Merge pull request #1738 from Neilpang/dev

sync
fix JWS has an invalid anti-replay nonce https://github.com/Neilpang/acme.sh/issues/1630
2026-01-03 03:09:41 +08:00 · 2018-07-18 00:30:47 +08:00 · 2018-07-18 00:26:21 +08:00 · 2018-07-10 09:18:58 +08:00 · 2018-07-09 22:54:34 +02:00 · 2018-07-08 23:00:26 +02:00
29 changed files with 1499 additions and 209 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,12 +13,6 @@ env:
  global:
    - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64
 addons:
  apt:
    sources:
    - debian-sid    # Grab shellcheck from the Debian repo (o_O)
    packages:
    - shellcheck
 install:
  - if [ "$TRAVIS_OS_NAME" = 'osx' ]; then
@@ -29,9 +23,7 @@ install:
 script:
  - echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)"
  - command -V openssl && openssl version
-  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt ; fi
+  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then chmod +x ~/shfmt ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then ~/shfmt -l -w -i 2 . ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi
  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi
@@ -40,7 +32,6 @@ script:
  - if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi
  - if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi
 matrix:
  fast_finish: true
--- a/1
+++ b/1
@@ -3,6 +3,7 @@ FROM alpine:3.6
 RUN apk update -f \
  && apk --no-cache add -f \
  openssl \
  coreutils \
  curl \
  socat \
  && rm -rf /var/cache/apk/*
--- a/README.md
+++ b/README.md
@@ -33,10 +33,12 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
 - [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt)
 - [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty)
 - [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709)
- [Centminmod](http://centminmod.com/letsencrypt-acmetool-https.html)
+- [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html)
 - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
 - [archlinux](https://aur.archlinux.org/packages/acme.sh-git/)
 - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
 - [CentOS Web Panel](http://centos-webpanel.com/)
 - [lnmp.org](https://lnmp.org/)
 - [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials)
 # Tested OS
@@ -220,22 +222,7 @@ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
 More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
-# 5. Use Standalone TLS server to issue cert
+# 5. Use Apache mode
 **(requires you to be root/sudoer or have permission to listen on port 443 (TCP))**
 acme.sh supports `tls-sni-01` validation.
 Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
 ```bash
 acme.sh --issue --tls -d example.com -d www.example.com -d cp.example.com
 ```
 More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
 # 6. Use Apache mode
 **(requires you to be root/sudoer, since it is required to interact with Apache server)**
@@ -255,7 +242,7 @@ We don't want to mess your apache server, don't worry.**
 More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
-# 7. Use Nginx mode
+# 6. Use Nginx mode
 **(requires you to be root/sudoer, since it is required to interact with Nginx server)**
@@ -279,7 +266,7 @@ We don't want to mess your nginx server, don't worry.**
 More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
-# 8. Automatic DNS API integration
+# 7. Automatic DNS API integration
 If your DNS provider supports API access, we can use that API to automatically issue the certs.
@@ -328,7 +315,12 @@ You don't have to do anything manually!
 1. zonomi.com DNS API
 1. DreamHost.com API
 1. DirectAdmin API
-
+1. KingHost (https://www.kinghost.com.br/)
 1. Zilore (https://zilore.com)
 1. Loopia.se API
 1. acme-dns (https://github.com/joohoi/acme-dns)
 1. TELE3 (https://www.tele3.cz)
 1. EUSERV.EU (https://www.euserv.eu)
 And: 
@@ -342,7 +334,9 @@ If your DNS provider is not on the supported list above, you can write your own
 For more details: [How to use DNS API](dnsapi)
-# 9. Use DNS manual mode:
+# 8. Use DNS manual mode:
 See: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode first.
 If your dns provider doesn't support any api access, you can add the txt record by your hand.
@@ -376,7 +370,7 @@ Ok, it's done.
 **Please use dns api mode instead.**
-# 10. Issue ECC certificates
+# 9. Issue ECC certificates
 `Let's Encrypt` can now issue **ECDSA** certificates.
@@ -408,17 +402,17 @@ Valid values are:
-# 11. Issue Wildcard certificates
+# 10. Issue Wildcard certificates
 It's simple, just give a wildcard domain as the `-d` parameter.
 ```sh
-acme.sh  --issue -d example.com  -d *.example.com  --dns dns_cf
+acme.sh  --issue -d example.com  -d '*.example.com'  --dns dns_cf
 ```
-# 12. How to renew the certs
+# 11. How to renew the certs
 No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
@@ -435,7 +429,7 @@ acme.sh --renew -d example.com --force --ecc
 ```
-# 13. How to stop cert renewal
+# 12. How to stop cert renewal
 To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:
@@ -448,7 +442,7 @@ The cert/key file is not removed from the disk.
 You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself.
-# 14. How to upgrade `acme.sh`
+# 13. How to upgrade `acme.sh`
 acme.sh is in constant development, so it's strongly recommended to use the latest code.
@@ -473,25 +467,25 @@ acme.sh --upgrade --auto-upgrade 0
 ```
-# 15. Issue a cert from an existing CSR
+# 14. Issue a cert from an existing CSR
 https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
-# 16. Under the Hood
+# 15. Under the Hood
 Speak ACME language using shell, directly to "Let's Encrypt".
 TODO:
-# 17. Acknowledgments
+# 16. Acknowledgments
 1. Acme-tiny: https://github.com/diafygi/acme-tiny
 2. ACME protocol: https://github.com/ietf-wg-acme/acme
-# 18. License & Others
+# 17. License & Others
 License is GPLv3
@@ -500,7 +494,7 @@ Please Star and Fork me.
 [Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
-# 19. Donate
+# 18. Donate
 Your donation makes **acme.sh** better:
 1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
--- a/acme.sh
+++ b/acme.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
-VER=2.7.7
+VER=2.7.9
 PROJECT_NAME="acme.sh"
@@ -47,6 +47,7 @@ DEFAULT_DNS_SLEEP=120
 NO_VALUE="no"
 W_TLS="tls"
 W_DNS="dns"
 DNS_ALIAS_PREFIX="="
 MODE_STATELESS="stateless"
@@ -109,31 +110,35 @@ _STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
 _DNS_ALIAS_WIKI="https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode"
 _DNS_MANUAL_WIKI="https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode"
 _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
 _DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
 _DNS_MANUAL_ERROR="It seems that you are using dns manual mode. Read this link first: $_DNS_MANUAL_WIKI"
 __INTERACTIVE=""
 if [ -t 1 ]; then
  __INTERACTIVE="1"
 fi
 __green() {
-  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
+  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
    printf '\033[1;31;32m'
  fi
  printf -- "%b" "$1"
-  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
+  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
    printf '\033[0m'
  fi
 }
 __red() {
-  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
+  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
    printf '\033[1;31;40m'
  fi
  printf -- "%b" "$1"
-  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
+  if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" -o "${ACME_FORCE_COLOR}" = "1" ]; then
    printf '\033[0m'
  fi
 }
@@ -1602,7 +1607,7 @@ _inithttp() {
 }
-# body  url [needbase64] [POST|PUT] [ContentType]
+# body  url [needbase64] [POST|PUT|DELETE] [ContentType]
 _post() {
  body="$1"
  _post_url="$2"
@@ -1616,6 +1621,7 @@ _post() {
  _debug $httpmethod
  _debug "_post_url" "$_post_url"
  _debug2 "body" "$body"
  _debug2 "_postContentType" "$_postContentType"
  _inithttp
@@ -1624,14 +1630,19 @@ _post() {
    if [ "$HTTPS_INSECURE" ]; then
      _CURL="$_CURL --insecure  "
    fi
    if [ "$_postContentType" ]; then
      _CURL="$_CURL -H \"Content-Type: $_postContentType\" "
    fi
    _debug "_CURL" "$_CURL"
    if [ "$needbase64" ]; then
-      response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
+      if [ "$_postContentType" ]; then
        response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
      else
        response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
      fi
    else
-      response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
+      if [ "$_postContentType" ]; then
        response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
      else
        response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
      fi
    fi
    _ret="$?"
    if [ "$_ret" != "0" ]; then
@@ -1784,19 +1795,25 @@ _send_signed_request() {
    return 1
  fi
  if [ "$ACME_VERSION" = "2" ]; then
    __request_conent_type="$CONTENT_TYPE_JSON"
  else
    __request_conent_type=""
  fi
  payload64=$(printf "%s" "$payload" | _base64 | _url_replace)
  _debug3 payload64 "$payload64"
  MAX_REQUEST_RETRY_TIMES=5
  _request_retry_times=0
  while [ "${_request_retry_times}" -lt "$MAX_REQUEST_RETRY_TIMES" ]; do
    _request_retry_times=$(_math "$_request_retry_times" + 1)
    _debug3 _request_retry_times "$_request_retry_times"
    if [ -z "$_CACHED_NONCE" ]; then
      _headers=""
      if [ "$ACME_NEW_NONCE" ]; then
        _debug2 "Get nonce. ACME_NEW_NONCE" "$ACME_NEW_NONCE"
        nonceurl="$ACME_NEW_NONCE"
-        if _post "" "$nonceurl" "" "HEAD" "$CONTENT_TYPE_JSON"; then
+        if _post "" "$nonceurl" "" "HEAD" "$__request_conent_type"; then
          _headers="$(cat "$HTTP_HEADER")"
        fi
      fi
@@ -1820,7 +1837,11 @@ _send_signed_request() {
    fi
    nonce="$_CACHED_NONCE"
    _debug2 nonce "$nonce"
-
+    if [ -z "$nonce" ]; then
      _info "Could not get nonce, let's try again."
      _sleep 2
      continue
    fi
    if [ "$ACME_VERSION" = "2" ]; then
      if [ "$url" = "$ACME_NEW_ACCOUNT" ] || [ "$url" = "$ACME_REVOKE_CERT" ]; then
        protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2, \"jwk\": $jwk"'}'
@@ -1851,7 +1872,7 @@ _send_signed_request() {
    fi
    _debug3 body "$body"
-    response="$(_post "$body" "$url" "$needbase64" "POST" "$CONTENT_TYPE_JSON")"
+    response="$(_post "$body" "$url" "$needbase64" "POST" "$__request_conent_type")"
    _CACHED_NONCE=""
    if [ "$?" != "0" ]; then
@@ -1876,9 +1897,8 @@ _send_signed_request() {
      _debug3 _body "$_body"
    fi
-    if _contains "$_body" "JWS has invalid anti-replay nonce"; then
+    if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then
      _info "It seems the CA server is busy now, let's wait and retry."
      _request_retry_times=$(_math "$_request_retry_times" + 1)
      _sleep 5
      continue
    fi
@@ -2341,7 +2361,7 @@ _initpath() {
    fi
  fi
-  _debug2 ACME_DIRECTORY "$ACME_DIRECTORY"
+  _debug ACME_DIRECTORY "$ACME_DIRECTORY"
  _ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
  _debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
@@ -2998,6 +3018,8 @@ _on_before_issue() {
  _chk_pre_hook="$4"
  _chk_local_addr="$5"
  _debug _on_before_issue
  _debug _chk_main_domain "$_chk_main_domain"
  _debug _chk_alt_domains "$_chk_alt_domains"
  #run pre hook
  if [ "$_chk_pre_hook" ]; then
    _info "Run pre hook:'$_chk_pre_hook'"
@@ -3018,11 +3040,17 @@ _on_before_issue() {
  _debug Le_LocalAddress "$_chk_local_addr"
  alldomains=$(echo "$_chk_main_domain,$_chk_alt_domains" | tr ',' ' ')
  _index=1
  _currentRoot=""
  _addrIndex=1
-  for d in $alldomains; do
+  _w_index=1
  while true; do
    d="$(echo "$_chk_main_domain,$_chk_alt_domains," | cut -d , -f "$_w_index")"
    _w_index="$(_math "$_w_index" + 1)"
    _debug d "$d"
    if [ -z "$d" ]; then
      break
    fi
    _debug "Check for domain" "$d"
    _currentRoot="$(_getfield "$_chk_web_roots" $_index)"
    _debug "_currentRoot" "$_currentRoot"
@@ -3118,7 +3146,7 @@ _on_issue_err() {
    )
  fi
-  if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "dns"; then
+  if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
    _err "$_DNS_MANUAL_ERR"
  fi
@@ -3154,7 +3182,7 @@ _on_issue_success() {
    fi
  fi
-  if _hasfield "$Le_Webroot" "dns"; then
+  if _hasfield "$Le_Webroot" "$W_DNS"; then
    _err "$_DNS_MANUAL_WARN"
  fi
@@ -3238,10 +3266,16 @@ _regAccount() {
    return 1
  fi
  _debug2 responseHeaders "$responseHeaders"
  _accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")"
  _debug "_accUri" "$_accUri"
  if [ -z "$_accUri" ]; then
    _err "Can not find account id url."
    _err "$responseHeaders"
    return 1
  fi
  _savecaconf "ACCOUNT_URL" "$_accUri"
-  export ACCOUNT_URL="$ACCOUNT_URL"
+  export ACCOUNT_URL="$_accUri"
  CA_KEY_HASH="$(__calcAccountKeyHash)"
  _debug "Calc CA_KEY_HASH" "$CA_KEY_HASH"
@@ -3421,6 +3455,9 @@ issue() {
    _main_domain=$(echo "$2,$3" | cut -d , -f 1)
    _alt_domains=$(echo "$2,$3" | cut -d , -f 2- | sed "s/,${NO_VALUE}$//")
  fi
  _debug _main_domain "$_main_domain"
  _debug _alt_domains "$_alt_domains"
  _key_length="$4"
  _real_cert="$5"
  _real_key="$6"
@@ -3448,6 +3485,11 @@ issue() {
    mkdir -p "$DOMAIN_PATH"
  fi
  if _hasfield "$_web_roots" "$W_DNS" && [ -z "$FORCE_DNS_MANUAL" ]; then
    _err "$_DNS_MANUAL_ERROR"
    return 1
  fi
  _debug "Using ACME_DIRECTORY: $ACME_DIRECTORY"
  _initAPI
@@ -3509,7 +3551,7 @@ issue() {
  _saved_account_key_hash="$(_readcaconf "CA_KEY_HASH")"
  _debug2 _saved_account_key_hash "$_saved_account_key_hash"
-  if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ]; then
+  if [ -z "$ACCOUNT_URL" ] || [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ]; then
    if ! _regAccount "$_accountkeylength"; then
      _on_issue_err "$_post_hook"
      return 1
@@ -3551,10 +3593,15 @@ issue() {
    if [ "$ACME_VERSION" = "2" ]; then
      #make new order request
      _identifiers="{\"type\":\"dns\",\"value\":\"$_main_domain\"}"
-      for d in $(echo "$_alt_domains" | tr ',' ' '); do
+      _w_index=1
-        if [ "$d" ]; then
+      while true; do
-          _identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$d\"}"
+        d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
        _w_index="$(_math "$_w_index" + 1)"
        _debug d "$d"
        if [ -z "$d" ]; then
          break
        fi
        _identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$d\"}"
      done
      _debug2 _identifiers "$_identifiers"
      if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
@@ -3591,6 +3638,8 @@ issue() {
        _debug2 "_authz_url" "$_authz_url"
        if ! response="$(_get "$_authz_url")"; then
          _err "get to authz error."
          _err "_authorizations_seg" "$_authorizations_seg"
          _err "_authz_url" "$_authz_url"
          _clearup
          _on_issue_err "$_post_hook"
          return 1
@@ -3609,10 +3658,16 @@ $_authorizations_map"
      _debug2 _authorizations_map "$_authorizations_map"
    fi
    alldomains=$(echo "$_main_domain,$_alt_domains" | tr ',' ' ')
    _index=0
    _currentRoot=""
-    for d in $alldomains; do
+    _w_index=1
    while true; do
      d="$(echo "$_main_domain,$_alt_domains," | cut -d , -f "$_w_index")"
      _w_index="$(_math "$_w_index" + 1)"
      _debug d "$d"
      if [ -z "$d" ]; then
        break
      fi
      _info "Getting webroot for domain" "$d"
      _index=$(_math $_index + 1)
      _w="$(echo $_web_roots | cut -d , -f $_index)"
@@ -3624,7 +3679,7 @@ $_authorizations_map"
      vtype="$VTYPE_HTTP"
      #todo, v2 wildcard force to use dns
-      if _startswith "$_currentRoot" "dns"; then
+      if _startswith "$_currentRoot" "$W_DNS"; then
        vtype="$VTYPE_DNS"
      fi
@@ -3641,6 +3696,7 @@ $_authorizations_map"
        _debug2 "response" "$response"
        if [ -z "$response" ]; then
          _err "get to authz error."
          _err "_authorizations_map" "$_authorizations_map"
          _clearup
          _on_issue_err "$_post_hook"
          return 1
@@ -3751,6 +3807,10 @@ $_authorizations_map"
        if [ "$d_api" ]; then
          _info "Found domain api file: $d_api"
        else
          if [ "$_currentRoot" != "$W_DNS" ]; then
            _err "Can not find dns api hook for: $_currentRoot"
            _info "You need to add the txt record manually."
          fi
          _info "$(__red "Add the following TXT record:")"
          _info "$(__red "Domain: '$(__green "$txtdomain")'")"
          _info "$(__red "TXT value: '$(__green "$txt")'")"
@@ -3789,7 +3849,7 @@ $_authorizations_map"
    if [ "$dnsadded" = '0' ]; then
      _savedomainconf "Le_Vlist" "$vlist"
      _debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit."
-      _err "Please add the TXT records to the domains, and retry again."
+      _err "Please add the TXT records to the domains, and re-run with --renew."
      _clearup
      _on_issue_err "$_post_hook"
      return 1
@@ -4053,13 +4113,15 @@ $_authorizations_map"
    fi
    if [ "$code" != "200" ]; then
      _err "Sign failed, code is not 200."
      _err "$response"
      _on_issue_err "$_post_hook"
      return 1
    fi
    Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
    if ! _get "$Le_LinkCert" >"$CERT_PATH"; then
-      _err "Sign failed, code is not 200."
+      _err "Sign failed, can not download cert:$Le_LinkCert."
      _err "$response"
      _on_issue_err "$_post_hook"
      return 1
    fi
@@ -4075,12 +4137,12 @@ $_authorizations_map"
    fi
  else
    if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
-      _err "Sign failed."
+      _err "Sign failed. $response"
      _on_issue_err "$_post_hook"
      return 1
    fi
    _rcert="$response"
-    Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)"
+    Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _tail_n 1 | tr -d "\r\n" | cut -d " " -f 2)"
    echo "$BEGIN_CERT" >"$CERT_PATH"
    #if ! _get "$Le_LinkCert" | _base64 "multiline"  >> "$CERT_PATH" ; then
@@ -4151,7 +4213,7 @@ $_authorizations_map"
            echo "$BEGIN_CERT" >"$CA_CERT_PATH"
            _base64 "multiline" <"$CA_CERT_PATH.der" >>"$CA_CERT_PATH"
            echo "$END_CERT" >>"$CA_CERT_PATH"
-            if !_checkcert "$CA_CERT_PATH"; then
+            if ! _checkcert "$CA_CERT_PATH"; then
              _err "Can not get the ca cert."
              break
            fi
@@ -4225,20 +4287,21 @@ $_authorizations_map"
  Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400)
  _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime"
  if ! _on_issue_success "$_post_hook" "$_renew_hook"; then
    _err "Call hook error."
    return 1
  fi
  if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then
    _savedomainconf "Le_RealCertPath" "$_real_cert"
    _savedomainconf "Le_RealCACertPath" "$_real_ca"
    _savedomainconf "Le_RealKeyPath" "$_real_key"
    _savedomainconf "Le_ReloadCmd" "$_reload_cmd"
    _savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
-    _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
+    if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then
      return 1
    fi
  fi
  if ! _on_issue_success "$_post_hook" "$_renew_hook"; then
    _err "Call hook error."
    return 1
  fi
 }
 #domain  [isEcc]
@@ -4264,7 +4327,7 @@ renew() {
  fi
  . "$DOMAIN_CONF"
-
+  _debug Le_API "$Le_API"
  if [ "$Le_API" ]; then
    if [ "$_OLD_CA_HOST" = "$Le_API" ]; then
      export Le_API="$DEFAULT_CA"
@@ -4613,19 +4676,19 @@ _installcert() {
    if [ -f "$_real_cert" ] && [ ! "$IS_RENEW" ]; then
      cp "$_real_cert" "$_backup_path/cert.bak"
    fi
-    cat "$CERT_PATH" >"$_real_cert"
+    cat "$CERT_PATH" >"$_real_cert" || return 1
  fi
  if [ "$_real_ca" ]; then
    _info "Installing CA to:$_real_ca"
    if [ "$_real_ca" = "$_real_cert" ]; then
      echo "" >>"$_real_ca"
-      cat "$CA_CERT_PATH" >>"$_real_ca"
+      cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
    else
      if [ -f "$_real_ca" ] && [ ! "$IS_RENEW" ]; then
        cp "$_real_ca" "$_backup_path/ca.bak"
      fi
-      cat "$CA_CERT_PATH" >"$_real_ca"
+      cat "$CA_CERT_PATH" >"$_real_ca" || return 1
    fi
  fi
@@ -4635,9 +4698,9 @@ _installcert() {
      cp "$_real_key" "$_backup_path/key.bak"
    fi
    if [ -f "$_real_key" ]; then
-      cat "$CERT_KEY_PATH" >"$_real_key"
+      cat "$CERT_KEY_PATH" >"$_real_key" || return 1
    else
-      cat "$CERT_KEY_PATH" >"$_real_key"
+      cat "$CERT_KEY_PATH" >"$_real_key" || return 1
      chmod 600 "$_real_key"
    fi
  fi
@@ -4647,7 +4710,7 @@ _installcert() {
    if [ -f "$_real_fullchain" ] && [ ! "$IS_RENEW" ]; then
      cp "$_real_fullchain" "$_backup_path/fullchain.bak"
    fi
-    cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain"
+    cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
  fi
  if [ "$_reload_cmd" ]; then
@@ -4868,6 +4931,8 @@ _deactivate() {
    _debug2 "authzUri" "$authzUri"
    if ! response="$(_get "$authzUri")"; then
      _err "get to authz error."
      _err "_authorizations_seg" "$_authorizations_seg"
      _err "authzUri" "$authzUri"
      _clearup
      _on_issue_err "$_post_hook"
      return 1
@@ -5424,8 +5489,8 @@ Parameters:
  --cert-home                       Specifies the home dir to save all the certs, only valid for '--install' command.
  --config-home                     Specifies the home dir to save all the configurations.
  --useragent                       Specifies the user agent string. it will be saved for future use too.
-  --accountemail                    Specifies the account email for registering, Only valid for the '--install' command.
+  --accountemail                    Specifies the account email, only valid for the '--install' and '--update-account' command.
-  --accountkey                      Specifies the account key path, Only valid for the '--install' command.
+  --accountkey                      Specifies the account key path, only valid for the '--install' command.
  --days                            Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
  --httpport                        Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
  --local-address                   Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
@@ -5436,6 +5501,7 @@ Parameters:
  --ca-path                         Specifies directory containing CA certificates in PEM format, used by wget or curl.
  --nocron                          Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
  --no-color                        Do not output color text.
  --force-color                     Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
  --ecc                             Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
  --csr                             Specifies the input csr.
  --pre-hook                        Command to be run before obtaining any certificates.
@@ -5449,6 +5515,8 @@ Parameters:
  --listen-v6                       Force standalone/tls server to listen at ipv6.
  --openssl-bin                     Specifies a custom openssl bin location.
  --use-wget                        Force to use wget, if you have both curl and wget installed.
  --yes-I-know-dns-manual-mode-enough-go-ahead-please  Force to use dns manual mode: $_DNS_MANUAL_WIKI
  --branch, -b                      Only valid for '--upgrade' command, specifies the branch name to upgrade to.
  "
 }
@@ -5779,7 +5847,7 @@ _process() {
        fi
        ;;
      --dns)
-        wvalue="dns"
+        wvalue="$W_DNS"
        if [ "$2" ] && ! _startswith "$2" "-"; then
          wvalue="$2"
          shift
@@ -5899,6 +5967,9 @@ _process() {
      --no-color)
        export ACME_NO_COLOR=1
        ;;
      --force-color)
        export ACME_FORCE_COLOR=1
        ;;
      --ecc)
        _ecc="isEcc"
        ;;
@@ -5937,6 +6008,9 @@ _process() {
          shift
        fi
        ;;
      --yes-I-know-dns-manual-mode-enough-go-ahead-please)
        export FORCE_DNS_MANUAL=1
        ;;
      --log | --logfile)
        _log="1"
        _logfile="$2"
@@ -5990,6 +6064,10 @@ _process() {
        _use_wget="1"
        ACME_USE_WGET="1"
        ;;
      --branch | -b)
        export BRANCH="$2"
        shift
        ;;
      *)
        _err "Unknown parameter : $1"
        return 1
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -255,3 +255,23 @@ acme.sh --deploy -d fritzbox.example.com --deploy-hook fritzbox
 ```sh
 acme.sh --deploy -d ftp.example.com --deploy-hook strongswan
 ```
 ## 10. Deploy the cert to HAProxy
 You must specify the path where you want the concatenated key and certificate chain written.
 ```sh
 export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy
 ```
 You may optionally define the command to reload HAProxy. The value shown below will be used as the default if you don't set this environment variable.
 ```sh
 export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
 ```
 You can then deploy the certificate as follows
 ```sh
 acme.sh --deploy -d haproxy.example.com --deploy-hook haproxy
 ```
 The path for the PEM file will be stored with the domain configuration and will be available when renewing, so that deploy will happen automatically when renewed.
--- a/deploy/cpanel_uapi.sh
+++ b/deploy/cpanel_uapi.sh
@@ -2,8 +2,12 @@
 # Here is the script to deploy the cert to your cpanel using the cpanel API.
 # Uses command line uapi.  --user option is needed only if run as root.
 # Returns 0 when success.
-# Written by Santeri Kannisto <santeri.kannisto@2globalnomads.info>
+#
-# Public domain, 2017
+# Please note that I am no longer using Github. If you want to report an issue
 # or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
 #
 # Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
 # Public domain, 2017-2018
 #export DEPLOY_CPANEL_USER=myusername
@@ -28,15 +32,9 @@ cpanel_uapi_deploy() {
    _err "The command uapi is not found."
    return 1
  fi
  if ! _exists php; then
    _err "The command php is not found."
    return 1
  fi
  # read cert and key files and urlencode both
-  _certstr=$(cat "$_ccert")
+  _cert=$(_url_encode <"$_ccert")
-  _keystr=$(cat "$_ckey")
+  _key=$(_url_encode <"$_ckey")
  _cert=$(php -r "echo urlencode(\"$_certstr\");")
  _key=$(php -r "echo urlencode(\"$_keystr\");")
  _debug _cert "$_cert"
  _debug _key "$_key"
--- a/deploy/haproxy.sh
+++ b/deploy/haproxy.sh
@@ -20,7 +20,39 @@ haproxy_deploy() {
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"
-  _err "deploy cert to haproxy server, Not implemented yet"
+  # handle reload preference
-  return 1
+  DEFAULT_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
  if [ -z "${DEPLOY_HAPROXY_RELOAD}" ]; then
    _reload="${DEFAULT_HAPROXY_RELOAD}"
    _cleardomainconf DEPLOY_HAPROXY_RELOAD
  else
    _reload="${DEPLOY_HAPROXY_RELOAD}"
    _savedomainconf DEPLOY_HAPROXY_RELOAD "$DEPLOY_HAPROXY_RELOAD"
  fi
  _savedomainconf DEPLOY_HAPROXY_PEM_PATH "$DEPLOY_HAPROXY_PEM_PATH"
  # work out the path where the PEM file should go
  _pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
  if [ -z "$_pem_path" ]; then
    _err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
    return 1
  fi
  _pem_full_path="$_pem_path/$_cdomain.pem"
  _info "Full path to PEM $_pem_full_path"
  # combine the key and fullchain into a single pem and install
  cat "$_cfullchain" "$_ckey" >"$_pem_full_path"
  chmod 600 "$_pem_full_path"
  _info "Certificate successfully deployed"
  # restart HAProxy
  _info "Run reload: $_reload"
  if eval "$_reload"; then
    _info "Reload success!"
    return 0
  else
    _err "Reload error"
    return 1
  fi
 }
--- a/deploy/keychain.sh
+++ b/deploy/keychain.sh
@@ -1,11 +1,5 @@
 #!/usr/bin/env sh
 #Here is a sample custom api script.
 #This file name is "myapi.sh"
 #So, here must be a method   myapi_deploy()
 #Which will be called by acme.sh to deploy the cert
 #returns 0 means success, otherwise error.
 ########  Public functions #####################
 #domain keyfile certfile cafile fullchain
--- a/deploy/vault_cli.sh
+++ b/deploy/vault_cli.sh
@@ -51,6 +51,7 @@ vault_cli_deploy() {
  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
  $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
 }
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@@ -1,5 +1,9 @@
 # How to use DNS API
 If your dns provider doesn't provide api access, you can use our dns alias mode: 
 https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
 ## 1. Use CloudFlare domain API to automatically issue cert
 First you need to login to your CloudFlare account to get your API key.
@@ -325,6 +329,8 @@ The `CY_Username`, `CY_Password` and `CY_OTP_Secret` will be saved in `~/.acme.s
 ## 17. Use Domain-Offensive/Resellerinterface/Domainrobot API
 ATTENTION: You need to be a registered Reseller to be able to use the ResellerInterface. As a normal user you can not use this method.
 You will need your login credentials (Partner ID+Password) to the Resellerinterface, and export them before you run `acme.sh`:
 ```
 export DO_PID="KD-1234567"
@@ -525,8 +531,9 @@ For issues, please report to https://github.com/raidenii/acme.sh/issues.
 ## 28. Use Name.com API
-You'll need to fill out the form at https://www.name.com/reseller/apply to apply
+Create your API token here: https://www.name.com/account/settings/api
-for API username and token.
+
 Note: `Namecom_Username` should be your Name.com username and not the token name.  If you accidentally run the script with the token name as the username see `~/.acme.sh/account.conf` to fix the issue
 ```
 export Namecom_Username="testuser"
@@ -638,6 +645,14 @@ acme.sh --issue --dns dns_inwx -d example.com -d www.example.com
 The `INWX_User` and `INWX_Password` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 If your account is secured by mobile tan you have also defined the shared secret.
 ```
 export INWX_Shared_Secret="shared secret"
 ```
 You may need to re-enable the mobile tan to gain the shared secret.
 ## 34. User Servercow API v1
 Create a new user from the servercow control center. Don't forget to activate **DNS API** for this user.
@@ -750,7 +765,7 @@ DNS API keys may be created at https://panel.dreamhost.com/?tree=home.api.
 Ensure the created key has add and remove privelages.
 ```
-export DH_API_Key="<api key>"
+export DH_API_KEY="<api key>"
 acme.sh --issue --dns dns_dreamhost -d example.com -d www.example.com
 ```
@@ -784,7 +799,104 @@ acme.sh --issue --dns dns_da -d example.com -d www.example.com
 The `DA_Api` and `DA_Api_Insecure` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 42. Use KingHost DNS API
 API access must be enabled at https://painel.kinghost.com.br/painel.api.php
 ```
 export KINGHOST_Username="yourusername"
 export KINGHOST_Password="yourpassword"
 acme.sh --issue --dns dns_kinghost -d example.com -d *.example.com
 ```
 The `KINGHOST_username` and `KINGHOST_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 43. Use Zilore DNS API
 First, get your API key at https://my.zilore.com/account/api
 ```
 export Zilore_Key="5dcad3a2-36cb-50e8-cb92-000002f9"
 ```
 Ok, let's issue a cert now:
 ```
 acme.sh --issue --dns dns_zilore -d example.com -d *.example.com
 ```
 The `Zilore_Key` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 44. Use Loopia.se API
 User must provide login credentials to the Loopia API.
 The user needs the following permissions:
 - addSubdomain
 - updateZoneRecord
 - getDomains
 - removeSubdomain
 Set the login credentials:
 ```
 export LOOPIA_User="user@loopiaapi"
 export LOOPIA_Password="password"
 ```
 And to issue a cert:
 ```
 acme.sh --issue --dns dns_loopia -d example.com -d *.example.com
 ```
 The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 45. Use ACME DNS API
 ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely. 
 https://github.com/joohoi/acme-dns
 ```
 export ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update"
 export ACMEDNS_USERNAME="<username>"
 export ACMEDNS_PASSWORD="<password>"
 export ACMEDNS_SUBDOMAIN="<subdomain>"
 acme.sh --issue --dns dns_acmedns -d example.com -d www.example.com
 ```
 The credentials will be saved in `~/.acme.sh/account.conf` and will
 be reused when needed.
 ## 46. Use TELE3 API
 First you need to login to your TELE3 account to set your API-KEY.
 https://www.tele3.cz/system-acme-api.html
 ```
 export TELE3_Key="MS2I4uPPaI..."
 export TELE3_Secret="kjhOIHGJKHg"
 acme.sh --issue --dns dns_tele3 -d example.com -d *.example.com
 ```
 The TELE3_Key and TELE3_Secret will be saved in ~/.acme.sh/account.conf and will be reused when needed.
 ## 47. Use Euserv.eu API
 First you need to login to your euserv.eu account and activate your API Administration (API Verwaltung).
 [https://support.euserv.com](https://support.euserv.com)
 Once you've activate, login to your API Admin Interface and create an API account.
 Please specify the scope (active groups: domain) and assign the allowed IPs.
 ```
 export EUSERV_Username="99999.user123"
 export EUSERV_Password="Asbe54gHde"
 ```
 Ok, let's issue a cert now: (Be aware to use the `--insecure` flag, cause euserv.eu is still using self-signed certificates!)
 ```
 acme.sh --issue --dns dns_euserv -d example.com -d *.example.com --insecure
 ```
 The `EUSERV_Username` and `EUSERV_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 Please report any issues to https://github.com/initit/acme.sh or to <github@initit.de>
 # Use custom API
 If your API is not supported yet, you can write your own DNS API.
@@ -805,4 +917,4 @@ See:  https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
 # Use lexicon DNS API
-https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
+https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
--- a/dnsapi/dns_acmedns.sh
+++ b/dnsapi/dns_acmedns.sh
@@ -0,0 +1,55 @@
 #!/usr/bin/env sh
 #
 #Author: Wolfgang Ebner
 #Report Bugs here: https://github.com/webner/acme.sh
 #
 ########  Public functions #####################
 #Usage: dns_acmedns_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_acmedns_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using acme-dns"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  ACMEDNS_UPDATE_URL="${ACMEDNS_UPDATE_URL:-$(_readaccountconf_mutable ACMEDNS_UPDATE_URL)}"
  ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readaccountconf_mutable ACMEDNS_USERNAME)}"
  ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readaccountconf_mutable ACMEDNS_PASSWORD)}"
  ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readaccountconf_mutable ACMEDNS_SUBDOMAIN)}"
  if [ "$ACMEDNS_UPDATE_URL" = "" ]; then
    ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update"
  fi
  _saveaccountconf_mutable ACMEDNS_UPDATE_URL "$ACMEDNS_UPDATE_URL"
  _saveaccountconf_mutable ACMEDNS_USERNAME "$ACMEDNS_USERNAME"
  _saveaccountconf_mutable ACMEDNS_PASSWORD "$ACMEDNS_PASSWORD"
  _saveaccountconf_mutable ACMEDNS_SUBDOMAIN "$ACMEDNS_SUBDOMAIN"
  export _H1="X-Api-User: $ACMEDNS_USERNAME"
  export _H2="X-Api-Key: $ACMEDNS_PASSWORD"
  data="{\"subdomain\":\"$ACMEDNS_SUBDOMAIN\", \"txt\": \"$txtvalue\"}"
  _debug data "$data"
  response="$(_post "$data" "$ACMEDNS_UPDATE_URL" "" "POST")"
  _debug response "$response"
  if ! echo "$response" | grep "\"$txtvalue\"" >/dev/null; then
    _err "invalid response of acme-dns"
    return 1
  fi
 }
 #Usage: fulldomain txtvalue
 #Remove the txt record after validation.
 dns_acmedns_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Using acme-dns"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
 }
 ####################  Private functions below ##################################
--- a/dnsapi/dns_azure.sh
+++ b/dnsapi/dns_azure.sh
@@ -76,10 +76,10 @@ dns_azure_add() {
  values="{\"value\":[\"$txtvalue\"]}"
  timestamp="$(_time)"
  if [ "$_code" = "200" ]; then
-    vlist="$(echo "$response" | _egrep_o "\"value\"\s*:\s*\[\s*\"[^\"]*\"\s*]" | cut -d : -f 2 | tr -d "[]\"")"
+    vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"")"
    _debug "existing TXT found"
    _debug "$vlist"
-    existingts="$(echo "$response" | _egrep_o "\"acmetscheck\"\s*:\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")"
+    existingts="$(echo "$response" | _egrep_o "\"acmetscheck\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")"
    if [ -z "$existingts" ]; then
      # the record was not created by acme.sh. Copy the exisiting entires
      existingts=$timestamp
@@ -99,6 +99,7 @@ dns_azure_add() {
  _azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
  if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
    _info "validation value added"
    return 0
  else
    _err "error adding validation value ($_code)"
    return 1
@@ -171,7 +172,7 @@ dns_azure_rm() {
  _azure_rest GET "$acmeRecordURI" "" "$accesstoken"
  timestamp="$(_time)"
  if [ "$_code" = "200" ]; then
-    vlist="$(echo "$response" | _egrep_o "\"value\"\s*:\s*\[\s*\"[^\"]*\"\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v "$txtvalue")"
+    vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v "$txtvalue")"
    values=""
    comma=""
    for v in $vlist; do
@@ -194,6 +195,7 @@ dns_azure_rm() {
      _azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
      if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
        _info "validation value removed"
        return 0
      else
        _err "error removing validation value ($_code)"
        return 1
@@ -226,8 +228,9 @@ _azure_rest() {
    else
      response="$(_get "$ep")"
    fi
    _ret="$?"
    _secure_debug2 "response $response"
-    _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
+    _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
    _debug "http response code $_code"
    if [ "$_code" = "401" ]; then
      # we have an invalid access token set to expired
@@ -236,7 +239,7 @@ _azure_rest() {
      return 1
    fi
    # See https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes
-    if [ "$?" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
+    if [ "$_ret" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
      _request_retry_times="$(_math "$_request_retry_times" + 1)"
      _info "REST call error $_code retrying $ep in $_request_retry_times s"
      _sleep "$_request_retry_times"
@@ -281,6 +284,7 @@ _azure_getaccess_token() {
  body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials"
  _secure_debug2 "data $body"
  response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")"
  _ret="$?"
  _secure_debug2 "response $response"
  response="$(echo "$response" | _normalizeJson)"
  accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
@@ -290,7 +294,7 @@ _azure_getaccess_token() {
    _err "no acccess token received. Check your Azure settings see $WIKI"
    return 1
  fi
-  if [ "$?" != "0" ]; then
+  if [ "$_ret" != "0" ]; then
    _err "error $response"
    return 1
  fi
@@ -304,7 +308,7 @@ _get_root() {
  domain=$1
  subscriptionId=$2
  accesstoken=$3
-  i=2
+  i=1
  p=1
  ## Ref: https://docs.microsoft.com/en-us/rest/api/dns/zones/list
@@ -324,9 +328,14 @@ _get_root() {
    fi
    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
-      _domain_id=$(echo "$response" | _egrep_o "\{\"id\":\"[^\"]*$h\"" | head -n 1 | cut -d : -f 2 | tr -d \")
+      _domain_id=$(echo "$response" | _egrep_o "\\{\"id\":\"[^\"]*$h\"" | head -n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        if [ "$i" = 1 ]; then
          #create the record at the domain apex (@) if only the domain name was provided as --domain-alias
          _sub_domain="@"
        else
          _sub_domain=$(echo "$domain" | cut -d . -f 1-$p)
        fi
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@@ -19,8 +19,8 @@ dns_cf_add() {
  if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
    CF_Key=""
    CF_Email=""
-    _err "You don't specify cloudflare api key and email yet."
+    _err "You didn't specify a cloudflare api key and email yet."
-    _err "Please create you key and try again."
+    _err "Please create the key and try again."
    return 1
  fi
@@ -94,8 +94,8 @@ dns_cf_rm() {
  if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
    CF_Key=""
    CF_Email=""
-    _err "You don't specify cloudflare api key and email yet."
+    _err "You didn't specify a cloudflare api key and email yet."
-    _err "Please create you key and try again."
+    _err "Please create the key and try again."
    return 1
  fi
--- a/dnsapi/dns_dgon.sh
+++ b/dnsapi/dns_dgon.sh
@@ -20,12 +20,22 @@
 dns_dgon_add() {
  fulldomain="$(echo "$1" | _lower_case)"
  txtvalue=$2
  DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
  # Check if API Key Exist
  if [ -z "$DO_API_KEY" ]; then
    DO_API_KEY=""
    _err "You did not specify DigitalOcean API key."
    _err "Please export DO_API_KEY and try again."
    return 1
  fi
  _info "Using digitalocean dns validation - add record"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  ## save the env vars (key and domain split location) for later automated use
-  _saveaccountconf DO_API_KEY "$DO_API_KEY"
+  _saveaccountconf_mutable DO_API_KEY "$DO_API_KEY"
  ## split the domain for DO API
  if ! _get_base_domain "$fulldomain"; then
@@ -39,7 +49,7 @@ dns_dgon_add() {
  export _H1="Content-Type: application/json"
  export _H2="Authorization: Bearer $DO_API_KEY"
  PURL='https://api.digitalocean.com/v2/domains/'$_domain'/records'
-  PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'"}'
+  PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'","ttl":120}'
  _debug PURL "$PURL"
  _debug PBODY "$PBODY"
@@ -65,6 +75,16 @@ dns_dgon_add() {
 dns_dgon_rm() {
  fulldomain="$(echo "$1" | _lower_case)"
  txtvalue=$2
  DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
  # Check if API Key Exist
  if [ -z "$DO_API_KEY" ]; then
    DO_API_KEY=""
    _err "You did not specify DigitalOcean API key."
    _err "Please export DO_API_KEY and try again."
    return 1
  fi
  _info "Using digitalocean dns validation - remove record"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
@@ -92,11 +112,11 @@ dns_dgon_rm() {
    domain_list="$(_get "$GURL")"
    ## 2) find record
    ## check for what we are looing for: "type":"A","name":"$_sub_domain"
-    record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*\d+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
+    record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
    ## 3) check record and get next page
    if [ -z "$record" ]; then
      ## find the next page if we dont have a match
-      nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=\d+")"
+      nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=[0-9]+")"
      if [ -z "$nextpage" ]; then
        _err "no record and no nextpage in digital ocean DNS removal"
        return 1
@@ -108,7 +128,7 @@ dns_dgon_rm() {
  done
  ## we found the record
-  rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*\d+" | _egrep_o "\d+")"
+  rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
  _debug rec_id "$rec_id"
  ## delete the record
--- a/dnsapi/dns_dnsimple.sh
+++ b/dnsapi/dns_dnsimple.sh
@@ -39,34 +39,17 @@ dns_dnsimple_add() {
  _get_records "$_account_id" "$_domain" "$_sub_domain"
-  if [ "$_records_count" = "0" ]; then
+  _info "Adding record"
-    _info "Adding record"
+  if _dnsimple_rest POST "$_account_id/zones/$_domain/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
-    if _dnsimple_rest POST "$_account_id/zones/$_domain/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
+    if printf -- "%s" "$response" | grep "\"name\":\"$_sub_domain\"" >/dev/null; then
-      if printf -- "%s" "$response" | grep "\"name\":\"$_sub_domain\"" >/dev/null; then
+      _info "Added"
        _info "Added"
        return 0
      else
        _err "Unexpected response while adding text record."
        return 1
      fi
    fi
    _err "Add txt record error."
  else
    _info "Updating record"
    _extract_record_id "$_records" "$_sub_domain"
    if _dnsimple_rest \
      PATCH \
      "$_account_id/zones/$_domain/records/$_record_id" \
      "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
      _info "Updated!"
      return 0
    else
      _err "Unexpected response while adding text record."
      return 1
    fi
    _err "Update error"
    return 1
  fi
  _err "Add txt record error."
 }
 # fulldomain
@@ -84,19 +67,19 @@ dns_dnsimple_rm() {
  fi
  _get_records "$_account_id" "$_domain" "$_sub_domain"
  _extract_record_id "$_records" "$_sub_domain"
  if [ "$_record_id" ]; then
-
+    echo "$_record_id" | while read -r item; do
-    if _dnsimple_rest DELETE "$_account_id/zones/$_domain/records/$_record_id"; then
+      if _dnsimple_rest DELETE "$_account_id/zones/$_domain/records/$item"; then
-      _info "removed record" "$_record_id"
+        _info "removed record" "$item"
-      return 0
+        return 0
-    fi
+      else
        _err "failed to remove record" "$item"
        return 1
      fi
    done
  fi
  _err "failed to remove record" "$_record_id"
  return 1
 }
 ####################  Private functions bellow ##################################
--- a/dnsapi/dns_euserv.sh
+++ b/dnsapi/dns_euserv.sh
@@ -0,0 +1,358 @@
 #!/usr/bin/env sh
 #This is the euserv.eu api wrapper for acme.sh
 #
 #Author: Michael Brueckner
 #Report Bugs: https://www.github.com/initit/acme.sh  or  mbr@initit.de
 #
 #EUSERV_Username="username"
 #
 #EUSERV_Password="password"
 #
 # Dependencies:
 # -------------
 # - none -
 EUSERV_Api="https://api.euserv.net"
 ########  Public functions #####################
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_euserv_add() {
  fulldomain="$(echo "$1" | _lower_case)"
  txtvalue=$2
  EUSERV_Username="${EUSERV_Username:-$(_readaccountconf_mutable EUSERV_Username)}"
  EUSERV_Password="${EUSERV_Password:-$(_readaccountconf_mutable EUSERV_Password)}"
  if [ -z "$EUSERV_Username" ] || [ -z "$EUSERV_Password" ]; then
    EUSERV_Username=""
    EUSERV_Password=""
    _err "You don't specify euserv user and password yet."
    _err "Please create your key and try again."
    return 1
  fi
  #save the user and email to the account conf file.
  _saveaccountconf_mutable EUSERV_Username "$EUSERV_Username"
  _saveaccountconf_mutable EUSERV_Password "$EUSERV_Password"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug "_sub_domain" "$_sub_domain"
  _debug "_domain" "$_domain"
  _info "Adding record"
  if ! _euserv_add_record "$_domain" "$_sub_domain" "$txtvalue"; then
    return 1
  fi
 }
 #fulldomain txtvalue
 dns_euserv_rm() {
  fulldomain="$(echo "$1" | _lower_case)"
  txtvalue=$2
  EUSERV_Username="${EUSERV_Username:-$(_readaccountconf_mutable EUSERV_Username)}"
  EUSERV_Password="${EUSERV_Password:-$(_readaccountconf_mutable EUSERV_Password)}"
  if [ -z "$EUSERV_Username" ] || [ -z "$EUSERV_Password" ]; then
    EUSERV_Username=""
    EUSERV_Password=""
    _err "You don't specify euserv user and password yet."
    _err "Please create your key and try again."
    return 1
  fi
  #save the user and email to the account conf file.
  _saveaccountconf_mutable EUSERV_Username "$EUSERV_Username"
  _saveaccountconf_mutable EUSERV_Password "$EUSERV_Password"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug "_sub_domain" "$_sub_domain"
  _debug "_domain" "$_domain"
  _debug "Getting txt records"
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
    <methodName>domain.dns_get_active_records</methodName>
    <params>
      <param>
       <value>
         <struct>
           <member>
             <name>login</name>
             <value>
               <string>%s</string>
             </value>
            </member>
            <member>
              <name>password</name>
              <value>
                <string>%s</string>
              </value>
            </member>
            <member>
              <name>domain_id</name>
              <value>
                <int>%s</int>
              </value>
            </member>
          </struct>
        </value>
      </param>
    </params>
  </methodCall>' "$EUSERV_Username" "$EUSERV_Password" "$_euserv_domain_id")
  export _H1="Content-Type: text/xml"
  response="$(_post "$xml_content" "$EUSERV_Api" "" "POST")"
  if ! _contains "$response" "<member><name>status</name><value><i4>100</i4></value></member>"; then
    _err "Error could not get txt records"
    _debug "xml_content" "$xml_content"
    _debug "response" "$response"
    return 1
  fi
  if ! echo "$response" | grep '>dns_record_content<.*>'"$txtvalue"'<' >/dev/null; then
    _info "Do not need to delete record"
  else
    # find XML block where txtvalue is in. The record_id is allways prior this line!
    _endLine=$(echo "$response" | grep -n '>dns_record_content<.*>'"$txtvalue"'<' | cut -d ':' -f 1)
    # record_id is the last <name> Tag with a number before the row _endLine, identified by </name><value><struct> 
    _record_id=$(echo "$response" | sed -n '1,'"$_endLine"'p' | grep '</name><value><struct>' | _tail_n 1 | sed 's/.*<name>\([0-9]*\)<\/name>.*/\1/')
    _info "Deleting record"
    _euserv_delete_record "$_record_id"
  fi
 }
 ####################  Private functions below ##################################
 _get_root() {
  domain=$1
  _debug "get root"
  # Just to read the domain_orders once
  domain=$1
  i=2
  p=1
  if ! _euserv_get_domain_orders; then
    return 1
  fi
  # Get saved response with domain_orders
  response="$_euserv_domain_orders"
  while true; do
    h=$(echo "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if _contains "$response" "$h"; then
      _sub_domain=$(echo "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      if ! _euserv_get_domain_id "$_domain"; then
        _err "invalid domain"
        return 1
      fi
      return 0
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 _euserv_get_domain_orders() {
  # returns: _euserv_domain_orders
  _debug "get domain_orders"
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
    <methodName>domain.get_domain_orders</methodName>
    <params>
      <param>
        <value>
          <struct>
            <member>
              <name>login</name>
              <value><string>%s</string></value>
            </member>
            <member>
              <name>password</name>
              <value><string>%s</string></value>
            </member>
          </struct>
        </value>
      </param>
    </params>
  </methodCall>' "$EUSERV_Username" "$EUSERV_Password")
  export _H1="Content-Type: text/xml"
  response="$(_post "$xml_content" "$EUSERV_Api" "" "POST")"
  if ! _contains "$response" "<member><name>status</name><value><i4>100</i4></value></member>"; then
    _err "Error could not get domain orders"
    _debug "xml_content" "$xml_content"
    _debug "response" "$response"
    return 1
  fi
  # save response to reduce API calls
  _euserv_domain_orders="$response"
  return 0
 }
 _euserv_get_domain_id() {
  # returns: _euserv_domain_id
  domain=$1
  _debug "get domain_id"
  # find line where the domain name is within the $response
  _startLine=$(echo "$_euserv_domain_orders" | grep -n '>domain_name<.*>'"$domain"'<' | cut -d ':' -f 1)
  # next occurency of domain_id after the domain_name is the correct one
  _euserv_domain_id=$(echo "$_euserv_domain_orders" | sed -n "$_startLine"',$p' | grep '>domain_id<' | _head_n 1 | sed 's/.*<i4>\([0-9]*\)<\/i4>.*/\1/')
  if [ -z "$_euserv_domain_id" ]; then
    _err "Could not find domain_id for domain $domain"
    _debug "_euserv_domain_orders" "$_euserv_domain_orders"
    return 1
  fi
  return 0
 }
 _euserv_delete_record() {
  record_id=$1
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
    <methodName>domain.dns_delete_record</methodName>
    <params>
      <param>
       <value>
         <struct>
           <member>
             <name>login</name>
             <value>
               <string>%s</string>
             </value>
            </member>
            <member>
              <name>password</name>
              <value>
                <string>%s</string>
              </value>
            </member>
            <member>
              <name>dns_record_id</name>
              <value>
                <int>%s</int>
              </value>
            </member>
          </struct>
        </value>
      </param>
    </params>
  </methodCall>' "$EUSERV_Username" "$EUSERV_Password" "$record_id")
  export _H1="Content-Type: text/xml"
  response="$(_post "$xml_content" "$EUSERV_Api" "" "POST")"
  if ! _contains "$response" "<member><name>status</name><value><i4>100</i4></value></member>"; then
    _err "Error deleting record"
    _debug "xml_content" "$xml_content"
    _debug "response" "$response"
    return 1
  fi
  return 0
 }
 _euserv_add_record() {
  domain=$1
  sub_domain=$2
  txtval=$3
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>domain.dns_create_record</methodName>
  <params>
   <param>
    <value>
     <struct>
      <member>
       <name>login</name>
       <value>
        <string>%s</string>
       </value>
      </member>
      <member>
       <name>password</name>
       <value>
        <string>%s</string></value>
      </member>
      <member>
       <name>domain_id</name>
       <value>
        <int>%s</int>
       </value>
      </member>
      <member>
       <name>dns_record_subdomain</name>
       <value>
        <string>%s</string>
       </value>
      </member>
      <member>
       <name>dns_record_type</name>
       <value>
        <string>TXT</string>
       </value>
      </member>
      <member>
       <name>dns_record_value</name>
       <value>
        <string>%s</string>
       </value>
      </member>
      <member>
       <name>dns_record_ttl</name>
       <value>
        <int>300</int>
       </value>
      </member>
     </struct>
    </value>
   </param>
  </params>
  </methodCall>' "$EUSERV_Username" "$EUSERV_Password" "$_euserv_domain_id" "$sub_domain" "$txtval")
  export _H1="Content-Type: text/xml"
  response="$(_post "$xml_content" "$EUSERV_Api" "" "POST")"
  if ! _contains "$response" "<member><name>status</name><value><i4>100</i4></value></member>"; then
    _err "Error could not create record"
    _debug "xml_content" "$xml_content"
    _debug "response" "$response"
    return 1
  fi
  return 0
 }
--- a/dnsapi/dns_freedns.sh
+++ b/dnsapi/dns_freedns.sh
@@ -279,7 +279,7 @@ _freedns_add_txt_record() {
  domain_id="$2"
  subdomain="$3"
  value="$(printf '%s' "$4" | _url_encode)"
-  url="http://freedns.afraid.org/subdomain/save.php?step=2"
+  url="https://freedns.afraid.org/subdomain/save.php?step=2"
  htmlpage="$(_post "type=TXT&domain_id=$domain_id&subdomain=$subdomain&address=%22$value%22&send=Save%21" "$url")"
--- a/dnsapi/dns_gd.sh
+++ b/dnsapi/dns_gd.sh
@@ -59,19 +59,13 @@ dns_gd_add() {
  _info "Adding record"
  if _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[$_add_data]"; then
-    if [ "$response" = "{}" ]; then
+    _info "Added, sleeping 10 seconds"
-      _info "Added, sleeping 10 seconds"
+    _sleep 10
-      _sleep 10
+    #todo: check if the record takes effect
-      #todo: check if the record takes effect
+    return 0
      return 0
    else
      _err "Add txt record error."
      _err "$response"
      return 1
    fi
  fi
  _err "Add txt record error."
-
+  return 1
 }
 #fulldomain
@@ -174,5 +168,9 @@ _gd_rest() {
    return 1
  fi
  _debug2 response "$response"
  if _contains "$response" "UNABLE_TO_AUTHENTICATE"; then
    _err "It seems that your api key or secret is not correct."
    return 1
  fi
  return 0
 }
--- a/dnsapi/dns_he.sh
+++ b/dnsapi/dns_he.sh
@@ -33,8 +33,9 @@ dns_he_add() {
  # Fills in the $_zone_id
  _find_zone "$_full_domain" || return 1
  _debug "Zone id \"$_zone_id\" will be used."
-
+  username_encoded="$(printf "%s" "${HE_Username}" | _url_encode)"
-  body="email=${HE_Username}&pass=${HE_Password}"
+  password_encoded="$(printf "%s" "${HE_Password}" | _url_encode)"
  body="email=${username_encoded}&pass=${password_encoded}"
  body="$body&account="
  body="$body&menu=edit_zone"
  body="$body&Type=TXT"
@@ -71,7 +72,9 @@ dns_he_rm() {
  _debug "Zone id \"$_zone_id\" will be used."
  # Find the record id to clean
-  body="email=${HE_Username}&pass=${HE_Password}"
+  username_encoded="$(printf "%s" "${HE_Username}" | _url_encode)"
  password_encoded="$(printf "%s" "${HE_Password}" | _url_encode)"
  body="email=${username_encoded}&pass=${password_encoded}"
  body="$body&hosted_dns_zoneid=$_zone_id"
  body="$body&menu=edit_zone"
  body="$body&hosted_dns_editzone="
@@ -112,9 +115,15 @@ dns_he_rm() {
 _find_zone() {
  _domain="$1"
-  body="email=${HE_Username}&pass=${HE_Password}"
+  username_encoded="$(printf "%s" "${HE_Username}" | _url_encode)"
  password_encoded="$(printf "%s" "${HE_Password}" | _url_encode)"
  body="email=${username_encoded}&pass=${password_encoded}"
  response="$(_post "$body" "https://dns.he.net/")"
  _debug2 response "$response"
  if _contains "$response" '>Incorrect<'; then
    _err "Unable to login to dns.he.net please check username and password"
    return 1
  fi
  _table="$(echo "$response" | tr -d "#" | sed "s/<table/#<table/g" | tr -d "\n" | tr "#" "\n" | grep 'id="domains_table"')"
  _debug2 _table "$_table"
  _matches="$(echo "$_table" | sed "s/<tr/#<tr/g" | tr "#" "\n" | grep 'alt="edit"' | tr -d " " | sed "s/<td/#<td/g" | tr "#" "\n" | grep 'hosted_dns_zoneid')"
@@ -143,7 +152,7 @@ _find_zone() {
    _debug "Looking for zone \"${_attempted_zone}\""
-    line_num="$(echo "$_zone_names" | grep -n "$_attempted_zone" | cut -d : -f 1)"
+    line_num="$(echo "$_zone_names" | grep -n "^$_attempted_zone" | cut -d : -f 1)"
    if [ "$line_num" ]; then
      _zone_id=$(echo "$_zone_ids" | sed -n "${line_num}p")
--- a/dnsapi/dns_inwx.sh
+++ b/dnsapi/dns_inwx.sh
@@ -4,6 +4,10 @@
 #INWX_User="username"
 #
 #INWX_Password="password"
 #
 # Dependencies:
 # -------------
 # - oathtool (When using 2 Factor Authentication)
 INWX_Api="https://api.domrobot.com/xmlrpc/"
@@ -16,6 +20,7 @@ dns_inwx_add() {
  INWX_User="${INWX_User:-$(_readaccountconf_mutable INWX_User)}"
  INWX_Password="${INWX_Password:-$(_readaccountconf_mutable INWX_Password)}"
  INWX_Shared_Secret="${INWX_Shared_Secret:-$(_readaccountconf_mutable INWX_Shared_Secret)}"
  if [ -z "$INWX_User" ] || [ -z "$INWX_Password" ]; then
    INWX_User=""
    INWX_Password=""
@@ -27,6 +32,7 @@ dns_inwx_add() {
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable INWX_User "$INWX_User"
  _saveaccountconf_mutable INWX_Password "$INWX_Password"
  _saveaccountconf_mutable INWX_Shared_Secret "$INWX_Shared_Secret"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
@@ -148,8 +154,46 @@ _inwx_login() {
  </methodCall>' $INWX_User $INWX_Password)
  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
  _H1=$(printf "Cookie: %s" "$(grep "domrobot=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'domrobot=[^;]*;' | tr -d ';')")
  export _H1
-  printf "Cookie: %s" "$(grep "domrobot=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'domrobot=[^;]*;' | tr -d ';')"
+  #https://github.com/inwx/php-client/blob/master/INWX/Domrobot.php#L71
  if _contains "$response" "tfa"; then
    if [ -z "$INWX_Shared_Secret" ]; then
      _err "Mobile TAN detected."
      _err "Please define a shared secret."
      return 1
    fi
    if ! _exists oathtool; then
      _err "Please install oathtool to use 2 Factor Authentication."
      _err ""
      return 1
    fi
    tan="$(oathtool --base32 --totp "${INWX_Shared_Secret}" 2>/dev/null)"
    xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
    <methodCall>
    <methodName>account.unlock</methodName>
    <params>
     <param>
      <value>
       <struct>
        <member>
         <name>tan</name>
         <value>
          <string>%s</string>
         </value>
        </member>
       </struct>
      </value>
     </param>
    </params>
    </methodCall>' "$tan")
    response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
  fi
 }
@@ -161,8 +205,8 @@ _get_root() {
  i=2
  p=1
-  _H1=$(_inwx_login)
+  _inwx_login
-  export _H1
+
  xml_content='<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>nameserver.list</methodName>
--- a/dnsapi/dns_ispconfig.sh
+++ b/dnsapi/dns_ispconfig.sh
@@ -128,7 +128,7 @@ _ISPC_addTxt() {
  curSerial="$(date +%s)"
  curStamp="$(date +'%F %T')"
  params="\"server_id\":\"${server_id}\",\"zone\":\"${zone}\",\"name\":\"${fulldomain}.\",\"type\":\"txt\",\"data\":\"${txtvalue}\",\"aux\":\"0\",\"ttl\":\"3600\",\"active\":\"y\",\"stamp\":\"${curStamp}\",\"serial\":\"${curSerial}\""
-  curData="{\"session_id\":\"${sessionID}\",\"client_id\":\"${client_id}\",\"params\":{${params}}}"
+  curData="{\"session_id\":\"${sessionID}\",\"client_id\":\"${client_id}\",\"params\":{${params}},\"update_serial\":true}"
  curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_add")"
  _debug "Calling _ISPC_addTxt: '${curData}' '${ISPC_Api}?dns_txt_add'"
  _debug "Result of _ISPC_addTxt: '$curResult'"
@@ -160,7 +160,7 @@ _ISPC_rmTxt() {
      *)
        unset IFS
        _info "Retrieved Record ID."
-        curData="{\"session_id\":\"${sessionID}\",\"primary_id\":\"${record_id}\"}"
+        curData="{\"session_id\":\"${sessionID}\",\"primary_id\":\"${record_id}\",\"update_serial\":true}"
        curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_delete")"
        _debug "Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_delete'"
        _debug "Result of _ISPC_rmTxt: '$curResult'"
--- a/dnsapi/dns_kinghost.sh
+++ b/dnsapi/dns_kinghost.sh
@@ -0,0 +1,107 @@
 #!/usr/bin/env sh
 ############################################################
 # KingHost API support                                     #
 # http://api.kinghost.net/doc/                             #
 #                                                          #
 # Author: Felipe Keller Braz <felipebraz@kinghost.com.br>  #
 # Report Bugs here: https://github.com/kinghost/acme.sh    #
 #                                                          #
 # Values to export:                                        #
 # export KINGHOST_Username="email@provider.com"            #
 # export KINGHOST_Password="xxxxxxxxxx"                    #
 ############################################################
 KING_Api="https://api.kinghost.net/acme"
 # Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Used to add txt record
 dns_kinghost_add() {
  fulldomain=$1
  txtvalue=$2
  KINGHOST_Username="${KINGHOST_Username:-$(_readaccountconf_mutable KINGHOST_Username)}"
  KINGHOST_Password="${KINGHOST_Password:-$(_readaccountconf_mutable KINGHOST_Password)}"
  if [ -z "$KINGHOST_Username" ] || [ -z "$KINGHOST_Password" ]; then
    KINGHOST_Username=""
    KINGHOST_Password=""
    _err "You don't specify KingHost api password and email yet."
    _err "Please create you key and try again."
    return 1
  fi
  #save the credentials to the account conf file.
  _saveaccountconf_mutable KINGHOST_Username "$KINGHOST_Username"
  _saveaccountconf_mutable KINGHOST_Password "$KINGHOST_Password"
  _debug "Getting txt records"
  _kinghost_rest GET "dns" "name=$fulldomain&content=$txtvalue"
  #This API call returns "status":"ok" if dns record does not exists
  #We are creating a new txt record here, so we expect the "ok" status
  if ! echo "$response" | grep '"status":"ok"' >/dev/null; then
    _err "Error"
    _err "$response"
    return 1
  fi
  _kinghost_rest POST "dns" "name=$fulldomain&content=$txtvalue"
  if ! echo "$response" | grep '"status":"ok"' >/dev/null; then
    _err "Error"
    _err "$response"
    return 1
  fi
  return 0
 }
 # Usage: fulldomain txtvalue
 # Used to remove the txt record after validation
 dns_kinghost_rm() {
  fulldomain=$1
  txtvalue=$2
  KINGHOST_Password="${KINGHOST_Password:-$(_readaccountconf_mutable KINGHOST_Password)}"
  KINGHOST_Username="${KINGHOST_Username:-$(_readaccountconf_mutable KINGHOST_Username)}"
  if [ -z "$KINGHOST_Password" ] || [ -z "$KINGHOST_Username" ]; then
    KINGHOST_Password=""
    KINGHOST_Username=""
    _err "You don't specify KingHost api key and email yet."
    _err "Please create you key and try again."
    return 1
  fi
  _kinghost_rest DELETE "dns" "name=$fulldomain&content=$txtvalue"
  if ! echo "$response" | grep '"status":"ok"' >/dev/null; then
    _err "Error"
    _err "$response"
    return 1
  fi
  return 0
 }
 ####################  Private functions below ##################################
 _kinghost_rest() {
  method=$1
  uri="$2"
  data="$3"
  _debug "$uri"
  export _H1="X-Auth-Email: $KINGHOST_Username"
  export _H2="X-Auth-Key: $KINGHOST_Password"
  if [ "$method" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$KING_Api/$uri.json" "" "$method")"
  else
    response="$(_get "$KING_Api/$uri.json?$data")"
  fi
  if [ "$?" != "0" ]; then
    _err "error $uri"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_loopia.sh
+++ b/dnsapi/dns_loopia.sh
@@ -0,0 +1,227 @@
 #!/usr/bin/env sh
 #
 #LOOPIA_User="username"
 #
 #LOOPIA_Password="password"
 LOOPIA_Api="https://api.loopia.se/RPCSERV"
 ########  Public functions #####################
 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_loopia_add() {
  fulldomain=$1
  txtvalue=$2
  LOOPIA_User="${LOOPIA_User:-$(_readaccountconf_mutable LOOPIA_User)}"
  LOOPIA_Password="${LOOPIA_Password:-$(_readaccountconf_mutable LOOPIA_Password)}"
  if [ -z "$LOOPIA_User" ] || [ -z "$LOOPIA_Password" ]; then
    LOOPIA_User=""
    LOOPIA_Password=""
    _err "You don't specify loopia user and password yet."
    _err "Please create you key and try again."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable LOOPIA_User "$LOOPIA_User"
  _saveaccountconf_mutable LOOPIA_Password "$LOOPIA_Password"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _info "Adding record"
  _loopia_add_record "$_domain" "$_sub_domain"
  _loopia_update_record "$_domain" "$_sub_domain" "$txtvalue"
 }
 dns_loopia_rm() {
  fulldomain=$1
  txtvalue=$2
  LOOPIA_User="${LOOPIA_User:-$(_readaccountconf_mutable LOOPIA_User)}"
  LOOPIA_Password="${LOOPIA_Password:-$(_readaccountconf_mutable LOOPIA_Password)}"
  if [ -z "$LOOPIA_User" ] || [ -z "$LOOPIA_Password" ]; then
    LOOPIA_User=""
    LOOPIA_Password=""
    _err "You don't specify LOOPIA user and password yet."
    _err "Please create you key and try again."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable LOOPIA_User "$LOOPIA_User"
  _saveaccountconf_mutable LOOPIA_Password "$LOOPIA_Password"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
    <methodName>removeSubdomain</methodName>
    <params>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
    </params>
  </methodCall>' $LOOPIA_User $LOOPIA_Password "$_domain" "$_sub_domain")
  response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")"
  if ! _contains "$response" "OK"; then
    _err "Error could not get txt records"
    return 1
  fi
 }
 ####################  Private functions below ##################################
 _get_root() {
  domain=$1
  _debug "get root"
  domain=$1
  i=2
  p=1
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>getDomains</methodName>
  <params>
   <param>
    <value><string>%s</string></value>
   </param>
   <param>
    <value><string>%s</string></value>
   </param>
  </params>
  </methodCall>' $LOOPIA_User $LOOPIA_Password)
  response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")"
  while true; do
    h=$(echo "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if _contains "$response" "$h"; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      return 0
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
 }
 _loopia_update_record() {
  domain=$1
  sub_domain=$2
  txtval=$3
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
    <methodName>updateZoneRecord</methodName>
    <params>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <struct>
          <member>
            <name>type</name>
            <value><string>TXT</string></value>
          </member>
          <member>
            <name>priority</name>
            <value><int>0</int></value>
          </member>
          <member>
            <name>ttl</name>
            <value><int>60</int></value>
          </member>
          <member>
            <name>rdata</name>
            <value><string>%s</string></value>
          </member>
          <member>
            <name>record_id</name>
            <value><int>0</int></value>
          </member>
        </struct>
      </param>
    </params>
  </methodCall>' $LOOPIA_User $LOOPIA_Password "$domain" "$sub_domain" "$txtval")
  response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")"
  if ! _contains "$response" "OK"; then
    _err "Error"
    return 1
  fi
  return 0
 }
 _loopia_add_record() {
  domain=$1
  sub_domain=$2
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
    <methodName>addSubdomain</methodName>
    <params>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
      <param>
        <value><string>%s</string></value>
      </param>
    </params>
  </methodCall>' $LOOPIA_User $LOOPIA_Password "$domain" "$sub_domain")
  response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")"
  if ! _contains "$response" "OK"; then
    _err "Error"
    return 1
  fi
  return 0
 }
--- a/dnsapi/dns_namecom.sh
+++ b/dnsapi/dns_namecom.sh
@@ -123,7 +123,7 @@ _namecom_login() {
  # Auth string
  # Name.com API v4 uses http basic auth to authenticate
  # need to convert the token for http auth
-  _namecom_auth=$(printf "%s:%s" "$Namecom_Username" "$Namecom_Token" | base64)
+  _namecom_auth=$(printf "%s:%s" "$Namecom_Username" "$Namecom_Token" | _base64)
  if _namecom_rest GET "hello"; then
    retcode=$(printf "%s\n" "$response" | _egrep_o "\"username\"\:\"$Namecom_Username\"")
--- a/dnsapi/dns_nsupdate.sh
+++ b/dnsapi/dns_nsupdate.sh
@@ -8,12 +8,14 @@ dns_nsupdate_add() {
  txtvalue=$2
  _checkKeyFile || return 1
  [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
  [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
  # save the dns server and key to the account conf file.
  _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
  _saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
  _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
  _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
  nsupdate -k "${NSUPDATE_KEY}" <<EOF
-server ${NSUPDATE_SERVER}
+server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT} 
 update add ${fulldomain}. 60 in txt "${txtvalue}"
 send
 EOF
@@ -30,9 +32,10 @@ dns_nsupdate_rm() {
  fulldomain=$1
  _checkKeyFile || return 1
  [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
  [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
  _info "removing ${fulldomain}. txt"
  nsupdate -k "${NSUPDATE_KEY}" <<EOF
-server ${NSUPDATE_SERVER}
+server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT} 
 update delete ${fulldomain}. txt
 send
 EOF
--- a/dnsapi/dns_pdns.sh
+++ b/dnsapi/dns_pdns.sh
@@ -69,15 +69,21 @@ dns_pdns_add() {
 #fulldomain
 dns_pdns_rm() {
  fulldomain=$1
  txtvalue=$2
  if [ -z "$PDNS_Ttl" ]; then
    PDNS_Ttl="$DEFAULT_PDNS_TTL"
  fi
  _debug "Detect root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain "$_domain"
-  if ! rm_record "$_domain" "$fulldomain"; then
+  if ! rm_record "$_domain" "$fulldomain" "$txtvalue"; then
    return 1
  fi
@@ -88,9 +94,16 @@ set_record() {
  _info "Adding record"
  root=$1
  full=$2
-  txtvalue=$3
+  new_challenge=$3
-  if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}"; then
+  _record_string=""
  _build_record_string "$new_challenge"
  _list_existingchallenges
  for oldchallenge in $_existing_challenges; do
    _build_record_string "$oldchallenge"
  done
  if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
    _err "Set txt record error."
    return 1
  fi
@@ -106,14 +119,37 @@ rm_record() {
  _info "Remove record"
  root=$1
  full=$2
  txtvalue=$3
-  if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
+  #Enumerate existing acme challenges
-    _err "Delete txt record error."
+  _list_existingchallenges
    return 1
  fi
-  if ! notify_slaves "$root"; then
+  if _contains "$_existing_challenges" "$txtvalue"; then
-    return 1
+    #Delete all challenges (PowerDNS API does not allow to delete content)
    if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
      _err "Delete txt record error."
      return 1
    fi
    _record_string=""
    #If the only existing challenge was the challenge to delete: nothing to do
    if ! [ "$_existing_challenges" = "$txtvalue" ]; then
      for oldchallenge in $_existing_challenges; do
        #Build up the challenges to re-add, ommitting the one what should be deleted
        if ! [ "$oldchallenge" = "$txtvalue" ]; then
          _build_record_string "$oldchallenge"
        fi
      done
      #Recreate the existing challenges
      if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
        _err "Set txt record error."
        return 1
      fi
    fi
    if ! notify_slaves "$root"; then
      return 1
    fi
  else
    _info "Record not found, nothing to remove"
  fi
  return 0
@@ -122,7 +158,7 @@ rm_record() {
 notify_slaves() {
  root=$1
-  if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root./notify"; then
+  if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root/notify"; then
    _err "Notify slaves error."
    return 1
  fi
@@ -144,15 +180,18 @@ _get_root() {
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    if [ -z "$h" ]; then
      return 1
    fi
    if _contains "$_zones_response" "\"name\": \"$h.\""; then
-      _domain="$h"
+      _domain="$h."
      if [ -z "$h" ]; then
        _domain="=2E"
      fi
      return 0
    fi
    if [ -z "$h" ]; then
      return 1
    fi
    i=$(_math $i + 1)
  done
  _debug "$domain not found"
@@ -182,3 +221,12 @@ _pdns_rest() {
  return 0
 }
 _build_record_string() {
  _record_string="${_record_string:+${_record_string}, }{\"content\": \"\\\"${1}\\\"\", \"disabled\": false}"
 }
 _list_existingchallenges() {
  _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones/$root"
  _existing_challenges=$(echo "$response" | _normalizeJson | _egrep_o "\"name\":\"${fulldomain}[^]]*}" | _egrep_o 'content\":\"\\"[^\\]*' | sed -n 's/^content":"\\"//p')
 }
--- a/dnsapi/dns_tele3.sh
+++ b/dnsapi/dns_tele3.sh
@@ -0,0 +1,69 @@
 #!/usr/bin/env sh
 #
 # tele3.cz DNS API
 #
 # Author: Roman Blizik
 # Report Bugs here: https://github.com/par-pa/acme.sh
 #
 # --
 # export TELE3_Key="MS2I4uPPaI..."
 # export TELE3_Secret="kjhOIHGJKHg"
 # --
 TELE3_API="https://www.tele3.cz/acme/"
 ########  Public functions  #####################
 dns_tele3_add() {
  _info "Using TELE3 DNS"
  data="\"ope\":\"add\", \"domain\":\"$1\", \"value\":\"$2\""
  if ! _tele3_call; then
    _err "Publish zone failed"
    return 1
  fi
  _info "Zone published"
 }
 dns_tele3_rm() {
  _info "Using TELE3 DNS"
  data="\"ope\":\"rm\", \"domain\":\"$1\", \"value\":\"$2\""
  if ! _tele3_call; then
    _err "delete TXT record failed"
    return 1
  fi
  _info "TXT record successfully deleted"
 }
 ####################  Private functions below  ##################################
 _tele3_init() {
  TELE3_Key="${TELE3_Key:-$(_readaccountconf_mutable TELE3_Key)}"
  TELE3_Secret="${TELE3_Secret:-$(_readaccountconf_mutable TELE3_Secret)}"
  if [ -z "$TELE3_Key" ] || [ -z "$TELE3_Secret" ]; then
    TELE3_Key=""
    TELE3_Secret=""
    _err "You must export variables: TELE3_Key and TELE3_Secret"
    return 1
  fi
  #save the config variables to the account conf file.
  _saveaccountconf_mutable TELE3_Key "$TELE3_Key"
  _saveaccountconf_mutable TELE3_Secret "$TELE3_Secret"
 }
 _tele3_call() {
  _tele3_init
  data="{\"key\":\"$TELE3_Key\", \"secret\":\"$TELE3_Secret\", $data}"
  _debug data "$data"
  response="$(_post "$data" "$TELE3_API" "" "POST")"
  _debug response "$response"
  if [ "$response" != "success" ]; then
    _err "$response"
    return 1
  fi
 }
--- a/dnsapi/dns_yandex.sh
+++ b/dnsapi/dns_yandex.sh
@@ -50,9 +50,9 @@ _PDD_get_domain() {
  __last=0
  while [ $__last -eq 0 ]; do
    uri1="https://pddimp.yandex.ru/api2/admin/domain/domains?page=${__page}&on_page=20"
-    res1=$(_get "$uri1" | _normalizeJson)
+    res1="$(_get "$uri1" | _normalizeJson)"
-    #_debug "$res1"
+    _debug2 "res1" "$res1"
-    __found=$(echo "$res1" | sed -n -e 's#.* "found": \([^,]*\),.*#\1#p')
+    __found="$(echo "$res1" | sed -n -e 's#.* "found": \([^,]*\),.*#\1#p')"
    _debug "found: $__found results on page"
    if [ "$__found" -lt 20 ]; then
      _debug "last page: $__page"
--- a/dnsapi/dns_zilore.sh
+++ b/dnsapi/dns_zilore.sh
@@ -0,0 +1,139 @@
 #!/usr/bin/env sh
 Zilore_API="https://api.zilore.com/dns/v1"
 # Zilore_Key="YOUR-ZILORE-API-KEY"
 ########  Public functions #####################
 dns_zilore_add() {
  fulldomain=$1
  txtvalue=$2
  _info "Using Zilore"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  Zilore_Key="${Zilore_Key:-$(_readaccountconf_mutable Zilore_Key)}"
  if [ -z "$Zilore_Key" ]; then
    Zilore_Key=""
    _err "Please define Zilore API key"
    return 1
  fi
  _saveaccountconf_mutable Zilore_Key "$Zilore_Key"
  if ! _get_root "$fulldomain"; then
    _err "Unable to determine root domain"
    return 1
  else
    _debug _domain "$_domain"
  fi
  if _zilore_rest POST "domains/$_domain/records?record_type=TXT&record_ttl=600&record_name=$fulldomain&record_value=\"$txtvalue\""; then
    if _contains "$response" '"added"' >/dev/null; then
      _info "Added TXT record, waiting for validation"
      return 0
    else
      _debug response "$response"
      _err "Error while adding DNS records"
      return 1
    fi
  fi
  return 1
 }
 dns_zilore_rm() {
  fulldomain=$1
  txtvalue=$2
  _info "Using Zilore"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
  Zilore_Key="${Zilore_Key:-$(_readaccountconf_mutable Zilore_Key)}"
  if [ -z "$Zilore_Key" ]; then
    Zilore_Key=""
    _err "Please define Zilore API key"
    return 1
  fi
  _saveaccountconf_mutable Zilore_Key "$Zilore_Key"
  if ! _get_root "$fulldomain"; then
    _err "Unable to determine root domain"
    return 1
  else
    _debug _domain "$_domain"
  fi
  _debug "Getting TXT records"
  _zilore_rest GET "domains/${_domain}/records?search_text=$txtvalue&search_record_type=TXT"
  _debug response "$response"
  if ! _contains "$response" '"ok"' >/dev/null; then
    _err "Error while getting records list"
    return 1
  else
    _record_id=$(printf "%s\n" "$response" | _egrep_o "\"record_id\":\"[^\"]+\"" | cut -d : -f 2 | tr -d \" | _head_n 1)
    if [ -z "$_record_id" ]; then
      _err "Cannot determine _record_id"
      return 1
    else
      _debug _record_id "$_record_id"
    fi
    if ! _zilore_rest DELETE "domains/${_domain}/records?record_id=$_record_id"; then
      _err "Error while deleting chosen record"
      return 1
    fi
    _contains "$response" '"ok"'
  fi
 }
 ####################  Private functions below ##################################
 _get_root() {
  domain=$1
  i=2
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    if ! _zilore_rest GET "domains?search_text=$h"; then
      return 1
    fi
    if _contains "$response" "\"$h\"" >/dev/null; then
      _domain=$h
      return 0
    else
      _debug "$h not found"
    fi
    i=$(_math "$i" + 1)
  done
  return 1
 }
 _zilore_rest() {
  method=$1
  param=$2
  data=$3
  export _H1="X-Auth-Key: $Zilore_Key"
  if [ "$method" != "GET" ]; then
    response="$(_post "$data" "$Zilore_API/$param" "" "$method")"
  else
    response="$(_get "$Zilore_API/$param")"
  fi
  if [ "$?" != "0" ]; then
    _err "error $param"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
Author	SHA1	Message	Date
neil	c38ef9023b	Merge pull request #1738 from Neilpang/dev sync	2018-07-18 00:30:47 +08:00
neil	9cecd525e2	fix JWS has an invalid anti-replay nonce https://github.com/Neilpang/acme.sh/issues/1630	2018-07-18 00:26:21 +08:00
neil	4f5995abc0	Merge pull request #1717 from initit/master added dnsapi for euserv.eu	2018-07-10 09:18:58 +08:00
Michael	2945b230e4	replaced tail/head with _tail_n/_head_n and printf with echo	2018-07-09 22:54:34 +02:00
Michael	261cc448f7	fixed shfmt related errors in dns_euserv.sh and modified README.md	2018-07-08 23:00:26 +02:00
Michael	616b0b6baa	fixed shfmt related errors in dns_euserv.sh and modified README.md	2018-07-08 22:50:52 +02:00
Michael	d99968ee6d	Modified dnsapi/README.md	2018-07-08 16:25:35 +02:00
Michael	4a65ff6ae2	Merge https://www.github.com/initit/acme.sh	2018-07-08 16:20:09 +02:00
Michael	94f91ae687	initial version with Euserv.eu DNS API Support - added dnsapi/dns_euserv.sh - modified dnsapi/README.md	2018-07-08 16:17:57 +02:00
Michael	28e4bcf67f	initial version with Euserv.eu DNS API Support	2018-07-08 16:04:18 +02:00
neil	884461f1a6	Merge pull request #1705 from war59312/patch-2 Update README.md - HTTPS For centminmod.com Link	2018-07-02 09:53:37 +08:00
Will	26c669e42d	Update README.md - HTTPS For centminmod.com Link Update README.md - HTTPS For centminmod.com Link	2018-07-01 18:53:47 -04:00
neil	f60dde4138	Merge pull request #1698 from Neilpang/dev Dev	2018-06-29 20:12:57 +08:00
neilpang	9c545059ae	fix warning	2018-06-28 22:21:22 +08:00
neilpang	05dea7b22a	fix warning	2018-06-28 20:34:29 +08:00
neil	5b3f915d90	Merge pull request #1697 from santerikannisto/patch-6 Issue #1328 bug fix v3	2018-06-28 15:39:30 +08:00
Santeri Kannisto	d987d61ea9	Issue #1328 bug fix v3 Eliminated php dependency with a private function for urlencode using sed. Php had failed on godaddy due to multiple php instances and naturally cron using the one without the necessary -r option. Compared to previous PR the sed code is now POSIX and should work on all environments.	2018-06-28 09:38:14 +02:00
neil	dedb56d295	Merge pull request #1563 from kordianbruck/dev Increase serial when adding txt records	2018-06-27 10:51:31 +08:00
neil	8697972d5d	Merge pull request #1669 from Neilpang/dev check UNABLE_TO_AUTHENTICATE	2018-06-12 21:23:33 +08:00
neilpang	f90a2ae195	check UNABLE_TO_AUTHENTICATE	2018-06-12 21:19:27 +08:00
neil	084de9d8e0	Merge pull request #1635 from Neilpang/dev Dev	2018-05-29 23:37:48 +08:00
neilpang	206be3c161	fix https://github.com/Neilpang/acme.sh/issues/1633	2018-05-29 22:38:52 +08:00
neil	39ba697e19	Merge pull request #1584 from dwatrous/patch-1 Add HAProxy deploy implementation and documentation	2018-05-08 22:06:41 +08:00
Daniel Watrous	c9818ea2c4	add documentation for reload command	2018-05-04 13:03:27 -05:00
Daniel Watrous	afe5cb588d	update for POSIX compliance	2018-05-04 10:25:54 -05:00
Daniel Watrous	e9e999542d	add reload	2018-05-04 10:14:31 -05:00
neil	d9db90752e	Merge pull request #1579 from par-pa/support-tele3 Support tele3	2018-05-04 22:29:10 +08:00
neil	f7c3f52817	Merge pull request #1585 from Neilpang/dev Dev	2018-05-04 22:24:52 +08:00
neilpang	681e3785ef	add dns alias mode	2018-05-04 22:23:56 +08:00
Daniel Watrous	5f593994c7	remove more whitespace (trying to get TravisCI working)	2018-05-03 12:25:11 -05:00
Daniel Watrous	ec73aeba16	remove whitespace	2018-05-03 12:17:26 -05:00
Daniel Watrous	7573e560b6	Add conditional check to ensure path is provided	2018-05-03 10:06:05 -05:00
Daniel Watrous	c8bc155cfe	Merge pull request #1 from dwatrous/patch-2 add docs for HAProxy deployment	2018-05-03 01:38:33 -05:00
Daniel Watrous	1eae73105a	add docs for HAProxy deployment	2018-05-03 01:33:06 -05:00
Daniel Watrous	360dc140ea	implement basic haproxy deploy HAProxy requires the certificate chain and key to be concatenated and placed somewhere (can be anywhere). This script expects a single environment variable with the path where the concatenated PEM file should be written	2018-05-03 01:28:56 -05:00
Kordian Bruck	03a1386902	Update serial also when deleting the token	2018-05-02 23:01:52 +02:00
Roman Bližík	70b56eb527	remove whitespace	2018-05-02 11:13:10 +02:00
Roman Bližík	4e05062def	add tele3-dns plugin	2018-04-30 15:09:51 +02:00
neil	266333468b	Merge pull request #1566 from steffenbusch/dev Added --force-color to enforce the use of ANSI Color. Issue #1557	2018-04-27 23:26:53 +08:00
Steffen Busch	e32b3aac22	Added --force-color to enforce the use of ANSI Color. Issue #1557	2018-04-26 21:02:37 +02:00
Kordian Bruck	676402d918	Increase serial when adding txt records	2018-04-26 11:40:17 +02:00
neil	edb4d066a9	Merge pull request #1555 from Neilpang/dev sync	2018-04-24 19:53:07 +08:00
neil	03f4518da9	Merge pull request #1553 from OlegRakovitch/patch-2 Add missing package to docker image	2018-04-23 23:39:56 +08:00
Oleg Rakovitch	8259e82787	Add missing package to docker image Issue #1552	2018-04-23 18:34:15 +03:00
neil	838d3ddc17	Merge pull request #1550 from Neilpang/dev sync	2018-04-22 16:04:38 +08:00
neilpang	66686de4e4	add --branch	2018-04-21 13:21:56 +08:00
neilpang	ce8dca7afe	move renewhook after installcert fix https://github.com/Neilpang/acme.sh/issues/1547	2018-04-21 13:15:17 +08:00
neil	9f5ef4c1cb	Merge pull request #1546 from Neilpang/dev fix shfmt	2018-04-21 10:53:32 +08:00
neilpang	f0a87da375	fix shfmt	2018-04-20 23:32:42 +08:00
neil	263e30d25d	Merge pull request #1545 from Neilpang/dev Dev	2018-04-20 23:26:48 +08:00
neilpang	15ffc30d88	Merge branch 'dev' of https://github.com/Neilpang/acme.sh into dev	2018-04-20 23:23:11 +08:00
neilpang	8a5c4979ad	fix shellcheck	2018-04-20 23:22:25 +08:00
neil	3216806fae	Merge pull request #1540 from Neilpang/dev fix https://github.com/Neilpang/acme.sh/issues/1539	2018-04-20 14:05:44 +08:00
neil	f8526f027c	fix https://github.com/Neilpang/acme.sh/issues/1539	2018-04-20 14:05:09 +08:00
neil	ed3066aae7	Merge pull request #1515 from Neilpang/dev sync	2018-04-13 22:33:53 +08:00
neilpang	98a7e72f0a	fix https://github.com/Neilpang/acme.sh/issues/1512#issuecomment-381121303	2018-04-13 21:28:13 +08:00
neil	a2259865b3	Merge pull request #1501 from jkroepke/inwx_mtan Add Support for inwx.de mobile tan	2018-04-12 20:54:53 +08:00
Jan-Otto Kröpke	63f3283591	Add Support for inwx mobile tan	2018-04-10 20:02:57 +02:00
neil	d670ea4f59	Merge pull request #1497 from Neilpang/dev sync	2018-04-07 11:52:53 +08:00
neil	d0d10bc6e7	Merge pull request #1490 from AlexeyStolyarov/master #issue with nsupdate on Ubuntu 14.04.1 LTS	2018-04-07 11:52:05 +08:00
neil	4fea06c9fa	Merge pull request #1393 from webner/acme-dns add acme-dns plugin	2018-04-07 11:50:33 +08:00
neil	09fed60dec	Merge pull request #1494 from Neilpang/dev sync	2018-04-06 11:37:22 +08:00
AlexeyStolyarov	75b9c39b0e	Update dns_nsupdate.sh	2018-04-05 14:50:55 +05:00
AlexeyStolyarov	5957a1068f	Update dns_nsupdate.sh	2018-04-05 14:45:15 +05:00
AlexeyStolyarov	df5229c7c8	Merge pull request #1 from AlexeyStolyarov/AlexeyStolyarov-patch-1 #issue with nsupdate on Ubuntu 14.04.1 LTS	2018-04-05 14:19:34 +05:00
AlexeyStolyarov	ed817c81de	#issue with nsupdate on Ubuntu 14.04.1 LTS on Ubuntu 14.04.1 LTS if nsupdate runs without port number given it treated argument following server name as port number. and throws error: ``` port 'update' is not numeric syntax error ```	2018-04-05 14:18:53 +05:00
Wolfgang Ebner	dd72f7638d	add acme-dns plugin	2018-04-03 10:18:54 +02:00
neil	a77e4aa6fa	Merge pull request #1482 from martgras/dev Fixes dns_he Issue #1476	2018-04-03 09:14:16 +08:00
martgras	792f3775ce	Fixes dns_he Issue #1476 username / password has to be urlencoded	2018-04-02 18:32:28 +02:00
neil	4c7700ec3b	Merge pull request #1480 from Neilpang/master sync	2018-04-02 13:31:21 +08:00
neil	eee296c4c2	Merge pull request #1475 from pandiloko/patch-1 False case in variable name for dreamhost api	2018-04-02 13:17:29 +08:00
pandiloko	499f745732	False case in variable name for dreamhost api	2018-04-01 14:41:35 +02:00
neil	446388e0ba	Merge pull request #1378 from ivarmedi/master Add dns_loopia	2018-04-01 09:51:22 +08:00
neil	e1628bcdd8	Merge pull request #1429 from softcat/dev Fixed DNSAPI for PowerDNS to support wildcard certificates	2018-04-01 09:50:33 +08:00
neil	6d5874fc45	Merge pull request #1448 from martgras/patch-3 dns_azure add support for validation record at domain apex	2018-04-01 09:49:28 +08:00
neil	3d563dea87	Merge pull request #1444 from adrum/patch-1 Fixed Dreamhost ENV var name in dnsapi/README.md	2018-04-01 09:48:48 +08:00
neilpang	09304c33c1	start 2.7.9	2018-03-29 21:51:33 +08:00
neil	521d8c4b1f	Merge pull request #1464 from Neilpang/dev sync	2018-03-29 21:39:09 +08:00
Ivar Larsson	b7d573a4b8	Merge branch 'dev' of github.com:Neilpang/acme.sh	2018-03-28 22:05:39 -04:00
neil	4a62385dcc	Merge pull request #1460 from Habetdin/patch-1 Update Zilore API description	2018-03-29 09:33:50 +08:00
Habetdin	98e15f658e	Update Zilore API description	2018-03-29 04:31:46 +03:00
neil	0a3fa35c5d	Merge pull request #1451 from Habetdin/dev Adding support of Zilore API	2018-03-29 09:09:45 +08:00
neil	02e095bec2	Merge pull request #1459 from rbelnap/vault_deploy_chain_Fix add chain cert	2018-03-29 09:08:45 +08:00
Ivar Larsson	696d9c6bd3	remove merge chars	2018-03-28 17:15:31 -04:00
Ivar Larsson	50dee5d464	Merge branch 'master' of github.com:Neilpang/acme.sh	2018-03-28 16:25:38 -04:00
Bob Belnap	87a8dda955	add chain cert	2018-03-28 12:40:31 -04:00
Habetdin	d7c73f590c	Merge branch 'patch-2' into dev	2018-03-28 18:29:54 +03:00
Habetdin	d1b197e339	Merge branch 'patch-1' into dev	2018-03-28 18:29:48 +03:00
Habetdin	8f5ee989ba	Update README.md	2018-03-28 18:26:34 +03:00
Habetdin	ce9c227425	Update README.md	2018-03-28 18:25:52 +03:00
Habetdin	e32c2b84ee	Revert "Update README #1 " This reverts commit `6b0333e919`.	2018-03-28 18:22:38 +03:00
Habetdin	ce9f77afed	Revert "Update README #2 " This reverts commit `882e1db1d6`.	2018-03-28 18:22:36 +03:00
Habetdin	2bc38b2063	Revert "Update README.md" This reverts commit `b4f4c28871`.	2018-03-28 18:22:33 +03:00
Habetdin	b4f4c28871	Update README.md	2018-03-28 18:17:22 +03:00
Habetdin	b14ef537e1	head => _head_n	2018-03-28 18:14:45 +03:00
neil	84ac386481	Merge pull request #1437 from james-gibson/remove-line-wraps-on-basic-auth Disable line wrapping on base64 conversion to prevent auth failure	2018-03-28 22:00:44 +08:00
neil	f0365d32aa	Merge pull request #1457 from Neilpang/dev sync	2018-03-28 21:37:58 +08:00
neil	795764f22f	Merge pull request #1420 from kinghost/master Add dns_kinghost.sh	2018-03-28 21:26:44 +08:00
Felipe Braz	986f61ac92	deleted wrog file	2018-03-28 10:18:43 -03:00
neil	09576f2f4f	Merge pull request #1445 from martgras/patch-2 dns_he - proposed fix for #1438	2018-03-28 21:08:32 +08:00
neil	bba474dc6b	Merge pull request #1447 from itssimple/dev Fixes DNSimple for Wildcard certificates	2018-03-28 20:17:51 +08:00
Habetdin	fde971fe81	Fix formatting	2018-03-27 06:31:25 +03:00
Habetdin	882e1db1d6	Update README #2	2018-03-27 06:23:15 +03:00
Habetdin	6b0333e919	Update README #1	2018-03-27 06:21:10 +03:00
Habetdin	914808b867	Adding Zilore API support	2018-03-27 06:16:39 +03:00
Felipe Braz	2d1d512d0f	removed redundant api call	2018-03-26 14:28:52 -03:00
Felipe Braz	37bc099d39	removed redundant api call	2018-03-26 14:27:21 -03:00
martgras	9e3c931b34	dns_azure add support for validation record at domain apex Prevent the issue described in #1442 Fix [SC1117] Backslash is literal in "\[".	2018-03-26 17:45:16 +02:00
Felipe Braz	f8fb0e67b4	fix dnsapi/dns_kinghost.sh with shfmt utility	2018-03-26 12:17:10 -03:00
Felipe Braz	86ef6e6987	fixes on dnsapi/dns_kinghost.sh and dnsapi/README.md	2018-03-26 11:21:12 -03:00
Felipe Braz	e8fd373e6c	removed blank space at ending of dnsapi/dns_kinghost.sh	2018-03-26 10:58:56 -03:00
Felipe Braz	7efa546665	removed local .gitignore file	2018-03-26 10:58:22 -03:00
Felipe Braz	4d2a0697ed	fix identation dnsapi/dns_kinghost.sh	2018-03-26 10:49:34 -03:00
Felipe Braz	c6023782a4	Merge branch 'dev' of github.com:Neilpang/acme.sh	2018-03-26 10:39:58 -03:00
Chris	30283282d2	Fixing code style according to Travis	2018-03-26 09:40:33 +02:00
Chris	7588fc0989	Fixes DNSimple for Wildcard certificates	2018-03-26 09:32:41 +02:00
martgras	fe843bc466	dns_he - proposed fix for #1438 if you have more than one zone of a domain (e.g. example.com and subdomain.example.com) _find_zone fails. This fix removes partials matches.	2018-03-25 14:32:51 +02:00
Austin Drummond	5b355c6ca7	Fixed Dreamhost ENV var name in dnsapi/README.md	2018-03-24 18:57:22 -04:00
Nils Sandmann	a3f7ff90e3	Used e_grep_o instead grep -Po, dns_pdns_rm() now deletes only entry with matching txt value	2018-03-24 18:46:04 +01:00
Nils Sandmann	1f3f8a5073	Merge remote-tracking branch 'upstream/master' into dev	2018-03-24 18:43:21 +01:00
James Gibson	9c88971bc1	Use internal base64 util instead of PATH bin/	2018-03-23 14:46:54 -06:00
neilpang	aad309ee4f	fix https://github.com/Neilpang/acme.sh/issues/1430	2018-03-24 00:06:39 +08:00
Felipe Braz	e80ca4ddbc	Merge branch 'dev' of github.com:Neilpang/acme.sh	2018-03-23 12:06:07 -03:00
neil	28ccad28c2	Merge pull request #1436 from james-gibson/patch-1 Clarified the language around the Name.com steps	2018-03-23 20:35:58 +08:00
James Gibson	ba9e7fbf64	Clarified the language around the Name.com steps Name.com has simplified the process to obtain API tokens, this clarifies the language around requesting a key.	2018-03-22 22:52:30 -06:00
neil	28c85cf8e7	Merge pull request #1432 from pyriand3r/master Added additional information for do.de users	2018-03-23 09:25:19 +08:00
neil	526b5a8d25	Merge pull request #1435 from ATLief/patch-1 Patch 1	2018-03-23 09:10:46 +08:00
Alex	6b15cf3f72	Remove template text	2018-03-22 13:45:43 -04:00
pyriand3r	fbd8ab47ea	only reseller can use do.de's reseller interface	2018-03-22 11:23:16 +01:00
Nils Sandmann	893917a25d	Fix travis errors	2018-03-22 11:13:46 +01:00
Nils Sandmann	af5ff2bb93	Modified DNSAPI for PowerDNS to support wildcard certificates	2018-03-21 16:43:42 +01:00
Ivar Larsson	8995d3434f	_contains instead of echo	2018-03-21 11:19:22 -04:00
Ivar Larsson	5f9b0675e2	loopia -> loopia.se	2018-03-21 11:18:26 -04:00
neilpang	46ac97a3ff	update doc	2018-03-21 20:57:48 +08:00
neil	db3264ab8c	Merge pull request #1427 from Neilpang/dev sync	2018-03-21 20:40:59 +08:00
neilpang	a0923622ae	fix https://github.com/Neilpang/acme.sh/issues/1029 https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode	2018-03-21 20:30:52 +08:00
Felipe Braz	aa9975ad0d	dns_kinghost.sh :: changed printf to echo	2018-03-20 10:08:52 -03:00
Felipe Braz	6787c81abe	renamed KINGHOST_username => KINGHOST_Username	2018-03-20 09:58:10 -03:00
Felipe Braz	72205176e1	Merge branch 'dev' of github.com:Neilpang/acme.sh	2018-03-19 18:04:46 -03:00
Felipe Braz	480742cc15	Merge branch 'master' of github.com:Neilpang/acme.sh	2018-03-19 13:52:49 -03:00
Felipe Braz	48bdfa2377	added doc header to dns_kinghost.sh	2018-03-19 13:49:58 -03:00
Felipe Braz	2ff6f4d3cf	updated docs for dns_kinghost api usage	2018-03-19 12:26:54 -03:00
Felipe Braz	ae32938531	added dnsapi/dns_kinghost.sh	2018-03-19 12:17:47 -03:00
neil	d3da603292	Merge pull request #1418 from itssimple/patch-1 Patch for #1192	2018-03-19 19:47:30 +08:00
Chris Gårdenberg	912bcf9487	Fixed HTTPS-url with regard to #1192	2018-03-19 11:15:25 +01:00
Ivar Larsson	413f071861	use echo	2018-03-18 10:00:10 -04:00
neilpang	668c43abf3	add more debug info	2018-03-18 21:06:37 +08:00
neil	43e9553ebc	Merge pull request #1413 from Neilpang/dev sync	2018-03-18 20:06:19 +08:00
neilpang	e8b54a5087	fix ACCOUNT_URL	2018-03-18 19:32:45 +08:00
neilpang	39852662a6	fix content type	2018-03-18 19:29:02 +08:00
neilpang	6a66ba8a21	fix https://github.com/Neilpang/acme.sh/issues/1411	2018-03-18 18:57:56 +08:00
neilpang	36a7a84080	fix https://github.com/Neilpang/acme.sh/issues/1411	2018-03-18 18:34:35 +08:00
neilpang	7e0b334b38	fix empty ACCOUNT_URL for v2 for the first time use	2018-03-18 18:20:29 +08:00
neilpang	5d8d217a13	add more debug info	2018-03-18 11:36:04 +08:00
neilpang	f2aa5c0235	update doc	2018-03-18 11:18:37 +08:00
neilpang	323febe8c7	add more debug log	2018-03-18 11:14:03 +08:00
neilpang	32d8f349c9	add debug info	2018-03-18 11:04:14 +08:00
neil	3910495cce	Merge pull request #1394 from rafaelgieschke/pdns-root dns_pdns.sh: Allow "." as root zone	2018-03-17 22:02:51 +08:00
neil	fe69afdefb	Merge pull request #1401 from casperklein/patch-1 Updated --accountemail help	2018-03-17 22:01:50 +08:00
Casper	9082862b9d	Updated --accountemail help https://github.com/Neilpang/acme.sh/issues/1074#issuecomment-337672763	2018-03-17 14:45:49 +01:00
Rafael Gieschke	4ae108009c	dns_pdns.sh: Allow "." as root zone	2018-03-16 14:32:05 +01:00
neilpang	a5c1c30368	update doc	2018-03-16 21:29:38 +08:00
neil	8cd3086be0	Merge pull request #1350 from martgras/dev Fix missing success return value from dns_azure_add/rm	2018-03-16 20:29:03 +08:00
neil	dd37ae26a5	Merge pull request #1388 from Rid/dev Fixed grammatical errors in CF api	2018-03-16 19:58:37 +08:00
neil	fdaebc7365	Merge pull request #1392 from cfstras/patch-1 DNS-Manual: better documentation in script	2018-03-16 18:29:24 +08:00
Claus F. Strasburger	a8b62261f6	Documentation: what to do when using dns-manual Change the hint that tells you how to use DNS manual (second run needs to be --renew)	2018-03-16 11:21:03 +01:00
neil	47eb913c22	Merge pull request #1142 from maomihz/dev Fix problem that digitalocean api failed to remove record	2018-03-16 17:16:48 +08:00
Ivar Larsson	7a46293f7a	loopia documentation	2018-03-15 10:55:31 -04:00
Rid	6b26d2b62d	Fixed grammatical errors	2018-03-15 09:50:54 +00:00
Ivar Larsson	cac3b3ea35	add dns_loopia	2018-03-14 12:32:02 -04:00
neil	dff4d03bd4	Merge pull request #1376 from Neilpang/dev sync	2018-03-14 22:12:11 +08:00
neilpang	28d83d42e2	remove tls mode from doc https://github.com/Neilpang/acme.sh/issues/1322	2018-03-14 22:09:34 +08:00
neilpang	38f1b4d205	fix wildcard interpretation	2018-03-14 22:03:58 +08:00
neilpang	931d19eece	fix for wildcard domain interpretation	2018-03-14 21:56:40 +08:00
neilpang	88bbe55b85	fix wrong wildcard domain interpretation	2018-03-14 21:54:32 +08:00
neilpang	dd17124ec6	fix error	2018-03-14 21:45:16 +08:00
neilpang	674b50889e	fix wildcard domains	2018-03-14 21:42:12 +08:00
neilpang	263c38caec	add more debug info	2018-03-14 21:27:29 +08:00
neilpang	3881f22192	fix https://github.com/Neilpang/acme.sh/issues/1375 add more info	2018-03-14 21:20:27 +08:00
neilpang	664446631f	add debug info	2018-03-14 20:52:18 +08:00
neilpang	c5f1cca3a0	fix https://github.com/Neilpang/acme.sh/issues/1372	2018-03-14 20:30:51 +08:00
neil	a7407097e1	Merge pull request #1374 from Neilpang/master sync	2018-03-14 20:13:14 +08:00
neil	14bb60c61f	Merge pull request #1370 from anabis/patch-1 fix syntax error missing space	2018-03-14 20:11:55 +08:00
neilpang	749c0e51e6	start 2.7.8	2018-03-14 19:42:02 +08:00
anabis	0f120c41f1	fix syntax error missing space	2018-03-14 11:05:57 +01:00
martgras	224e0c298a	Fix missing success return value from dns_azure_add/rm	2018-03-12 11:50:28 +01:00
MaomiHz	c1f8ffa386	Use [0-9] instead	2018-01-17 21:39:13 -06:00
MaomiHz	9c4f7aa688	check for env var exist in DigitalOcean API	2017-12-11 16:33:44 -06:00
MaomiHz	e75b56073b	Fix digitalocean api not remove record	2017-12-11 16:33:42 -06:00