From dcf9c467c386e49c606aa98069f63efd8bc32309 Mon Sep 17 00:00:00 2001
From: Monius <m1105930979@gmail.com>
Date: Sat, 20 Aug 2022 19:37:51 +0800
Subject: [PATCH 1/8] fix issue, when profile not end with newline

---
 acme.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index e8228e30..aecef894 100755
--- a/acme.sh
+++ b/acme.sh
@@ -6371,7 +6371,7 @@ _installalias() {
   if [ "$_profile" ]; then
     _debug "Found profile: $_profile"
     _info "Installing alias to '$_profile'"
-    _setopt "$_profile" ". \"$_envfile\""
+    _setopt "$_profile" "\n. \"$_envfile\""
     _info "OK, Close and reopen your terminal to start using $PROJECT_NAME"
   else
     _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME"

From f2634b44cdd4bc38cfd9838ca6cb2e975bd4c25a Mon Sep 17 00:00:00 2001
From: Monius <m1105930979@gmail.com>
Date: Sun, 21 Aug 2022 12:26:37 +0800
Subject: [PATCH 2/8] add EOF, if $__conf not end with one

---
 acme.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/acme.sh b/acme.sh
index aecef894..ec4f90b7 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2239,7 +2239,11 @@ _setopt() {
   if [ ! -f "$__conf" ]; then
     touch "$__conf"
   fi
-
+  if [ -n "$(tail -c 1 <"$__conf")" ]; then
+    _debug3 No New Line
+    echo >>"$__conf"
+  fi
+  
   if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then
     _debug3 OK
     if _contains "$__val" "&"; then
@@ -6371,7 +6375,7 @@ _installalias() {
   if [ "$_profile" ]; then
     _debug "Found profile: $_profile"
     _info "Installing alias to '$_profile'"
-    _setopt "$_profile" "\n. \"$_envfile\""
+    _setopt "$_profile" ". \"$_envfile\""
     _info "OK, Close and reopen your terminal to start using $PROJECT_NAME"
   else
     _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME"

From 6502a71083de93cef288992b00f8d38f4d35c9a4 Mon Sep 17 00:00:00 2001
From: Monius <m1105930979@gmail.com>
Date: Mon, 22 Aug 2022 05:26:12 +0800
Subject: [PATCH 3/8] fix, but remove debug info

---
 acme.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index ec4f90b7..882aaf03 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2240,7 +2240,6 @@ _setopt() {
     touch "$__conf"
   fi
   if [ -n "$(tail -c 1 <"$__conf")" ]; then
-    _debug3 No New Line
     echo >>"$__conf"
   fi
   

From 5a604bfdeec85bf0e578d73f57e7c6bb4ae91409 Mon Sep 17 00:00:00 2001
From: Monius <m1105930979@gmail.com>
Date: Mon, 22 Aug 2022 15:16:30 +0800
Subject: [PATCH 4/8] shfmt check?

---
 acme.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index 882aaf03..11814b6e 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2239,10 +2239,11 @@ _setopt() {
   if [ ! -f "$__conf" ]; then
     touch "$__conf"
   fi
+
   if [ -n "$(tail -c 1 <"$__conf")" ]; then
     echo >>"$__conf"
   fi
-  
+
   if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then
     _debug3 OK
     if _contains "$__val" "&"; then

From b95f836256ca2c7b57d74c1a4a9b524fc92255bc Mon Sep 17 00:00:00 2001
From: Monius <m1105930979@gmail.com>
Date: Tue, 23 Aug 2022 06:30:09 +0800
Subject: [PATCH 5/8] final try

---
 acme.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index 11814b6e..bb6863c7 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2239,7 +2239,6 @@ _setopt() {
   if [ ! -f "$__conf" ]; then
     touch "$__conf"
   fi
-
   if [ -n "$(tail -c 1 <"$__conf")" ]; then
     echo >>"$__conf"
   fi

From a7dd86de71400c48127038ba61603dfdf52133ca Mon Sep 17 00:00:00 2001
From: Markus Lippert <markuslippert@outlook.com>
Date: Thu, 29 Sep 2022 12:22:45 +0200
Subject: [PATCH 6/8] fix(deploy-synology_dsm): support DID with DSM 7

---
 deploy/synology_dsm.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index f30f82c0..c31a5df0 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -108,7 +108,7 @@ synology_dsm_deploy() {
     _debug3 H1 "${_H1}"
   fi
 
-  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$otp_code" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
+  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$otp_code&device_name=certrenewal&device_id=$SYNO_DID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
   token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
   _debug3 response "$response"
   _debug token "$token"

From 666c716bdae095252f75d6d58dd694baffee42e9 Mon Sep 17 00:00:00 2001
From: Adam Tao <tcx4c70@gmail.com>
Date: Tue, 11 Oct 2022 20:36:09 +0800
Subject: [PATCH 7/8] Fix error during saving conf

There might be '|' in __val (e.g., SYNO_Password), which will cause that
all content of the conf file is cleared. Fix it by escaping '|'
manually.

Signed-off-by: Adam Tao <tcx4c70@gmail.com>
---
 acme.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/acme.sh b/acme.sh
index e1ee3867..1ba2c6a5 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2266,6 +2266,9 @@ _setopt() {
     if _contains "$__val" "&"; then
       __val="$(echo "$__val" | sed 's/&/\\&/g')"
     fi
+    if _contains "$__val" "|"; then
+      __val="$(echo "$__val" | sed 's/|/\\|/g')"
+    fi
     text="$(cat "$__conf")"
     printf -- "%s\n" "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf"
 
@@ -2273,6 +2276,9 @@ _setopt() {
     if _contains "$__val" "&"; then
       __val="$(echo "$__val" | sed 's/&/\\&/g')"
     fi
+    if _contains "$__val" "|"; then
+      __val="$(echo "$__val" | sed 's/|/\\|/g')"
+    fi
     text="$(cat "$__conf")"
     printf -- "%s\n" "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf"
 

From 1c16931e260d0dec38ee8c8857c5f33960adceb4 Mon Sep 17 00:00:00 2001
From: neil <github@neilpang.com>
Date: Sun, 16 Oct 2022 16:06:01 +0800
Subject: [PATCH 8/8] add Le_Next_Domain_Key for tlsa fix
 https://github.com/acmesh-official/acme.sh/issues/3096 Usage:
 https://github.com/acmesh-official/acme.sh/wiki/tlsa-next-key

---
 acme.sh | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/acme.sh b/acme.sh
index 1ba2c6a5..1ee76307 100755
--- a/acme.sh
+++ b/acme.sh
@@ -4423,6 +4423,7 @@ issue() {
     _debug "_saved_account_key_hash is not changed, skip register account."
   fi
 
+  export Le_Next_Domain_Key="$CERT_KEY_PATH.next"
   if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ]; then
     _info "Signing from existing CSR."
   else
@@ -4435,14 +4436,30 @@ issue() {
     fi
     _debug "Read key length:$_key"
     if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then
-      if ! createDomainKey "$_main_domain" "$_key_length"; then
-        _err "Create domain key error."
-        _clearup
-        _on_issue_err "$_post_hook"
+      if [ "$Le_ForceNewDomainKey" = "1" ] && [ -f "$Le_Next_Domain_Key" ]; then
+        _info "Using pre generated key: $Le_Next_Domain_Key"
+        cat "$Le_Next_Domain_Key" >"$CERT_KEY_PATH"
+        echo "" >"$Le_Next_Domain_Key"
+      else
+        if ! createDomainKey "$_main_domain" "$_key_length"; then
+          _err "Create domain key error."
+          _clearup
+          _on_issue_err "$_post_hook"
+          return 1
+        fi
+      fi
+    fi
+    if [ "$Le_ForceNewDomainKey" ]; then
+      _info "Generate next pre-generate key."
+      if [ ! -e "$Le_Next_Domain_Key" ]; then
+        touch "$Le_Next_Domain_Key"
+        chmod 600 "$Le_Next_Domain_Key"
+      fi
+      if ! _createkey "$_key_length" "$Le_Next_Domain_Key"; then
+        _err "Can not pre generate domain key"
         return 1
       fi
     fi
-
     if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then
       _err "Create CSR error."
       _clearup
@@ -5178,6 +5195,9 @@ $_authorizations_map"
 
   [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")"
   [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")"
+  if [ "$Le_ForceNewDomainKey" ] && [ -e "$Le_Next_Domain_Key" ]; then
+    _info "Your pre-generated next key for future cert key change is in: $(__green "$Le_Next_Domain_Key")"
+  fi
 
   Le_CertCreateTime=$(_time)
   _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime"
@@ -5752,7 +5772,8 @@ installcert() {
   _savedomainconf "Le_RealKeyPath" "$_real_key"
   _savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
   _savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
-
+  export Le_ForceNewDomainKey="$(_readdomainconf Le_ForceNewDomainKey)"
+  export Le_Next_Domain_Key
   _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
 }
 
@@ -5844,6 +5865,8 @@ _installcert() {
       export CA_CERT_PATH
       export CERT_FULLCHAIN_PATH
       export Le_Domain="$_main_domain"
+      export Le_ForceNewDomainKey
+      export Le_Next_Domain_Key
       cd "$DOMAIN_PATH" && eval "$_reload_cmd"
     ); then
       _info "$(__green "Reload success")"