Ubiquiti removed keytool (and java) from recent releases of Unifi OS. This moves from keytool to openssl's native pkcs12.
Tested on Unifi Dream Machine which runs Unifi OS and a built-in Unifi controller.
Also added backup of existing files prior to change in case anything goes wrong, and update system configuration with compatible ciphers.
When creating OVH API credentials, one can scope them to a specific subset of routes. Specifically, this allows to limit acme.sh to a specific zone as the zone is part of the URL. This is an important security/safety net feature.
restrict authorization request to OVH /domain API and not whole OVH API.
Not perfect due to some limitations in regex with *, but better security as the token don't give full access to the API.
message:
SC2034: $VARNAME appears unused. Verify it or export it.
most of these are related to the style:
we generate global vars, which are used in other functions.
the var "lexical_url" was really unused (left it as comment)
the travis-check now does not need anymore special flags.
Signed-off-by: Bastian Bittorf <bb@npl.de>
