From 2280e66d7366d51a937ebaf2fe126c759c721395 Mon Sep 17 00:00:00 2001
From: Manuel Sanchez Pinar <aomanu@gmail.com>
Date: Thu, 12 May 2022 10:51:15 +0200
Subject: [PATCH 1/9] dns_aws: Fix when _acme-challenge is a hostedzone

    The function '_get_root' tries to retrieve the
    hostedzone iterating the domains, eg:
      1. srv.prod.example.com
      2. prod.example.com
      3. example.com
    This doesn't work if '_acme-challenge' is in it's
    own hostedzone for security reasons.
    Starting that iteration with '_acme-challenge.srv.prod.example.com'
    fixes this issue.
---
 dnsapi/dns_aws.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh
index 14a4594d..78008f5b 100755
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -151,8 +151,8 @@ dns_aws_rm() {
 ####################  Private functions below ##################################
 
 _get_root() {
-  domain=$1
-  i=2
+  domain=_acme-challenge.$1
+  i=1
   p=1
 
   if aws_rest GET "2013-04-01/hostedzone"; then

From 873b113cb3625746b3010bcdf47d86d03f78f009 Mon Sep 17 00:00:00 2001
From: neil <github@neilpang.com>
Date: Thu, 12 May 2022 17:36:19 +0800
Subject: [PATCH 2/9] Update dns_aws.sh

---
 dnsapi/dns_aws.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh
index 78008f5b..376936f5 100755
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -151,7 +151,7 @@ dns_aws_rm() {
 ####################  Private functions below ##################################
 
 _get_root() {
-  domain=_acme-challenge.$1
+  domain=$1
   i=1
   p=1
 

From 5ba2068fc22c0ec816e4f1ed09ba507c27f9455b Mon Sep 17 00:00:00 2001
From: Sebastiaan Hoogeveen <sebastiaan+git@hoogeveen.me>
Date: Mon, 16 May 2022 14:27:24 +0200
Subject: [PATCH 3/9] Fix dns_nederhost to work correctly with wget instead of
 curl.

The dns_nederhost DNS API relies on the exact HTTP status code to be
returned (e.g.  204); however, the _get function always returns 200 for a
succesful call when using wget instead of curl.  This patch fixes this by
using the _post function for all requests done by dns_nederhost.
---
 dnsapi/dns_nederhost.sh | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/dnsapi/dns_nederhost.sh b/dnsapi/dns_nederhost.sh
index 0954ab65..61839cc7 100755
--- a/dnsapi/dns_nederhost.sh
+++ b/dnsapi/dns_nederhost.sh
@@ -112,12 +112,8 @@ _nederhost_rest() {
   export _H1="Authorization: Bearer $NederHost_Key"
   export _H2="Content-Type: application/json"
 
-  if [ "$m" != "GET" ]; then
-    _debug data "$data"
-    response="$(_post "$data" "$NederHost_Api/$ep" "" "$m")"
-  else
-    response="$(_get "$NederHost_Api/$ep")"
-  fi
+  _debug data "$data"
+  response="$(_post "$data" "$NederHost_Api/$ep" "" "$m")"
 
   _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
   _debug "http response code $_code"

From 4047adcc35eb66abbddff5a2ea8efa0b27ceb95b Mon Sep 17 00:00:00 2001
From: Sebastiaan Hoogeveen <sebastiaan@hoogeveen.me>
Date: Wed, 18 May 2022 16:12:37 +0200
Subject: [PATCH 4/9] Force a commit.

---
 dnsapi/dns_nederhost.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnsapi/dns_nederhost.sh b/dnsapi/dns_nederhost.sh
index 61839cc7..abaae42b 100755
--- a/dnsapi/dns_nederhost.sh
+++ b/dnsapi/dns_nederhost.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-#NederHost_Key="sdfgikogfdfghjklkjhgfcdcfghjk"
+#NederHost_Key="sdfgikogfdfghjklkjhgfcdcfghj"
 
 NederHost_Api="https://api.nederhost.nl/dns/v1"
 

From 32adc38e94fa4a699801e289d19fa6d36199af3b Mon Sep 17 00:00:00 2001
From: Avi Miller <avi.miller@oracle.com>
Date: Sat, 21 May 2022 14:36:10 +1000
Subject: [PATCH 5/9] Fix _dbase64 decode of OCI_CLI_KEY

The change made in #4057 broke the decoding of OCI_CLI_KEY from
the encoded OCI_CLI_KEY_FILE content so this removes the multiline
parameter to fix it.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
---
 dnsapi/dns_oci.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh
index eb006120..18d74410 100644
--- a/dnsapi/dns_oci.sh
+++ b/dnsapi/dns_oci.sh
@@ -159,7 +159,7 @@ _oci_config() {
   fi
 
   if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then
-    OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline)
+    OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64)
   fi
 
   return 0

From 58a89edad7e88886dd980f5b91f9144111e89c9b Mon Sep 17 00:00:00 2001
From: Lukas Brocke <lukas@brocke.net>
Date: Sun, 22 May 2022 13:24:18 +0200
Subject: [PATCH 6/9] dnsapi/ionos: Update to API version 1.0.1

The REST API now sends back response bodies for UPDATE and CREATE
operations.
---
 dnsapi/dns_ionos.sh | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh
index c2c431bb..e4ad3318 100755
--- a/dnsapi/dns_ionos.sh
+++ b/dnsapi/dns_ionos.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-# Supports IONOS DNS API Beta v1.0.0
+# Supports IONOS DNS API v1.0.1
 #
 # Usage:
 #   Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh:
@@ -26,7 +26,7 @@ dns_ionos_add() {
 
   _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]"
 
-  if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then
+  if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then
     _info "TXT record has been created successfully."
     return 0
   fi
@@ -47,7 +47,7 @@ dns_ionos_rm() {
     return 1
   fi
 
-  if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ -z "$response" ]; then
+  if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then
     _info "TXT record has been deleted successfully."
     return 0
   fi
@@ -85,7 +85,7 @@ _get_root() {
   p=1
 
   if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then
-    response="$(echo "$response" | tr -d "\n")"
+    _response="$(echo "$_response" | tr -d "\n")"
 
     while true; do
       h=$(printf "%s" "$domain" | cut -d . -f $i-100)
@@ -93,7 +93,7 @@ _get_root() {
         return 1
       fi
 
-      _zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*\}")"
+      _zone="$(echo "$_response" | _egrep_o "\"name\":\"$h\".*\}")"
       if [ "$_zone" ]; then
         _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"')
         if [ "$_zone_id" ]; then
@@ -120,9 +120,9 @@ _ionos_get_record() {
   txtrecord=$3
 
   if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then
-    response="$(echo "$response" | tr -d "\n")"
+    _response="$(echo "$_response" | tr -d "\n")"
 
-    _record="$(echo "$response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")"
+    _record="$(echo "$_response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")"
     if [ "$_record" ]; then
       _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"')
 
@@ -142,22 +142,30 @@ _ionos_rest() {
 
   export _H1="X-API-Key: $IONOS_API_KEY"
 
+  # clear headers
+  : >"$HTTP_HEADER"
+
   if [ "$method" != "GET" ]; then
     export _H2="Accept: application/json"
     export _H3="Content-Type: application/json"
 
-    response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")"
+    _response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")"
   else
     export _H2="Accept: */*"
     export _H3=
-    response="$(_get "$IONOS_API$route")"
+
+    _response="$(_get "$IONOS_API$route")"
   fi
 
+  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
+
   if [ "$?" != "0" ]; then
-    _err "Error $route: $response"
+    _err "Error $route: $_response"
     return 1
   fi
-  _debug2 "response" "$response"
+
+  _debug2 "_response" "$_response"
+  _debug2 "_code" "$_code"
 
   return 0
 }

From 606e59a5d0a6b3fc1963aeae2b23898cb2715a8f Mon Sep 17 00:00:00 2001
From: neilpang <github@neilpang.com>
Date: Sun, 29 May 2022 14:56:30 +0800
Subject: [PATCH 7/9] fix
 https://github.com/acmesh-official/acme.sh/issues/4110

fix https://github.com/acmesh-official/acme.sh/issues/4110
---
 dnsapi/dns_selectel.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnsapi/dns_selectel.sh b/dnsapi/dns_selectel.sh
index 94252d81..bfe501fe 100644
--- a/dnsapi/dns_selectel.sh
+++ b/dnsapi/dns_selectel.sh
@@ -120,7 +120,7 @@ _get_root() {
       return 1
     fi
 
-    if _contains "$response" "\"name\": \"$h\","; then
+    if _contains "$response" "\"name\": *\"$h\","; then
       _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
       _domain=$h
       _debug "Getting domain id for $h"

From 3ce67b282fafd42a1807f556a742fb5b23a60f21 Mon Sep 17 00:00:00 2001
From: neilpang <github@neilpang.com>
Date: Sun, 29 May 2022 15:03:09 +0800
Subject: [PATCH 8/9] merge
 https://github.com/acmesh-official/acme.sh/pull/4108

merge https://github.com/acmesh-official/acme.sh/pull/4108
---
 dnsapi/dns_selectel.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dnsapi/dns_selectel.sh b/dnsapi/dns_selectel.sh
index bfe501fe..1b09882d 100644
--- a/dnsapi/dns_selectel.sh
+++ b/dnsapi/dns_selectel.sh
@@ -76,7 +76,7 @@ dns_selectel_rm() {
     return 1
   fi
 
-  _record_seg="$(echo "$response" | _egrep_o "\"content\" *: *\"$txtvalue\"[^}]*}")"
+  _record_seg="$(echo "$response" | _egrep_o "[^{]*\"content\" *: *\"$txtvalue\"[^}]*}")"
   _debug2 "_record_seg" "$_record_seg"
   if [ -z "$_record_seg" ]; then
     _err "can not find _record_seg"
@@ -120,7 +120,7 @@ _get_root() {
       return 1
     fi
 
-    if _contains "$response" "\"name\": *\"$h\","; then
+    if _contains "$response" "\"name\" *: *\"$h\","; then
       _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
       _domain=$h
       _debug "Getting domain id for $h"

From 993c187e375477f7ac6cc18a3cbdcb43e732c6b0 Mon Sep 17 00:00:00 2001
From: neilpang <github@neilpang.com>
Date: Sun, 29 May 2022 15:08:15 +0800
Subject: [PATCH 9/9] fix
 https://github.com/acmesh-official/acme.sh/issues/4105

fix https://github.com/acmesh-official/acme.sh/issues/4105
---
 dnsapi/dns_edgedns.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh
index 2e5c7d30..11c132fa 100755
--- a/dnsapi/dns_edgedns.sh
+++ b/dnsapi/dns_edgedns.sh
@@ -176,6 +176,7 @@ _EDGEDNS_credentials() {
   _debug "GettingEdge DNS credentials"
   _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})"
   args_missing=0
+  AKAMAI_ACCESS_TOKEN="${AKAMAI_ACCESS_TOKEN:-$(_readaccountconf_mutable AKAMAI_ACCESS_TOKEN)}"
   if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then
     AKAMAI_ACCESS_TOKEN=""
     AKAMAI_CLIENT_TOKEN=""
@@ -184,6 +185,7 @@ _EDGEDNS_credentials() {
     _err "AKAMAI_ACCESS_TOKEN is missing"
     args_missing=1
   fi
+  AKAMAI_CLIENT_TOKEN="${AKAMAI_CLIENT_TOKEN:-$(_readaccountconf_mutable AKAMAI_CLIENT_TOKEN)}"
   if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then
     AKAMAI_ACCESS_TOKEN=""
     AKAMAI_CLIENT_TOKEN=""
@@ -192,6 +194,7 @@ _EDGEDNS_credentials() {
     _err "AKAMAI_CLIENT_TOKEN is missing"
     args_missing=1
   fi
+  AKAMAI_HOST="${AKAMAI_HOST:-$(_readaccountconf_mutable AKAMAI_HOST)}"
   if [ -z "$AKAMAI_HOST" ]; then
     AKAMAI_ACCESS_TOKEN=""
     AKAMAI_CLIENT_TOKEN=""
@@ -200,6 +203,7 @@ _EDGEDNS_credentials() {
     _err "AKAMAI_HOST is missing"
     args_missing=1
   fi
+  AKAMAI_CLIENT_SECRET="${AKAMAI_CLIENT_SECRET:-$(_readaccountconf_mutable AKAMAI_CLIENT_SECRET)}"
   if [ -z "$AKAMAI_CLIENT_SECRET" ]; then
     AKAMAI_ACCESS_TOKEN=""
     AKAMAI_CLIENT_TOKEN=""