Merge branch 'dev' into dns_infomaniak_API_v2

.github/workflows/DNS.yml

@@ -66,7 +66,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - name: Set env file
@@ -114,7 +114,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run:  brew install socat
     - name: Clone acmetest
@@ -165,7 +165,7 @@ jobs:
     - name: Set git to use LF
       run: |
           git config --global core.autocrlf false
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install cygwin base packages with chocolatey
       run: |
           choco config get cacheLocation
@@ -224,7 +224,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/freebsd-vm@v1
@@ -279,7 +279,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/openbsd-vm@v1
@@ -334,7 +334,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/netbsd-vm@v1
@@ -390,7 +390,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/dragonflybsd-vm@v1
@@ -450,7 +450,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/solaris-vm@v1
@@ -508,7 +508,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/omnios-vm@v1
@@ -563,7 +563,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/openindiana-vm@v1
@@ -618,7 +618,7 @@ jobs:
       TokenName4: ${{ secrets.TokenName4}}
       TokenName5: ${{ secrets.TokenName5}}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/haiku-vm@v1

.github/workflows/DragonFlyBSD.yml

@@ -45,7 +45,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/FreeBSD.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Haiku.yml

@@ -52,7 +52,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Linux.yml

@@ -33,7 +33,7 @@ jobs:
       TEST_PREFERRED_CHAIN: (STAGING)
       TEST_ACME_Server: "LetsEncrypt.org_test"
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Clone acmetest
       run: |
           cd .. \

.github/workflows/MacOS.yml

@@ -44,7 +44,7 @@ jobs:
       CA_EMAIL: ${{ matrix.CA_EMAIL }}
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run:  brew install socat
     - name: Clone acmetest

.github/workflows/NetBSD.yml

@@ -45,7 +45,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Omnios.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/OpenBSD.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/OpenIndiana.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/PebbleStrict.yml

@@ -33,7 +33,7 @@ jobs:
       TEST_CA: "Pebble Intermediate CA"
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run: sudo apt-get install -y socat
     - name: Run Pebble
@@ -58,7 +58,7 @@ jobs:
       TEST_IPCERT: 1
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run: sudo apt-get install -y socat
     - name: Run Pebble

.github/workflows/Solaris.yml

@@ -51,7 +51,7 @@ jobs:
       TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - uses: vmactions/cf-tunnel@v0
       id: tunnel
       with:

.github/workflows/Ubuntu.yml

@@ -70,7 +70,7 @@ jobs:
       TestingDomain: ${{ matrix.TestingDomain }}
       ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install tools
       run: sudo apt-get install -y socat wget
     - name: Start StepCA

.github/workflows/Windows.yml

@@ -49,7 +49,7 @@ jobs:
     - name: Set git to use LF
       run: |
           git config --global core.autocrlf false
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install cygwin base packages with chocolatey
       run: |
           choco config get cacheLocation

.github/workflows/dockerhub.yml

@@ -43,7 +43,7 @@ jobs:
     if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
     steps:
       - name: checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Set up QEMU

.github/workflows/shellcheck.yml

@@ -22,7 +22,7 @@ jobs:
   ShellCheck:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install Shellcheck
       run: sudo apt-get install -y shellcheck
     - name: DoShellcheck
@@ -31,7 +31,7 @@ jobs:
   shfmt:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Install shfmt
       run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
     - name: shfmt

.github/workflows/wiki-monitor.yml

@@ -9,7 +9,7 @@ jobs:
     if: github.actor != 'neilpang'
     steps:
       - name: Checkout wiki repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: ${{ github.repository }}.wiki
           path: wiki

acme.sh

@@ -595,11 +595,6 @@ if [ "$(printf '\x41')" != 'A' ]; then
   _URGLY_PRINTF=1
 fi
 
-_ESCAPE_XARGS=""
-if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then
-  _ESCAPE_XARGS=1
-fi
-
 _h2b() {
   if _exists xxd; then
     if _contains "$(xxd --help 2>&1)" "assumes -c30"; then
@@ -618,17 +613,8 @@ _h2b() {
   jc=""
   _debug2 _URGLY_PRINTF "$_URGLY_PRINTF"
   if [ -z "$_URGLY_PRINTF" ]; then
-    if [ "$_ESCAPE_XARGS" ] && _exists xargs; then
-      _debug2 "xargs"
-      echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/g' | xargs printf
-    else
-      for h in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/ \1/g'); do
-        if [ -z "$h" ]; then
-          break
-        fi
-        printf "\x$h%s"
-      done
-    fi
+    # shellcheck disable=SC2059
+    printf "$(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\x\1/g')"
   else
     for c in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\)/ \1/g'); do
       if [ -z "$ic" ]; then
@@ -5675,7 +5661,7 @@ renewAll() {
   _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT}
   _debug "_set_level" "$_set_level"
   export _ACME_IN_RENEWALL=1
-  for di in "${CERT_HOME}"/*.*/; do
+  for di in "${CERT_HOME}"/*[.:]*/; do
     _debug di "$di"
     if ! [ -d "$di" ]; then
       _debug "Not a directory, skipping: $di"

dnsapi/dns_cyon.sh

@@ -332,11 +332,11 @@ _cyon_get_response_message() {
 }
 
 _cyon_get_response_status() {
-  _egrep_o '"status":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"status":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_get_validation_status() {
-  _egrep_o '"valid":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"valid":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_get_response_success() {
@@ -344,7 +344,7 @@ _cyon_get_response_success() {
 }
 
 _cyon_get_environment_change_status() {
-  _egrep_o '"authenticated":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"authenticated":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_check_if_2fa_missed() {

dnsapi/dns_opusdns.sh

@@ -0,0 +1,158 @@
+#!/usr/bin/env sh
+
+# shellcheck disable=SC2034
+dns_opusdns_info='OpusDNS.com
+Site: OpusDNS.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_opusdns
+Options:
+ OPUSDNS_API_Key API Key. Can be created at https://dashboard.opusdns.com/settings/api-keys
+ OPUSDNS_API_Endpoint API Endpoint URL. Default "https://api.opusdns.com". Optional.
+ OPUSDNS_TTL TTL for DNS challenge records in seconds. Default "60". Optional.
+Issues: github.com/acmesh-official/acme.sh/issues/XXXX
+Author: OpusDNS Team <https://github.com/opusdns>
+'
+
+OPUSDNS_API_Endpoint_Default="https://api.opusdns.com"
+OPUSDNS_TTL_Default=60
+
+######## Public functions ###########
+
+# Add DNS TXT record
+dns_opusdns_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using OpusDNS DNS API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    return 1
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"upsert\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Failed to add TXT record"
+    return 1
+  fi
+
+  _info "TXT record added successfully"
+  return 0
+}
+
+# Remove DNS TXT record
+dns_opusdns_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Removing OpusDNS DNS record"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    _err "Zone not found, cleanup skipped"
+    return 0
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"remove\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Warning: Failed to remove TXT record"
+    return 0
+  fi
+
+  _info "TXT record removed successfully"
+  return 0
+}
+
+######## Private functions ###########
+
+# Initialize and validate configuration
+_opusdns_init() {
+  OPUSDNS_API_Key="${OPUSDNS_API_Key:-$(_readaccountconf_mutable OPUSDNS_API_Key)}"
+  OPUSDNS_API_Endpoint="${OPUSDNS_API_Endpoint:-$(_readaccountconf_mutable OPUSDNS_API_Endpoint)}"
+  OPUSDNS_TTL="${OPUSDNS_TTL:-$(_readaccountconf_mutable OPUSDNS_TTL)}"
+
+  if [ -z "$OPUSDNS_API_Key" ]; then
+    _err "OPUSDNS_API_Key not set"
+    return 1
+  fi
+
+  [ -z "$OPUSDNS_API_Endpoint" ] && OPUSDNS_API_Endpoint="$OPUSDNS_API_Endpoint_Default"
+  [ -z "$OPUSDNS_TTL" ] && OPUSDNS_TTL="$OPUSDNS_TTL_Default"
+
+  _saveaccountconf_mutable OPUSDNS_API_Key "$OPUSDNS_API_Key"
+  _saveaccountconf_mutable OPUSDNS_API_Endpoint "$OPUSDNS_API_Endpoint"
+  _saveaccountconf_mutable OPUSDNS_TTL "$OPUSDNS_TTL"
+
+  _debug "Endpoint: $OPUSDNS_API_Endpoint"
+  return 0
+}
+
+# Make API request
+# Usage: _opusdns_api METHOD PATH [DATA]
+_opusdns_api() {
+  method=$1
+  path=$2
+  data=$3
+
+  export _H1="X-Api-Key: $OPUSDNS_API_Key"
+  export _H2="Content-Type: application/json"
+
+  url="$OPUSDNS_API_Endpoint$path"
+  _debug2 "API: $method $url"
+  [ -n "$data" ] && _debug2 "Data: $data"
+
+  if [ -n "$data" ]; then
+    response=$(_post "$data" "$url" "" "$method")
+  else
+    response=$(_get "$url")
+  fi
+
+  if [ $? -ne 0 ]; then
+    _err "API request failed"
+    _debug "Response: $response"
+    return 1
+  fi
+
+  _debug2 "Response: $response"
+  return 0
+}
+
+# Detect zone from FQDN
+# Sets: _zone, _record_name
+_get_zone() {
+  domain=$(echo "$1" | sed 's/\.$//')
+  _debug "Finding zone for: $domain"
+
+  i=1
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
+
+    if [ -z "$h" ]; then
+      _err "No valid zone found for: $domain"
+      return 1
+    fi
+
+    _debug "Trying: $h"
+    if _opusdns_api GET "/v1/dns/$h" && _contains "$response" '"dnssec_status"'; then
+      _zone="$h"
+      _record_name=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
+      [ -z "$_record_name" ] && _record_name="@"
+      return 0
+    fi
+
+    p="$i"
+    i=$(_math "$i" + 1)
+  done
+}