Adds dnsapi support for Simply.com

Added World4You DNS API
2025-12-26 05:22:10 +08:00 · 2020-12-23 21:00:58 +08:00 · 2020-12-23 21:00:57 +08:00 · 2020-12-23 21:00:49 +08:00 · 2020-12-23 21:00:40 +08:00 · 2020-12-23 21:00:32 +08:00
76 changed files with 5826 additions and 1485 deletions
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@@ -0,0 +1,211 @@
+name: DNS
+on:
+  push:
+    branches:
+      - 'dev'
+    paths:
+      - 'dnsapi/*.sh'
+      - '.github/workflows/DNS.yml'
+  pull_request:
+    branches:
+      - 'dev'
+    paths:
+      - 'dnsapi/*.sh'
+      - '.github/workflows/DNS.yml'
+
+
+jobs:
+  CheckToken:
+    runs-on: ubuntu-latest
+    outputs:
+      hasToken: ${{ steps.step_one.outputs.hasToken }}
+    steps:
+      - name: Set the value
+        id: step_one
+        run: |
+          if [ "${{secrets.TokenName1}}" ] ; then
+            echo "::set-output name=hasToken::true"
+          else
+            echo "::set-output name=hasToken::false"
+          fi
+      - name: Check the value
+        run: echo ${{ steps.step_one.outputs.hasToken }}
+
+  Fail:
+    runs-on: ubuntu-latest
+    needs: CheckToken
+    if: "contains(needs.CheckToken.outputs.hasToken, 'false')"
+    steps:
+    - name: "Read this:   https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
+      run: |
+        echo "Plese see this page to fix the error: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
+    - name: Fail
+      if: "github.actor != 'Neilpang'"
+      run: false
+
+  Docker:
+    runs-on: ubuntu-latest
+    needs: CheckToken
+    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
+    env:
+      TEST_DNS : ${{ secrets.TEST_DNS }}
+      TestingDomain: ${{ secrets.TestingDomain }}
+      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
+      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
+      CASE: le_test_dnsapi
+      TEST_LOCAL: 1
+      DEBUG: 1
+    steps:
+    - uses: actions/checkout@v2
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Set env file
+      run: |
+        cd ../acmetest 
+        if [ "${{ secrets.TokenName1}}" ] ; then
+          echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list
+        fi
+        if [ "${{ secrets.TokenName2}}" ] ; then
+          echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list
+        fi
+        if [ "${{ secrets.TokenName3}}" ] ; then
+          echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list
+        fi
+        if [ "${{ secrets.TokenName4}}" ] ; then
+          echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list
+        fi
+        if [ "${{ secrets.TokenName5}}" ] ; then
+          echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list
+        fi
+        echo "TEST_DNS_NO_WILDCARD" >> env.list 
+        echo "TEST_DNS_SLEEP" >> env.list
+    - name: Run acmetest
+      run: cd ../acmetest && ./rundocker.sh  testall
+
+  MacOS:
+    runs-on: macos-latest
+    needs: Docker
+    env:
+      TEST_DNS : ${{ secrets.TEST_DNS }}
+      TestingDomain: ${{ secrets.TestingDomain }}
+      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
+      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
+      CASE: le_test_dnsapi
+      TEST_LOCAL: 1
+      DEBUG: 1
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install tools
+      run:  brew install socat
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      run: |
+        if [ "${{ secrets.TokenName1}}" ] ; then
+          export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
+        fi
+        if [ "${{ secrets.TokenName2}}" ] ; then
+          export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}
+        fi
+        if [ "${{ secrets.TokenName3}}" ] ; then
+          export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}
+        fi
+        if [ "${{ secrets.TokenName4}}" ] ; then
+          export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}
+        fi
+        if [ "${{ secrets.TokenName5}}" ] ; then
+          export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}
+        fi
+        cd ../acmetest
+        ./letest.sh
+
+  Windows:
+    runs-on: windows-latest
+    needs: MacOS
+    env:
+      TEST_DNS : ${{ secrets.TEST_DNS }}
+      TestingDomain: ${{ secrets.TestingDomain }}
+      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
+      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
+      CASE: le_test_dnsapi
+      TEST_LOCAL: 1
+      DEBUG: 1
+    steps:
+    - name: Set git to use LF
+      run: |
+          git config --global core.autocrlf false
+    - uses: actions/checkout@v2
+    - name: Install cygwin base packages with chocolatey
+      run: |
+          choco config get cacheLocation
+          choco install --no-progress cygwin
+      shell: cmd
+    - name: Install cygwin additional packages
+      run: |
+          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
+      shell: cmd
+    - name: Set ENV
+      shell: cmd
+      run: |
+          echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      shell: cmd
+      run: |
+        if [ "${{ secrets.TokenName1}}" ] ; then
+          set ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
+        fi
+        if [ "${{ secrets.TokenName2}}" ] ; then
+          set ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}
+        fi
+        if [ "${{ secrets.TokenName3}}" ] ; then
+          set ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}
+        fi
+        if [ "${{ secrets.TokenName4}}" ] ; then
+          set ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}
+        fi
+        if [ "${{ secrets.TokenName5}}" ] ; then
+          set ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}
+        fi
+        cd ../acmetest
+        bash.exe -c ./letest.sh
+
+  Solaris:
+    runs-on: macos-latest
+    needs: FreeBSD
+    env:
+      TEST_DNS : ${{ secrets.TEST_DNS }}
+      TestingDomain: ${{ secrets.TestingDomain }}
+      TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
+      TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
+      CASE: le_test_dnsapi
+      TEST_LOCAL: 1
+      DEBUG: 1
+    steps:
+    - uses: actions/checkout@v2
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - uses: vmactions/solaris-vm@v0.0.1
+      with:
+        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
+        prepare: pkgutil -y -i socat curl
+        run: |
+          if [ "${{ secrets.TokenName1}}" ] ; then
+            export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
+          fi
+          if [ "${{ secrets.TokenName2}}" ] ; then
+            export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}
+          fi
+          if [ "${{ secrets.TokenName3}}" ] ; then
+            export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}
+          fi
+          if [ "${{ secrets.TokenName4}}" ] ; then
+            export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}
+          fi
+          if [ "${{ secrets.TokenName5}}" ] ; then
+            export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}
+          fi
+          cd ../acmetest
+          ./letest.sh
+
--- a/.github/workflows/LetsEncrypt.yml
+++ b/.github/workflows/LetsEncrypt.yml
@@ -0,0 +1,146 @@
+name: LetsEncrypt
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '**.sh'
+      - '**.yml'
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '**.sh'
+      - '**.yml'
+
+
+jobs:
+  CheckToken:
+    runs-on: ubuntu-latest
+    outputs:
+      hasToken: ${{ steps.step_one.outputs.hasToken }}
+    env: 
+      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
+    steps:
+      - name: Set the value
+        id: step_one
+        run: |
+          if [ "$NGROK_TOKEN" ] ; then
+            echo "::set-output name=hasToken::true"
+          else
+            echo "::set-output name=hasToken::false"
+          fi
+      - name: Check the value
+        run: echo ${{ steps.step_one.outputs.hasToken }}
+
+  Ubuntu:
+    runs-on: ubuntu-latest
+    needs: CheckToken
+    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
+    env:
+      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
+      TEST_LOCAL: 1
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install tools
+      run: sudo apt-get install -y socat
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      run: cd ../acmetest && sudo --preserve-env ./letest.sh
+
+  MacOS:
+    runs-on: macos-latest
+    needs: Ubuntu
+    env:
+      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
+      TEST_LOCAL: 1
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install tools
+      run:  brew update && brew install socat;
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      run: cd ../acmetest && sudo --preserve-env ./letest.sh
+
+  Windows:
+    runs-on: windows-latest
+    needs: MacOS
+    env:
+      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
+      TEST_LOCAL: 1
+      #The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port.
+      Le_HTTPPort: 8888
+    steps:
+    - name: Set git to use LF
+      run: |
+          git config --global core.autocrlf false
+    - uses: actions/checkout@v2
+    - name: Install cygwin base packages with chocolatey
+      run: |
+          choco config get cacheLocation
+          choco install --no-progress cygwin
+      shell: cmd
+    - name: Install cygwin additional packages
+      run: |
+          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
+      shell: cmd
+    - name: Set ENV
+      shell: cmd
+      run: |
+          echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
+    - name: Check ENV
+      shell: cmd
+      run: |
+          echo "PATH=%PATH%"
+    - name: Clone acmetest
+      shell: cmd
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      shell: cmd
+      run: cd ../acmetest && bash.exe -c ./letest.sh
+
+  FreeBSD:
+    runs-on: macos-latest
+    needs: Windows
+    env:
+      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
+      TEST_LOCAL: 1
+    steps:
+    - uses: actions/checkout@v2
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - uses: vmactions/freebsd@main
+      with:
+        envs: 'NGROK_TOKEN TEST_LOCAL'
+        prepare: pkg install -y socat
+        run: |
+          cd ../acmetest && ./letest.sh
+
+  Solaris:
+    runs-on: macos-latest
+    needs: FreeBSD
+    env:
+      NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
+      TEST_LOCAL: 1
+    steps:
+    - uses: actions/checkout@v2
+    - uses: vmactions/ngrok-tunnel@v0.0.1
+      id: ngrok
+      with:
+        protocol: http
+        port: 8080
+    - name: Set envs
+      run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - uses: vmactions/solaris-vm@v0.0.1
+      with:
+        envs: 'TEST_LOCAL TestingDomain'
+        nat: |
+          "8080": "80"
+        prepare: pkgutil -y -i socat curl
+        run: |
+          cd ../acmetest && ./letest.sh
+
--- a/.github/workflows/PebbleStrict.yml
+++ b/.github/workflows/PebbleStrict.yml
@@ -0,0 +1,39 @@
+name: PebbleStrict
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '**.sh'
+      - '**.yml'
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '**.sh'
+      - '**.yml'
+
+jobs:
+  PebbleStrict:
+    runs-on: ubuntu-latest
+    env:
+      TestingDomain: example.com
+      TestingAltDomains: www.example.com
+      ACME_DIRECTORY: https://localhost:14000/dir
+      HTTPS_INSECURE: 1
+      Le_HTTPPort: 5002
+      TEST_LOCAL: 1
+      TEST_CA: "Pebble Intermediate CA"
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install tools
+      run: sudo apt-get install -y socat
+    - name: Run Pebble
+      run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
+    - name: Set up Pebble
+      run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
+    - name: Clone acmetest
+      run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
+    - name: Run acmetest
+      run: cd ../acmetest && ./letest.sh
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@@ -2,15 +2,65 @@
 name: Build DockerHub
 on:
  push:
-    branches: [ master, dev ]
+    branches:
+      - '*'
+    tags:
+      - '*'
    
 jobs:
+  CheckToken:
+    runs-on: ubuntu-latest
+    outputs:
+      hasToken: ${{ steps.step_one.outputs.hasToken }}
+    env: 
+      DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }}
+    steps:
+      - name: Set the value
+        id: step_one
+        run: |
+          if [ "$DOCKER_PASSWORD" ] ; then
+            echo "::set-output name=hasToken::true"
+          else
+            echo "::set-output name=hasToken::false"
+          fi
+      - name: Check the value
+        run: echo ${{ steps.step_one.outputs.hasToken }}
+        
  build:
    runs-on: ubuntu-latest
+    needs: CheckToken
+    if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
    steps:
-    - name: trigger
-      run: curl -X POST https://hub.docker.com/api/build/v1/source/1813a660-2ee5-4583-a238-dd54e9a6ebac/trigger/c8cd9f1f-f269-45bc-9750-a08327257f62/call/
-    
-    
+      - name: checkout code
+        uses: actions/checkout@v2
+      - name: install buildx
+        id: buildx
+        uses: crazy-max/ghaction-docker-buildx@v3
+        with:
+          buildx-version: latest
+          qemu-version: latest
+      - name: login to docker hub
+        run: |
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+      - name: build and push the image
+        run: |
+          DOCKER_IMAGE=neilpang/acme.sh

+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/}
+          fi

+          if [[ $GITHUB_REF == refs/heads/* ]]; then
+            DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/}
+
+            if [[ $DOCKER_IMAGE_TAG == master ]]; then
+              DOCKER_IMAGE_TAG=latest
+              AUTO_UPGRADE=1
+            fi
+          fi
+
+          docker buildx build \
+            --tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
+            --output "type=image,push=true" \
+            --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
+            --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x .
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -0,0 +1,33 @@
+name: Shellcheck
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - '**.sh'
+      - '**.yml'
+  pull_request:
+    branches:
+      - dev
+    paths:
+      - '**.sh'
+      - '**.yml'
+
+jobs:
+  ShellCheck:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install Shellcheck
+      run: sudo apt-get install -y shellcheck
+    - name: DoShellcheck
+      run: shellcheck -V  && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK"
+
+  shfmt:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install shfmt
+      run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
+    - name: shfmt
+      run: ~/shfmt -l -w -i 2 . ; git diff --exit-code && echo "shfmt OK"
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,37 +0,0 @@
-language: shell
-dist: trusty
-
-os:
-  - linux
-  - osx
-
-services:
-  - docker
-
-env:
-  global:
-    - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64
-
-
-install:
-  - if [ "$TRAVIS_OS_NAME" = 'osx' ]; then
-      brew update && brew install socat;
-      export PATH="/usr/local/opt/openssl@1.1/bin:$PATH" ;
-    fi
-
-script:
-  - echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)"
-  - command -V openssl && openssl version
-  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi
-  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi
-  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi
-  - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi
-  - cd ..
-  - git clone --depth 1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest
-  - if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi
-  - if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi
-
-matrix:
-  fast_finish: true
-
-
--- a/8
+++ b/8
@@ -1,4 +1,4 @@
-FROM alpine:3.10
+FROM alpine:3.12

 RUN apk update -f \
  && apk --no-cache add -f \
@@ -7,6 +7,7 @@ RUN apk update -f \
  coreutils \
  bind-tools \
  curl \
+  sed \
  socat \
  tzdata \
  oath-toolkit-oathtool \
@@ -15,7 +16,9 @@ RUN apk update -f \

 ENV LE_CONFIG_HOME /acme.sh

-ENV AUTO_UPGRADE 1
+ARG AUTO_UPGRADE=1
+
+ENV AUTO_UPGRADE $AUTO_UPGRADE

 #Install
 ADD ./ /install_acme.sh/
@@ -52,6 +55,7 @@ RUN for verb in help \
  deactivate \
  deactivate-account \
  set-notify \
+  set-default-ca \
  ; do \
    printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
  ; done
--- a/README.md
+++ b/README.md
@@ -1,13 +1,24 @@
-# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)
+# An ACME Shell script: acme.sh 
+
+![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
+![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
+![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
+![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
+
+
+<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> 
+[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
+[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
+
+

-<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 - An ACME protocol client written purely in Shell (Unix shell) language.
 - Full ACME protocol implementation.
 - Support ACME v1 and ACME v2
 - Support ACME v2 wildcard certs
 - Simple, powerful and very easy to use. You only need 3 minutes to learn it.
 - Bash, dash and sh compatible.
- Simplest shell script for Let's Encrypt free certificate client.
 - Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
 - Just one script to issue, renew and install your certificates automatically.
 - DOES NOT require `root/sudoer` access.
@@ -29,7 +40,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
 # Who:
 - [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/)
 - [ruby-china.org](https://ruby-china.org/topics/31983)
- [Proxmox](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer))
+- [Proxmox](https://pve.proxmox.com/wiki/Certificate_Management)
 - [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89)
 - [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt)
 - [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty)
@@ -46,27 +57,27 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)

 | NO | Status| Platform|
 |----|-------|---------|
-|1|[![](https://acmesh-official.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Ubuntu
-|2|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Debian
-|3|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|CentOS
-|4|[![](https://acmesh-official.github.io/acmetest/status/windows-cygwin.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included)
-|5|[![](https://acmesh-official.github.io/acmetest/status/freebsd.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|FreeBSD
-|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|pfsense
-|7|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|openSUSE
-|8|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Alpine Linux (with curl)
-|9|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Archlinux
-|10|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|fedora
-|11|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Kali Linux
-|12|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Oracle Linux
-|13|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration#Let.27s_Encrypt_using_acme.sh
-|14|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
-|15|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|OpenBSD
-|16|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Mageia
-|17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
-|18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|SunOS/Solaris
-|19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Gentoo Linux
-|20|[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)|Mac OSX
-|21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|ClearLinux
+|1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX
+|2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included)
+|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD
+|4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris
+|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu
+|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense
+|7|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD
+|8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian
+|9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS
+|10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE
+|11|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Alpine Linux (with curl)
+|12|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Archlinux
+|13|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|fedora
+|14|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Kali Linux
+|15|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Oracle Linux
+|16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
+|17|-----| Cloud Linux  https://github.com/acmesh-official/acme.sh/issues/111
+|18|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Mageia
+|19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
+|20|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux
+|21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux

 For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest):

@@ -75,6 +86,7 @@ https://github.com/acmesh-official/acmetest
 # Supported CA

 - Letsencrypt.org CA(default)
+- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)
 - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
 - [Pebble strict Mode](https://github.com/letsencrypt/pebble)

@@ -246,7 +258,7 @@ More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-ce

 **(requires you to be root/sudoer, since it is required to interact with Apache server)**

-If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`.
+If you are running a web server, it is recommended to use the `Webroot mode`.

 Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder.

@@ -266,7 +278,7 @@ More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-ce

 **(requires you to be root/sudoer, since it is required to interact with Nginx server)**

-If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`.
+If you are running a web server, it is recommended to use the `Webroot mode`.

 Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder.

@@ -300,7 +312,7 @@ https://github.com/acmesh-official/acme.sh/wiki/dnsapi

 See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first.

-If your dns provider doesn't support any api access, you can add the txt record by your hand.
+If your dns provider doesn't support any api access, you can add the txt record by hand.

 ```bash
 acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
--- a/acme.sh
+++ b/acme.sh
--- a/deploy/cleverreach.sh
+++ b/deploy/cleverreach.sh
@@ -0,0 +1,70 @@
+#!/usr/bin/env sh
+# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API.
+# Your OAuth needs the right scope, please contact CleverReach support for that.
+#
+# Written by Jan-Philipp Benecke <github@bnck.me>
+# Public domain, 2020
+#
+# Following environment variables must be set:
+#
+#export DEPLOY_CLEVERREACH_CLIENT_ID=myid
+#export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret
+
+cleverreach_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  _getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID
+  _getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET
+
+  if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then
+    _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID."
+    return 1
+  fi
+  if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then
+    _err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET."
+    return 1
+  fi
+
+  _savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}"
+  _savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}"
+
+  _info "Obtaining a CleverReach access token"
+
+  _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}"
+  _auth_result="$(_post "$_data" "https://rest.cleverreach.com/oauth/token.php" "" "POST" "application/json")"
+
+  _debug _data "$_data"
+  _debug _auth_result "$_auth_result"
+
+  _regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$"
+  _debug _regex "$_regex"
+  _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p")
+
+  _info "Uploading certificate and key to CleverReach"
+
+  _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}"
+  export _H1="Authorization: Bearer ${_access_token}"
+  _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl" "" "POST" "application/json")"
+
+  _debug "Destroying token at CleverReach"
+  _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json"
+
+  if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then
+    _info "Uploaded certificate successfully"
+    return 0
+  else
+    _debug _add_cert_result "$_add_cert_result"
+    _err "Unable to update certificate"
+    return 1
+  fi
+}
--- a/deploy/docker.sh
+++ b/deploy/docker.sh
@@ -91,7 +91,7 @@ docker_deploy() {
  _getdeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD
  _debug2 DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
  if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
-    _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
+    _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" "base64"
  fi

  _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")"
@@ -275,6 +275,7 @@ _check_curl_version() {

  if [ "$_major$_minor" -lt "740" ]; then
    _err "curl v$_cversion doesn't support unit socket"
+    _err "Please upgrade to curl 7.40 or later."
    return 1
  fi
  if [ "$_major$_minor" -lt "750" ]; then
--- a/deploy/exim4.sh
+++ b/deploy/exim4.sh
@@ -69,8 +69,8 @@ exim4_deploy() {
    cp "$_exim4_conf" "$_backup_conf"

    _info "Modify exim4 conf: $_exim4_conf"
-    if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" \
-      && _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
+    if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" &&
+      _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
      _info "Set config success!"
    else
      _err "Config exim4 server error, please report bug to us."
--- a/deploy/fritzbox.sh
+++ b/deploy/fritzbox.sh
@@ -28,9 +28,11 @@ fritzbox_deploy() {
  _debug _cfullchain "$_cfullchain"

  if ! _exists iconv; then
-    if ! _exists perl; then
-      _err "iconv or perl not found"
-      return 1
+    if ! _exists uconv; then
+      if ! _exists perl; then
+        _err "iconv or uconv or perl not found"
+        return 1
+      fi
    fi
  fi

@@ -64,9 +66,11 @@ fritzbox_deploy() {
  _info "Log in to the FRITZ!Box"
  _fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')"
  if _exists iconv; then
-    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | md5sum | awk '{print $1}')"
+    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)"
+  elif _exists uconv; then
+    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | uconv -f ASCII -t UTF16LE | _digest md5 hex)"
  else
-    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | md5sum | awk '{print $1}')"
+    _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)"
  fi
  _fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')"

--- a/deploy/kong.sh
+++ b/deploy/kong.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
-# If certificate already exist it will update only cert and key not touching other parameter
-# If certificate  doesn't exist it will only upload cert and key and not set other parameter
+# If certificate already exists it will update only cert and key, not touching other parameters
+# If certificate doesn't exist it will only upload cert and key, and not set other parameters
 # Note that we deploy full chain
 # Written by Geoffroi Genot <ggenot@voxbone.com>

--- a/deploy/mailcow.sh
+++ b/deploy/mailcow.sh
@@ -27,26 +27,43 @@ mailcow_deploy() {
    return 1
  fi

-  _ssl_path="${_mailcow_path}/data/assets/ssl/"
+  #Tests if _ssl_path is the mailcow root directory.
+  if [ -f "${_mailcow_path}/generate_config.sh" ]; then
+    _ssl_path="${_mailcow_path}/data/assets/ssl/"
+  else
+    _ssl_path="${_mailcow_path}"
+  fi
+
  if [ ! -d "$_ssl_path" ]; then
    _err "Cannot find mailcow ssl path: $_ssl_path"
    return 1
  fi

+  # ECC or RSA
+  if [ -z "${Le_Keylength}" ]; then
+    Le_Keylength=""
+  fi
+  if _isEccKey "${Le_Keylength}"; then
+    _info "ECC key type detected"
+    _cert_name_prefix="ecdsa-"
+  else
+    _info "RSA key type detected"
+    _cert_name_prefix=""
+  fi
  _info "Copying key and cert"
-  _real_key="$_ssl_path/key.pem"
+  _real_key="$_ssl_path/${_cert_name_prefix}key.pem"
  if ! cat "$_ckey" >"$_real_key"; then
    _err "Error: write key file to: $_real_key"
    return 1
  fi

-  _real_fullchain="$_ssl_path/cert.pem"
+  _real_fullchain="$_ssl_path/${_cert_name_prefix}cert.pem"
  if ! cat "$_cfullchain" >"$_real_fullchain"; then
    _err "Error: write cert file to: $_real_fullchain"
    return 1
  fi

-  DEFAULT_MAILCOW_RELOAD="cd ${_mailcow_path} && docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow"
+  DEFAULT_MAILCOW_RELOAD="docker restart $(docker ps -qaf name=postfix-mailcow); docker restart $(docker ps -qaf name=nginx-mailcow); docker restart $(docker ps -qaf name=dovecot-mailcow)"
  _reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}"

  _info "Run reload: $_reload"
--- a/deploy/openstack.sh
+++ b/deploy/openstack.sh
@@ -0,0 +1,262 @@
+#!/usr/bin/env sh
+
+# OpenStack Barbican deploy hook
+#
+# This requires you to have OpenStackClient and python-barbicanclient
+# installed.
+#
+# You will require Keystone V3 credentials loaded into your environment, which
+# could be either password or v3applicationcredential type.
+#
+# Author: Andy Botting <andy@andybotting.com>
+
+openstack_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  if ! _exists openstack; then
+    _err "OpenStack client not found"
+    return 1
+  fi
+
+  _openstack_credentials || return $?
+
+  _info "Generate import pkcs12"
+  _import_pkcs12="$(_mktemp)"
+  if ! _openstack_to_pkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca"; then
+    _err "Error creating pkcs12 certificate"
+    return 1
+  fi
+  _debug _import_pkcs12 "$_import_pkcs12"
+  _base64_pkcs12=$(_base64 "multiline" <"$_import_pkcs12")
+
+  secretHrefs=$(_openstack_get_secrets)
+  _debug secretHrefs "$secretHrefs"
+  _openstack_store_secret || return $?
+
+  if [ -n "$secretHrefs" ]; then
+    _info "Cleaning up existing secret"
+    _openstack_delete_secrets || return $?
+  fi
+
+  _info "Certificate successfully deployed"
+  return 0
+}
+
+_openstack_store_secret() {
+  if ! openstack secret store --name "$_cdomain." -t 'application/octet-stream' -e base64 --payload "$_base64_pkcs12"; then
+    _err "Failed to create OpenStack secret"
+    return 1
+  fi
+  return
+}
+
+_openstack_delete_secrets() {
+  echo "$secretHrefs" | while read -r secretHref; do
+    _info "Deleting old secret $secretHref"
+    if ! openstack secret delete "$secretHref"; then
+      _err "Failed to delete OpenStack secret"
+      return 1
+    fi
+  done
+  return
+}
+
+_openstack_get_secrets() {
+  if ! secretHrefs=$(openstack secret list -f value --name "$_cdomain." | cut -d' ' -f1); then
+    _err "Failed to list secrets"
+    return 1
+  fi
+  echo "$secretHrefs"
+}
+
+_openstack_to_pkcs() {
+  # The existing _toPkcs command can't allow an empty password, due to sh
+  # -z test, so copied here and forcing the empty password.
+  _cpfx="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+
+  ${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca" -password "pass:"
+}
+
+_openstack_credentials() {
+  _debug "Check OpenStack credentials"
+
+  # If we have OS_AUTH_URL already set in the environment, then assume we want
+  # to use those, otherwise use stored credentials
+  if [ -n "$OS_AUTH_URL" ]; then
+    _debug "OS_AUTH_URL env var found, using environment"
+  else
+    _debug "OS_AUTH_URL not found, loading stored credentials"
+    OS_AUTH_URL="${OS_AUTH_URL:-$(_readaccountconf_mutable OS_AUTH_URL)}"
+    OS_IDENTITY_API_VERSION="${OS_IDENTITY_API_VERSION:-$(_readaccountconf_mutable OS_IDENTITY_API_VERSION)}"
+    OS_AUTH_TYPE="${OS_AUTH_TYPE:-$(_readaccountconf_mutable OS_AUTH_TYPE)}"
+    OS_APPLICATION_CREDENTIAL_ID="${OS_APPLICATION_CREDENTIAL_ID:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID)}"
+    OS_APPLICATION_CREDENTIAL_SECRET="${OS_APPLICATION_CREDENTIAL_SECRET:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET)}"
+    OS_USERNAME="${OS_USERNAME:-$(_readaccountconf_mutable OS_USERNAME)}"
+    OS_PASSWORD="${OS_PASSWORD:-$(_readaccountconf_mutable OS_PASSWORD)}"
+    OS_PROJECT_NAME="${OS_PROJECT_NAME:-$(_readaccountconf_mutable OS_PROJECT_NAME)}"
+    OS_PROJECT_ID="${OS_PROJECT_ID:-$(_readaccountconf_mutable OS_PROJECT_ID)}"
+    OS_USER_DOMAIN_NAME="${OS_USER_DOMAIN_NAME:-$(_readaccountconf_mutable OS_USER_DOMAIN_NAME)}"
+    OS_USER_DOMAIN_ID="${OS_USER_DOMAIN_ID:-$(_readaccountconf_mutable OS_USER_DOMAIN_ID)}"
+    OS_PROJECT_DOMAIN_NAME="${OS_PROJECT_DOMAIN_NAME:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_NAME)}"
+    OS_PROJECT_DOMAIN_ID="${OS_PROJECT_DOMAIN_ID:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_ID)}"
+  fi
+
+  # Check each var and either save or clear it depending on whether its set.
+  # The helps us clear out old vars in the case where a user may want
+  # to switch between password and app creds
+  _debug "OS_AUTH_URL" "$OS_AUTH_URL"
+  if [ -n "$OS_AUTH_URL" ]; then
+    export OS_AUTH_URL
+    _saveaccountconf_mutable OS_AUTH_URL "$OS_AUTH_URL"
+  else
+    unset OS_AUTH_URL
+    _clearaccountconf SAVED_OS_AUTH_URL
+  fi
+
+  _debug "OS_IDENTITY_API_VERSION" "$OS_IDENTITY_API_VERSION"
+  if [ -n "$OS_IDENTITY_API_VERSION" ]; then
+    export OS_IDENTITY_API_VERSION
+    _saveaccountconf_mutable OS_IDENTITY_API_VERSION "$OS_IDENTITY_API_VERSION"
+  else
+    unset OS_IDENTITY_API_VERSION
+    _clearaccountconf SAVED_OS_IDENTITY_API_VERSION
+  fi
+
+  _debug "OS_AUTH_TYPE" "$OS_AUTH_TYPE"
+  if [ -n "$OS_AUTH_TYPE" ]; then
+    export OS_AUTH_TYPE
+    _saveaccountconf_mutable OS_AUTH_TYPE "$OS_AUTH_TYPE"
+  else
+    unset OS_AUTH_TYPE
+    _clearaccountconf SAVED_OS_AUTH_TYPE
+  fi
+
+  _debug "OS_APPLICATION_CREDENTIAL_ID" "$OS_APPLICATION_CREDENTIAL_ID"
+  if [ -n "$OS_APPLICATION_CREDENTIAL_ID" ]; then
+    export OS_APPLICATION_CREDENTIAL_ID
+    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID "$OS_APPLICATION_CREDENTIAL_ID"
+  else
+    unset OS_APPLICATION_CREDENTIAL_ID
+    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_ID
+  fi
+
+  _secure_debug "OS_APPLICATION_CREDENTIAL_SECRET" "$OS_APPLICATION_CREDENTIAL_SECRET"
+  if [ -n "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
+    export OS_APPLICATION_CREDENTIAL_SECRET
+    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET "$OS_APPLICATION_CREDENTIAL_SECRET"
+  else
+    unset OS_APPLICATION_CREDENTIAL_SECRET
+    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_SECRET
+  fi
+
+  _debug "OS_USERNAME" "$OS_USERNAME"
+  if [ -n "$OS_USERNAME" ]; then
+    export OS_USERNAME
+    _saveaccountconf_mutable OS_USERNAME "$OS_USERNAME"
+  else
+    unset OS_USERNAME
+    _clearaccountconf SAVED_OS_USERNAME
+  fi
+
+  _secure_debug "OS_PASSWORD" "$OS_PASSWORD"
+  if [ -n "$OS_PASSWORD" ]; then
+    export OS_PASSWORD
+    _saveaccountconf_mutable OS_PASSWORD "$OS_PASSWORD"
+  else
+    unset OS_PASSWORD
+    _clearaccountconf SAVED_OS_PASSWORD
+  fi
+
+  _debug "OS_PROJECT_NAME" "$OS_PROJECT_NAME"
+  if [ -n "$OS_PROJECT_NAME" ]; then
+    export OS_PROJECT_NAME
+    _saveaccountconf_mutable OS_PROJECT_NAME "$OS_PROJECT_NAME"
+  else
+    unset OS_PROJECT_NAME
+    _clearaccountconf SAVED_OS_PROJECT_NAME
+  fi
+
+  _debug "OS_PROJECT_ID" "$OS_PROJECT_ID"
+  if [ -n "$OS_PROJECT_ID" ]; then
+    export OS_PROJECT_ID
+    _saveaccountconf_mutable OS_PROJECT_ID "$OS_PROJECT_ID"
+  else
+    unset OS_PROJECT_ID
+    _clearaccountconf SAVED_OS_PROJECT_ID
+  fi
+
+  _debug "OS_USER_DOMAIN_NAME" "$OS_USER_DOMAIN_NAME"
+  if [ -n "$OS_USER_DOMAIN_NAME" ]; then
+    export OS_USER_DOMAIN_NAME
+    _saveaccountconf_mutable OS_USER_DOMAIN_NAME "$OS_USER_DOMAIN_NAME"
+  else
+    unset OS_USER_DOMAIN_NAME
+    _clearaccountconf SAVED_OS_USER_DOMAIN_NAME
+  fi
+
+  _debug "OS_USER_DOMAIN_ID" "$OS_USER_DOMAIN_ID"
+  if [ -n "$OS_USER_DOMAIN_ID" ]; then
+    export OS_USER_DOMAIN_ID
+    _saveaccountconf_mutable OS_USER_DOMAIN_ID "$OS_USER_DOMAIN_ID"
+  else
+    unset OS_USER_DOMAIN_ID
+    _clearaccountconf SAVED_OS_USER_DOMAIN_ID
+  fi
+
+  _debug "OS_PROJECT_DOMAIN_NAME" "$OS_PROJECT_DOMAIN_NAME"
+  if [ -n "$OS_PROJECT_DOMAIN_NAME" ]; then
+    export OS_PROJECT_DOMAIN_NAME
+    _saveaccountconf_mutable OS_PROJECT_DOMAIN_NAME "$OS_PROJECT_DOMAIN_NAME"
+  else
+    unset OS_PROJECT_DOMAIN_NAME
+    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_NAME
+  fi
+
+  _debug "OS_PROJECT_DOMAIN_ID" "$OS_PROJECT_DOMAIN_ID"
+  if [ -n "$OS_PROJECT_DOMAIN_ID" ]; then
+    export OS_PROJECT_DOMAIN_ID
+    _saveaccountconf_mutable OS_PROJECT_DOMAIN_ID "$OS_PROJECT_DOMAIN_ID"
+  else
+    unset OS_PROJECT_DOMAIN_ID
+    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_ID
+  fi
+
+  if [ "$OS_AUTH_TYPE" = "v3applicationcredential" ]; then
+    # Application Credential auth
+    if [ -z "$OS_APPLICATION_CREDENTIAL_ID" ] || [ -z "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
+      _err "When using OpenStack application credentials, OS_APPLICATION_CREDENTIAL_ID"
+      _err "and OS_APPLICATION_CREDENTIAL_SECRET must be set."
+      _err "Please check your credentials and try again."
+      return 1
+    fi
+  else
+    # Password auth
+    if [ -z "$OS_USERNAME" ] || [ -z "$OS_PASSWORD" ]; then
+      _err "OpenStack username or password not found."
+      _err "Please check your credentials and try again."
+      return 1
+    fi
+
+    if [ -z "$OS_PROJECT_NAME" ] && [ -z "$OS_PROJECT_ID" ]; then
+      _err "When using password authentication, OS_PROJECT_NAME or"
+      _err "OS_PROJECT_ID must be set."
+      _err "Please check your credentials and try again."
+      return 1
+    fi
+  fi
+
+  return 0
+}
--- a/deploy/ssh.sh
+++ b/deploy/ssh.sh
@@ -33,10 +33,7 @@ ssh_deploy() {
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
-  _err_code=0
-  _cmdstr=""
-  _backupprefix=""
-  _backupdir=""
+  _deploy_ssh_servers=""

  if [ -f "$DOMAIN_CONF" ]; then
    # shellcheck disable=SC1090
@@ -102,6 +99,18 @@ ssh_deploy() {
    _cleardomainconf Le_Deploy_ssh_multi_call
  fi

+  _deploy_ssh_servers=$Le_Deploy_ssh_server
+  for Le_Deploy_ssh_server in $_deploy_ssh_servers; do
+    _ssh_deploy
+  done
+}
+
+_ssh_deploy() {
+  _err_code=0
+  _cmdstr=""
+  _backupprefix=""
+  _backupdir=""
+
  _info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server"
  if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then
    _info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host"
@@ -186,8 +195,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
  fi
  if [ -n "$Le_Deploy_ssh_cafile" ]; then
    _pipe=">"
-    if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] \
-      || [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
+    if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] ||
+      [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
      # if filename is same as previous file then append.
      _pipe=">>"
    elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
@@ -213,9 +222,9 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
  fi
  if [ -n "$Le_Deploy_ssh_fullchain" ]; then
    _pipe=">"
-    if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] \
-      || [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] \
-      || [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
+    if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] ||
+      [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] ||
+      [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
      # if filename is same as previous file then append.
      _pipe=">>"
    elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -21,10 +21,6 @@

 ########  Public functions #####################

-_syno_get_cookie_data() {
-  grep "\W$1=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
-}
-
 #domain keyfile certfile cafile fullchain
 synology_dsm_deploy() {

@@ -40,9 +36,7 @@ synology_dsm_deploy() {
  _getdeployconf SYNO_Password
  _getdeployconf SYNO_Create
  _getdeployconf SYNO_DID
-  if [ -z "$SYNO_Username" ] || [ -z "$SYNO_Password" ]; then
-    SYNO_Username=""
-    SYNO_Password=""
+  if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then
    _err "SYNO_Username & SYNO_Password must be set"
    return 1
  fi
@@ -70,47 +64,56 @@ synology_dsm_deploy() {

  # Get the certificate description, but don't save it until we verfiy it's real
  _getdeployconf SYNO_Certificate
-  if [ -z "${SYNO_Certificate:?}" ]; then
-    _err "SYNO_Certificate needs to be defined (with the Certificate description name)"
-    return 1
-  fi
-  _debug SYNO_Certificate "$SYNO_Certificate"
+  _debug SYNO_Certificate "${SYNO_Certificate:-}"

  _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
  _debug _base_url "$_base_url"

+  _debug "Getting API version"
+  response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
+  api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
+  _debug3 response "$response"
+  _debug3 api_version "$api_version"
+
  # Login, get the token from JSON and session id from cookie
  _info "Logging into $SYNO_Hostname:$SYNO_Port"
-  response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes&device_id=$SYNO_DID")
-  token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
+  encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
+  encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
+
+  if [ -n "$SYNO_DID" ]; then
+    _H1="Cookie: did=$SYNO_DID"
+    export _H1
+    _debug3 H1 "${_H1}"
+  fi
+
+  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
+  token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
  _debug3 response "$response"
+  _debug token "$token"

  if [ -z "$token" ]; then
    _err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
    _err "Check your username and password."
    return 1
  fi
+  sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')

-  _H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")"
-  _H2="X-SYNO-TOKEN: $token"
+  _H1="X-SYNO-TOKEN: $token"
  export _H1
-  export _H2
  _debug2 H1 "${_H1}"
-  _debug2 H2 "${_H2}"

  # Now that we know the username and password are good, save them
  _savedeployconf SYNO_Username "$SYNO_Username"
  _savedeployconf SYNO_Password "$SYNO_Password"
  _savedeployconf SYNO_DID "$SYNO_DID"
-  _debug token "$token"

  _info "Getting certificates in Synology DSM"
-  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi")
+  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
  _debug3 response "$response"
  id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
  _debug2 id "$id"

-  if [ -z "$id" ] && [ -z "${SYNO_Create:?}" ]; then
+  if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then
    _err "Unable to find certificate: $SYNO_Certificate and \$SYNO_Create is not set"
    return 1
  fi
@@ -125,11 +128,11 @@ synology_dsm_deploy() {
  _debug2 default "$default"

  _info "Generate form POST request"
-  nl="\015\012"
+  nl="\0015\0012"
  delim="--------------------------$(_utc_date | tr -d -- '-: ')"
-  content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\012"
-  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\012"
-  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\012"
+  content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012"
+  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012"
+  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}${default}"
@@ -138,7 +141,7 @@ synology_dsm_deploy() {
  content="${content%_}" # protect trailing \n

  _info "Upload certificate to the Synology DSM"
-  response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}")
+  response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
  _debug3 response "$response"

  if ! echo "$response" | grep '"error":' >/dev/null; then
--- a/deploy/vault.sh
+++ b/deploy/vault.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env sh
+
+# Here is a script to deploy cert to hashicorp vault using curl
+# (https://www.vaultproject.io/)
+#
+# it requires following environment variables:
+#
+# VAULT_PREFIX - this contains the prefix path in vault
+# VAULT_ADDR - vault requires this to find your vault server
+#
+# additionally, you need to ensure that VAULT_TOKEN is avialable
+# to access the vault server
+
+#returns 0 means success, otherwise error.
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+vault_deploy() {
+
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  # validate required env vars
+  _getdeployconf VAULT_PREFIX
+  if [ -z "$VAULT_PREFIX" ]; then
+    _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
+    return 1
+  fi
+  _savedeployconf VAULT_PREFIX "$VAULT_PREFIX"
+
+  _getdeployconf VAULT_ADDR
+  if [ -z "$VAULT_ADDR" ]; then
+    _err "VAULT_ADDR needs to be defined (contains vault connection address)"
+    return 1
+  fi
+  _savedeployconf VAULT_ADDR "$VAULT_ADDR"
+
+  # JSON does not allow multiline strings.
+  # So replacing new-lines with "\n" here
+  _ckey=$(sed -z 's/\n/\\n/g' <"$2")
+  _ccert=$(sed -z 's/\n/\\n/g' <"$3")
+  _cca=$(sed -z 's/\n/\\n/g' <"$4")
+  _cfullchain=$(sed -z 's/\n/\\n/g' <"$5")
+
+  URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain"
+  export _H1="X-Vault-Token: $VAULT_TOKEN"
+
+  if [ -n "$FABIO" ]; then
+    _post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL"
+  else
+    _post "{\"value\": \"$_ccert\"}" "$URL/cert.pem"
+    _post "{\"value\": \"$_ckey\"}" "$URL/cert.key"
+    _post "{\"value\": \"$_cca\"}" "$URL/chain.pem"
+    _post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem"
+  fi
+
+}
--- a/deploy/vault_cli.sh
+++ b/deploy/vault_cli.sh
@@ -43,7 +43,7 @@ vault_cli_deploy() {
    return 1
  fi

-  VAULT_CMD=$(which vault)
+  VAULT_CMD=$(command -v vault)
  if [ ! $? ]; then
    _err "cannot find vault binary!"
    return 1
--- a/deploy/vsftpd.sh
+++ b/deploy/vsftpd.sh
@@ -65,9 +65,9 @@ vsftpd_deploy() {
    cp "$_vsftpd_conf" "$_backup_conf"

    _info "Modify vsftpd conf: $_vsftpd_conf"
-    if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" \
-      && _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" \
-      && _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
+    if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" &&
+      _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" &&
+      _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
      _info "Set config success!"
    else
      _err "Config vsftpd server error, please report bug to us."
--- a/dnsapi/dns_1984hosting.sh
+++ b/dnsapi/dns_1984hosting.sh
@@ -3,7 +3,7 @@
 #So, here must be a method dns_1984hosting_add()
 #Which will be called by acme.sh to add the txt record to your api system.
 #returns 0 means success, otherwise error.
-#
+
 #Author: Adrian Fedoreanu
 #Report Bugs here: https://github.com/acmesh-official/acme.sh
 # or here... https://github.com/acmesh-official/acme.sh/issues/2851
@@ -40,8 +40,35 @@ dns_1984hosting_add() {
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"

-  _1984hosting_add_txt_record "$_domain" "$_sub_domain" "$txtvalue"
-  return $?
+  _debug "Add TXT record $fulldomain with value '$txtvalue'"
+  value="$(printf '%s' "$txtvalue" | _url_encode)"
+  url="https://management.1984hosting.com/domains/entry/"
+
+  postdata="entry=new"
+  postdata="$postdata&type=TXT"
+  postdata="$postdata&ttl=3600"
+  postdata="$postdata&zone=$_domain"
+  postdata="$postdata&host=$_sub_domain"
+  postdata="$postdata&rdata=%22$value%22"
+  _debug2 postdata "$postdata"
+
+  _authpost "$postdata" "$url"
+  response="$(echo "$_response" | _normalizeJson)"
+  _debug2 response "$response"
+
+  if _contains "$response" '"haserrors": true'; then
+    _err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
+    return 1
+  elif _contains "$response" "<html>"; then
+    _err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
+    return 1
+  elif _contains "$response" '"auth": false'; then
+    _err "1984Hosting failed to add TXT record for $_sub_domain. Invalid or expired cookie"
+    return 1
+  fi
+
+  _info "Added acme challenge TXT record for $fulldomain at 1984Hosting"
+  return 0
 }

 #Usage: fulldomain txtvalue
@@ -67,57 +94,10 @@ dns_1984hosting_rm() {
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"

-  _1984hosting_delete_txt_record "$_domain" "$_sub_domain"
-  return $?
-}
-
-####################  Private functions below ##################################
-
-# usage _1984hosting_add_txt_record domain subdomain value
-# returns 0 success
-_1984hosting_add_txt_record() {
-  _debug "Add TXT record $1 with value '$3'"
-  domain="$1"
-  subdomain="$2"
-  value="$(printf '%s' "$3" | _url_encode)"
-  url="https://management.1984hosting.com/domains/entry/"
-
-  postdata="entry=new"
-  postdata="$postdata&type=TXT"
-  postdata="$postdata&ttl=3600"
-  postdata="$postdata&zone=$domain"
-  postdata="$postdata&host=$subdomain"
-  postdata="$postdata&rdata=%22$value%22"
-  _debug2 postdata "$postdata"
-
-  _authpost "$postdata" "$url"
-  response="$(echo "$_response" | _normalizeJson)"
-  _debug2 response "$response"
-
-  if _contains "$response" '"haserrors": true'; then
-    _err "1984Hosting failed to add TXT record for $subdomain bad RC from _post"
-    return 1
-  elif _contains "$response" "<html>"; then
-    _err "1984Hosting failed to add TXT record for $subdomain. Check $HTTP_HEADER file"
-    return 1
-  elif [ "$response" = '{"auth": false, "ok": false}' ]; then
-    _err "1984Hosting failed to add TXT record for $subdomain. Invalid or expired cookie"
-    return 1
-  fi
-
-  _info "Added acme challenge TXT record for $fulldomain at 1984Hosting"
-  return 0
-}
-
-# usage _1984hosting_delete_txt_record entry_id
-# returns 0 success
-_1984hosting_delete_txt_record() {
  _debug "Delete $fulldomain TXT record"
-  domain="$1"
-  subdomain="$2"
  url="https://management.1984hosting.com/domains"

-  _htmlget "$url" "$domain"
+  _htmlget "$url" "$_domain"
  _debug2 _response "$_response"
  zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')"
  _debug2 zone_id "$zone_id"
@@ -126,7 +106,7 @@ _1984hosting_delete_txt_record() {
    return 1
  fi

-  _htmlget "$url/$zone_id" "$subdomain"
+  _htmlget "$url/$zone_id" "$_sub_domain"
  _debug2 _response "$_response"
  entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')"
  _debug2 entry_id "$entry_id"
@@ -148,6 +128,8 @@ _1984hosting_delete_txt_record() {
  return 0
 }

+####################  Private functions below ##################################
+
 # usage: _1984hosting_login username password
 # returns 0 success
 _1984hosting_login() {
@@ -167,8 +149,8 @@ _1984hosting_login() {
  response="$(echo "$response" | _normalizeJson)"
  _debug2 response "$response"

-  if [ "$response" = '{"loggedin": true, "ok": true}' ]; then
-    One984HOSTING_COOKIE="$(grep '^Set-Cookie:' "$HTTP_HEADER" | _tail_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
+  if _contains "$response" '"loggedin": true'; then
+    One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _tail_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
    export One984HOSTING_COOKIE
    _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE"
    return 0
@@ -196,7 +178,7 @@ _check_cookie() {

  _authget "https://management.1984hosting.com/accounts/loginstatus/"
  response="$(echo "$_response" | _normalizeJson)"
-  if [ "$_response" = '{"ok": true}' ]; then
+  if _contains "$response" '"ok": true'; then
    _debug "Cached cookie still valid"
    return 0
  fi
--- a/dnsapi/dns_ali.sh
+++ b/dnsapi/dns_ali.sh
@@ -181,6 +181,7 @@ _describe_records_query() {

 _clean() {
  _check_exist_query "$_domain" "$_sub_domain"
+  # do not correct grammar here
  if ! _ali_rest "Check exist records" "ignore"; then
    return 1
  fi
--- a/dnsapi/dns_anx.sh
+++ b/dnsapi/dns_anx.sh
@@ -0,0 +1,150 @@
+#!/usr/bin/env sh
+
+# Anexia CloudDNS acme.sh hook
+# Author: MA
+
+#ANX_Token="xxxx"
+
+ANX_API='https://engine.anexia-it.com/api/clouddns/v1'
+
+########  Public functions #####################
+
+dns_anx_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using ANX CDNS API"
+
+  ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if [ "$ANX_Token" ]; then
+    _saveaccountconf_mutable ANX_Token "$ANX_Token"
+  else
+    _err "You didn't specify a ANEXIA Engine API token."
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  # Always add records, wildcard need two records with the same name
+  _anx_rest POST "zone.json/${_domain}/records" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"rdata\":\"$txtvalue\"}"
+  if _contains "$response" "$txtvalue"; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+dns_anx_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using ANX CDNS API"
+
+  ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
+
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _get_record_id
+
+  if _is_uuid "$_record_id"; then
+    if ! _anx_rest DELETE "zone.json/${_domain}/records/$_record_id"; then
+      _err "Delete record"
+      return 1
+    fi
+  else
+    _info "No record found."
+  fi
+  echo "$response" | tr -d " " | grep \"status\":\"OK\" >/dev/null
+}
+
+####################  Private functions below ##################################
+
+_is_uuid() {
+  pattern='^\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\}?$'
+  if echo "$1" | _egrep_o "$pattern" >/dev/null; then
+    return 0
+  fi
+  return 1
+}
+
+_get_record_id() {
+  _debug subdomain "$_sub_domain"
+  _debug domain "$_domain"
+
+  if _anx_rest GET "zone.json/${_domain}/records?name=$_sub_domain&type=TXT"; then
+    _debug response "$response"
+    if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then
+      _record_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"identifier\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
+    else
+      _record_id=''
+    fi
+  else
+    _err "Search existing record"
+  fi
+}
+
+_anx_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+
+  export _H1="Content-Type: application/json"
+  export _H2="Authorization: Token $ANX_Token"
+
+  if [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "${ANX_API}/$ep" "" "$m")"
+  else
+    response="$(_get "${ANX_API}/$ep")"
+  fi
+
+  # shellcheck disable=SC2181
+  if [ "$?" != "0" ]; then
+    _err "error $ep"
+    return 1
+  fi
+  _debug response "$response"
+  return 0
+}
+
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+
+  _anx_rest GET "zone.json"
+
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    if _contains "$response" "\"name\":\"$h\""; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain=$h
+      return 0
+    fi
+
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
--- a/dnsapi/dns_arvan.sh
+++ b/dnsapi/dns_arvan.sh
@@ -5,7 +5,7 @@
 ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains"

 #Author: Ehsan Aliakbar
-#Report Bugs here: https://github.com/Neilpang/acme.sh 
+#Report Bugs here: https://github.com/Neilpang/acme.sh
 #
 ########  Public functions #####################

--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -222,21 +222,21 @@ _use_instance_role() {

 _use_metadata() {
  _aws_creds="$(
-    _get "$1" "" 1 \
-      | _normalizeJson \
-      | tr '{,}' '\n' \
-      | while read -r _line; do
+    _get "$1" "" 1 |
+      _normalizeJson |
+      tr '{,}' '\n' |
+      while read -r _line; do
        _key="$(echo "${_line%%:*}" | tr -d '"')"
        _value="${_line#*:}"
        _debug3 "_key" "$_key"
        _secure_debug3 "_value" "$_value"
        case "$_key" in
-          AccessKeyId) echo "AWS_ACCESS_KEY_ID=$_value" ;;
-          SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;;
-          Token) echo "AWS_SESSION_TOKEN=$_value" ;;
+        AccessKeyId) echo "AWS_ACCESS_KEY_ID=$_value" ;;
+        SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;;
+        Token) echo "AWS_SESSION_TOKEN=$_value" ;;
        esac
-      done \
-        | paste -sd' ' -
+      done |
+      paste -sd' ' -
  )"
  _secure_debug "_aws_creds" "$_aws_creds"

--- a/dnsapi/dns_azure.sh
+++ b/dnsapi/dns_azure.sh
@@ -172,7 +172,7 @@ dns_azure_rm() {
  _azure_rest GET "$acmeRecordURI" "" "$accesstoken"
  timestamp="$(_time)"
  if [ "$_code" = "200" ]; then
-    vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v "$txtvalue")"
+    vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v -- "$txtvalue")"
    values=""
    comma=""
    for v in $vlist; do
@@ -220,7 +220,7 @@ _azure_rest() {
    export _H2="accept: application/json"
    export _H3="Content-Type: application/json"
    # clear headers from previous request to avoid getting wrong http code on timeouts
-    :>"$HTTP_HEADER"
+    : >"$HTTP_HEADER"
    _debug "$ep"
    if [ "$m" != "GET" ]; then
      _secure_debug2 "data $data"
--- a/dnsapi/dns_cloudns.sh
+++ b/dnsapi/dns_cloudns.sh
@@ -69,7 +69,7 @@ dns_cloudns_rm() {
  for i in $(echo "$response" | tr '{' "\n" | grep "$record"); do
    record_id=$(echo "$i" | tr ',' "\n" | grep -E '^"id"' | sed -re 's/^\"id\"\:\"([0-9]+)\"$/\1/g')

-    if [ ! -z "$record_id" ]; then
+    if [ -n "$record_id" ]; then
      _debug zone "$zone"
      _debug host "$host"
      _debug record "$record"
@@ -91,7 +91,7 @@ dns_cloudns_rm() {

 ####################  Private functions below ##################################
 _dns_cloudns_init_check() {
-  if [ ! -z "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then
+  if [ -n "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then
    return 0
  fi

@@ -164,7 +164,7 @@ _dns_cloudns_http_api_call() {
  _debug CLOUDNS_SUB_AUTH_ID "$CLOUDNS_SUB_AUTH_ID"
  _debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD"

-  if [ ! -z "$CLOUDNS_SUB_AUTH_ID" ]; then
+  if [ -n "$CLOUDNS_SUB_AUTH_ID" ]; then
    auth_user="sub-auth-id=$CLOUDNS_SUB_AUTH_ID"
  else
    auth_user="auth-id=$CLOUDNS_AUTH_ID"
--- a/dnsapi/dns_conoha.sh
+++ b/dnsapi/dns_conoha.sh
@@ -115,9 +115,9 @@ dns_conoha_rm() {
    return 1
  fi

-  record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' \
-    | grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" \
-    | _head_n 1 | cut -d : -f 2 | tr -d \")
+  record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
+    grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
+    _head_n 1 | cut -d : -f 2 | tr -d \")
  if [ -z "$record_id" ]; then
    _err "Can not get record id to remove."
    return 1
--- a/dnsapi/dns_cyon.sh
+++ b/dnsapi/dns_cyon.sh
@@ -18,23 +18,23 @@
 ########

 dns_cyon_add() {
-  _cyon_load_credentials \
-    && _cyon_load_parameters "$@" \
-    && _cyon_print_header "add" \
-    && _cyon_login \
-    && _cyon_change_domain_env \
-    && _cyon_add_txt \
-    && _cyon_logout
+  _cyon_load_credentials &&
+    _cyon_load_parameters "$@" &&
+    _cyon_print_header "add" &&
+    _cyon_login &&
+    _cyon_change_domain_env &&
+    _cyon_add_txt &&
+    _cyon_logout
 }

 dns_cyon_rm() {
-  _cyon_load_credentials \
-    && _cyon_load_parameters "$@" \
-    && _cyon_print_header "delete" \
-    && _cyon_login \
-    && _cyon_change_domain_env \
-    && _cyon_delete_txt \
-    && _cyon_logout
+  _cyon_load_credentials &&
+    _cyon_load_parameters "$@" &&
+    _cyon_print_header "delete" &&
+    _cyon_login &&
+    _cyon_change_domain_env &&
+    _cyon_delete_txt &&
+    _cyon_logout
 }

 #########################
@@ -66,7 +66,7 @@ _cyon_load_credentials() {
  _debug "Save credentials to account.conf"
  _saveaccountconf CY_Username "${CY_Username}"
  _saveaccountconf CY_Password_B64 "$CY_Password_B64"
-  if [ ! -z "${CY_OTP_Secret}" ]; then
+  if [ -n "${CY_OTP_Secret}" ]; then
    _saveaccountconf CY_OTP_Secret "$CY_OTP_Secret"
  else
    _clearaccountconf CY_OTP_Secret
@@ -164,7 +164,7 @@ _cyon_login() {
  # todo: instead of just checking if the env variable is defined, check if we actually need to do a 2FA auth request.

  # 2FA authentication with OTP?
-  if [ ! -z "${CY_OTP_Secret}" ]; then
+  if [ -n "${CY_OTP_Secret}" ]; then
    _info "  - Authorising with OTP code..."

    if ! _exists oathtool; then
--- a/dnsapi/dns_da.sh
+++ b/dnsapi/dns_da.sh
@@ -115,23 +115,23 @@ _da_api() {
  _debug response "$response"

  case "${cmd}" in
-    CMD_API_DNS_CONTROL)
-      # Parse the result in general
-      # error=0&text=Records Deleted&details=
-      # error=1&text=Cannot View Dns Record&details=No domain provided
-      err_field="$(_getfield "$response" 1 '&')"
-      txt_field="$(_getfield "$response" 2 '&')"
-      details_field="$(_getfield "$response" 3 '&')"
-      error="$(_getfield "$err_field" 2 '=')"
-      text="$(_getfield "$txt_field" 2 '=')"
-      details="$(_getfield "$details_field" 2 '=')"
-      _debug "error: ${error}, text: ${text}, details: ${details}"
-      if [ "$error" != "0" ]; then
-        _err "error $response"
-        return 1
-      fi
-      ;;
-    CMD_API_SHOW_DOMAINS) ;;
+  CMD_API_DNS_CONTROL)
+    # Parse the result in general
+    # error=0&text=Records Deleted&details=
+    # error=1&text=Cannot View Dns Record&details=No domain provided
+    err_field="$(_getfield "$response" 1 '&')"
+    txt_field="$(_getfield "$response" 2 '&')"
+    details_field="$(_getfield "$response" 3 '&')"
+    error="$(_getfield "$err_field" 2 '=')"
+    text="$(_getfield "$txt_field" 2 '=')"
+    details="$(_getfield "$details_field" 2 '=')"
+    _debug "error: ${error}, text: ${text}, details: ${details}"
+    if [ "$error" != "0" ]; then
+      _err "error $response"
+      return 1
+    fi
+    ;;
+  CMD_API_SHOW_DOMAINS) ;;
  esac
  return 0
 }
--- a/dnsapi/dns_desec.sh
+++ b/dnsapi/dns_desec.sh
@@ -61,7 +61,7 @@ dns_desec_add() {
  fi
  _debug txtvalues "$txtvalues"
  _info "Adding record"
-  body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":60}]"
+  body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]"

  if _desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body"; then
    if _contains "$response" "$txtvalue"; then
@@ -130,7 +130,7 @@ dns_desec_rm() {
  _debug txtvalues "$txtvalues"

  _info "Deleting record"
-  body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":60}]"
+  body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]"
  _desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body"
  if [ "$_code" = "200" ]; then
    _info "Deleted, OK"
--- a/dnsapi/dns_dgon.sh
+++ b/dnsapi/dns_dgon.sh
@@ -22,7 +22,7 @@ dns_dgon_add() {
  txtvalue=$2

  DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
-  # Check if API Key Exist
+  # Check if API Key Exists
  if [ -z "$DO_API_KEY" ]; then
    DO_API_KEY=""
    _err "You did not specify DigitalOcean API key."
@@ -77,7 +77,7 @@ dns_dgon_rm() {
  txtvalue=$2

  DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
-  # Check if API Key Exist
+  # Check if API Key Exists
  if [ -z "$DO_API_KEY" ]; then
    DO_API_KEY=""
    _err "You did not specify DigitalOcean API key."
@@ -122,12 +122,12 @@ dns_dgon_rm() {
    ## check for what we are looking for: "type":"A","name":"$_sub_domain"
    record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"

-    if [ ! -z "$record" ]; then
+    if [ -n "$record" ]; then

      ## we found records
      rec_ids="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
      _debug rec_ids "$rec_ids"
-      if [ ! -z "$rec_ids" ]; then
+      if [ -n "$rec_ids" ]; then
        echo "$rec_ids" | while IFS= read -r rec_id; do
          ## delete the record
          ## delete URL for removing the one we dont want
@@ -218,7 +218,7 @@ _get_base_domain() {
      ## we got part of a domain back - grep it out
      found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")"
      ## check if it exists
-      if [ ! -z "$found" ]; then
+      if [ -n "$found" ]; then
        ## exists - exit loop returning the parts
        sub_point=$(_math $i - 1)
        _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point")
--- a/dnsapi/dns_do.sh
+++ b/dnsapi/dns_do.sh
@@ -67,14 +67,14 @@ _dns_do_list_rrs() {
    _err "getRRList origin ${_domain} failed"
    return 1
  fi
-  _rr_list="$(echo "${response}" \
-    | tr -d "\n\r\t" \
-    | sed -e 's/<item xsi:type="ns2:Map">/\n/g' \
-    | grep ">$(_regexcape "$fulldomain")</value>" \
-    | sed -e 's/<\/item>/\n/g' \
-    | grep '>id</key><value' \
-    | _egrep_o '>[0-9]{1,16}<' \
-    | tr -d '><')"
+  _rr_list="$(echo "${response}" |
+    tr -d "\n\r\t" |
+    sed -e 's/<item xsi:type="ns2:Map">/\n/g' |
+    grep ">$(_regexcape "$fulldomain")</value>" |
+    sed -e 's/<\/item>/\n/g' |
+    grep '>id</key><value' |
+    _egrep_o '>[0-9]{1,16}<' |
+    tr -d '><')"
  [ "${_rr_list}" ]
 }

@@ -120,10 +120,10 @@ _get_root() {
  i=1

  _dns_do_soap getDomainList
-  _all_domains="$(echo "${response}" \
-    | tr -d "\n\r\t " \
-    | _egrep_o 'domain</key><value[^>]+>[^<]+' \
-    | sed -e 's/^domain<\/key><value[^>]*>//g')"
+  _all_domains="$(echo "${response}" |
+    tr -d "\n\r\t " |
+    _egrep_o 'domain</key><value[^>]+>[^<]+' |
+    sed -e 's/^domain<\/key><value[^>]*>//g')"

  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
--- a/dnsapi/dns_dpi.sh
+++ b/dnsapi/dns_dpi.sh
@@ -75,7 +75,7 @@ dns_dpi_rm() {
    return 1
  fi

-  _contains "$response" "Action completed successful"
+  _contains "$response" "Operation successful"

 }

@@ -93,7 +93,7 @@ add_record() {
    return 1
  fi

-  _contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists"
+  _contains "$response" "Operation successful" || _contains "$response" "Domain record already exists"
 }

 ####################  Private functions below ##################################
@@ -117,7 +117,7 @@ _get_root() {
      return 1
    fi

-    if _contains "$response" "Action completed successful"; then
+    if _contains "$response" "Operation successful"; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
      _debug _domain_id "$_domain_id"
      if [ "$_domain_id" ]; then
--- a/dnsapi/dns_duckdns.sh
+++ b/dnsapi/dns_duckdns.sh
@@ -91,13 +91,12 @@ dns_duckdns_rm() {

 ####################  Private functions below ##################################

-#fulldomain=_acme-challenge.domain.duckdns.org
-#returns
-# _duckdns_domain=domain
+# fulldomain may be 'domain.duckdns.org' (if using --domain-alias) or '_acme-challenge.domain.duckdns.org'
+# either way, return 'domain'. (duckdns does not allow further subdomains and restricts domains to [a-z0-9-].)
 _duckdns_get_domain() {

  # We'll extract the domain/username from full domain
-  _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '[.][^.][^.]*[.]duckdns.org' | cut -d . -f 2)"
+  _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?[a-z0-9-]*\.duckdns\.org' | sed 's/^\(_acme-challenge\.\)\{0,1\}\([a-z0-9-]*\)\.duckdns\.org/\2/')"

  if [ -z "$_duckdns_domain" ]; then
    _err "Error extracting the domain."
@@ -113,16 +112,21 @@ _duckdns_rest() {
  param="$2"
  _debug param "$param"
  url="$DuckDNS_API?$param"
+  if [ "$DEBUG" -gt 0 ]; then
+    url="$url&verbose=true"
+  fi
  _debug url "$url"

  # DuckDNS uses GET to update domain info
  if [ "$method" = "GET" ]; then
    response="$(_get "$url")"
+    _debug2 response "$response"
+    if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then
+      response="OK"
+    fi
  else
    _err "Unsupported method"
    return 1
  fi
-
-  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_dynu.sh
+++ b/dnsapi/dns_dynu.sh
@@ -216,6 +216,10 @@ _dynu_authentication() {
    _err "Authentication failed."
    return 1
  fi
+  if _contains "$response" "Authentication Exception"; then
+    _err "Authentication failed."
+    return 1
+  fi
  if _contains "$response" "access_token"; then
    Dynu_Token=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2)
  fi
--- a/dnsapi/dns_dynv6.sh
+++ b/dnsapi/dns_dynv6.sh
@@ -13,14 +13,18 @@ dns_dynv6_add() {
  _debug txtvalue "$txtvalue"
  _get_keyfile
  _info "using keyfile $dynv6_keyfile"
-  _get_domain "$fulldomain"
  _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
-  if ! _contains "$_your_hosts" "$_host"; then
-    _debug "The host is $_host and the record $_record"
-    _debug "Dynv6 returned $_your_hosts"
-    _err "The host $_host does not exists on your dynv6 account"
-    return 1
+
+  if ! _get_domain "$fulldomain" "$_your_hosts"; then
+  	_err "Host not found on your account"
+  	return 1
  fi
+#  if ! _contains "$_your_hosts" "$_host"; then
+#    _debug "The host is $_host and the record $_record"
+#    _debug "Dynv6 returned $_your_hosts"
+#    _err "The host $_host does not exists on your dynv6 account"
+#    return 1
+#  fi
  _debug "found host on your account"
  returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")"
  _debug "Dynv6 returend this after record was added: $returnval"
@@ -44,14 +48,17 @@ dns_dynv6_rm() {
  _debug txtvalue "$txtvalue"
  _get_keyfile
  _info "using keyfile $dynv6_keyfile"
-  _get_domain "$fulldomain"
  _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
-  if ! _contains "$_your_hosts" "$_host"; then
-    _debug "The host is $_host and the record $_record"
-    _debug "Dynv6 returned $_your_hosts"
-    _err "The host $_host does not exists on your dynv6 account"
-    return 1
+  if ! _get_domain "$fulldomain" "$_your_hosts"; then
+  	_err "Host not found on your account"
+  	return 1
  fi
+#  if ! _contains "$_your_hosts" "$_host"; then
+#    _debug "The host is $_host and the record $_record"
+#   _debug "Dynv6 returned $_your_hosts"
+#    _err "The host $_host does not exists on your dynv6 account"
+#    return 1
+#  fi
  _debug "found host on your account"
  _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)"
  return 0
@@ -72,29 +79,30 @@ _generate_new_key() {
    return 1
  fi
 }
-#Usage: _acme-challenge.www.example.dynv6.net
+
+#Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts"
+#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts
 #returns
 #_host= example.dynv6.net
 #_record=_acme-challenge.www
 #aborts if not a valid domain
 _get_domain() {
+  #_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)"
  _full_domain="$1"
-  _debug "getting domain for $_full_domain"
-  if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy'; then
-    _err "The hosts does not seem to be a dynv6 host"
-    return 1
-  fi
-  _record="${_full_domain%.*}"
-  _record="${_record%.*}"
-  _record="${_record%.*}"
-  _debug "The record we are ging to use is $_record"
-  _host="$_full_domain"
-  while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do
-    _host="${_host#*.}"
-  done
-  _debug "And the host is $_host"
-  return 0
+  _your_hosts="$2"

+  _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')"
+  for l in $_your_hosts; do
+  	#echo "host: $l"
+  	if test "${_full_domain#*$l}" != "$_full_domain"; then
+  	  _record="${_full_domain%.$l}"
+  	  _host=$l
+  	  _debug "The host is $_host and the record $_record"
+  	  return 0
+  	fi
+  done
+  _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key"
+  return 1
 }

 # Usage: No input required
@@ -103,7 +111,7 @@ _get_domain() {
 _get_keyfile() {
  _debug "get keyfile method called"
  dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}"
-  _debug Your key is "$dynv6_keyfile"
+  _debug "Your key is $dynv6_keyfile"
  if [ -z "$dynv6_keyfile" ]; then
    if [ -z "$KEY" ]; then
      _err "You did not specify a key to use with dynv6"
--- a/dnsapi/dns_easydns.sh
+++ b/dnsapi/dns_easydns.sh
@@ -3,7 +3,7 @@
 #######################################################
 #
 # easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh
-# 
+#
 # API Documentation: https://sandbox.rest.easydns.net:3001/
 #
 # Author: wurzelpanzer [wurzelpanzer@maximolider.net]
--- a/dnsapi/dns_edgedns.sh
+++ b/dnsapi/dns_edgedns.sh
@@ -0,0 +1,466 @@
+#!/usr/bin/env sh
+
+# Akamai Edge DNS v2  API
+# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to
+# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization
+
+# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support
+
+# Values to export:
+# --EITHER--
+# *** TBD. NOT IMPLEMENTED YET ***
+# specify Edgegrid credentials file and section
+# AKAMAI_EDGERC=<full file path>
+# AKAMAI_EDGERC_SECTION="default"
+## --OR--
+# specify indiviual credentials
+# export AKAMAI_HOST = <host>
+# export AKAMAI_ACCESS_TOKEN = <access token>
+# export AKAMAI_CLIENT_TOKEN = <client token>
+# export AKAMAI_CLIENT_SECRET = <client secret>
+
+ACME_EDGEDNS_VERSION="0.1.0"
+
+########  Public functions #####################
+
+# Usage: dns_edgedns_add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to add txt record
+#
+dns_edgedns_add() {
+  fulldomain=$1
+  txtvalue=$2
+  _debug "ENTERING DNS_EDGEDNS_ADD"
+  _debug2 "fulldomain" "$fulldomain"
+  _debug2 "txtvalue" "$txtvalue"
+
+  if ! _EDGEDNS_credentials; then
+    _err "$@"
+    return 1
+  fi
+  if ! _EDGEDNS_getZoneInfo "$fulldomain"; then
+    _err "Invalid domain"
+    return 1
+  fi
+
+  _debug2 "Add: zone" "$zone"
+  acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain")
+  _debug3 "Add URL" "$acmeRecordURI"
+  # Get existing TXT record
+  _edge_result=$(_edgedns_rest GET "$acmeRecordURI")
+  _api_status="$?"
+  _debug3 "_edge_result" "$_edge_result"
+  if [ "$_api_status" -ne 0 ]; then
+    if [ "$curResult" = "FATAL" ]; then
+      _err "$(printf "Fatal error: acme API function call : %s" "$retVal")"
+    fi
+    if [ "$_edge_result" != "404" ]; then
+      _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")"
+      return 1
+    fi
+  fi
+  rdata="\"${txtvalue}\""
+  record_op="POST"
+  if [ "$_api_status" -eq 0 ]; then
+    # record already exists. Get existing record data and update
+    record_op="PUT"
+    rdlist="${_edge_result#*\"rdata\":[}"
+    rdlist="${rdlist%%]*}"
+    rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\")
+    _debug3 "existing TXT found"
+    _debug3 "record data" "$rdlist"
+    # value already there?
+    if _contains "$rdlist" "$txtvalue"; then
+      return 0
+    fi
+    _txt_val=""
+    while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do
+      _txt_val="${rdlist%%,*}"
+      rdlist="${rdlist#*,}"
+      rdata="${rdata},\"${_txt_val}\""
+    done
+  fi
+  # Add the txtvalue TXT Record
+  body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}"
+  _debug3 "Add body '${body}'"
+  _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body")
+  _api_status="$?"
+  if [ "$_api_status" -eq 0 ]; then
+    _log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")"
+    return 0
+  else
+    _err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")"
+    return 1
+  fi
+}
+
+# Usage: dns_edgedns_rm   _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to delete txt record
+#
+dns_edgedns_rm() {
+  fulldomain=$1
+  txtvalue=$2
+  _debug "ENTERING DNS_EDGEDNS_RM"
+  _debug2 "fulldomain" "$fulldomain"
+  _debug2 "txtvalue" "$txtvalue"
+
+  if ! _EDGEDNS_credentials; then
+    _err "$@"
+    return 1
+  fi
+  if ! _EDGEDNS_getZoneInfo "$fulldomain"; then
+    _err "Invalid domain"
+    return 1
+  fi
+  _debug2 "RM: zone" "${zone}"
+  acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain")
+  _debug3 "RM URL" "$acmeRecordURI"
+  # Get existing TXT record
+  _edge_result=$(_edgedns_rest GET "$acmeRecordURI")
+  _api_status="$?"
+  if [ "$_api_status" -ne 0 ]; then
+    if [ "$curResult" = "FATAL" ]; then
+      _err "$(printf "Fatal error: acme API function call : %s" "$retVal")"
+    fi
+    if [ "$_edge_result" != "404" ]; then
+      _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")"
+      return 1
+    fi
+  fi
+  _debug3 "_edge_result" "$_edge_result"
+  record_op="DELETE"
+  body=""
+  if [ "$_api_status" -eq 0 ]; then
+    # record already exists. Get existing record data and update
+    rdlist="${_edge_result#*\"rdata\":[}"
+    rdlist="${rdlist%%]*}"
+    rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\")
+    _debug3 "rdlist" "$rdlist"
+    if [ -n "$rdlist" ]; then
+      record_op="PUT"
+      comma=""
+      rdata=""
+      _txt_val=""
+      while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do
+        _txt_val="${rdlist%%,*}"
+        rdlist="${rdlist#*,}"
+        _debug3 "_txt_val" "$_txt_val"
+        _debug3 "txtvalue" "$txtvalue"
+        if ! _contains "$_txt_val" "$txtvalue"; then
+          rdata="${rdata}${comma}\"${_txt_val}\""
+          comma=","
+        fi
+      done
+      if [ -z "$rdata" ]; then
+        record_op="DELETE"
+      else
+        # Recreate the txtvalue TXT Record
+        body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}"
+        _debug3 "body" "$body"
+      fi
+    fi
+  fi
+  _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body")
+  _api_status="$?"
+  if [ "$_api_status" -eq 0 ]; then
+    _log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")"
+    return 0
+  else
+    _err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")"
+    return 1
+  fi
+}
+
+####################  Private functions below ##################################
+
+_EDGEDNS_credentials() {
+  _debug "GettingEdge DNS credentials"
+  _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})"
+  args_missing=0
+  if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then
+    AKAMAI_ACCESS_TOKEN=""
+    AKAMAI_CLIENT_TOKEN=""
+    AKAMAI_HOST=""
+    AKAMAI_CLIENT_SECRET=""
+    _err "AKAMAI_ACCESS_TOKEN is missing"
+    args_missing=1
+  fi
+  if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then
+    AKAMAI_ACCESS_TOKEN=""
+    AKAMAI_CLIENT_TOKEN=""
+    AKAMAI_HOST=""
+    AKAMAI_CLIENT_SECRET=""
+    _err "AKAMAI_CLIENT_TOKEN is missing"
+    args_missing=1
+  fi
+  if [ -z "$AKAMAI_HOST" ]; then
+    AKAMAI_ACCESS_TOKEN=""
+    AKAMAI_CLIENT_TOKEN=""
+    AKAMAI_HOST=""
+    AKAMAI_CLIENT_SECRET=""
+    _err "AKAMAI_HOST is missing"
+    args_missing=1
+  fi
+  if [ -z "$AKAMAI_CLIENT_SECRET" ]; then
+    AKAMAI_ACCESS_TOKEN=""
+    AKAMAI_CLIENT_TOKEN=""
+    AKAMAI_HOST=""
+    AKAMAI_CLIENT_SECRET=""
+    _err "AKAMAI_CLIENT_SECRET is missing"
+    args_missing=1
+  fi
+
+  if [ "$args_missing" = 1 ]; then
+    _err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again."
+    return 1
+  else
+    _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN"
+    _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN"
+    _saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST"
+    _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET"
+    # Set whether curl should use secure or insecure mode
+  fi
+  export HTTPS_INSECURE=0 # All Edgegrid API calls are secure
+  edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST")
+  _debug3 "Edge API Endpoint:" "$edge_endpoint"
+
+}
+
+_EDGEDNS_getZoneInfo() {
+  _debug "Getting Zoneinfo"
+  zoneEnd=false
+  curZone=$1
+  while [ -n "$zoneEnd" ]; do
+    # we can strip the first part of the fulldomain, since its just the _acme-challenge string
+    curZone="${curZone#*.}"
+    # suffix . needed for zone -> domain.tld.
+    # create zone get url
+    get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone")
+    _debug3 "Zone Get: " "${get_zone_url}"
+    curResult=$(_edgedns_rest GET "$get_zone_url")
+    retVal=$?
+    if [ "$retVal" -ne 0 ]; then
+      if [ "$curResult" = "FATAL" ]; then
+        _err "$(printf "Fatal error: acme API function call : %s" "$retVal")"
+      fi
+      if [ "$curResult" != "404" ]; then
+        _err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")"
+        return 1
+      fi
+    fi
+    if _contains "$curResult" "\"zone\":"; then
+      _debug2 "Zone data" "${curResult}"
+      zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")
+      _debug3 "Zone" "${zone}"
+      zoneEnd=""
+      return 0
+    fi
+
+    if [ "${curZone#*.}" != "$curZone" ]; then
+      _debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")"
+    else
+      zoneEnd=true
+      _err "Couldn't retrieve zone data."
+      return 1
+    fi
+  done
+  _err "Failed to  retrieve zone data."
+  return 2
+}
+
+_edgedns_headers=""
+
+_edgedns_rest() {
+  _debug "Handling API Request"
+  m=$1
+  # Assume endpoint is complete path, including query args if applicable
+  ep=$2
+  body_data=$3
+  _edgedns_content_type=""
+  _request_url_path="$ep"
+  _request_body="$body_data"
+  _request_method="$m"
+  _edgedns_headers=""
+  tab=""
+  _edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}"
+  tab="\t"
+  # Set in acme.sh _post/_get
+  #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}"
+  _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*"
+  if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then
+    _edgedns_content_type="application/json"
+    _debug3 "_request_body" "$_request_body"
+    _body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}')
+    _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}"
+  fi
+  _edgedns_make_auth_header
+  _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}"
+  _secure_debug2 "Made Auth Header" "$_signed_auth_header"
+  hdr_indx=1
+  work_header="${_edgedns_headers}${tab}"
+  _debug3 "work_header" "$work_header"
+  while [ "$work_header" ]; do
+    entry="${work_header%%\\t*}"
+    work_header="${work_header#*\\t}"
+    export "$(printf "_H%s=%s" "$hdr_indx" "$entry")"
+    _debug2 "Request Header " "$entry"
+    hdr_indx=$((hdr_indx + 1))
+  done
+
+  # clear headers from previous request to avoid getting wrong http code on timeouts
+  : >"$HTTP_HEADER"
+  _debug2 "$ep"
+  if [ "$m" != "GET" ]; then
+    _debug3 "Method data" "$data"
+    # body  url [needbase64] [POST|PUT|DELETE] [ContentType]
+    response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type")
+  else
+    response=$(_get "$ep")
+  fi
+  _ret="$?"
+  if [ "$_ret" -ne 0 ]; then
+    _err "$(printf "acme.sh API function call failed. Error: %s" "$_ret")"
+    echo "FATAL"
+    return "$_ret"
+  fi
+  _debug2 "response" "${response}"
+  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
+  _debug2 "http response code" "$_code"
+  if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then
+    # All good
+    response="$(echo "${response}" | _normalizeJson)"
+    echo "$response"
+    return 0
+  fi
+
+  if [ "$_code" = "204" ]; then
+    # Success, no body
+    echo "$_code"
+    return 0
+  fi
+
+  if [ "$_code" = "400" ]; then
+    _err "Bad request presented"
+    _log "$(printf "Headers: %s" "$_edgedns_headers")"
+    _log "$(printf "Method: %s" "$_request_method")"
+    _log "$(printf "URL: %s" "$ep")"
+    _log "$(printf "Data: %s" "$data")"
+  fi
+
+  if [ "$_code" = "403" ]; then
+    _err "access denied make sure your Edgegrid cedentials are correct."
+  fi
+
+  echo "$_code"
+  return 1
+}
+
+_edgedns_eg_timestamp() {
+  _debug "Generating signature Timestamp"
+  _debug3 "Retriving ntp time"
+  _timeheaders="$(_get "https://www.ntp.org" "onlyheader")"
+  _debug3 "_timeheaders" "$_timeheaders"
+  _ntpdate="$(echo "$_timeheaders" | grep -i "Date:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")"
+  _debug3 "_ntpdate" "$_ntpdate"
+  _ntpdate="$(echo "${_ntpdate}" | sed -e 's/^[[:space:]]*//')"
+  _debug3 "_NTPDATE" "$_ntpdate"
+  _ntptime="$(echo "${_ntpdate}" | _head_n 1 | cut -d " " -f 5 | tr -d "\r\n")"
+  _debug3 "_ntptime" "$_ntptime"
+  _eg_timestamp=$(date -u "+%Y%m%dT")
+  _eg_timestamp="$(printf "%s%s+0000" "$_eg_timestamp" "$_ntptime")"
+  _debug "_eg_timestamp" "$_eg_timestamp"
+}
+
+_edgedns_new_nonce() {
+  _debug "Generating Nonce"
+  _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32)
+  _debug3 "_nonce" "$_nonce"
+}
+
+_edgedns_make_auth_header() {
+  _debug "Constructing Auth Header"
+  _edgedns_new_nonce
+  _edgedns_eg_timestamp
+  # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'"
+  _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")"
+  _secure_debug2 "Unsigned Auth Header: " "$_auth_header"
+
+  _edgedns_sign_request
+  _signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")"
+  _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}"
+}
+
+_edgedns_sign_request() {
+  _debug2 "Signing http request"
+  _edgedns_make_data_to_sign "$_auth_header"
+  _secure_debug2 "Returned signed data" "$_mdata"
+  _edgedns_make_signing_key "$_eg_timestamp"
+  _edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key"
+  _signed_req="$_hmac_out"
+  _secure_debug2 "Signed Request" "$_signed_req"
+}
+
+_edgedns_make_signing_key() {
+  _debug2 "Creating sigining key"
+  ts=$1
+  _edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET"
+  _signing_key="$_hmac_out"
+  _secure_debug2 "Signing Key" "$_signing_key"
+
+}
+
+_edgedns_make_data_to_sign() {
+  _debug2 "Processing data to sign"
+  hdr=$1
+  _secure_debug2 "hdr" "$hdr"
+  _edgedns_make_content_hash
+  path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')"
+  path="${path#*$AKAMAI_HOST}"
+  _debug "hier path" "$path"
+  # dont expose headers to sign so use MT string
+  _mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")"
+  _secure_debug2 "Data to Sign" "$_mdata"
+}
+
+_edgedns_make_content_hash() {
+  _debug2 "Generating content hash"
+  _hash=""
+  _debug2 "Request method" "${_request_method}"
+  if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then
+    return 0
+  fi
+  _debug2 "Req body" "$_request_body"
+  _edgedns_base64_sha256 "$_request_body"
+  _hash="$_sha256_out"
+  _debug2 "Content hash" "$_hash"
+}
+
+_edgedns_base64_hmac_sha256() {
+  _debug2 "Generating hmac"
+  data=$1
+  key=$2
+  encoded_data="$(echo "$data" | iconv -t utf-8)"
+  encoded_key="$(echo "$key" | iconv -t utf-8)"
+  _secure_debug2 "encoded data" "$encoded_data"
+  _secure_debug2 "encoded key" "$encoded_key"
+
+  encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ')
+  data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 "$encoded_key_hex" | _base64)"
+
+  _secure_debug2 "data_sig:" "$data_sig"
+  _hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)"
+  _secure_debug2 "hmac" "$_hmac_out"
+}
+
+_edgedns_base64_sha256() {
+  _debug2 "Creating sha256 digest"
+  trg=$1
+  _secure_debug2 "digest data" "$trg"
+  digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")"
+  _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)"
+  _secure_debug2 "digest decode" "$_sha256_out"
+}
+
+#_edgedns_parse_edgerc() {
+#  filepath=$1
+#  section=$2
+#}
--- a/dnsapi/dns_freedns.sh
+++ b/dnsapi/dns_freedns.sh
@@ -303,10 +303,10 @@ _freedns_domain_id() {
      return 1
    fi

-    domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
-      | grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" \
-      | sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' \
-      | cut -d = -f 2)"
+    domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
+      grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" |
+      sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' |
+      cut -d = -f 2)"
    # The above beauty extracts domain ID from the html page...
    # strip out all blank space and new lines. Then insert newlines
    # before each table row <tr>
@@ -349,11 +349,11 @@ _freedns_data_id() {
      return 1
    fi

-    data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
-      | grep "<td[a-zA-Z=#]*>$record_type</td>" \
-      | grep "<ahref.*>$search_domain</a>" \
-      | sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' \
-      | cut -d = -f 2)"
+    data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' |
+      grep "<td[a-zA-Z=#]*>$record_type</td>" |
+      grep "<ahref.*>$search_domain</a>" |
+      sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' |
+      cut -d = -f 2)"
    # The above beauty extracts data ID from the html page...
    # strip out all blank space and new lines. Then insert newlines
    # before each table row <tr>
--- a/dnsapi/dns_gandi_livedns.sh
+++ b/dnsapi/dns_gandi_livedns.sh
@@ -69,9 +69,9 @@ dns_gandi_livedns_rm() {

  _gandi_livedns_rest PUT \
    "domains/$_domain/records/$_sub_domain/TXT" \
-    "{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" \
-    && _contains "$response" '{"message": "DNS Record Created"}' \
-    && _info "Removing record $(__green "success")"
+    "{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
+    _contains "$response" '{"message": "DNS Record Created"}' &&
+    _info "Removing record $(__green "success")"
 }

 ####################  Private functions below ##################################
@@ -125,9 +125,9 @@ _dns_gandi_append_record() {
  fi
  _debug new_rrset_values "$_rrset_values"
  _gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
-    "{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" \
-    && _contains "$response" '{"message": "DNS Record Created"}' \
-    && _info "Adding record $(__green "success")"
+    "{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
+    _contains "$response" '{"message": "DNS Record Created"}' &&
+    _info "Adding record $(__green "success")"
 }

 _dns_gandi_existing_rrset_values() {
@@ -145,8 +145,8 @@ _dns_gandi_existing_rrset_values() {
    return 1
  fi
  _debug "Already has TXT record."
-  _rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' \
-    | _egrep_o '\[".*\"]')
+  _rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' |
+    _egrep_o '\[".*\"]')
  return 0
 }

--- a/dnsapi/dns_gcloud.sh
+++ b/dnsapi/dns_gcloud.sh
@@ -78,8 +78,8 @@ _dns_gcloud_execute_tr() {
  for i in $(seq 1 120); do
    if gcloud dns record-sets changes list \
      --zone="$managedZone" \
-      --filter='status != done' \
-      | grep -q '^.*'; then
+      --filter='status != done' |
+      grep -q '^.*'; then
      _info "_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)..."
      sleep 5
    else
@@ -137,11 +137,11 @@ _dns_gcloud_find_zone() {
  # List domains and find the zone with the deepest sub-domain (in case of some levels of delegation)
  if ! match=$(gcloud dns managed-zones list \
    --format="value(name, dnsName)" \
-    --filter="$filter" \
-    | while read -r dnsName name; do
+    --filter="$filter" |
+    while read -r dnsName name; do
      printf "%s\t%s\t%s\n" "$(echo "$name" | awk -F"." '{print NF-1}')" "$dnsName" "$name"
-    done \
-      | sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
+    done |
+    sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then
    _err "_dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?"
    return 1
  fi
--- a/dnsapi/dns_gd.sh
+++ b/dnsapi/dns_gd.sh
@@ -91,7 +91,7 @@ dns_gd_rm() {
  fi

  if ! _contains "$response" "$txtvalue"; then
-    _info "The record is not existing, skip"
+    _info "The record does not exist, skip"
    return 0
  fi

--- a/dnsapi/dns_gdnsdk.sh
+++ b/dnsapi/dns_gdnsdk.sh
@@ -157,9 +157,18 @@ _successful_update() {
 }

 _findentry() {
+  #args    $1: fulldomain, $2: txtvalue
  #returns id of dns entry, if it exists
  _myget "action=dns_primary_changeDNSsetup&user_domain=$_domain"
-  _id=$(echo "$_result" | _egrep_o "<td>$1</td>\s*<td>$2</td>[^?]*[^&]*&id=[^&]*" | sed 's/^.*=//')
+  _debug3 "_result: $_result"
+
+  _tmp_result=$(echo "$_result" | tr -d '\n\r' | _egrep_o "<td>$1</td>\s*<td>$2</td>[^?]*[^&]*&id=[^&]*")
+  _debug _tmp_result "$_tmp_result"
+  if [ -z "${_tmp_result:-}" ]; then
+    _debug "The variable is _tmp_result is not supposed to be empty, there may be something wrong with the script"
+  fi
+
+  _id=$(echo "$_tmp_result" | sed 's/^.*=//')
  if [ -n "$_id" ]; then
    _debug "Entry found with _id=$_id"
    return 0
--- a/dnsapi/dns_he.sh
+++ b/dnsapi/dns_he.sh
@@ -101,8 +101,8 @@ dns_he_rm() {
  body="$body&hosted_dns_editzone=1"
  body="$body&hosted_dns_delrecord=1"
  body="$body&hosted_dns_delconfirm=delete"
-  _post "$body" "https://dns.he.net/" \
-    | grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
+  _post "$body" "https://dns.he.net/" |
+    grep '<div id="dns_status" onClick="hideThis(this);">Successfully removed record.</div>' \
      >/dev/null
  exit_code="$?"
  if [ "$exit_code" -eq 0 ]; then
--- a/dnsapi/dns_hetzner.sh
+++ b/dnsapi/dns_hetzner.sh
@@ -0,0 +1,252 @@
+#!/usr/bin/env sh
+
+#
+#HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
+#
+
+HETZNER_Api="https://dns.hetzner.com/api/v1"
+
+########  Public functions #####################
+
+# Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to add txt record
+# Ref: https://dns.hetzner.com/api-docs/
+dns_hetzner_add() {
+  full_domain=$1
+  txt_value=$2
+
+  HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}"
+
+  if [ -z "$HETZNER_Token" ]; then
+    HETZNER_Token=""
+    _err "You didn't specify a Hetzner api token."
+    _err "You can get yours from here https://dns.hetzner.com/settings/api-token."
+    return 1
+  fi
+
+  #save the api key and email to the account conf file.
+  _saveaccountconf_mutable HETZNER_Token "$HETZNER_Token"
+
+  _debug "First detect the root zone"
+
+  if ! _get_root "$full_domain"; then
+    _err "Invalid domain"
+    return 1
+  fi
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting TXT records"
+  if ! _find_record "$_sub_domain" "$txt_value"; then
+    return 1
+  fi
+
+  if [ -z "$_record_id" ]; then
+    _info "Adding record"
+    if _hetzner_rest POST "records" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then
+      if _contains "$response" "$txt_value"; then
+        _info "Record added, OK"
+        _sleep 2
+        return 0
+      fi
+    fi
+    _err "Add txt record error${_response_error}"
+    return 1
+  else
+    _info "Found record id: $_record_id."
+    _info "Record found, do nothing."
+    return 0
+    # we could modify a record, if the names for txt records for *.example.com and example.com would be not the same
+    #if _hetzner_rest PUT "records/${_record_id}" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$full_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then
+    #  if _contains "$response" "$txt_value"; then
+    #    _info "Modified, OK"
+    #    return 0
+    #  fi
+    #fi
+    #_err "Add txt record error (modify)."
+    #return 1
+  fi
+}
+
+# Usage: full_domain txt_value
+# Used to remove the txt record after validation
+dns_hetzner_rm() {
+  full_domain=$1
+  txt_value=$2
+
+  HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}"
+
+  _debug "First detect the root zone"
+  if ! _get_root "$full_domain"; then
+    _err "Invalid domain"
+    return 1
+  fi
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting TXT records"
+  if ! _find_record "$_sub_domain" "$txt_value"; then
+    return 1
+  fi
+
+  if [ -z "$_record_id" ]; then
+    _info "Remove not needed. Record not found."
+  else
+    if ! _hetzner_rest DELETE "records/$_record_id"; then
+      _err "Delete record error${_response_error}"
+      return 1
+    fi
+    _sleep 2
+    _info "Record deleted"
+  fi
+}
+
+####################  Private functions below ##################################
+#returns
+# _record_id=a8d58f22d6931bf830eaa0ec6464bf81  if found; or 1 if error
+_find_record() {
+  unset _record_id
+  _record_name=$1
+  _record_value=$2
+
+  if [ -z "$_record_value" ]; then
+    _record_value='[^"]*'
+  fi
+
+  _debug "Getting all records"
+  _hetzner_rest GET "records?zone_id=${_domain_id}"
+
+  if _response_has_error; then
+    _err "Error${_response_error}"
+    return 1
+  else
+    _record_id=$(
+      echo "$response" |
+        grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" |
+        grep "\"value\":\"$_record_value\"" |
+        while read -r record; do
+          # test for type and
+          if [ -n "$(echo "$record" | _egrep_o '"type":"TXT"')" ]; then
+            echo "$record" | _egrep_o '"id":"[^"]*"' | cut -d : -f 2 | tr -d \"
+            break
+          fi
+        done
+    )
+  fi
+}
+
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+# _domain_id=sdjkglgdfewsdfg
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+
+  domain_without_acme=$(echo "$domain" | cut -d . -f 2-)
+  domain_param_name=$(echo "HETZNER_Zone_ID_for_${domain_without_acme}" | sed 's/[\.\-]/_/g')
+
+  _debug "Reading zone_id for '$domain_without_acme' from config..."
+  HETZNER_Zone_ID=$(_readdomainconf "$domain_param_name")
+  if [ "$HETZNER_Zone_ID" ]; then
+    _debug "Found, using: $HETZNER_Zone_ID"
+    if ! _hetzner_rest GET "zones/${HETZNER_Zone_ID}"; then
+      _debug "Zone with id '$HETZNER_Zone_ID' does not exist."
+      _cleardomainconf "$domain_param_name"
+      unset HETZNER_Zone_ID
+    else
+      if _contains "$response" "\"id\":\"$HETZNER_Zone_ID\""; then
+        _domain=$(printf "%s\n" "$response" | _egrep_o '"name":"[^"]*"' | cut -d : -f 2 | tr -d \" | head -n 1)
+        if [ "$_domain" ]; then
+          _cut_length=$((${#domain} - ${#_domain} - 1))
+          _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cut_length")
+          _domain_id="$HETZNER_Zone_ID"
+          return 0
+        else
+          return 1
+        fi
+      else
+        return 1
+      fi
+    fi
+  fi
+
+  _debug "Trying to get zone id by domain name for '$domain_without_acme'."
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+    _debug h "$h"
+
+    _hetzner_rest GET "zones?name=$h"
+
+    if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_entries":1'; then
+      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
+      if [ "$_domain_id" ]; then
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _domain=$h
+        HETZNER_Zone_ID=$_domain_id
+        _savedomainconf "$domain_param_name" "$HETZNER_Zone_ID"
+        return 0
+      fi
+      return 1
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+#returns
+# _response_error
+_response_has_error() {
+  unset _response_error
+
+  err_part="$(echo "$response" | _egrep_o '"error":{[^}]*}')"
+
+  if [ -n "$err_part" ]; then
+    err_code=$(echo "$err_part" | _egrep_o '"code":[0-9]+' | cut -d : -f 2)
+    err_message=$(echo "$err_part" | _egrep_o '"message":"[^"]+"' | cut -d : -f 2 | tr -d \")
+
+    if [ -n "$err_code" ] && [ -n "$err_message" ]; then
+      _response_error=" - message: ${err_message}, code: ${err_code}"
+      return 0
+    fi
+  fi
+
+  return 1
+}
+
+#returns
+# response
+_hetzner_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+
+  key_trimmed=$(echo "$HETZNER_Token" | tr -d \")
+
+  export _H1="Content-TType: application/json"
+  export _H2="Auth-API-Token: $key_trimmed"
+
+  if [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$HETZNER_Api/$ep" "" "$m")"
+  else
+    response="$(_get "$HETZNER_Api/$ep")"
+  fi
+
+  if [ "$?" != "0" ] || _response_has_error; then
+    _debug "Error$_response_error"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}
--- a/dnsapi/dns_hexonet.sh
+++ b/dnsapi/dns_hexonet.sh
@@ -42,7 +42,7 @@ dns_hexonet_add() {
  _debug _domain "$_domain"

  _debug "Getting txt records"
-  _hexonet_rest "&command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT"
+  _hexonet_rest "command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT"

  if ! _contains "$response" "CODE=200"; then
    _err "Error"
@@ -88,7 +88,7 @@ dns_hexonet_rm() {
  _debug _domain "$_domain"

  _debug "Getting txt records"
-  _hexonet_rest "&command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT&RR=${txtvalue}"
+  _hexonet_rest "command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT&RR=${_sub_domain}%20IN%20TXT%20\"${txtvalue}\""

  if ! _contains "$response" "CODE=200"; then
    _err "Error"
@@ -100,7 +100,7 @@ dns_hexonet_rm() {
  if [ "$count" = "0" ]; then
    _info "Don't need to remove."
  else
-    if ! _hexonet_rest "&command=UpdateDNSZone&dnszone=${_domain}.&delrr0='${_sub_domain}%20IN%20TXT%20\"${txtvalue}\""; then
+    if ! _hexonet_rest "command=UpdateDNSZone&dnszone=${_domain}.&delrr0=${_sub_domain}%20IN%20TXT%20\"${txtvalue}\""; then
      _err "Delete record error."
      return 1
    fi
@@ -126,7 +126,7 @@ _get_root() {
      return 1
    fi

-    if ! _hexonet_rest "&command=QueryDNSZoneRRList&dnszone=${h}."; then
+    if ! _hexonet_rest "command=QueryDNSZoneRRList&dnszone=${h}."; then
      return 1
    fi

--- a/dnsapi/dns_huaweicloud.sh
+++ b/dnsapi/dns_huaweicloud.sh
@@ -0,0 +1,255 @@
+#!/usr/bin/env sh
+
+# HUAWEICLOUD_Username
+# HUAWEICLOUD_Password
+# HUAWEICLOUD_ProjectID
+
+iam_api="https://iam.myhuaweicloud.com"
+dns_api="https://dns.ap-southeast-1.myhuaweicloud.com"
+
+########  Public functions #####################
+
+# Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to add txt record
+#
+# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html
+#
+
+dns_huaweicloud_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
+  HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
+  HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"
+
+  # Check information
+  if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then
+    _err "Not enough information provided to dns_huaweicloud!"
+    return 1
+  fi
+
+  token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
+  _debug2 "${token}"
+  zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
+  _debug "${zoneid}"
+
+  _debug "Adding Record"
+  _add_record "${token}" "${fulldomain}" "${txtvalue}"
+  ret="$?"
+  if [ "${ret}" != "0" ]; then
+    _err "dns_huaweicloud: Error adding record."
+    return 1
+  fi
+
+  # Do saving work if all succeeded
+  _saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}"
+  _saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}"
+  _saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}"
+  return 0
+}
+
+# Usage: fulldomain txtvalue
+# Used to remove the txt record after validation
+#
+# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html
+#
+
+dns_huaweicloud_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}"
+  HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}"
+  HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}"
+
+  # Check information
+  if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then
+    _err "Not enough information provided to dns_huaweicloud!"
+    return 1
+  fi
+
+  token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
+  _debug2 "${token}"
+  zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
+  _debug "${zoneid}"
+  record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
+  _debug "Record Set ID is: ${record_id}"
+
+  # Remove all records
+  # Therotically HuaweiCloud does not allow more than one record set
+  # But remove them recurringly to increase robusty
+  while [ "${record_id}" != "0" ]; do
+    _debug "Removing Record"
+    _rm_record "${token}" "${zoneid}" "${record_id}"
+    record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
+  done
+  return 0
+}
+
+###################  Private functions below ##################################
+
+# _get_zoneid
+#
+# _token=$1
+# _domain_string=$2
+#
+# printf "%s" "${_zoneid}"
+_get_zoneid() {
+  _token=$1
+  _domain_string=$2
+  export _H1="X-Auth-Token: ${_token}"
+
+  i=1
+  while true; do
+    h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+    _debug "$h"
+    response=$(_get "${dns_api}/v2/zones?name=${h}")
+
+    if _contains "${response}" "id"; then
+      _debug "Get Zone ID Success."
+      _zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")
+      printf "%s" "${_zoneid}"
+      return 0
+    fi
+
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_get_recordset_id() {
+  _token=$1
+  _domain=$2
+  _zoneid=$3
+  export _H1="X-Auth-Token: ${_token}"
+
+  response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
+  if _contains "${response}" "id"; then
+    _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")"
+    printf "%s" "${_id}"
+    return 0
+  fi
+  printf "%s" "0"
+  return 1
+}
+
+_add_record() {
+  _token=$1
+  _domain=$2
+  _txtvalue=$3
+
+  # Get Existing Records
+  export _H1="X-Auth-Token: ${_token}"
+  response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")
+
+  _debug2 "${response}"
+  _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g')
+  _debug "${_exist_record}"
+
+  # Check if record exist
+  # Generate body data
+  if [ -z "${_exist_record}" ]; then
+    _post_body="{
+      \"name\": \"${_domain}.\",
+      \"description\": \"ACME Challenge\",
+      \"type\": \"TXT\",
+      \"ttl\": 1,
+      \"records\": [
+        \"\\\"${_txtvalue}\\\"\"
+      ]
+    }"
+  else
+    _post_body="{
+      \"name\": \"${_domain}.\",
+      \"description\": \"ACME Challenge\",
+      \"type\": \"TXT\",
+      \"ttl\": 1,
+      \"records\": [
+        ${_exist_record},
+        \"\\\"${_txtvalue}\\\"\"
+      ]
+    }"
+  fi
+
+  _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
+  _debug "Record Set ID is: ${_record_id}"
+
+  # Remove all records
+  while [ "${_record_id}" != "0" ]; do
+    _debug "Removing Record"
+    _rm_record "${_token}" "${zoneid}" "${_record_id}"
+    _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")"
+  done
+
+  # Add brand new records with all old and new records
+  export _H2="Content-Type: application/json"
+  export _H1="X-Auth-Token: ${_token}"
+
+  _debug2 "${_post_body}"
+  _post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null
+  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
+  if [ "$_code" != "202" ]; then
+    _err "dns_huaweicloud: http code ${_code}"
+    return 1
+  fi
+  return 0
+}
+
+# _rm_record $token $zoneid $recordid
+# assume ${dns_api} exist
+# no output
+# return 0
+_rm_record() {
+  _token=$1
+  _zone_id=$2
+  _record_id=$3
+
+  export _H2="Content-Type: application/json"
+  export _H1="X-Auth-Token: ${_token}"
+
+  _post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null
+  return $?
+}
+
+_get_token() {
+  _username=$1
+  _password=$2
+  _project=$3
+
+  _debug "Getting Token"
+  body="{
+    \"auth\": {
+      \"identity\": {
+        \"methods\": [
+          \"password\"
+        ],
+        \"password\": {
+          \"user\": {
+            \"name\": \"${_username}\",
+            \"password\": \"${_password}\",
+            \"domain\": {
+              \"name\": \"${_username}\"
+            }
+          }
+        }
+      },
+      \"scope\": {
+        \"project\": {
+          \"id\": \"${_project}\"
+        }
+      }
+    }
+  }"
+  export _H1="Content-Type: application/json;charset=utf8"
+  _post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null
+  _code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")
+  _token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-)
+  _debug2 "${_code}"
+  printf "%s" "${_token}"
+  return 0
+}
--- a/dnsapi/dns_infomaniak.sh
+++ b/dnsapi/dns_infomaniak.sh
@@ -0,0 +1,199 @@
+#!/usr/bin/env sh
+
+###############################################################################
+# Infomaniak API integration
+#
+# To use this API you need visit the API dashboard of your account
+# once logged into https://manager.infomaniak.com add /api/dashboard to the URL
+#
+# Please report bugs to
+# https://github.com/acmesh-official/acme.sh/issues/3188
+#
+# Note: the URL looks like this:
+# https://manager.infomaniak.com/v3/<account_id>/api/dashboard
+# Then generate a token with the scope Domain
+# this is given as an environment variable INFOMANIAK_API_TOKEN
+###############################################################################
+
+# base variables
+
+DEFAULT_INFOMANIAK_API_URL="https://api.infomaniak.com"
+DEFAULT_INFOMANIAK_TTL=300
+
+########  Public functions #####################
+
+#Usage: dns_infomaniak_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_infomaniak_add() {
+
+  INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}"
+  INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}"
+  INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}"
+
+  if [ -z "$INFOMANIAK_API_TOKEN" ]; then
+    INFOMANIAK_API_TOKEN=""
+    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN"
+    return 1
+  fi
+
+  if [ -z "$INFOMANIAK_API_URL" ]; then
+    INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL"
+  fi
+
+  if [ -z "$INFOMANIAK_TTL" ]; then
+    INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL"
+  fi
+
+  #save the token to the account conf file.
+  _saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN"
+
+  if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then
+    _saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL"
+  fi
+
+  if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then
+    _saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL"
+  fi
+
+  export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN"
+  export _H2="Content-Type: application/json"
+
+  fulldomain="$1"
+  txtvalue="$2"
+
+  _info "Infomaniak DNS API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  fqdn=${fulldomain#_acme-challenge.}
+
+  # guess which base domain to add record to
+  zone_and_id=$(_find_zone "$fqdn")
+  if [ -z "$zone_and_id" ]; then
+    _err "cannot find zone to modify"
+    return 1
+  fi
+  zone=${zone_and_id% *}
+  domain_id=${zone_and_id#* }
+
+  # extract first part of domain
+  key=${fulldomain%.$zone}
+
+  _debug "zone:$zone id:$domain_id key:$key"
+
+  # payload
+  data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}"
+
+  # API call
+  response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record")
+  if [ -n "$response" ] && echo "$response" | grep -qF '"result":"success"'; then
+    _info "Record added"
+    _debug "Response: $response"
+    return 0
+  fi
+  _err "could not create record"
+  _debug "Response: $response"
+  return 1
+}
+
+#Usage: fulldomain txtvalue
+#Remove the txt record after validation.
+dns_infomaniak_rm() {
+
+  INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}"
+  INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}"
+  INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}"
+
+  if [ -z "$INFOMANIAK_API_TOKEN" ]; then
+    INFOMANIAK_API_TOKEN=""
+    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN"
+    return 1
+  fi
+
+  if [ -z "$INFOMANIAK_API_URL" ]; then
+    INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL"
+  fi
+
+  if [ -z "$INFOMANIAK_TTL" ]; then
+    INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL"
+  fi
+
+  #save the token to the account conf file.
+  _saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN"
+
+  if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then
+    _saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL"
+  fi
+
+  if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then
+    _saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL"
+  fi
+
+  export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN"
+  export _H2="ContentType: application/json"
+
+  fulldomain=$1
+  txtvalue=$2
+  _info "Infomaniak DNS API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  fqdn=${fulldomain#_acme-challenge.}
+
+  # guess which base domain to add record to
+  zone_and_id=$(_find_zone "$fqdn")
+  if [ -z "$zone_and_id" ]; then
+    _err "cannot find zone to modify"
+    return 1
+  fi
+  zone=${zone_and_id% *}
+  domain_id=${zone_and_id#* }
+
+  # extract first part of domain
+  key=${fulldomain%.$zone}
+
+  _debug "zone:$zone id:$domain_id key:$key"
+
+  # find previous record
+  # shellcheck disable=SC1004
+  record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\
+{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p')
+  if [ -z "$record_id" ]; then
+    _err "could not find record to delete"
+    return 1
+  fi
+  _debug "record_id: $record_id"
+
+  # API call
+  response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE)
+  if [ -n "$response" ] && echo "$response" | grep -qF '"result":"success"'; then
+    _info "Record deleted"
+    return 0
+  fi
+  _err "could not delete record"
+  return 1
+}
+
+####################  Private functions below ##################################
+
+_get_domain_id() {
+  domain="$1"
+
+  # shellcheck disable=SC1004
+  _get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\
+/g' | sed -n 's/^"id":\(.*\)/\1/p'
+}
+
+_find_zone() {
+  zone="$1"
+
+  # find domain in list, removing . parts sequentialy
+  while echo "$zone" | grep -q '\.'; do
+    _debug "testing $zone"
+    id=$(_get_domain_id "$zone")
+    if [ -n "$id" ]; then
+      echo "$zone $id"
+      return
+    fi
+    zone=${zone#*.}
+  done
+}
--- a/dnsapi/dns_inwx.sh
+++ b/dnsapi/dns_inwx.sh
@@ -261,6 +261,20 @@ _get_root() {
  xml_content='<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>nameserver.list</methodName>
+  <params>
+   <param>
+    <value>
+     <struct>
+      <member>
+       <name>pagelimit</name>
+       <value>
+        <int>9999</int>
+       </value>
+      </member>
+     </struct>
+    </value>
+   </param>
+  </params>
  </methodCall>'

  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
--- a/dnsapi/dns_ispconfig.sh
+++ b/dnsapi/dns_ispconfig.sh
@@ -95,29 +95,29 @@ _ISPC_getZoneInfo() {
    server_id=$(echo "${curResult}" | _egrep_o "server_id.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
    _debug "Server ID: '${server_id}'"
    case "${server_id}" in
-      '' | *[!0-9]*)
-        _err "Server ID is not numeric."
-        return 1
-        ;;
-      *) _info "Retrieved Server ID" ;;
+    '' | *[!0-9]*)
+      _err "Server ID is not numeric."
+      return 1
+      ;;
+    *) _info "Retrieved Server ID" ;;
    esac
    zone=$(echo "${curResult}" | _egrep_o "\"id.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
    _debug "Zone: '${zone}'"
    case "${zone}" in
-      '' | *[!0-9]*)
-        _err "Zone ID is not numeric."
-        return 1
-        ;;
-      *) _info "Retrieved Zone ID" ;;
+    '' | *[!0-9]*)
+      _err "Zone ID is not numeric."
+      return 1
+      ;;
+    *) _info "Retrieved Zone ID" ;;
    esac
    client_id=$(echo "${curResult}" | _egrep_o "sys_userid.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
    _debug "Client ID: '${client_id}'"
    case "${client_id}" in
-      '' | *[!0-9]*)
-        _err "Client ID is not numeric."
-        return 1
-        ;;
-      *) _info "Retrieved Client ID." ;;
+    '' | *[!0-9]*)
+      _err "Client ID is not numeric."
+      return 1
+      ;;
+    *) _info "Retrieved Client ID." ;;
    esac
    zoneFound=""
    zoneEnd=""
@@ -135,11 +135,11 @@ _ISPC_addTxt() {
  record_id=$(echo "${curResult}" | _egrep_o "\"response.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
  _debug "Record ID: '${record_id}'"
  case "${record_id}" in
-    '' | *[!0-9]*)
-      _err "Couldn't add ACME Challenge TXT record to zone."
-      return 1
-      ;;
-    *) _info "Added ACME Challenge TXT record to zone." ;;
+  '' | *[!0-9]*)
+    _err "Couldn't add ACME Challenge TXT record to zone."
+    return 1
+    ;;
+  *) _info "Added ACME Challenge TXT record to zone." ;;
  esac
 }

@@ -153,24 +153,24 @@ _ISPC_rmTxt() {
    record_id=$(echo "${curResult}" | _egrep_o "\"id.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
    _debug "Record ID: '${record_id}'"
    case "${record_id}" in
-      '' | *[!0-9]*)
-        _err "Record ID is not numeric."
+    '' | *[!0-9]*)
+      _err "Record ID is not numeric."
+      return 1
+      ;;
+    *)
+      unset IFS
+      _info "Retrieved Record ID."
+      curData="{\"session_id\":\"${sessionID}\",\"primary_id\":\"${record_id}\",\"update_serial\":true}"
+      curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_delete")"
+      _debug "Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_delete'"
+      _debug "Result of _ISPC_rmTxt: '$curResult'"
+      if _contains "${curResult}" '"code":"ok"'; then
+        _info "Removed ACME Challenge TXT record from zone."
+      else
+        _err "Couldn't remove ACME Challenge TXT record from zone."
        return 1
-        ;;
-      *)
-        unset IFS
-        _info "Retrieved Record ID."
-        curData="{\"session_id\":\"${sessionID}\",\"primary_id\":\"${record_id}\",\"update_serial\":true}"
-        curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_delete")"
-        _debug "Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_delete'"
-        _debug "Result of _ISPC_rmTxt: '$curResult'"
-        if _contains "${curResult}" '"code":"ok"'; then
-          _info "Removed ACME Challenge TXT record from zone."
-        else
-          _err "Couldn't remove ACME Challenge TXT record from zone."
-          return 1
-        fi
-        ;;
+      fi
+      ;;
    esac
  fi
 }
--- a/dnsapi/dns_joker.sh
+++ b/dnsapi/dns_joker.sh
@@ -100,7 +100,7 @@ _get_root() {
    fi

    # Try to remove a test record. With correct root domain, username and password this will return "OK: ..." regardless
-    # of record in question existing or not. 
+    # of record in question existing or not.
    if _joker_rest "username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$h&label=jokerTXTUpdateTest&type=TXT&value="; then
      if _startswith "$response" "OK"; then
        _sub_domain="$(echo "$fulldomain" | sed "s/\\.$h\$//")"
--- a/dnsapi/dns_kappernet.sh
+++ b/dnsapi/dns_kappernet.sh
@@ -0,0 +1,150 @@
+#!/usr/bin/env sh
+
+# kapper.net domain api
+# for further questions please contact: support@kapper.net
+# please report issues here: https://github.com/acmesh-official/acme.sh/issues/2977
+
+#KAPPERNETDNS_Key="yourKAPPERNETapikey"
+#KAPPERNETDNS_Secret="yourKAPPERNETapisecret"
+
+KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
+
+###############################################################################
+# called with
+# fullhostname: something.example.com
+# txtvalue:     someacmegenerated string
+dns_kappernet_add() {
+  fullhostname=$1
+  txtvalue=$2
+
+  KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
+  KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
+
+  if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
+    KAPPERNETDNS_Key=""
+    KAPPERNETDNS_Secret=""
+    _err "Please specify your kapper.net api key and secret."
+    _err "If you have not received yours - send your mail to"
+    _err "support@kapper.net to get  your key and secret."
+    return 1
+  fi
+
+  #store the api key and email to the account conf file.
+  _saveaccountconf_mutable KAPPERNETDNS_Key "$KAPPERNETDNS_Key"
+  _saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret"
+  _debug "Checking Domain ..."
+  if ! _get_root "$fullhostname"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "SUBDOMAIN: $_sub_domain"
+  _debug _domain "DOMAIN: $_domain"
+
+  _info "Trying to add TXT DNS Record"
+  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
+  if _kappernet_api GET "action=new&subject=$_domain&data=$data"; then
+
+    if _contains "$response" "{\"OK\":true"; then
+      _info "Waiting 120 seconds for DNS to spread the new record"
+      _sleep 120
+      return 0
+    else
+      _err "Error creating a TXT DNS Record: $fullhostname TXT $txtvalue"
+      _err "Error Message: $response"
+      return 1
+    fi
+  fi
+  _err "Failed creating TXT Record"
+}
+
+###############################################################################
+# called with
+# fullhostname: something.example.com
+dns_kappernet_rm() {
+  fullhostname=$1
+  txtvalue=$2
+
+  KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
+  KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
+
+  if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
+    KAPPERNETDNS_Key=""
+    KAPPERNETDNS_Secret=""
+    _err "Please specify your kapper.net api key and secret."
+    _err "If you have not received yours - send your mail to"
+    _err "support@kapper.net to get  your key and secret."
+    return 1
+  fi
+
+  #store the api key and email to the account conf file.
+  _saveaccountconf_mutable KAPPERNETDNS_Key "$KAPPERNETDNS_Key"
+  _saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret"
+
+  _info "Trying to remove the TXT Record: $fullhostname containing $txtvalue"
+  data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
+  if _kappernet_api GET "action=del&subject=$fullhostname&data=$data"; then
+    if _contains "$response" "{\"OK\":true"; then
+      return 0
+    else
+      _err "Error deleting DNS Record: $fullhostname containing $txtvalue"
+      _err "Problem: $response"
+      return 1
+    fi
+  fi
+  _err "Problem deleting TXT DNS record"
+}
+
+####################  Private functions below ##################################
+# called with hostname
+# e.g._acme-challenge.www.domain.com returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+  domain=$1
+  i=2
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+    if ! _kappernet_api GET "action=list&subject=$h"; then
+      return 1
+    fi
+    if _contains "$response" '"OK":false'; then
+      _debug "$h not found"
+    else
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain="$h"
+      return 0
+    fi
+    p="$i"
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+################################################################################
+# calls the kapper.net DNS Panel API
+# with
+# method
+# param
+_kappernet_api() {
+  method=$1
+  param="$2"
+
+  _debug param "PARAMETER=$param"
+  url="$KAPPERNETDNS_Api&$param"
+  _debug url "URL=$url"
+
+  if [ "$method" = "GET" ]; then
+    response="$(_get "$url")"
+  else
+    _err "Unsupported method"
+    return 1
+  fi
+
+  _debug2 response "$response"
+  return 0
+}
--- a/dnsapi/dns_kinghost.sh
+++ b/dnsapi/dns_kinghost.sh
@@ -37,7 +37,7 @@ dns_kinghost_add() {
  _debug "Getting txt records"
  _kinghost_rest GET "dns" "name=$fulldomain&content=$txtvalue"

-  #This API call returns "status":"ok" if dns record does not exists
+  #This API call returns "status":"ok" if dns record does not exist
  #We are creating a new txt record here, so we expect the "ok" status
  if ! echo "$response" | grep '"status":"ok"' >/dev/null; then
    _err "Error"
--- a/dnsapi/dns_lexicon.sh
+++ b/dnsapi/dns_lexicon.sh
@@ -92,7 +92,7 @@ dns_lexicon_add() {
  _savedomainconf LEXICON_OPTS "$LEXICON_OPTS"

  # shellcheck disable=SC2086
-  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS create "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}"
+  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS create "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}" --output QUIET

 }

@@ -108,6 +108,6 @@ dns_lexicon_rm() {
  domain=$(printf "%s" "$fulldomain" | cut -d . -f 2-999)

  # shellcheck disable=SC2086
-  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS delete "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}"
+  $lexicon_cmd "$PROVIDER" $LEXICON_OPTS delete "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}" --output QUIET

 }
--- a/dnsapi/dns_misaka.sh
+++ b/dnsapi/dns_misaka.sh
@@ -47,7 +47,7 @@ dns_misaka_add() {
  if [ "$count" = "0" ]; then
    _info "Adding record"

-    if _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then
+    if _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then
      _debug response "$response"
      if _contains "$response" "$_sub_domain"; then
        _info "Added"
@@ -61,7 +61,7 @@ dns_misaka_add() {
  else
    _info "Updating record"

-    _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}"
+    _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}"
    if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then
      _info "Updated!"
      #todo: check if the record takes effect
--- a/dnsapi/dns_netlify.sh
+++ b/dnsapi/dns_netlify.sh
@@ -0,0 +1,162 @@
+#!/usr/bin/env sh
+
+#NETLIFY_ACCESS_TOKEN="xxxx"
+
+NETLIFY_HOST="api.netlify.com/api/v1/"
+NETLIFY_URL="https://$NETLIFY_HOST"
+
+########  Public functions #####################
+
+#Usage: dns_myapi_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_netlify_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  NETLIFY_ACCESS_TOKEN="${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}"
+
+  if [ -z "$NETLIFY_ACCESS_TOKEN" ]; then
+    NETLIFY_ACCESS_TOKEN=""
+    _err "Please specify your Netlify Access Token and try again."
+    return 1
+  fi
+
+  _info "Using Netlify"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  _saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
+
+  if ! _get_root "$fulldomain" "$accesstoken"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  dnsRecordURI="dns_zones/$_domain_id/dns_records"
+
+  body="{\"type\":\"TXT\", \"hostname\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"ttl\":\"10\"}"
+
+  _netlify_rest POST "$dnsRecordURI" "$body" "$NETLIFY_ACCESS_TOKEN"
+  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
+  if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
+    _info "validation value added"
+    return 0
+  else
+    _err "error adding validation value ($_code)"
+    return 1
+  fi
+
+  _err "Not fully implemented!"
+  return 1
+}
+
+#Usage: dns_myapi_rm   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+#Remove the txt record after validation.
+dns_netlify_rm() {
+  _info "Using Netlify"
+  txtdomain="$1"
+  txt="$2"
+  _debug txtdomain "$txtdomain"
+  _debug txt "$txt"
+
+  _saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
+
+  if ! _get_root "$txtdomain" "$accesstoken"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  dnsRecordURI="dns_zones/$_domain_id/dns_records"
+
+  _netlify_rest GET "$dnsRecordURI" "" "$NETLIFY_ACCESS_TOKEN"
+
+  _record_id=$(echo "$response" | _egrep_o "\"type\":\"TXT\",[^\}]*\"value\":\"$txt\"" | head -n 1 | _egrep_o "\"id\":\"[^\"\}]*\"" | cut -d : -f 2 | tr -d \")
+  _debug _record_id "$_record_id"
+  if [ "$_record_id" ]; then
+    _netlify_rest DELETE "$dnsRecordURI/$_record_id" "" "$NETLIFY_ACCESS_TOKEN"
+    _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
+    if [ "$_code" = "200" ] || [ "$_code" = '204' ]; then
+      _info "validation value removed"
+      return 0
+    else
+      _err "error removing validation value ($_code)"
+      return 1
+    fi
+    return 0
+  fi
+  return 1
+}
+
+####################  Private functions below ##################################
+
+_get_root() {
+  domain=$1
+  accesstoken=$2
+  i=1
+  p=1
+
+  _netlify_rest GET "dns_zones" "" "$accesstoken"
+
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug2 "Checking domain: $h"
+    if [ -z "$h" ]; then
+      #not valid
+      _err "Invalid domain"
+      return 1
+    fi
+
+    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
+      _domain_id=$(echo "$response" | _egrep_o "\"[^\"]*\",\"name\":\"$h" | cut -d , -f 1 | tr -d \")
+      if [ "$_domain_id" ]; then
+        if [ "$i" = 1 ]; then
+          #create the record at the domain apex (@) if only the domain name was provided as --domain-alias
+          _sub_domain="@"
+        else
+          _sub_domain=$(echo "$domain" | cut -d . -f 1-$p)
+        fi
+        _domain=$h
+        return 0
+      fi
+      return 1
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_netlify_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+
+  token_trimmed=$(echo "$NETLIFY_ACCESS_TOKEN" | tr -d '"')
+
+  export _H1="Content-Type: application/json"
+  export _H2="Authorization: Bearer $token_trimmed"
+
+  : >"$HTTP_HEADER"
+
+  if [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$NETLIFY_URL$ep" "" "$m")"
+  else
+    response="$(_get "$NETLIFY_URL$ep")"
+  fi
+
+  if [ "$?" != "0" ]; then
+    _err "error $ep"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}
--- a/dnsapi/dns_nic.sh
+++ b/dnsapi/dns_nic.sh
@@ -166,7 +166,7 @@ _get_root() {
    if _contains "$_all_domains" "^$h$"; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain=$h
-      _service=$(printf "%s" "$response" | grep "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
+      _service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
      return 0
    fi
    p="$i"
--- a/dnsapi/dns_njalla.sh
+++ b/dnsapi/dns_njalla.sh
@@ -0,0 +1,168 @@
+#!/usr/bin/env sh
+
+#
+#NJALLA_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
+
+NJALLA_Api="https://njal.la/api/1/"
+
+########  Public functions #####################
+
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_njalla_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  NJALLA_Token="${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}"
+
+  if [ "$NJALLA_Token" ]; then
+    _saveaccountconf_mutable NJALLA_Token "$NJALLA_Token"
+  else
+    NJALLA_Token=""
+    _err "You didn't specify a Njalla api token yet."
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
+  # we can not use updating anymore.
+  #  count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
+  #  _debug count "$count"
+  #  if [ "$count" = "0" ]; then
+  _info "Adding record"
+  if _njalla_rest "{\"method\":\"add-record\",\"params\":{\"domain\":\"$_domain\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}}"; then
+    if _contains "$response" "$txtvalue"; then
+      _info "Added, OK"
+      return 0
+    else
+      _err "Add txt record error."
+      return 1
+    fi
+  fi
+  _err "Add txt record error."
+  return 1
+
+}
+
+#fulldomain txtvalue
+dns_njalla_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  NJALLA_Token="${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}"
+
+  if [ "$NJALLA_Token" ]; then
+    _saveaccountconf_mutable NJALLA_Token "$NJALLA_Token"
+  else
+    NJALLA_Token=""
+    _err "You didn't specify a Njalla api token yet."
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting records for domain"
+  if ! _njalla_rest "{\"method\":\"list-records\",\"params\":{\"domain\":\"${_domain}\"}}"; then
+    return 1
+  fi
+
+  if ! echo "$response" | tr -d " " | grep "\"id\":" >/dev/null; then
+    _err "Error: $response"
+    return 1
+  fi
+
+  records=$(echo "$response" | _egrep_o "\"records\":\s?\[(.*)\]\}" | _egrep_o "\[.*\]" | _egrep_o "\{[^\{\}]*\"id\":[^\{\}]*\}")
+  count=$(echo "$records" | wc -l)
+  _debug count "$count"
+
+  if [ "$count" = "0" ]; then
+    _info "Don't need to remove."
+  else
+    echo "$records" | while read -r record; do
+      record_name=$(echo "$record" | _egrep_o "\"name\":\s?\"[^\"]*\"" | cut -d : -f 2 | tr -d " " | tr -d \")
+      record_content=$(echo "$record" | _egrep_o "\"content\":\s?\"[^\"]*\"" | cut -d : -f 2 | tr -d " " | tr -d \")
+      record_id=$(echo "$record" | _egrep_o "\"id\":\s?[0-9]+" | cut -d : -f 2 | tr -d " " | tr -d \")
+      if [ "$_sub_domain" = "$record_name" ]; then
+        if [ "$txtvalue" = "$record_content" ]; then
+          _debug "record_id" "$record_id"
+          if ! _njalla_rest "{\"method\":\"remove-record\",\"params\":{\"domain\":\"${_domain}\",\"id\":${record_id}}}"; then
+            _err "Delete record error."
+            return 1
+          fi
+          echo "$response" | tr -d " " | grep "\"result\"" >/dev/null
+        fi
+      fi
+    done
+  fi
+
+}
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+# _domain_id=sdjkglgdfewsdfg
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    if ! _njalla_rest "{\"method\":\"get-domain\",\"params\":{\"domain\":\"${h}\"}}"; then
+      return 1
+    fi
+
+    if _contains "$response" "\"$h\""; then
+      _domain_returned=$(echo "$response" | _egrep_o "\{\"name\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
+      if [ "$_domain_returned" ]; then
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _domain=$h
+        return 0
+      fi
+      return 1
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_njalla_rest() {
+  data="$1"
+
+  token_trimmed=$(echo "$NJALLA_Token" | tr -d '"')
+
+  export _H1="Content-Type: application/json"
+  export _H2="Accept: application/json"
+  export _H3="Authorization: Njalla $token_trimmed"
+
+  _debug data "$data"
+  response="$(_post "$data" "$NJALLA_Api" "" "POST")"
+
+  if [ "$?" != "0" ]; then
+    _err "error $data"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}
--- a/dnsapi/dns_one.sh
+++ b/dnsapi/dns_one.sh
@@ -6,10 +6,10 @@
 # Created: 2019-02-17
 # Fixed by: @der-berni
 # Modified: 2020-04-07
-#     
+#
 #     Use ONECOM_KeepCnameProxy to keep the CNAME DNS record
 #     export ONECOM_KeepCnameProxy="1"
-#     
+#
 #     export ONECOM_User="username"
 #     export ONECOM_Password="password"
 #
--- a/dnsapi/dns_openstack.sh
+++ b/dnsapi/dns_openstack.sh
@@ -0,0 +1,348 @@
+#!/usr/bin/env sh
+
+# OpenStack Designate API plugin
+#
+# This requires you to have OpenStackClient and python-desginateclient
+# installed.
+#
+# You will require Keystone V3 credentials loaded into your environment, which
+# could be either password or v3applicationcredential type.
+#
+# Author: Andy Botting <andy@andybotting.com>
+
+########  Public functions #####################
+
+# Usage: dns_openstack_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_openstack_add() {
+  fulldomain=$1
+  txtvalue=$2
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  _dns_openstack_credentials || return $?
+  _dns_openstack_check_setup || return $?
+  _dns_openstack_find_zone || return $?
+  _dns_openstack_get_recordset || return $?
+  _debug _recordset_id "$_recordset_id"
+  if [ -n "$_recordset_id" ]; then
+    _dns_openstack_get_records || return $?
+    _debug _records "$_records"
+  fi
+  _dns_openstack_create_recordset || return $?
+}
+
+# Usage: dns_openstack_rm   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Remove the txt record after validation.
+dns_openstack_rm() {
+  fulldomain=$1
+  txtvalue=$2
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  _dns_openstack_credentials || return $?
+  _dns_openstack_check_setup || return $?
+  _dns_openstack_find_zone || return $?
+  _dns_openstack_get_recordset || return $?
+  _debug _recordset_id "$_recordset_id"
+  if [ -n "$_recordset_id" ]; then
+    _dns_openstack_get_records || return $?
+    _debug _records "$_records"
+  fi
+  _dns_openstack_delete_recordset || return $?
+}
+
+####################  Private functions below ##################################
+
+_dns_openstack_create_recordset() {
+
+  if [ -z "$_recordset_id" ]; then
+    _info "Creating a new recordset"
+    if ! _recordset_id=$(openstack recordset create -c id -f value --type TXT --record "$txtvalue" "$_zone_id" "$fulldomain."); then
+      _err "No recordset ID found after create"
+      return 1
+    fi
+  else
+    _info "Updating existing recordset"
+    # Build new list of --record <rec> args for update
+    _record_args="--record $txtvalue"
+    for _rec in $_records; do
+      _record_args="$_record_args --record $_rec"
+    done
+    # shellcheck disable=SC2086
+    if ! _recordset_id=$(openstack recordset set -c id -f value $_record_args "$_zone_id" "$fulldomain."); then
+      _err "Recordset update failed"
+      return 1
+    fi
+  fi
+
+  _max_retries=60
+  _sleep_sec=5
+  _retry_times=0
+  while [ "$_retry_times" -lt "$_max_retries" ]; do
+    _retry_times=$(_math "$_retry_times" + 1)
+    _debug3 _retry_times "$_retry_times"
+
+    _record_status=$(openstack recordset show -c status -f value "$_zone_id" "$_recordset_id")
+    _info "Recordset status is $_record_status"
+    if [ "$_record_status" = "ACTIVE" ]; then
+      return 0
+    elif [ "$_record_status" = "ERROR" ]; then
+      return 1
+    else
+      _sleep $_sleep_sec
+    fi
+  done
+
+  _err "Recordset failed to become ACTIVE"
+  return 1
+}
+
+_dns_openstack_delete_recordset() {
+
+  if [ "$_records" = "$txtvalue" ]; then
+    _info "Only one record found, deleting recordset"
+    if ! openstack recordset delete "$_zone_id" "$fulldomain." >/dev/null; then
+      _err "Failed to delete recordset"
+      return 1
+    fi
+  else
+    _info "Found existing records, updating recordset"
+    # Build new list of --record <rec> args for update
+    _record_args=""
+    for _rec in $_records; do
+      if [ "$_rec" = "$txtvalue" ]; then
+        continue
+      fi
+      _record_args="$_record_args --record $_rec"
+    done
+    # shellcheck disable=SC2086
+    if ! openstack recordset set -c id -f value $_record_args "$_zone_id" "$fulldomain." >/dev/null; then
+      _err "Recordset update failed"
+      return 1
+    fi
+  fi
+}
+
+_dns_openstack_get_root() {
+  # Take the full fqdn and strip away pieces until we get an exact zone name
+  # match. For example, _acme-challenge.something.domain.com might need to go
+  # into something.domain.com or domain.com
+  _zone_name=$1
+  _zone_list=$2
+  while [ "$_zone_name" != "" ]; do
+    _zone_name="$(echo "$_zone_name" | sed 's/[^.]*\.*//')"
+    echo "$_zone_list" | while read -r id name; do
+      if _startswith "$_zone_name." "$name"; then
+        echo "$id"
+      fi
+    done
+  done | _head_n 1
+}
+
+_dns_openstack_find_zone() {
+  if ! _zone_list="$(openstack zone list -c id -c name -f value)"; then
+    _err "Can't list zones. Check your OpenStack credentials"
+    return 1
+  fi
+  _debug _zone_list "$_zone_list"
+
+  if ! _zone_id="$(_dns_openstack_get_root "$fulldomain" "$_zone_list")"; then
+    _err "Can't find a matching zone. Check your OpenStack credentials"
+    return 1
+  fi
+  _debug _zone_id "$_zone_id"
+}
+
+_dns_openstack_get_records() {
+  if ! _records=$(openstack recordset show -c records -f value "$_zone_id" "$fulldomain."); then
+    _err "Failed to get records"
+    return 1
+  fi
+  return 0
+}
+
+_dns_openstack_get_recordset() {
+  if ! _recordset_id=$(openstack recordset list -c id -f value --name "$fulldomain." "$_zone_id"); then
+    _err "Failed to get recordset"
+    return 1
+  fi
+  return 0
+}
+
+_dns_openstack_check_setup() {
+  if ! _exists openstack; then
+    _err "OpenStack client not found"
+    return 1
+  fi
+}
+
+_dns_openstack_credentials() {
+  _debug "Check OpenStack credentials"
+
+  # If we have OS_AUTH_URL already set in the environment, then assume we want
+  # to use those, otherwise use stored credentials
+  if [ -n "$OS_AUTH_URL" ]; then
+    _debug "OS_AUTH_URL env var found, using environment"
+  else
+    _debug "OS_AUTH_URL not found, loading stored credentials"
+    OS_AUTH_URL="${OS_AUTH_URL:-$(_readaccountconf_mutable OS_AUTH_URL)}"
+    OS_IDENTITY_API_VERSION="${OS_IDENTITY_API_VERSION:-$(_readaccountconf_mutable OS_IDENTITY_API_VERSION)}"
+    OS_AUTH_TYPE="${OS_AUTH_TYPE:-$(_readaccountconf_mutable OS_AUTH_TYPE)}"
+    OS_APPLICATION_CREDENTIAL_ID="${OS_APPLICATION_CREDENTIAL_ID:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID)}"
+    OS_APPLICATION_CREDENTIAL_SECRET="${OS_APPLICATION_CREDENTIAL_SECRET:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET)}"
+    OS_USERNAME="${OS_USERNAME:-$(_readaccountconf_mutable OS_USERNAME)}"
+    OS_PASSWORD="${OS_PASSWORD:-$(_readaccountconf_mutable OS_PASSWORD)}"
+    OS_PROJECT_NAME="${OS_PROJECT_NAME:-$(_readaccountconf_mutable OS_PROJECT_NAME)}"
+    OS_PROJECT_ID="${OS_PROJECT_ID:-$(_readaccountconf_mutable OS_PROJECT_ID)}"
+    OS_USER_DOMAIN_NAME="${OS_USER_DOMAIN_NAME:-$(_readaccountconf_mutable OS_USER_DOMAIN_NAME)}"
+    OS_USER_DOMAIN_ID="${OS_USER_DOMAIN_ID:-$(_readaccountconf_mutable OS_USER_DOMAIN_ID)}"
+    OS_PROJECT_DOMAIN_NAME="${OS_PROJECT_DOMAIN_NAME:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_NAME)}"
+    OS_PROJECT_DOMAIN_ID="${OS_PROJECT_DOMAIN_ID:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_ID)}"
+  fi
+
+  # Check each var and either save or clear it depending on whether its set.
+  # The helps us clear out old vars in the case where a user may want
+  # to switch between password and app creds
+  _debug "OS_AUTH_URL" "$OS_AUTH_URL"
+  if [ -n "$OS_AUTH_URL" ]; then
+    export OS_AUTH_URL
+    _saveaccountconf_mutable OS_AUTH_URL "$OS_AUTH_URL"
+  else
+    unset OS_AUTH_URL
+    _clearaccountconf SAVED_OS_AUTH_URL
+  fi
+
+  _debug "OS_IDENTITY_API_VERSION" "$OS_IDENTITY_API_VERSION"
+  if [ -n "$OS_IDENTITY_API_VERSION" ]; then
+    export OS_IDENTITY_API_VERSION
+    _saveaccountconf_mutable OS_IDENTITY_API_VERSION "$OS_IDENTITY_API_VERSION"
+  else
+    unset OS_IDENTITY_API_VERSION
+    _clearaccountconf SAVED_OS_IDENTITY_API_VERSION
+  fi
+
+  _debug "OS_AUTH_TYPE" "$OS_AUTH_TYPE"
+  if [ -n "$OS_AUTH_TYPE" ]; then
+    export OS_AUTH_TYPE
+    _saveaccountconf_mutable OS_AUTH_TYPE "$OS_AUTH_TYPE"
+  else
+    unset OS_AUTH_TYPE
+    _clearaccountconf SAVED_OS_AUTH_TYPE
+  fi
+
+  _debug "OS_APPLICATION_CREDENTIAL_ID" "$OS_APPLICATION_CREDENTIAL_ID"
+  if [ -n "$OS_APPLICATION_CREDENTIAL_ID" ]; then
+    export OS_APPLICATION_CREDENTIAL_ID
+    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID "$OS_APPLICATION_CREDENTIAL_ID"
+  else
+    unset OS_APPLICATION_CREDENTIAL_ID
+    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_ID
+  fi
+
+  _secure_debug "OS_APPLICATION_CREDENTIAL_SECRET" "$OS_APPLICATION_CREDENTIAL_SECRET"
+  if [ -n "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
+    export OS_APPLICATION_CREDENTIAL_SECRET
+    _saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET "$OS_APPLICATION_CREDENTIAL_SECRET"
+  else
+    unset OS_APPLICATION_CREDENTIAL_SECRET
+    _clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_SECRET
+  fi
+
+  _debug "OS_USERNAME" "$OS_USERNAME"
+  if [ -n "$OS_USERNAME" ]; then
+    export OS_USERNAME
+    _saveaccountconf_mutable OS_USERNAME "$OS_USERNAME"
+  else
+    unset OS_USERNAME
+    _clearaccountconf SAVED_OS_USERNAME
+  fi
+
+  _secure_debug "OS_PASSWORD" "$OS_PASSWORD"
+  if [ -n "$OS_PASSWORD" ]; then
+    export OS_PASSWORD
+    _saveaccountconf_mutable OS_PASSWORD "$OS_PASSWORD"
+  else
+    unset OS_PASSWORD
+    _clearaccountconf SAVED_OS_PASSWORD
+  fi
+
+  _debug "OS_PROJECT_NAME" "$OS_PROJECT_NAME"
+  if [ -n "$OS_PROJECT_NAME" ]; then
+    export OS_PROJECT_NAME
+    _saveaccountconf_mutable OS_PROJECT_NAME "$OS_PROJECT_NAME"
+  else
+    unset OS_PROJECT_NAME
+    _clearaccountconf SAVED_OS_PROJECT_NAME
+  fi
+
+  _debug "OS_PROJECT_ID" "$OS_PROJECT_ID"
+  if [ -n "$OS_PROJECT_ID" ]; then
+    export OS_PROJECT_ID
+    _saveaccountconf_mutable OS_PROJECT_ID "$OS_PROJECT_ID"
+  else
+    unset OS_PROJECT_ID
+    _clearaccountconf SAVED_OS_PROJECT_ID
+  fi
+
+  _debug "OS_USER_DOMAIN_NAME" "$OS_USER_DOMAIN_NAME"
+  if [ -n "$OS_USER_DOMAIN_NAME" ]; then
+    export OS_USER_DOMAIN_NAME
+    _saveaccountconf_mutable OS_USER_DOMAIN_NAME "$OS_USER_DOMAIN_NAME"
+  else
+    unset OS_USER_DOMAIN_NAME
+    _clearaccountconf SAVED_OS_USER_DOMAIN_NAME
+  fi
+
+  _debug "OS_USER_DOMAIN_ID" "$OS_USER_DOMAIN_ID"
+  if [ -n "$OS_USER_DOMAIN_ID" ]; then
+    export OS_USER_DOMAIN_ID
+    _saveaccountconf_mutable OS_USER_DOMAIN_ID "$OS_USER_DOMAIN_ID"
+  else
+    unset OS_USER_DOMAIN_ID
+    _clearaccountconf SAVED_OS_USER_DOMAIN_ID
+  fi
+
+  _debug "OS_PROJECT_DOMAIN_NAME" "$OS_PROJECT_DOMAIN_NAME"
+  if [ -n "$OS_PROJECT_DOMAIN_NAME" ]; then
+    export OS_PROJECT_DOMAIN_NAME
+    _saveaccountconf_mutable OS_PROJECT_DOMAIN_NAME "$OS_PROJECT_DOMAIN_NAME"
+  else
+    unset OS_PROJECT_DOMAIN_NAME
+    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_NAME
+  fi
+
+  _debug "OS_PROJECT_DOMAIN_ID" "$OS_PROJECT_DOMAIN_ID"
+  if [ -n "$OS_PROJECT_DOMAIN_ID" ]; then
+    export OS_PROJECT_DOMAIN_ID
+    _saveaccountconf_mutable OS_PROJECT_DOMAIN_ID "$OS_PROJECT_DOMAIN_ID"
+  else
+    unset OS_PROJECT_DOMAIN_ID
+    _clearaccountconf SAVED_OS_PROJECT_DOMAIN_ID
+  fi
+
+  if [ "$OS_AUTH_TYPE" = "v3applicationcredential" ]; then
+    # Application Credential auth
+    if [ -z "$OS_APPLICATION_CREDENTIAL_ID" ] || [ -z "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
+      _err "When using OpenStack application credentials, OS_APPLICATION_CREDENTIAL_ID"
+      _err "and OS_APPLICATION_CREDENTIAL_SECRET must be set."
+      _err "Please check your credentials and try again."
+      return 1
+    fi
+  else
+    # Password auth
+    if [ -z "$OS_USERNAME" ] || [ -z "$OS_PASSWORD" ]; then
+      _err "OpenStack username or password not found."
+      _err "Please check your credentials and try again."
+      return 1
+    fi
+
+    if [ -z "$OS_PROJECT_NAME" ] && [ -z "$OS_PROJECT_ID" ]; then
+      _err "When using password authentication, OS_PROJECT_NAME or"
+      _err "OS_PROJECT_ID must be set."
+      _err "Please check your credentials and try again."
+      return 1
+    fi
+  fi
+
+  return 0
+}
--- a/dnsapi/dns_ovh.sh
+++ b/dnsapi/dns_ovh.sh
@@ -41,40 +41,40 @@ _ovh_get_api() {

  case "${_ogaep}" in

-    ovh-eu | ovheu)
-      printf "%s" $OVH_EU
-      return
-      ;;
-    ovh-ca | ovhca)
-      printf "%s" $OVH_CA
-      return
-      ;;
-    kimsufi-eu | kimsufieu)
-      printf "%s" $KSF_EU
-      return
-      ;;
-    kimsufi-ca | kimsufica)
-      printf "%s" $KSF_CA
-      return
-      ;;
-    soyoustart-eu | soyoustarteu)
-      printf "%s" $SYS_EU
-      return
-      ;;
-    soyoustart-ca | soyoustartca)
-      printf "%s" $SYS_CA
-      return
-      ;;
-    runabove-ca | runaboveca)
-      printf "%s" $RAV_CA
-      return
-      ;;
+  ovh-eu | ovheu)
+    printf "%s" $OVH_EU
+    return
+    ;;
+  ovh-ca | ovhca)
+    printf "%s" $OVH_CA
+    return
+    ;;
+  kimsufi-eu | kimsufieu)
+    printf "%s" $KSF_EU
+    return
+    ;;
+  kimsufi-ca | kimsufica)
+    printf "%s" $KSF_CA
+    return
+    ;;
+  soyoustart-eu | soyoustarteu)
+    printf "%s" $SYS_EU
+    return
+    ;;
+  soyoustart-ca | soyoustartca)
+    printf "%s" $SYS_CA
+    return
+    ;;
+  runabove-ca | runaboveca)
+    printf "%s" $RAV_CA
+    return
+    ;;

-    *)
+  *)

-      _err "Unknown parameter : $1"
-      return 1
-      ;;
+    _err "Unknown parameter : $1"
+    return 1
+    ;;
  esac
 }

@@ -248,7 +248,7 @@ _ovh_authentication() {
 # _domain=domain.com
 _get_root() {
  domain=$1
-  i=2
+  i=1
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -136,11 +136,12 @@ dns_pleskxml_rm() {

  # Reduce output to one line per DNS record, filtered for TXT records with a record ID only (which they should all have)
  # Also strip out spaces between tags, redundant <data> and </data> group tags and any <self-closing/> tags
-  reclist="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' \
-    | sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' \
-    | grep "<site-id>${root_domain_id}</site-id>" \
-    | grep '<id>[0-9]\{1,\}</id>' \
-    | grep '<type>TXT</type>'
+  reclist="$(
+    _api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' |
+      sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' |
+      grep "<site-id>${root_domain_id}</site-id>" |
+      grep '<id>[0-9]\{1,\}</id>' |
+      grep '<type>TXT</type>'
  )"

  if [ -z "$reclist" ]; then
@@ -151,10 +152,11 @@ dns_pleskxml_rm() {
  _debug "Got list of DNS TXT records for root domain '$root_domain_name':"
  _debug "$reclist"

-  recid="$(_value "$reclist" \
-    | grep "<host>${fulldomain}.</host>" \
-    | grep "<value>${txtvalue}</value>" \
-    | sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
+  recid="$(
+    _value "$reclist" |
+      grep "<host>${fulldomain}.</host>" |
+      grep "<value>${txtvalue}</value>" |
+      sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/'
  )"

  if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
@@ -220,11 +222,11 @@ _countdots() {
 #       Last line could change to <sed -n '/.../p'> instead, with suitable escaping of ['"/$],
 #       if future Plesk XML API changes ever require extended regex
 _api_response_split() {
-  printf '%s' "$1" \
-    | sed 's/^ +//;s/ +$//' \
-    | tr -d '\n\r' \
-    | sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" \
-    | grep "$3"
+  printf '%s' "$1" |
+    sed 's/^ +//;s/ +$//' |
+    tr -d '\n\r' |
+    sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" |
+    grep "$3"
 }

 ####################  Private functions below (DNS functions) ##################################
@@ -261,14 +263,15 @@ _call_api() {
  elif [ "$statuslines_count_okay" -ne "$statuslines_count_total" ]; then

    # We have some status lines that aren't "ok". Any available details are in API response fields "status" "errcode" and "errtext"
-    # Workaround for basic regex: 
+    # Workaround for basic regex:
    #   - filter output to keep only lines like this: "SPACES<TAG>text</TAG>SPACES" (shouldn't be necessary with prettyprint but guarantees subsequent code is ok)
    #   - then edit the 3 "useful" error tokens individually and remove closing tags on all lines
    #   - then filter again to remove all lines not edited (which will be the lines not starting A-Z)
-    errtext="$(_value "$pleskxml_prettyprint_result" \
-      | grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' \
-      | sed 's/^ *<status>/Status:     /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' \
-      | grep '^[A-Z]'
+    errtext="$(
+      _value "$pleskxml_prettyprint_result" |
+        grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' |
+        sed 's/^ *<status>/Status:     /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' |
+        grep '^[A-Z]'
    )"

  fi
--- a/dnsapi/dns_rackspace.sh
+++ b/dnsapi/dns_rackspace.sh
@@ -73,7 +73,7 @@ _get_root_zone() {
      #not valid
      return 1
    fi
-    if ! _rackspace_rest GET "$RACKSPACE_Tenant/domains"; then
+    if ! _rackspace_rest GET "$RACKSPACE_Tenant/domains/search?name=$h"; then
      return 1
    fi
    _debug2 response "$response"
--- a/dnsapi/dns_regru.sh
+++ b/dnsapi/dns_regru.sh
@@ -5,7 +5,6 @@
 #
 # REGRU_API_Password="test"
 #
-_domain=$_domain

 REGRU_API_URL="https://api.reg.ru/api/regru2"

@@ -27,10 +26,20 @@ dns_regru_add() {
  _saveaccountconf_mutable REGRU_API_Username "$REGRU_API_Username"
  _saveaccountconf_mutable REGRU_API_Password "$REGRU_API_Password"

-  _info "Adding TXT record to ${fulldomain}"
-  response="$(_get "$REGRU_API_URL/zone/add_txt?input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json")"
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _domain "$_domain"

-  if _contains "${response}" 'success'; then
+  _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
+  _debug _subdomain "$_subdomain"
+
+  _info "Adding TXT record to ${fulldomain}"
+  _regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json"
+
+  if ! _contains "${response}" 'error'; then
    return 0
  fi
  _err "Could not create resource record, check logs"
@@ -51,13 +60,67 @@ dns_regru_rm() {
    return 1
  fi

-  _info "Deleting resource record $fulldomain"
-  response="$(_get "$REGRU_API_URL/zone/remove_record?input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json")"
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _domain "$_domain"

-  if _contains "${response}" 'success'; then
+  _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
+  _debug _subdomain "$_subdomain"
+
+  _info "Deleting resource record $fulldomain"
+  _regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json"
+
+  if ! _contains "${response}" 'error'; then
    return 0
  fi
  _err "Could not delete resource record, check logs"
  _err "${response}"
  return 1
 }
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _domain=domain.com
+_get_root() {
+  domain=$1
+
+  _regru_rest POST "service/get_list" "username=${REGRU_API_Username}&password=${REGRU_API_Password}&output_format=xml&servtype=domain"
+  domains_list=$(echo "${response}" | grep dname | sed -r "s/.*dname=\"([^\"]+)\".*/\\1/g")
+
+  for ITEM in ${domains_list}; do
+    case "${domain}" in
+    *${ITEM}*)
+      _domain=${ITEM}
+      _debug _domain "${_domain}"
+      return 0
+      ;;
+    esac
+  done
+
+  return 1
+}
+
+#returns
+# response
+_regru_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+
+  export _H1="Content-Type: application/x-www-form-urlencoded"
+
+  if [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$REGRU_API_URL/$ep" "" "$m")"
+  else
+    response="$(_get "$REGRU_API_URL/$ep?$data")"
+  fi
+
+  _debug response "${response}"
+  return 0
+}
--- a/dnsapi/dns_scaleway.sh
+++ b/dnsapi/dns_scaleway.sh
@@ -0,0 +1,176 @@
+#!/usr/bin/env sh
+
+# Scaleway API
+# https://developers.scaleway.com/en/products/domain/dns/api/
+#
+# Requires Scaleway API token set in SCALEWAY_API_TOKEN
+
+########  Public functions #####################
+
+SCALEWAY_API="https://api.scaleway.com/domain/v2beta1"
+
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_scaleway_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _scaleway_check_config; then
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Adding record"
+  _scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue"
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err error "$response"
+    return 1
+  fi
+  _info "Record added."
+
+  return 0
+}
+
+dns_scaleway_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _scaleway_check_config; then
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Deleting record"
+  _scaleway_delete_TXT_record "$_domain" "$_sub_domain" "$txtvalue"
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err error "$response"
+    return 1
+  fi
+  _info "Record deleted."
+
+  return 0
+}
+
+####################  Private functions below ##################################
+
+_scaleway_check_config() {
+  SCALEWAY_API_TOKEN="${SCALEWAY_API_TOKEN:-$(_readaccountconf_mutable SCALEWAY_API_TOKEN)}"
+  if [ -z "$SCALEWAY_API_TOKEN" ]; then
+    _err "No API key specified for Scaleway API."
+    _err "Create your key and export it as SCALEWAY_API_TOKEN"
+    return 1
+  fi
+  if ! _scaleway_rest GET "dns-zones"; then
+    _err "Invalid API key specified for Scaleway API."
+    return 1
+  fi
+
+  _saveaccountconf_mutable SCALEWAY_API_TOKEN "$SCALEWAY_API_TOKEN"
+
+  return 0
+}
+
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    _scaleway_rest GET "dns-zones/$h/records"
+
+    if ! _contains "$response" "subdomain not found" >/dev/null; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain="$h"
+      return 0
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  _err "Unable to retrive DNS zone matching this domain"
+  return 1
+}
+
+# this function add a TXT record
+_scaleway_create_TXT_record() {
+  txt_zone=$1
+  txt_name=$2
+  txt_value=$3
+
+  _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"add\":{\"records\":[{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\",\"ttl\":60}]}}]}"
+
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err "error1 $response"
+    return 1
+  fi
+}
+
+# this function delete a TXT record based on name and content
+_scaleway_delete_TXT_record() {
+  txt_zone=$1
+  txt_name=$2
+  txt_value=$3
+
+  _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"delete\":{\"id_fields\":{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\"}}}]}"
+
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err "error2 $response"
+    return 1
+  fi
+}
+
+_scaleway_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+  _scaleway_url="$SCALEWAY_API/$ep"
+  _debug2 _scaleway_url "$_scaleway_url"
+  export _H1="x-auth-token: $SCALEWAY_API_TOKEN"
+  export _H2="Accept: application/json"
+  export _H3="Content-Type: application/json"
+
+  if [ "$data" ] || [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$_scaleway_url" "" "$m")"
+  else
+    response="$(_get "$_scaleway_url")"
+  fi
+  if [ "$?" != "0" ] || _contains "$response" "denied_authentication" || _contains "$response" "Method not allowed" || _contains "$response" "json parse error: unexpected EOF"; then
+    _err "error $response"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}
--- a/dnsapi/dns_simply.sh
+++ b/dnsapi/dns_simply.sh
@@ -0,0 +1,240 @@
+#!/usr/bin/env sh
+
+#
+#SIMPLY_AccountName="accountname"
+#
+#SIMPLY_ApiKey="apikey"
+#
+#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]"
+
+SIMPLY_Api="https://api.simply.com/1"
+########  Public functions #####################
+
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_simply_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _simply_load_config; then
+    return 1
+  fi
+
+  _simply_save_config
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Adding record"
+
+  if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then  
+    _err "Could not add DNS record"
+    return 1
+  fi
+  
+  return 0
+}
+
+dns_simply_rm() {
+  fulldomain=$1
+  txtvalue=$2
+  
+  if ! _simply_load_config; then
+    return 1
+  fi
+
+  _simply_save_config
+
+  _debug "First detect the root zone"
+  
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+  _debug "$txtvalue"
+
+  _debug "Getting existing records"
+  
+  if ! _simply_get_all_records "$_domain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  
+  records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/')
+  record_array=(`echo $records |tr -d ' ' | tr ';' ' '`)
+  nr_of_deleted_records=0
+
+  for (( i=0; i<=${#record_array[@]}; i++ )); do
+  
+  record="${record_array[$i]}"
+  
+  if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then
+  
+    _info "Deleting record: $record"
+    
+    record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2`
+    
+    if [[ $record_id -gt 0 ]]; then
+      
+      if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then
+        _err "Record with id $record_id could not be deleted"
+        return 1
+      fi
+      
+      nr_of_deleted_records=1
+      break
+    else  
+      _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record"
+      break
+    fi
+  fi
+  
+  done
+
+  if [[ $nr_of_deleted_records -eq 0 ]]; then
+    _err "No record deleted, the DNS record needs to be removed manually." 
+  else
+    _info "Deleted $nr_of_deleted_records record"
+  fi
+  
+  return 0
+}
+
+####################  Private functions below ##################################
+
+_simply_load_config() {
+  SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}"
+  SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}"
+  SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}"
+
+  if [ -z "$SIMPLY_Api" ]; then
+    SIMPLY_Api="$SIMPLY_Api_Default"
+  fi
+  
+  if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then
+    SIMPLY_AccountName=""
+    SIMPLY_ApiKey=""
+
+    _err "A valid Simply API account and apikey not provided."
+    _err "Please provide a valid API user and try again."
+
+    return 1
+  fi
+
+  return 0
+}
+
+_simply_save_config() {
+  if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then
+    _saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api"
+  fi
+  _saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName"
+  _saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey"
+}
+
+_simply_get_all_records() {
+  domain=$1  
+      
+  if ! _simply_rest GET "my/products/$domain/dns/records"; then
+    return 1
+  fi
+
+  return 0
+}
+
+_get_root() {
+  domain=$1
+  i=2
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    if ! _simply_rest GET "my/products/$h/dns"; then
+      return 1
+    fi
+
+    if _contains "$response" '"code":"NOT_FOUND"'; then
+      _debug "$h not found"
+    else
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain="$h"
+      return 0
+    fi
+    p="$i"
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_simply_add_record() {
+  domain=$1
+  sub_domain=$2
+  txtval=$3
+  
+  data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}"
+
+  if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then
+    _err "Adding record not successfull!"
+    return 1
+  fi
+  
+  return 0
+}
+
+_simply_delete_record() {
+  domain=$1
+  sub_domain=$2
+  record_id=$3
+  
+  _debug "Delete record with id $record_id"
+  
+  if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then
+    _err "Deleting record not successfull!"
+    return 1
+  fi
+  
+  return 0
+}
+
+_simply_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+    
+  _debug "Data: $data"
+  _debug "Methodcall: $ep"
+  _debug "Call type: $m"
+
+  export _H1="Content-Type: application/json"
+
+  if [ "$m" != "GET" ]; then
+    response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")"
+  else
+    response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")"
+  fi
+
+  if [ "$?" != "0" ]; then
+    _err "error $ep"
+    return 1
+  fi
+  
+  _debug2 response "$response"
+  
+  if _contains "$response" "Invalid account authorization"; then
+    _err "It seems that your api key or accountnumber is not correct."
+    return 1
+  fi
+  return 0
+}
--- a/dnsapi/dns_transip.sh
+++ b/dnsapi/dns_transip.sh
@@ -0,0 +1,162 @@
+#!/usr/bin/env sh
+TRANSIP_Api_Url="https://api.transip.nl/v6"
+TRANSIP_Token_Read_Only="false"
+TRANSIP_Token_Global_Key="false"
+TRANSIP_Token_Expiration="30 minutes"
+# You can't reuse a label token, so we leave this empty normally
+TRANSIP_Token_Label=""
+
+########  Public functions #####################
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_transip_add() {
+  fulldomain="$1"
+  _debug fulldomain="$fulldomain"
+  txtvalue="$2"
+  _debug txtvalue="$txtvalue"
+  _transip_setup "$fulldomain" || return 1
+  _info "Creating TXT record."
+  if ! _transip_rest POST "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then
+    _err "Could not add TXT record."
+    return 1
+  fi
+  return 0
+}
+
+dns_transip_rm() {
+  fulldomain=$1
+  _debug fulldomain="$fulldomain"
+  txtvalue=$2
+  _debug txtvalue="$txtvalue"
+  _transip_setup "$fulldomain" || return 1
+  _info "Removing TXT record."
+  if ! _transip_rest DELETE "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then
+    _err "Could not remove TXT record $_sub_domain for $domain"
+    return 1
+  fi
+  return 0
+}
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+  domain="$1"
+  i=2
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+    _domain="$h"
+
+    if _transip_rest GET "domains/$h/dns" && _contains "$response" "dnsEntries"; then
+      return 0
+    fi
+
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  _err "Unable to parse this domain"
+  return 1
+}
+
+_transip_rest() {
+  m="$1"
+  ep="$2"
+  data="$3"
+  _debug ep "$ep"
+  export _H1="Accept: application/json"
+  export _H2="Authorization: Bearer $_token"
+  export _H4="Content-Type: application/json"
+  if [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$TRANSIP_Api_Url/$ep" "" "$m")"
+    retcode=$?
+  else
+    response="$(_get "$TRANSIP_Api_Url/$ep")"
+    retcode=$?
+  fi
+
+  if [ "$retcode" != "0" ]; then
+    _err "error $ep"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}
+
+_transip_get_token() {
+  nonce=$(echo "TRANSIP$(_time)" | _digest sha1 hex | cut -c 1-32)
+  _debug nonce "$nonce"
+
+  data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key}\"}"
+  _debug data "$data"
+
+  #_signature=$(printf "%s" "$data" | openssl dgst -sha512 -sign "$TRANSIP_Key_File" | _base64)
+  _signature=$(printf "%s" "$data" | _sign "$TRANSIP_Key_File" "sha512")
+  _debug2 _signature "$_signature"
+
+  export _H1="Signature: $_signature"
+  export _H2="Content-Type: application/json"
+
+  response="$(_post "$data" "$TRANSIP_Api_Url/auth" "" "POST")"
+  retcode=$?
+  _debug2 response "$response"
+  if [ "$retcode" != "0" ]; then
+    _err "Authentication failed."
+    return 1
+  fi
+  if _contains "$response" "token"; then
+    _token="$(echo "$response" | _normalizeJson | sed -n 's/^{"token":"\(.*\)"}/\1/p')"
+    _debug _token "$_token"
+    return 0
+  fi
+  return 1
+}
+
+_transip_setup() {
+  fulldomain=$1
+
+  # retrieve the transip creds
+  TRANSIP_Username="${TRANSIP_Username:-$(_readaccountconf_mutable TRANSIP_Username)}"
+  TRANSIP_Key_File="${TRANSIP_Key_File:-$(_readaccountconf_mutable TRANSIP_Key_File)}"
+  # check their vals for null
+  if [ -z "$TRANSIP_Username" ] || [ -z "$TRANSIP_Key_File" ]; then
+    TRANSIP_Username=""
+    TRANSIP_Key_File=""
+    _err "You didn't specify a TransIP username and api key file location"
+    _err "Please set those values and try again."
+    return 1
+  fi
+  # save the username and api key to the account conf file.
+  _saveaccountconf_mutable TRANSIP_Username "$TRANSIP_Username"
+  _saveaccountconf_mutable TRANSIP_Key_File "$TRANSIP_Key_File"
+
+  if [ -f "$TRANSIP_Key_File" ]; then
+    if ! grep "BEGIN PRIVATE KEY" "$TRANSIP_Key_File" >/dev/null 2>&1; then
+      _err "Key file doesn't seem to be a valid key: ${TRANSIP_Key_File}"
+      return 1
+    fi
+  else
+    _err "Can't read private key file: ${TRANSIP_Key_File}"
+    return 1
+  fi
+
+  if [ -z "$_token" ]; then
+    if ! _transip_get_token; then
+      _err "Can not get token."
+      return 1
+    fi
+  fi
+
+  _get_root "$fulldomain" || return 1
+
+  return 0
+}
--- a/dnsapi/dns_unoeuro.sh
+++ b/dnsapi/dns_unoeuro.sh
@@ -5,7 +5,7 @@
 #
 #UNO_User="UExxxxxx"

-Uno_Api="https://api.unoeuro.com/1"
+Uno_Api="https://api.simply.com/1"

 ########  Public functions #####################

@@ -24,12 +24,6 @@ dns_unoeuro_add() {
    return 1
  fi

-  if ! _contains "$UNO_User" "UE"; then
-    _err "It seems that the UNO_User=$UNO_User is not a valid username."
-    _err "Please check and retry."
-    return 1
-  fi
-
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable UNO_Key "$UNO_Key"
  _saveaccountconf_mutable UNO_User "$UNO_User"
--- a/dnsapi/dns_variomedia.sh
+++ b/dnsapi/dns_variomedia.sh
@@ -107,7 +107,7 @@ _get_root() {
    fi

    if _startswith "$response" "\{\"data\":"; then
-      if _contains "$response" "\"id\": \"$h\""; then
+      if _contains "$response" "\"id\":\"$h\""; then
        _sub_domain="$(echo "$fulldomain" | sed "s/\\.$h\$//")"
        _domain=$h
        return 0
--- a/dnsapi/dns_world4you.sh
+++ b/dnsapi/dns_world4you.sh
@@ -0,0 +1,210 @@
+#!/usr/bin/env sh
+
+# World4You - www.world4you.com
+# Lorenz Stechauner, 2020 - https://www.github.com/NerLOR
+
+WORLD4YOU_API="https://my.world4you.com/en"
+PAKETNR=''
+TLD=''
+RECORD=''
+
+################ Public functions ################
+
+# Usage: dns_world4you_add <fqdn> <value>
+dns_world4you_add() {
+  fqdn="$1"
+  value="$2"
+  _info "Using world4you to add record"
+  _debug fulldomain "$fqdn"
+  _debug txtvalue "$value"
+
+  _login
+  if [ "$?" != 0 ]; then
+    return 1
+  fi
+
+  export _H1="Cookie: W4YSESSID=$sessid"
+  form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht")
+  _get_paketnr "$fqdn" "$form"
+  paketnr="$PAKETNR"
+  if [ -z "$paketnr" ]; then
+    _err "Unable to parse paketnr"
+    return 3
+  fi
+  _debug paketnr "$paketnr"
+
+  export _H1="Cookie: W4YSESSID=$sessid"
+  form=$(_get "$WORLD4YOU_API/$paketnr/dns")
+  formiddp=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/')
+  formidttl=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/')
+  form_token=$(echo "$form" | grep 'AddDnsRecordForm\[_token\]' | sed 's/^.*name="AddDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/')
+  if [ -z "$formiddp" ]; then
+    _err "Unable to parse form"
+    return 3
+  fi
+
+  _resethttp
+  export ACME_HTTP_NO_REDIRECTS=1
+  body="AddDnsRecordForm[name]=$RECORD&AddDnsRecordForm[dnsType][type]=TXT&\
+AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\
+AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token"
+  _info "Adding record..."
+  ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded')
+  _resethttp
+
+  if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then
+    res=$(_get "$WORLD4YOU_API/$paketnr/dns")
+    if _contains "$res" "successfully"; then
+      return 0
+    else
+      msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/')
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        msg='Unknown error'
+      fi
+      _err "Unable to add record: $msg"
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        echo "$ret" >'error-01.html'
+        echo "$res" >'error-02.html'
+        _err "View error-01.html and error-02.html for debugging"
+      fi
+      return 1
+    fi
+  else
+    _err "$(_head_n 3 <"$HTTP_HEADER")"
+    _err "View $HTTP_HEADER for debugging"
+    return 1
+  fi
+}
+
+# Usage: dns_world4you_rm <fqdn> <value>
+dns_world4you_rm() {
+  fqdn="$1"
+  value="$2"
+  _info "Using world4you to remove record"
+  _debug fulldomain "$fqdn"
+  _debug txtvalue "$value"
+
+  _login
+  if [ "$?" != 0 ]; then
+    return 1
+  fi
+
+  export _H1="Cookie: W4YSESSID=$sessid"
+  form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht")
+  _get_paketnr "$fqdn" "$form"
+  paketnr="$PAKETNR"
+  if [ -z "$paketnr" ]; then
+    _err "Unable to parse paketnr"
+    return 3
+  fi
+  _debug paketnr "$paketnr"
+
+  form=$(_get "$WORLD4YOU_API/$paketnr/dns")
+  formiddp=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/')
+  formidttl=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/')
+  form_token=$(echo "$form" | grep 'DeleteDnsRecordForm\[_token\]' | sed 's/^.*name="DeleteDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/')
+  if [ -z "$formiddp" ]; then
+    _err "Unable to parse form"
+    return 3
+  fi
+
+  recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64)
+  _debug recordid "$recordid"
+
+  _resethttp
+  export ACME_HTTP_NO_REDIRECTS=1
+  body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\
+DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\
+DeleteDnsRecordForm[_token]=$form_token"
+  _info "Removing record..."
+  ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded')
+  _resethttp
+
+  if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then
+    res=$(_get "$WORLD4YOU_API/$paketnr/dns")
+    if _contains "$res" "successfully"; then
+      return 0
+    else
+      msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/')
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        msg='Unknown error'
+      fi
+      _err "Unable to remove record: $msg"
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        echo "$ret" >'error-01.html'
+        echo "$res" >'error-02.html'
+        _err "View error-01.html and error-02.html for debugging"
+      fi
+      return 1
+    fi
+  else
+    _err "$(_head_n 3 <"$HTTP_HEADER")"
+    _err "View $HTTP_HEADER for debugging"
+    return 1
+  fi
+}
+
+################ Private functions ################
+
+# Usage: _login
+_login() {
+  WORLD4YOU_USERNAME="${WORLD4YOU_USERNAME:-$(_readaccountconf_mutable WORLD4YOU_USERNAME)}"
+  WORLD4YOU_PASSWORD="${WORLD4YOU_PASSWORD:-$(_readaccountconf_mutable WORLD4YOU_PASSWORD)}"
+
+  if [ -z "$WORLD4YOU_USERNAME" ] || [ -z "$WORLD4YOU_PASSWORD" ]; then
+    WORLD4YOU_USERNAME=""
+    WORLD4YOU_PASSWORD=""
+    _err "You didn't specify world4you username and password yet."
+    _err "Usage: export WORLD4YOU_USERNAME=<name>"
+    _err "Usage: export WORLD4YOU_PASSWORD=<password>"
+    return 1
+  fi
+
+  _saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME"
+  _saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD"
+
+  _info "Logging in..."
+
+  username="$WORLD4YOU_USERNAME"
+  password="$WORLD4YOU_PASSWORD"
+  csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*<input[^>]*value=\"\([^"]*\)\".*$/\1/')
+  sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/')
+
+  export _H1="Cookie: W4YSESSID=$sessid"
+  export _H2="X-Requested-With: XMLHttpRequest"
+  body="_username=$username&_password=$password&_csrf_token=$csrf_token"
+  ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded')
+  unset _H2
+  _debug ret "$ret"
+  if _contains "$ret" "\"success\":true"; then
+    _info "Successfully logged in"
+    sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/')
+  else
+    _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')"
+    return 1
+  fi
+}
+
+# Usage _get_paketnr <fqdn> <form>
+_get_paketnr() {
+  fqdn="$1"
+  form="$2"
+
+  domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/')
+  domain=''
+  for domain in $domains; do
+    if _contains "$fqdn" "$domain\$"; then
+      break
+    fi
+    domain=''
+  done
+  if [ -z "$domain" ]; then
+    return 1
+  fi
+
+  TLD="$domain"
+  _debug domain "$domain"
+  RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))")
+  PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/')
+  return 0
+}
--- a/dnsapi/dns_yandex.sh
+++ b/dnsapi/dns_yandex.sh
@@ -25,7 +25,7 @@ dns_yandex_add() {
  _PDD_get_record_ids || return 1
  _debug "Record_ids: $record_ids"

-  if [ ! -z "$record_ids" ]; then
+  if [ -n "$record_ids" ]; then
    _info "All existing $subdomain records from $domain will be removed at the very end."
  fi

--- a/notify/mail.sh
+++ b/notify/mail.sh
@@ -98,24 +98,24 @@ _mail_cmnd() {
  _MAIL_ARGS=""

  case $(basename "$_MAIL_BIN") in
-    sendmail)
-      if [ -n "$MAIL_FROM" ]; then
-        _MAIL_ARGS="-f '$MAIL_FROM'"
-      fi
-      ;;
-    mutt | mail)
-      _MAIL_ARGS="-s '$_subject'"
-      ;;
-    msmtp)
-      if [ -n "$MAIL_FROM" ]; then
-        _MAIL_ARGS="-f '$MAIL_FROM'"
-      fi
+  sendmail)
+    if [ -n "$MAIL_FROM" ]; then
+      _MAIL_ARGS="-f '$MAIL_FROM'"
+    fi
+    ;;
+  mutt | mail)
+    _MAIL_ARGS="-s '$_subject'"
+    ;;
+  msmtp)
+    if [ -n "$MAIL_FROM" ]; then
+      _MAIL_ARGS="-f '$MAIL_FROM'"
+    fi

-      if [ -n "$MAIL_MSMTP_ACCOUNT" ]; then
-        _MAIL_ARGS="$_MAIL_ARGS -a '$MAIL_MSMTP_ACCOUNT'"
-      fi
-      ;;
-    *) ;;
+    if [ -n "$MAIL_MSMTP_ACCOUNT" ]; then
+      _MAIL_ARGS="$_MAIL_ARGS -a '$MAIL_MSMTP_ACCOUNT'"
+    fi
+    ;;
+  *) ;;
  esac

  echo "'$_MAIL_BIN' $_MAIL_ARGS '$MAIL_TO'"
@@ -123,16 +123,16 @@ _mail_cmnd() {

 _mail_body() {
  case $(basename "$_MAIL_BIN") in
-    sendmail | ssmtp | msmtp)
-      if [ -n "$MAIL_FROM" ]; then
-        echo "From: $MAIL_FROM"
-      fi
+  sendmail | ssmtp | msmtp)
+    if [ -n "$MAIL_FROM" ]; then
+      echo "From: $MAIL_FROM"
+    fi

-      echo "To: $MAIL_TO"
-      echo "Subject: $subject"
-      echo "Content-Type: $contenttype"
-      echo
-      ;;
+    echo "To: $MAIL_TO"
+    echo "Subject: $subject"
+    echo "Content-Type: $contenttype"
+    echo
+    ;;
  esac

  echo "$_content"
--- a/notify/teams.sh
+++ b/notify/teams.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env sh
+
+#Support Microsoft Teams webhooks
+
+#TEAMS_WEBHOOK_URL=""
+#TEAMS_THEME_COLOR=""
+#TEAMS_SUCCESS_COLOR=""
+#TEAMS_ERROR_COLOR=""
+#TEAMS_SKIP_COLOR=""
+
+teams_send() {
+  _subject="$1"
+  _content="$2"
+  _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
+  _debug "_statusCode" "$_statusCode"
+
+  _color_success="2cbe4e" # green
+  _color_danger="cb2431"  # red
+  _color_muted="586069"   # gray
+
+  TEAMS_WEBHOOK_URL="${TEAMS_WEBHOOK_URL:-$(_readaccountconf_mutable TEAMS_WEBHOOK_URL)}"
+  if [ -z "$TEAMS_WEBHOOK_URL" ]; then
+    TEAMS_WEBHOOK_URL=""
+    _err "You didn't specify a Microsoft Teams webhook url TEAMS_WEBHOOK_URL yet."
+    return 1
+  fi
+  _saveaccountconf_mutable TEAMS_WEBHOOK_URL "$TEAMS_WEBHOOK_URL"
+
+  TEAMS_THEME_COLOR="${TEAMS_THEME_COLOR:-$(_readaccountconf_mutable TEAMS_THEME_COLOR)}"
+  if [ -n "$TEAMS_THEME_COLOR" ]; then
+    _saveaccountconf_mutable TEAMS_THEME_COLOR "$TEAMS_THEME_COLOR"
+  fi
+
+  TEAMS_SUCCESS_COLOR="${TEAMS_SUCCESS_COLOR:-$(_readaccountconf_mutable TEAMS_SUCCESS_COLOR)}"
+  if [ -n "$TEAMS_SUCCESS_COLOR" ]; then
+    _saveaccountconf_mutable TEAMS_SUCCESS_COLOR "$TEAMS_SUCCESS_COLOR"
+  fi
+
+  TEAMS_ERROR_COLOR="${TEAMS_ERROR_COLOR:-$(_readaccountconf_mutable TEAMS_ERROR_COLOR)}"
+  if [ -n "$TEAMS_ERROR_COLOR" ]; then
+    _saveaccountconf_mutable TEAMS_ERROR_COLOR "$TEAMS_ERROR_COLOR"
+  fi
+
+  TEAMS_SKIP_COLOR="${TEAMS_SKIP_COLOR:-$(_readaccountconf_mutable TEAMS_SKIP_COLOR)}"
+  if [ -n "$TEAMS_SKIP_COLOR" ]; then
+    _saveaccountconf_mutable TEAMS_SKIP_COLOR "$TEAMS_SKIP_COLOR"
+  fi
+
+  export _H1="Content-Type: application/json"
+
+  _subject=$(echo "$_subject" | _json_encode)
+  _content=$(echo "$_content" | _json_encode)
+
+  case "$_statusCode" in
+  0)
+    _color="${TEAMS_SUCCESS_COLOR:-$_color_success}"
+    ;;
+  1)
+    _color="${TEAMS_ERROR_COLOR:-$_color_danger}"
+    ;;
+  2)
+    _color="${TEAMS_SKIP_COLOR:-$_color_muted}"
+    ;;
+  esac
+
+  _color=$(echo "$_color" | tr -cd 'a-fA-F0-9')
+  if [ -z "$_color" ]; then
+    _color=$(echo "${TEAMS_THEME_COLOR:-$_color_muted}" | tr -cd 'a-fA-F0-9')
+  fi
+
+  _data="{\"title\": \"$_subject\","
+  if [ -n "$_color" ]; then
+    _data="$_data\"themeColor\": \"$_color\", "
+  fi
+  _data="$_data\"text\": \"$_content\"}"
+
+  if response=$(_post "$_data" "$TEAMS_WEBHOOK_URL"); then
+    if ! _contains "$response" error; then
+      _info "teams send success."
+      return 0
+    fi
+  fi
+  _err "teams send error."
+  _err "$response"
+  return 1
+}
--- a/notify/xmpp.sh
+++ b/notify/xmpp.sh
@@ -71,13 +71,13 @@ _xmpp_bin() {

 _xmpp_cmnd() {
  case $(basename "$_XMPP_BIN") in
-    sendxmpp)
-      echo "'$_XMPP_BIN' '$XMPP_TO' $XMPP_BIN_ARGS"
-      ;;
-    *)
-      _err "Command $XMPP_BIN is not supported, use sendxmpp."
-      return 1
-      ;;
+  sendxmpp)
+    echo "'$_XMPP_BIN' '$XMPP_TO' $XMPP_BIN_ARGS"
+    ;;
+  *)
+    _err "Command $XMPP_BIN is not supported, use sendxmpp."
+    return 1
+    ;;
  esac
 }