"
  if [ "$_code" != "200" ]; then
    _err "error retrieving data!"
    return 1
  fi
  record_id=$(echo "$response" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d: -f2 | cut -d, -f1)
  _debug "record_id" "$record_id"
  if [ -z "$record_id" ]; then
    _err "Can not get record id to remove."
    return 1
  fi
  if ! _neo_rest DELETE "dns/zones/$_domain_id/records/$record_id"; then
    _err "Delete record error."
    return 1
  fi
 }
 ####################  Private functions below ##################################
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 # _domain_id=dasfdsafsadg5ythd
 _get_root() {
  domain=$1
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if ! _neo_rest GET "dns/zones?name=$h"; then
      return 1
    fi
    _debug p "$p"
    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
      _domain_id=$(echo "$response" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d: -f2 | cut -d, -f1)
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 _neo_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"
  export _H1="X-TCPanel-Token: $NEODIGIT_API_TOKEN"
  export _H2="Content-Type: application/json"
  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$NEODIGIT_API_URL/$ep" "" "$m")"
  else
    response="$(_get "$NEODIGIT_API_URL/$ep")"
  fi
  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  if [ "$?" != "0" ]; then
    _err "error $ep"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }