Merge branch 'dev' into master

2026-05-18 20:03:55 +08:00 · 2026-02-05 10:39:19 +01:00
parent 7236ba2d7c 80e39eb63c
commit ec0dc40ad8
22 changed files with 246 additions and 109 deletions
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@@ -66,7 +66,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - name: Set env file
@@ -114,7 +114,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install tools
      run:  brew install socat
    - name: Clone acmetest
@@ -165,7 +165,7 @@ jobs:
    - name: Set git to use LF
      run: |
          git config --global core.autocrlf false
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install cygwin base packages with chocolatey
      run: |
          choco config get cacheLocation
@@ -224,7 +224,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/freebsd-vm@v1
@@ -279,7 +279,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/openbsd-vm@v1
@@ -334,7 +334,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/netbsd-vm@v1
@@ -390,7 +390,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/dragonflybsd-vm@v1
@@ -450,7 +450,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/solaris-vm@v1
@@ -508,7 +508,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/omnios-vm@v1
@@ -563,7 +563,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/openindiana-vm@v1
@@ -618,7 +618,7 @@ jobs:
      TokenName4: ${{ secrets.TokenName4}}
      TokenName5: ${{ secrets.TokenName5}}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
    - uses: vmactions/haiku-vm@v1
--- a/.github/workflows/DragonFlyBSD.yml
+++ b/.github/workflows/DragonFlyBSD.yml
@@ -45,7 +45,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/FreeBSD.yml
+++ b/.github/workflows/FreeBSD.yml
@@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/Haiku.yml
+++ b/.github/workflows/Haiku.yml
@@ -52,7 +52,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/Linux.yml
+++ b/.github/workflows/Linux.yml
@@ -33,7 +33,7 @@ jobs:
      TEST_PREFERRED_CHAIN: (STAGING)
      TEST_ACME_Server: "LetsEncrypt.org_test"
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Clone acmetest
      run: |
          cd .. \
--- a/.github/workflows/MacOS.yml
+++ b/.github/workflows/MacOS.yml
@@ -44,7 +44,7 @@ jobs:
      CA_EMAIL: ${{ matrix.CA_EMAIL }}
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install tools
      run:  brew install socat
    - name: Clone acmetest
--- a/.github/workflows/NetBSD.yml
+++ b/.github/workflows/NetBSD.yml
@@ -45,7 +45,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/Omnios.yml
+++ b/.github/workflows/Omnios.yml
@@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/OpenBSD.yml
+++ b/.github/workflows/OpenBSD.yml
@@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/OpenIndiana.yml
+++ b/.github/workflows/OpenIndiana.yml
@@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/PebbleStrict.yml
+++ b/.github/workflows/PebbleStrict.yml
@@ -33,7 +33,7 @@ jobs:
      TEST_CA: "Pebble Intermediate CA"

    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Run Pebble
@@ -58,7 +58,7 @@ jobs:
      TEST_IPCERT: 1

    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Run Pebble
--- a/.github/workflows/Solaris.yml
+++ b/.github/workflows/Solaris.yml
@@ -51,7 +51,7 @@ jobs:
      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: vmactions/cf-tunnel@v0
      id: tunnel
      with:
--- a/.github/workflows/Ubuntu.yml
+++ b/.github/workflows/Ubuntu.yml
@@ -70,7 +70,7 @@ jobs:
      TestingDomain: ${{ matrix.TestingDomain }}
      ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install tools
      run: sudo apt-get install -y socat wget
    - name: Start StepCA
--- a/.github/workflows/Windows.yml
+++ b/.github/workflows/Windows.yml
@@ -49,7 +49,7 @@ jobs:
    - name: Set git to use LF
      run: |
          git config --global core.autocrlf false
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install cygwin base packages with chocolatey
      run: |
          choco config get cacheLocation
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@@ -43,7 +43,7 @@ jobs:
    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
    steps:
      - name: checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Set up QEMU
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -22,7 +22,7 @@ jobs:
  ShellCheck:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install Shellcheck
      run: sudo apt-get install -y shellcheck
    - name: DoShellcheck
@@ -31,7 +31,7 @@ jobs:
  shfmt:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - name: Install shfmt
      run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
    - name: shfmt
--- a/.github/workflows/wiki-monitor.yml
+++ b/.github/workflows/wiki-monitor.yml
@@ -9,7 +9,7 @@ jobs:
    if: github.actor != 'neilpang'
    steps:
      - name: Checkout wiki repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
        with:
          repository: ${{ github.repository }}.wiki
          path: wiki
--- a/acme.sh
+++ b/acme.sh
@@ -595,11 +595,6 @@ if [ "$(printf '\x41')" != 'A' ]; then
  _URGLY_PRINTF=1
 fi

-_ESCAPE_XARGS=""
-if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then
-  _ESCAPE_XARGS=1
-fi
-
 _h2b() {
  if _exists xxd; then
    if _contains "$(xxd --help 2>&1)" "assumes -c30"; then
@@ -618,17 +613,8 @@ _h2b() {
  jc=""
  _debug2 _URGLY_PRINTF "$_URGLY_PRINTF"
  if [ -z "$_URGLY_PRINTF" ]; then
-    if [ "$_ESCAPE_XARGS" ] && _exists xargs; then
-      _debug2 "xargs"
-      echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/g' | xargs printf
-    else
-      for h in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/ \1/g'); do
-        if [ -z "$h" ]; then
-          break
-        fi
-        printf "\x$h%s"
-      done
-    fi
+    # shellcheck disable=SC2059
+    printf "$(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\x\1/g')"
  else
    for c in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\)/ \1/g'); do
      if [ -z "$ic" ]; then
@@ -5675,7 +5661,7 @@ renewAll() {
  _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT}
  _debug "_set_level" "$_set_level"
  export _ACME_IN_RENEWALL=1
-  for di in "${CERT_HOME}"/*.*/; do
+  for di in "${CERT_HOME}"/*[.:]*/; do
    _debug di "$di"
    if ! [ -d "$di" ]; then
      _debug "Not a directory, skipping: $di"
--- a/deploy/ssh.sh
+++ b/deploy/ssh.sh
@@ -238,6 +238,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
        return $_err_code
      fi
    else
+      # If file doesn't exist, create it and change its permissions.
+      _cmdstr="$_cmdstr test ! -f $DEPLOY_SSH_KEYFILE && touch $DEPLOY_SSH_KEYFILE && chmod 600 $DEPLOY_SSH_KEYFILE;"
      # ssh echo to the file
      _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $DEPLOY_SSH_KEYFILE;"
      _info "will copy private key to remote file $DEPLOY_SSH_KEYFILE"
--- a/dnsapi/dns_cyon.sh
+++ b/dnsapi/dns_cyon.sh
@@ -332,11 +332,11 @@ _cyon_get_response_message() {
 }

 _cyon_get_response_status() {
-  _egrep_o '"status":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"status":[a-zA-Z0-9]*' | cut -d : -f 2
 }

 _cyon_get_validation_status() {
-  _egrep_o '"valid":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"valid":[a-zA-Z0-9]*' | cut -d : -f 2
 }

 _cyon_get_response_success() {
@@ -344,7 +344,7 @@ _cyon_get_response_success() {
 }

 _cyon_get_environment_change_status() {
-  _egrep_o '"authenticated":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"authenticated":[a-zA-Z0-9]*' | cut -d : -f 2
 }

 _cyon_check_if_2fa_missed() {
--- a/dnsapi/dns_infomaniak.sh
+++ b/dnsapi/dns_infomaniak.sh
@@ -6,14 +6,16 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak
 Options:
 INFOMANIAK_API_TOKEN API Token
 Issues: github.com/acmesh-official/acme.sh/issues/3188
+
 '

-# To use this API you need visit the API dashboard of your account
-# once logged into https://manager.infomaniak.com add /api/dashboard to the URL
-#
+# To use this API you need visit the API dashboard of your account.
 # Note: the URL looks like this:
-# https://manager.infomaniak.com/v3/<account_id>/api/dashboard
-# Then generate a token with the scope Domain
+# https://manager.infomaniak.com/v3/<account_id>/ng/profile/user/token/list
+# Then generate a token with following scopes :
+#  - domain:read
+#  - dns:read
+#  - dns:write
 # this is given as an environment variable INFOMANIAK_API_TOKEN

 # base variables
@@ -65,33 +67,32 @@ dns_infomaniak_add() {
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"

-  fqdn=${fulldomain#_acme-challenge.}
-
  # guess which base domain to add record to
-  zone_and_id=$(_find_zone "$fqdn")
-  if [ -z "$zone_and_id" ]; then
-    _err "cannot find zone to modify"
+  zone=$(_get_zone "$fulldomain")
+  if [ -z "$zone" ]; then
+    _err "cannot find zone:<${zone}> to modify"
    return 1
  fi
-  zone=${zone_and_id% *}
-  domain_id=${zone_and_id#* }

  # extract first part of domain
  key=${fulldomain%."$zone"}

-  _debug "zone:$zone id:$domain_id key:$key"
+  _debug "key:$key"
+  _debug "txtvalue: $txtvalue"

  # payload
  data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}"

  # API call
-  response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record")
-  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
-    _info "Record added"
-    _debug "Response: $response"
-    return 0
+  response=$(_post "$data" "${INFOMANIAK_API_URL}/2/zones/${zone}/records")
+  if [ -n "$response" ]; then
+    if [ ! "$(echo "$response" | _contains '"result":"success"')" ]; then
+      _info "Record added"
+      _debug "response: $response"
+      return 0
+    fi
  fi
-  _err "could not create record"
+  _err "Could not create record."
  _debug "Response: $response"
  return 1
 }
@@ -106,7 +107,7 @@ dns_infomaniak_rm() {

  if [ -z "$INFOMANIAK_API_TOKEN" ]; then
    INFOMANIAK_API_TOKEN=""
-    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN"
+    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN."
    return 1
  fi

@@ -138,63 +139,53 @@ dns_infomaniak_rm() {
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"

-  fqdn=${fulldomain#_acme-challenge.}
-
  # guess which base domain to add record to
-  zone_and_id=$(_find_zone "$fqdn")
-  if [ -z "$zone_and_id" ]; then
-    _err "cannot find zone to modify"
+  zone=$(_get_zone "$fulldomain")
+  if [ -z "$zone" ]; then
+    _err "cannot find zone:<$zone> to modify"
    return 1
  fi
-  zone=${zone_and_id% *}
-  domain_id=${zone_and_id#* }

  # extract first part of domain
  key=${fulldomain%."$zone"}
+  key=$(echo "$key" | _lower_case)

-  _debug "zone:$zone id:$domain_id key:$key"
+  _debug "zone:$zone"
+  _debug "key:$key"

  # find previous record
-  # shellcheck disable=SC1004
-  record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\
-{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p')
-  if [ -z "$record_id" ]; then
-    _err "could not find record to delete"
-    return 1
-  fi
+  # shellcheck disable=SC2086
+  response=$(_get "${INFOMANIAK_API_URL}/2/zones/${zone}/records" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}{/g')
+  record_id=$(echo "$response" | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source":"'"$key"'".*"target":"\\"'"$txtvalue"'\\"".*/\1/p')
+  _debug "key: $key"
+  _debug "txtvalue: $txtvalue"
  _debug "record_id: $record_id"

-  # API call
-  response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE)
-  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
-    _info "Record deleted"
-    return 0
+  if [ -z "$record_id" ]; then
+    _err "could not find record to delete"
+    _debug "response: $response"
+    return 1
  fi
-  _err "could not delete record"
+
+  # API call
+  response=$(_post "" "${INFOMANIAK_API_URL}/2/zones/${zone}/records/${record_id}" "" DELETE)
+  if [ -n "$response" ]; then
+    if [ ! "$(echo "$response" | _contains '"result":"success"')" ]; then
+      _info "Record deleted"
+      return 0
+    fi
+  fi
+  _err "Could not delete record."
+  _debug "Response: $response"
  return 1
 }

 ####################  Private functions below ##################################

-_get_domain_id() {
+_get_zone() {
  domain="$1"
-
+  # Whatever the domain is, you can get the fqdn with the following.
  # shellcheck disable=SC1004
-  _get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\
-/g' | sed -n 's/^"id":\(.*\)/\1/p'
-}
-
-_find_zone() {
-  zone="$1"
-
-  # find domain in list, removing . parts sequentialy
-  while _contains "$zone" '\.'; do
-    _debug "testing $zone"
-    id=$(_get_domain_id "$zone")
-    if [ -n "$id" ]; then
-      echo "$zone $id"
-      return
-    fi
-    zone=${zone#*.}
-  done
+  response=$(_get "${INFOMANIAK_API_URL}/2/domains/${domain}/zones" | sed 's/.*\[{"fqdn"\:"\(.*\)/\1/')
+  echo "${response%%\"*}"
 }
--- a/dnsapi/dns_opusdns.sh
+++ b/dnsapi/dns_opusdns.sh
@@ -0,0 +1,158 @@
+#!/usr/bin/env sh
+
+# shellcheck disable=SC2034
+dns_opusdns_info='OpusDNS.com
+Site: OpusDNS.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_opusdns
+Options:
+ OPUSDNS_API_Key API Key. Can be created at https://dashboard.opusdns.com/settings/api-keys
+ OPUSDNS_API_Endpoint API Endpoint URL. Default "https://api.opusdns.com". Optional.
+ OPUSDNS_TTL TTL for DNS challenge records in seconds. Default "60". Optional.
+Issues: github.com/acmesh-official/acme.sh/issues/XXXX
+Author: OpusDNS Team <https://github.com/opusdns>
+'
+
+OPUSDNS_API_Endpoint_Default="https://api.opusdns.com"
+OPUSDNS_TTL_Default=60
+
+######## Public functions ###########
+
+# Add DNS TXT record
+dns_opusdns_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using OpusDNS DNS API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    return 1
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"upsert\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Failed to add TXT record"
+    return 1
+  fi
+
+  _info "TXT record added successfully"
+  return 0
+}
+
+# Remove DNS TXT record
+dns_opusdns_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Removing OpusDNS DNS record"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    _err "Zone not found, cleanup skipped"
+    return 0
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"remove\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Warning: Failed to remove TXT record"
+    return 0
+  fi
+
+  _info "TXT record removed successfully"
+  return 0
+}
+
+######## Private functions ###########
+
+# Initialize and validate configuration
+_opusdns_init() {
+  OPUSDNS_API_Key="${OPUSDNS_API_Key:-$(_readaccountconf_mutable OPUSDNS_API_Key)}"
+  OPUSDNS_API_Endpoint="${OPUSDNS_API_Endpoint:-$(_readaccountconf_mutable OPUSDNS_API_Endpoint)}"
+  OPUSDNS_TTL="${OPUSDNS_TTL:-$(_readaccountconf_mutable OPUSDNS_TTL)}"
+
+  if [ -z "$OPUSDNS_API_Key" ]; then
+    _err "OPUSDNS_API_Key not set"
+    return 1
+  fi
+
+  [ -z "$OPUSDNS_API_Endpoint" ] && OPUSDNS_API_Endpoint="$OPUSDNS_API_Endpoint_Default"
+  [ -z "$OPUSDNS_TTL" ] && OPUSDNS_TTL="$OPUSDNS_TTL_Default"
+
+  _saveaccountconf_mutable OPUSDNS_API_Key "$OPUSDNS_API_Key"
+  _saveaccountconf_mutable OPUSDNS_API_Endpoint "$OPUSDNS_API_Endpoint"
+  _saveaccountconf_mutable OPUSDNS_TTL "$OPUSDNS_TTL"
+
+  _debug "Endpoint: $OPUSDNS_API_Endpoint"
+  return 0
+}
+
+# Make API request
+# Usage: _opusdns_api METHOD PATH [DATA]
+_opusdns_api() {
+  method=$1
+  path=$2
+  data=$3
+
+  export _H1="X-Api-Key: $OPUSDNS_API_Key"
+  export _H2="Content-Type: application/json"
+
+  url="$OPUSDNS_API_Endpoint$path"
+  _debug2 "API: $method $url"
+  [ -n "$data" ] && _debug2 "Data: $data"
+
+  if [ -n "$data" ]; then
+    response=$(_post "$data" "$url" "" "$method")
+  else
+    response=$(_get "$url")
+  fi
+
+  if [ $? -ne 0 ]; then
+    _err "API request failed"
+    _debug "Response: $response"
+    return 1
+  fi
+
+  _debug2 "Response: $response"
+  return 0
+}
+
+# Detect zone from FQDN
+# Sets: _zone, _record_name
+_get_zone() {
+  domain=$(echo "$1" | sed 's/\.$//')
+  _debug "Finding zone for: $domain"
+
+  i=1
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
+
+    if [ -z "$h" ]; then
+      _err "No valid zone found for: $domain"
+      return 1
+    fi
+
+    _debug "Trying: $h"
+    if _opusdns_api GET "/v1/dns/$h" && _contains "$response" '"dnssec_status"'; then
+      _zone="$h"
+      _record_name=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
+      [ -z "$_record_name" ] && _record_name="@"
+      return 0
+    fi
+
+    p="$i"
+    i=$(_math "$i" + 1)
+  done
+}