Merge pull request #6676 from acmesh-official/dev

sync

.github/workflows/DNS.yml

@@ -441,7 +441,9 @@ jobs:
       with:
         envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
         copyback: false
-        prepare: pkgutil -y -i socat
+        prepare: |
+          pkgutil -U
+          pkgutil -y -i socat
         run: |
           pkg set-mediator -v -I default@1.1 openssl
           export PATH=/usr/gnu/bin:$PATH

.github/workflows/Solaris.yml

@@ -66,7 +66,9 @@ jobs:
         envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
         nat: |
           "8080": "80"
-        prepare: pkgutil -y -i socat curl wget
+        prepare: |
+          pkgutil -U
+          pkgutil -y -i socat curl wget
         copyback: false
         run: |
           cd ../acmetest \

.github/workflows/wiki-monitor.yml

@@ -22,6 +22,7 @@ jobs:
             page_sha=$(jq -r '.pages[0].sha' "$GITHUB_EVENT_PATH")
             page_url=$(jq -r '.pages[0].html_url' "$GITHUB_EVENT_PATH")
             page_action=$(jq -r '.pages[0].action' "$GITHUB_EVENT_PATH")
+            page_summary=$(jq -r '.pages[0].summary' "$GITHUB_EVENT_PATH")
             now="$(date '+%Y-%m-%d %H:%M:%S')"
 
             cd wiki
@@ -35,9 +36,11 @@ jobs:
             {
             echo "Wiki edited"
             echo -n "User: "
-            echo "[$actor]($sender_url)"
+            echo "@$actor [$actor]($sender_url)"
             echo "Time: $now"
             echo "Page: [$page_name]($page_url) (Action: $page_action)"
+            echo "Comment: $page_summary"
+            echo "[Click here to Revert](${page_url}/_history)"
             echo ""
             echo "----"
             echo "###  diff："

acme.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-VER=3.1.2
+VER=3.1.3
 
 PROJECT_NAME="acme.sh"
 
@@ -1031,7 +1031,7 @@ _digest() {
 
   outputhex="$2"
 
-  if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then
+  if [ "$alg" = "sha3-256" ] || [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then
     if [ "$outputhex" ]; then
       ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' '
     else

dnsapi/dns_ali.sh

@@ -97,12 +97,13 @@ _ali_rest() {
 }
 
 _ali_nonce() {
-  #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
-  #Not so good...
-  date +"%s%N" | sed 's/%N//g'
+  if [ "$ACME_OPENSSL_BIN" ]; then
+    "$ACME_OPENSSL_BIN" rand -hex 16 2>/dev/null && return 0
+  fi
+  printf "%s" "$(date +%s)$$$(date +%N)" | _digest sha256 hex | cut -c 1-32
 }
 
-_timestamp() {
+_ali_timestamp() {
   date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
 }
 
@@ -150,7 +151,7 @@ _check_exist_query() {
   query=$query'&SignatureMethod=HMAC-SHA1'
   query=$query"&SignatureNonce=$(_ali_nonce)"
   query=$query'&SignatureVersion=1.0'
-  query=$query'&Timestamp='$(_timestamp)
+  query=$query'&Timestamp='$(_ali_timestamp)
   query=$query'&TypeKeyWord=TXT'
   query=$query'&Version=2015-01-09'
 }
@@ -166,7 +167,7 @@ _add_record_query() {
   query=$query'&SignatureMethod=HMAC-SHA1'
   query=$query"&SignatureNonce=$(_ali_nonce)"
   query=$query'&SignatureVersion=1.0'
-  query=$query'&Timestamp='$(_timestamp)
+  query=$query'&Timestamp='$(_ali_timestamp)
   query=$query'&Type=TXT'
   query=$query'&Value='$3
   query=$query'&Version=2015-01-09'
@@ -182,7 +183,7 @@ _delete_record_query() {
   query=$query'&SignatureMethod=HMAC-SHA1'
   query=$query"&SignatureNonce=$(_ali_nonce)"
   query=$query'&SignatureVersion=1.0'
-  query=$query'&Timestamp='$(_timestamp)
+  query=$query'&Timestamp='$(_ali_timestamp)
   query=$query'&Version=2015-01-09'
 }
 
@@ -196,7 +197,7 @@ _describe_records_query() {
   query=$query'&SignatureMethod=HMAC-SHA1'
   query=$query"&SignatureNonce=$(_ali_nonce)"
   query=$query'&SignatureVersion=1.0'
-  query=$query'&Timestamp='$(_timestamp)
+  query=$query'&Timestamp='$(_ali_timestamp)
   query=$query'&Version=2015-01-09'
 }
 

dnsapi/dns_aws.sh

@@ -161,7 +161,7 @@ _get_root() {
     h=$(printf "%s" "$domain" | cut -d . -f "$i"-100 | sed 's/\./\\./g')
     _debug "Checking domain: $h"
     if [ -z "$h" ]; then
-      _error "invalid domain"
+      _err "invalid domain"
       return 1
     fi
 

dnsapi/dns_efficientip.sh

@@ -0,0 +1,139 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034
+dns_efficientip_info='efficientip.com
+Site: https://efficientip.com/
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_efficientip
+Options:
+  EfficientIP_Creds HTTP Basic Authentication credentials. E.g. "username:password"
+  EfficientIP_Server EfficientIP SOLIDserver Management IP address or FQDN.
+  EfficientIP_DNS_Name Name of the DNS smart or server hosting the zone. Optional.
+  EfficientIP_View Name of the DNS view hosting the zone. Optional.
+OptionsAlt:
+  EfficientIP_Token_Key Alternative API token key, prefered over basic authentication.
+  EfficientIP_Token_Secret Alternative API token secret, required when using a token key.
+  EfficientIP_Server EfficientIP SOLIDserver Management IP address or FQDN.
+  EfficientIP_DNS_Name Name of the DNS smart or server hosting the zone. Optional.
+  EfficientIP_View Name of the DNS view hosting the zone. Optional.
+Issues: github.com/acmesh-official/acme.sh/issues/6325
+Author: EfficientIP-Labs <contact@efficientip.com>
+'
+
+dns_efficientip_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using EfficientIP API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if { [ -z "${EfficientIP_Creds}" ] && { [ -z "${EfficientIP_Token_Key}" ] || [ -z "${EfficientIP_Token_Secret}" ]; }; } || [ -z "${EfficientIP_Server}" ]; then
+    EfficientIP_Creds=""
+    EfficientIP_Token_Key=""
+    EfficientIP_Token_Secret=""
+    EfficientIP_Server=""
+    _err "You didn't specify any EfficientIP credentials or token or server (EfficientIP_Creds; EfficientIP_Token_Key; EfficientIP_Token_Secret; EfficientIP_Server)."
+    _err "Please set them via EXPORT EfficientIP_Creds=username:password or EXPORT EfficientIP_server=ip/hostname"
+    _err "or if you want to use Token instead EXPORT EfficientIP_Token_Key=yourkey"
+    _err "and EXPORT EfficientIP_Token_Secret=yoursecret"
+    _err "then try again."
+    return 1
+  fi
+
+  if [ -z "${EfficientIP_DNS_Name}" ]; then
+    EfficientIP_DNS_Name=""
+  fi
+
+  EfficientIP_DNSNameEncoded=$(printf "%b" "${EfficientIP_DNS_Name}" | _url_encode)
+
+  if [ -z "${EfficientIP_View}" ]; then
+    EfficientIP_View=""
+  fi
+
+  EfficientIP_ViewEncoded=$(printf "%b" "${EfficientIP_View}" | _url_encode)
+
+  _saveaccountconf EfficientIP_Creds "${EfficientIP_Creds}"
+  _saveaccountconf EfficientIP_Token_Key "${EfficientIP_Token_Key}"
+  _saveaccountconf EfficientIP_Token_Secret "${EfficientIP_Token_Secret}"
+  _saveaccountconf EfficientIP_Server "${EfficientIP_Server}"
+  _saveaccountconf EfficientIP_DNS_Name "${EfficientIP_DNS_Name}"
+  _saveaccountconf EfficientIP_View "${EfficientIP_View}"
+
+  export _H1="Accept-Language:en-US"
+  baseurlnObject="https://${EfficientIP_Server}/rest/dns_rr_add?rr_type=TXT&rr_ttl=300&rr_name=${fulldomain}&rr_value1=${txtvalue}"
+
+  if [ "${EfficientIP_DNSNameEncoded}" != "" ]; then
+    baseurlnObject="${baseurlnObject}&dns_name=${EfficientIP_DNSNameEncoded}"
+  fi
+
+  if [ "${EfficientIP_ViewEncoded}" != "" ]; then
+    baseurlnObject="${baseurlnObject}&dnsview_name=${EfficientIP_ViewEncoded}"
+  fi
+
+  if [ -z "${EfficientIP_Token_Secret}" ] || [ -z "${EfficientIP_Token_Key}" ]; then
+    EfficientIP_CredsEncoded=$(printf "%b" "${EfficientIP_Creds}" | _base64)
+    export _H2="Authorization: Basic ${EfficientIP_CredsEncoded}"
+  else
+    TS=$(date +%s)
+    Sig=$(printf "%b\n$TS\nPOST\n$baseurlnObject" "${EfficientIP_Token_Secret}" | _digest sha3-256 hex)
+    EfficientIP_CredsEncoded=$(printf "%b:%b" "${EfficientIP_Token_Key}" "$Sig")
+    export _H2="Authorization: SDS ${EfficientIP_CredsEncoded}"
+    export _H3="X-SDS-TS: ${TS}"
+  fi
+
+  result="$(_post "" "${baseurlnObject}" "" "POST")"
+
+  if [ "$(echo "${result}" | _egrep_o "ret_oid")" ]; then
+    _info "DNS record successfully created"
+    return 0
+  else
+    _err "Error creating DNS record"
+    _err "${result}"
+    return 1
+  fi
+}
+
+dns_efficientip_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using EfficientIP API"
+  _debug fulldomain "${fulldomain}"
+  _debug txtvalue "${txtvalue}"
+
+  EfficientIP_ViewEncoded=$(printf "%b" "${EfficientIP_View}" | _url_encode)
+  EfficientIP_DNSNameEncoded=$(printf "%b" "${EfficientIP_DNS_Name}" | _url_encode)
+  EfficientIP_CredsEncoded=$(printf "%b" "${EfficientIP_Creds}" | _base64)
+
+  export _H1="Accept-Language:en-US"
+
+  baseurlnObject="https://${EfficientIP_Server}/rest/dns_rr_delete?rr_type=TXT&rr_name=$fulldomain&rr_value1=$txtvalue"
+  if [ "${EfficientIP_DNSNameEncoded}" != "" ]; then
+    baseurlnObject="${baseurlnObject}&dns_name=${EfficientIP_DNSNameEncoded}"
+  fi
+
+  if [ "${EfficientIP_ViewEncoded}" != "" ]; then
+    baseurlnObject="${baseurlnObject}&dnsview_name=${EfficientIP_ViewEncoded}"
+  fi
+
+  if [ -z "$EfficientIP_Token_Secret" ] || [ -z "$EfficientIP_Token_Key" ]; then
+    EfficientIP_CredsEncoded=$(printf "%b" "${EfficientIP_Creds}" | _base64)
+    export _H2="Authorization: Basic $EfficientIP_CredsEncoded"
+  else
+    TS=$(date +%s)
+    Sig=$(printf "%b\n$TS\nDELETE\n${baseurlnObject}" "${EfficientIP_Token_Secret}" | _digest sha3-256 hex)
+    EfficientIP_CredsEncoded=$(printf "%b:%b" "${EfficientIP_Token_Key}" "$Sig")
+    export _H2="Authorization: SDS ${EfficientIP_CredsEncoded}"
+    export _H3="X-SDS-TS: $TS"
+  fi
+
+  result="$(_post "" "${baseurlnObject}" "" "DELETE")"
+
+  if [ "$(echo "${result}" | _egrep_o "ret_oid")" ]; then
+    _info "DNS Record successfully deleted"
+    return 0
+  else
+    _err "Error deleting DNS record"
+    _err "${result}"
+    return 1
+  fi
+}

dnsapi/dns_gandi_livedns.sh

@@ -23,6 +23,8 @@ dns_gandi_livedns_add() {
   fulldomain=$1
   txtvalue=$2
 
+  GANDI_LIVEDNS_KEY="${GANDI_LIVEDNS_KEY:-$(_readaccountconf_mutable GANDI_LIVEDNS_KEY)}"
+  GANDI_LIVEDNS_TOKEN="${GANDI_LIVEDNS_TOKEN:-$(_readaccountconf_mutable GANDI_LIVEDNS_TOKEN)}"
   if [ -z "$GANDI_LIVEDNS_KEY" ] && [ -z "$GANDI_LIVEDNS_TOKEN" ]; then
     _err "No Token or API key (deprecated) specified for Gandi LiveDNS."
     _err "Create your token or key and export it as GANDI_LIVEDNS_KEY or GANDI_LIVEDNS_TOKEN respectively"
@@ -31,11 +33,11 @@ dns_gandi_livedns_add() {
 
   # Keep only one secret in configuration
   if [ -n "$GANDI_LIVEDNS_TOKEN" ]; then
-    _saveaccountconf GANDI_LIVEDNS_TOKEN "$GANDI_LIVEDNS_TOKEN"
-    _clearaccountconf GANDI_LIVEDNS_KEY
+    _saveaccountconf_mutable GANDI_LIVEDNS_TOKEN "$GANDI_LIVEDNS_TOKEN"
+    _clearaccountconf_mutable GANDI_LIVEDNS_KEY
   elif [ -n "$GANDI_LIVEDNS_KEY" ]; then
-    _saveaccountconf GANDI_LIVEDNS_KEY "$GANDI_LIVEDNS_KEY"
-    _clearaccountconf GANDI_LIVEDNS_TOKEN
+    _saveaccountconf_mutable GANDI_LIVEDNS_KEY "$GANDI_LIVEDNS_KEY"
+    _clearaccountconf_mutable GANDI_LIVEDNS_TOKEN
   fi
 
   _debug "First detect the root zone"

dnsapi/dns_infoblox_uddi.sh

@@ -0,0 +1,244 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034
+dns_infoblox_uddi_info='Infoblox UDDI
+Site: Infoblox.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infoblox_uddi
+Options:
+ Infoblox_UDDI_Key API Key for Infoblox UDDI
+ Infoblox_Portal URL, e.g. "csp.infoblox.com" or "csp.eu.infoblox.com"
+Issues: github.com/acmesh-official/acme.sh/issues
+Author: Stefan Riegel
+'
+
+Infoblox_UDDI_Api="https://"
+
+########  Public functions #####################
+
+#Usage: dns_infoblox_uddi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_infoblox_uddi_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  Infoblox_UDDI_Key="${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}"
+  Infoblox_Portal="${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}"
+
+  _info "Using Infoblox UDDI API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if [ -z "$Infoblox_UDDI_Key" ] || [ -z "$Infoblox_Portal" ]; then
+    Infoblox_UDDI_Key=""
+    Infoblox_Portal=""
+    _err "You didn't specify the Infoblox UDDI key or server (Infoblox_UDDI_Key; Infoblox_Portal)."
+    _err "Please set them via EXPORT Infoblox_UDDI_Key=your_key, EXPORT Infoblox_Portal=csp.infoblox.com and try again."
+    return 1
+  fi
+
+  _saveaccountconf_mutable Infoblox_UDDI_Key "$Infoblox_UDDI_Key"
+  _saveaccountconf_mutable Infoblox_Portal "$Infoblox_Portal"
+
+  export _H1="Authorization: Token $Infoblox_UDDI_Key"
+  export _H2="Content-Type: application/json"
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting existing txt records"
+  _infoblox_rest GET "dns/record?_filter=type%20eq%20'TXT'%20and%20name_in_zone%20eq%20'$_sub_domain'%20and%20zone%20eq%20'$_domain_id'"
+
+  _info "Adding record"
+  body="{\"type\":\"TXT\",\"name_in_zone\":\"$_sub_domain\",\"zone\":\"$_domain_id\",\"ttl\":120,\"inheritance_sources\":{\"ttl\":{\"action\":\"override\"}},\"rdata\":{\"text\":\"$txtvalue\"}}"
+
+  if _infoblox_rest POST "dns/record" "$body"; then
+    if _contains "$response" "$txtvalue"; then
+      _info "Added, OK"
+      return 0
+    elif _contains "$response" '"error"'; then
+      # Check if record already exists
+      if _contains "$response" "already exists" || _contains "$response" "duplicate"; then
+        _info "Already exists, OK"
+        return 0
+      else
+        _err "Add txt record error."
+        _err "Response: $response"
+        return 1
+      fi
+    else
+      _info "Added, OK"
+      return 0
+    fi
+  fi
+  _err "Add txt record error."
+  return 1
+}
+
+#Usage: dns_infoblox_uddi_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_infoblox_uddi_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  Infoblox_UDDI_Key="${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}"
+  Infoblox_Portal="${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}"
+
+  if [ -z "$Infoblox_UDDI_Key" ] || [ -z "$Infoblox_Portal" ]; then
+    _err "Credentials not found"
+    return 1
+  fi
+
+  _info "Using Infoblox UDDI API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  export _H1="Authorization: Token $Infoblox_UDDI_Key"
+  export _H2="Content-Type: application/json"
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _domain_id "$_domain_id"
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting txt records to delete"
+  # Filter by txtvalue to support wildcard certs (multiple TXT records)
+  filter="type%20eq%20'TXT'%20and%20name_in_zone%20eq%20'$_sub_domain'%20and%20zone%20eq%20'$_domain_id'%20and%20rdata.text%20eq%20'$txtvalue'"
+  _infoblox_rest GET "dns/record?_filter=$filter"
+
+  if ! _contains "$response" '"results"'; then
+    _info "Don't need to remove, record not found."
+    return 0
+  fi
+
+  record_id=$(echo "$response" | _egrep_o '"id":[[:space:]]*"[^"]*"' | _head_n 1 | cut -d '"' -f 4)
+  _debug "record_id" "$record_id"
+
+  if [ -z "$record_id" ]; then
+    _info "Don't need to remove, record not found."
+    return 0
+  fi
+
+  # Extract UUID from the full record ID (format: dns/record/uuid)
+  record_uuid=$(echo "$record_id" | sed 's|.*/||')
+  _debug "record_uuid" "$record_uuid"
+
+  if ! _infoblox_rest DELETE "dns/record/$record_uuid"; then
+    _err "Delete record error."
+    return 1
+  fi
+
+  _info "Removed record successfully"
+  return 0
+}
+
+####################  Private functions below ##################################
+
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+# _domain_id=dns/auth_zone/xxxx-xxxx
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+
+  # Remove _acme-challenge prefix if present
+  domain_no_acme=$(echo "$domain" | sed 's/^_acme-challenge\.//')
+
+  while true; do
+    h=$(printf "%s" "$domain_no_acme" | cut -d . -f "$i"-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      # not valid
+      return 1
+    fi
+
+    # Query for the zone with both trailing dot and without
+    filter="fqdn%20eq%20'$h.'%20or%20fqdn%20eq%20'$h'"
+    if ! _infoblox_rest GET "dns/auth_zone?_filter=$filter"; then
+      # API error - don't continue if we get auth errors
+      if _contains "$response" "401" || _contains "$response" "Authorization"; then
+        _err "Authentication failed. Please check your Infoblox_UDDI_Key."
+        return 1
+      fi
+      # For other errors, continue to parent domain
+      p=$i
+      i=$((i + 1))
+      continue
+    fi
+
+    # Check if response contains results (even if empty)
+    if _contains "$response" '"results"'; then
+      # Extract zone ID - must match the pattern dns/auth_zone/...
+      zone_id=$(echo "$response" | _egrep_o '"id":[[:space:]]*"dns/auth_zone/[^"]*"' | _head_n 1 | cut -d '"' -f 4)
+      if [ -n "$zone_id" ]; then
+        # Found the zone
+        _domain="$h"
+        _domain_id="$zone_id"
+
+        # Calculate subdomain
+        if [ "$_domain" = "$domain" ]; then
+          _sub_domain=""
+        else
+          _cutlength=$((${#domain} - ${#_domain} - 1))
+          _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
+        fi
+
+        return 0
+      fi
+    fi
+
+    p=$i
+    i=$((i + 1))
+  done
+
+  return 1
+}
+
+# _infoblox_rest GET "dns/record?_filter=..."
+# _infoblox_rest POST "dns/record" "{json body}"
+# _infoblox_rest DELETE "dns/record/uuid"
+_infoblox_rest() {
+  method=$1
+  ep="$2"
+  data="$3"
+
+  _debug "$ep"
+
+  # Ensure credentials are available (when called from _get_root)
+  Infoblox_UDDI_Key="${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}"
+  Infoblox_Portal="${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}"
+
+  Infoblox_UDDI_Api="https://$Infoblox_Portal/api/ddi/v1"
+  export _H1="Authorization: Token $Infoblox_UDDI_Key"
+  export _H2="Content-Type: application/json"
+
+  # Debug (masked)
+  _tok_len=$(printf "%s" "$Infoblox_UDDI_Key" | wc -c | tr -d ' \n')
+  _debug2 "Auth header set" "Token len=${_tok_len} on $Infoblox_Portal"
+
+  if [ "$method" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$Infoblox_UDDI_Api/$ep" "" "$method")"
+  else
+    response="$(_get "$Infoblox_UDDI_Api/$ep")"
+  fi
+
+  _ret="$?"
+  _debug2 response "$response"
+
+  if [ "$_ret" != "0" ]; then
+    _err "Error: $ep"
+    return 1
+  fi
+
+  return 0
+}

dnsapi/dns_mgwm.sh

@@ -0,0 +1,109 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034
+dns_mgwm_info='mgw-media.de
+Site: mgw-media.de
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mgwm
+Options:
+ MGWM_CUSTOMER Your customer number
+ MGWM_API_HASH Your API Hash
+Issues: github.com/acmesh-official/acme.sh/issues/6669
+'
+# Base URL for the mgw-media.de API
+MGWM_API_BASE="https://api.mgw-media.de/record"
+
+########  Public functions #####################
+
+# This function is called by acme.sh to add a TXT record.
+dns_mgwm_add() {
+  fulldomain=$1
+  txtvalue=$2
+  _info "Using mgw-media.de DNS API for domain $fulldomain (add record)"
+  _debug "fulldomain: $fulldomain"
+  _debug "txtvalue: $txtvalue"
+
+  # Call the new private function to handle the API request.
+  # The 'add' action, fulldomain, type 'txt' and txtvalue are passed.
+  if _mgwm_request "add" "$fulldomain" "txt" "$txtvalue"; then
+    _info "TXT record for $fulldomain successfully added via mgw-media.de API."
+    _sleep 10 # Wait briefly for DNS propagation, a common practice in DNS-01 hooks.
+    return 0
+  else
+    # Error message already logged by _mgwm_request, but a specific one here helps.
+    _err "mgwm_add: Failed to add TXT record for $fulldomain."
+    return 1
+  fi
+}
+# This function is called by acme.sh to remove a TXT record after validation.
+dns_mgwm_rm() {
+  fulldomain=$1
+  txtvalue=$2 # This txtvalue is now used to identify the specific record to be removed.
+  _info "Removing TXT record for $fulldomain using mgw-media.de DNS API (remove record)"
+  _debug "fulldomain: $fulldomain"
+  _debug "txtvalue: $txtvalue"
+
+  # Call the new private function to handle the API request.
+  # The 'rm' action, fulldomain, type 'txt' and txtvalue are passed.
+  if _mgwm_request "rm" "$fulldomain" "txt" "$txtvalue"; then
+    _info "TXT record for $fulldomain successfully removed via mgw-media.de API."
+    return 0
+  else
+    # Error message already logged by _mgwm_request, but a specific one here helps.
+    _err "mgwm_rm: Failed to remove TXT record for $fulldomain."
+    return 1
+  fi
+}
+####################  Private functions below ##################################
+
+# _mgwm_request() encapsulates the API call logic, including
+# loading credentials, setting the Authorization header, and executing the request.
+# Arguments:
+#   $1: action (e.g., "add", "rm")
+#   $2: fulldomain
+#   $3: type (e.g., "txt")
+#   $4: content (the txtvalue)
+_mgwm_request() {
+  _action="$1"
+  _fulldomain="$2"
+  _type="$3"
+  _content="$4"
+
+  _debug "Calling _mgwm_request for action: $_action, domain: $_fulldomain, type: $_type, content: $_content"
+
+  # Load credentials from environment or acme.sh config
+  MGWM_CUSTOMER="${MGWM_CUSTOMER:-$(_readaccountconf_mutable MGWM_CUSTOMER)}"
+  MGWM_API_HASH="${MGWM_API_HASH:-$(_readaccountconf_mutable MGWM_API_HASH)}"
+
+  # Check if credentials are set
+  if [ -z "$MGWM_CUSTOMER" ] || [ -z "$MGWM_API_HASH" ]; then
+    _err "You didn't specify one or more of MGWM_CUSTOMER or MGWM_API_HASH."
+    _err "Please check these environment variables and try again."
+    return 1
+  fi
+
+  # Save credentials for automatic renewal and future calls
+  _saveaccountconf_mutable MGWM_CUSTOMER "$MGWM_CUSTOMER"
+  _saveaccountconf_mutable MGWM_API_HASH "$MGWM_API_HASH"
+
+  # Create the Basic Auth Header. acme.sh's _base64 function is used for encoding.
+  _credentials="$(printf "%s:%s" "$MGWM_CUSTOMER" "$MGWM_API_HASH" | _base64)"
+  export _H1="Authorization: Basic $_credentials"
+  _debug "Set Authorization Header: Basic <credentials_encoded>" # Log debug message without sensitive credentials
+
+  # Construct the API URL based on the action and provided parameters.
+  _request_url="${MGWM_API_BASE}/${_action}/${_fulldomain}/${_type}/${_content}"
+  _debug "Constructed mgw-media.de API URL for action '$_action': ${_request_url}"
+
+  # Execute the HTTP GET request with the Authorization Header.
+  # The 5th parameter of _get is where acme.sh expects custom HTTP headers like Authorization.
+  response="$(_get "$_request_url")"
+  _debug "mgw-media.de API response for action '$_action': $response"
+
+  # Check the API response for success. The API returns "OK" on success.
+  if [ "$response" = "OK" ]; then
+    _info "mgw-media.de API action '$_action' for record '$_fulldomain' successful."
+    return 0
+  else
+    _err "Failed mgw-media.de API action '$_action' for record '$_fulldomain'. Unexpected API Response: '$response'"
+    return 1
+  fi
+}