Merge branch 'dev' into master

Dockerfile

@@ -15,11 +15,11 @@ RUN apk --no-cache add -f \
   jq \
   cronie
 
-ENV LE_CONFIG_HOME /acme.sh
+ENV LE_CONFIG_HOME=/acme.sh
 
 ARG AUTO_UPGRADE=1
 
-ENV AUTO_UPGRADE $AUTO_UPGRADE
+ENV AUTO_UPGRADE=$AUTO_UPGRADE
 
 #Install
 COPY ./ /install_acme.sh/

acme.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-VER=3.1.0
+VER=3.1.1
 
 PROJECT_NAME="acme.sh"
 
@@ -921,6 +921,9 @@ _sed_i() {
   if sed -h 2>&1 | grep "\-i\[SUFFIX]" >/dev/null 2>&1; then
     _debug "Using sed  -i"
     sed -i "$options" "$filename"
+  elif sed -h 2>&1 | grep "\-i extension" >/dev/null 2>&1; then
+    _debug "Using FreeBSD sed -i"
+    sed -i "" "$options" "$filename"
   else
     _debug "No -i support in sed"
     text="$(cat "$filename")"
@@ -5818,7 +5821,7 @@ _deploy() {
         return 1
       fi
 
-      if ! $d_command "$_d" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then
+      if ! $d_command "$_d" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CERT_PFX_PATH"; then
         _err "Error deploying for domain: $_d"
         return 1
       fi

deploy/docker.sh

@@ -18,6 +18,7 @@ docker_deploy() {
   _ccert="$3"
   _cca="$4"
   _cfullchain="$5"
+  _cpfx="$6"
   _debug _cdomain "$_cdomain"
   _getdeployconf DEPLOY_DOCKER_CONTAINER_LABEL
   _debug2 DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL"
@@ -88,6 +89,12 @@ docker_deploy() {
     _savedeployconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"
   fi
 
+  _getdeployconf DEPLOY_DOCKER_CONTAINER_PFX_FILE
+  _debug2 DEPLOY_DOCKER_CONTAINER_PFX_FILE "$DEPLOY_DOCKER_CONTAINER_PFX_FILE"
+  if [ "$DEPLOY_DOCKER_CONTAINER_PFX_FILE" ]; then
+    _savedeployconf DEPLOY_DOCKER_CONTAINER_PFX_FILE "$DEPLOY_DOCKER_CONTAINER_PFX_FILE"
+  fi
+
   _getdeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD
   _debug2 DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
   if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
@@ -125,6 +132,12 @@ docker_deploy() {
     fi
   fi
 
+  if [ "$DEPLOY_DOCKER_CONTAINER_PFX_FILE" ]; then
+    if ! _docker_cp "$_cid" "$_cpfx" "$DEPLOY_DOCKER_CONTAINER_PFX_FILE"; then
+      return 1
+    fi
+  fi
+
   if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
     _info "Reloading: $DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
     if ! _docker_exec "$_cid" "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"; then

deploy/haproxy.sh

@@ -357,7 +357,7 @@ haproxy_deploy() {
         _info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
       fi
       _socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
-      _debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
+      _secure_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
       eval "${_socat_cert_set_cmd}"
       _ret=$?
       if [ "${_ret}" != "0" ]; then

deploy/routeros.sh

@@ -144,8 +144,8 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
 \n/certificate remove [ find name=$_cdomain.cer_1 ];\
 \n/certificate remove [ find name=$_cdomain.cer_2 ];\
 \ndelay 1;\
-\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\
-\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\
+\n/certificate import file-name=\\\"$_cdomain.cer\\\" passphrase=\\\"\\\";\
+\n/certificate import file-name=\\\"$_cdomain.key\\\" passphrase=\\\"\\\";\
 \ndelay 1;\
 \n:do {/file remove $_cdomain.cer; } on-error={ }\
 \n:do {/file remove $_cdomain.key; } on-error={ }\

deploy/synology_dsm.sh

@@ -186,8 +186,8 @@ synology_dsm_deploy() {
       if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
         _getdeployconf SYNO_LOCAL_HOSTNAME
         _debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}"
-        if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then
-          if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
+        if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
+          if [ "$SYNO_LOCAL_HOSTNAME" != "1" ]; then
             _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
             return 1
           fi
@@ -320,7 +320,7 @@ synology_dsm_deploy() {
     _cleardeployconf SYNO_DEVICE_ID
     _cleardeployconf SYNO_DEVICE_NAME
     _savedeployconf SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
-    _savedeployconf SYNO_LOCAL_HOSTNAME "$SYNO_HOSTNAME"
+    _savedeployconf SYNO_LOCAL_HOSTNAME "$SYNO_LOCAL_HOSTNAME"
   else
     _savedeployconf SYNO_USERNAME "$SYNO_USERNAME"
     _savedeployconf SYNO_PASSWORD "$SYNO_PASSWORD"
@@ -411,7 +411,7 @@ _temp_admin_create() {
   _username="$1"
   _password="$2"
   synouser --del "$_username" >/dev/null 2>/dev/null
-  synouser --add "$_username" "$_password" "" 0 "scruelt@hotmail.com" 0 >/dev/null
+  synouser --add "$_username" "$_password" "" 0 "" 0 >/dev/null
 }
 
 _temp_admin_cleanup() {

dnsapi/dns_freemyip.sh

@@ -0,0 +1,105 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034
+dns_freemyip_info='FreeMyIP.com
+Site: freemyip.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_freemyip
+Options:
+ FREEMYIP_Token API Token
+Issues: github.com/acmesh-official/acme.sh/issues/{XXXX}
+Author: Recolic Keghart <root@recolic.net>, @Giova96
+'
+
+FREEMYIP_DNS_API="https://freemyip.com/update?"
+
+################ Public functions ################
+
+#Usage: dns_freemyip_add    fulldomain    txtvalue
+dns_freemyip_add() {
+  fulldomain="$1"
+  txtvalue="$2"
+
+  _info "Add TXT record $txtvalue for $fulldomain using freemyip.com api"
+
+  FREEMYIP_Token="${FREEMYIP_Token:-$(_readaccountconf_mutable FREEMYIP_Token)}"
+  if [ -z "$FREEMYIP_Token" ]; then
+    FREEMYIP_Token=""
+    _err "You don't specify FREEMYIP_Token yet."
+    _err "Please specify your token and try again."
+    return 1
+  fi
+
+  #save the credentials to the account conf file.
+  _saveaccountconf_mutable FREEMYIP_Token "$FREEMYIP_Token"
+
+  if _is_root_domain_published "$fulldomain"; then
+    _err "freemyip API don't allow you to set multiple TXT record for the same subdomain!"
+    _err "You must apply certificate for only one domain at a time!"
+    _err "===="
+    _err "For example, aaa.yourdomain.freemyip.com and bbb.yourdomain.freemyip.com and yourdomain.freemyip.com ALWAYS share the same TXT record. They will overwrite each other if you apply multiple domain at the same time."
+    _debug "If you are testing this workflow in github pipeline or acmetest, please set TEST_DNS_NO_SUBDOMAIN=1 and TEST_DNS_NO_WILDCARD=1"
+    return 1
+  fi
+
+  # txtvalue must be url-encoded. But it's not necessary for acme txt value.
+  _freemyip_get_until_ok "${FREEMYIP_DNS_API}token=$FREEMYIP_Token&domain=$fulldomain&txt=$txtvalue" 2>&1
+  return $?
+}
+
+#Usage: dns_freemyip_rm    fulldomain    txtvalue
+dns_freemyip_rm() {
+  fulldomain="$1"
+  txtvalue="$2"
+
+  _info "Delete TXT record $txtvalue for $fulldomain using freemyip.com api"
+
+  FREEMYIP_Token="${FREEMYIP_Token:-$(_readaccountconf_mutable FREEMYIP_Token)}"
+  if [ -z "$FREEMYIP_Token" ]; then
+    FREEMYIP_Token=""
+    _err "You don't specify FREEMYIP_Token yet."
+    _err "Please specify your token and try again."
+    return 1
+  fi
+
+  #save the credentials to the account conf file.
+  _saveaccountconf_mutable FREEMYIP_Token "$FREEMYIP_Token"
+
+  # Leave the TXT record as empty or "null" to delete the record.
+  _freemyip_get_until_ok "${FREEMYIP_DNS_API}token=$FREEMYIP_Token&domain=$fulldomain&txt=" 2>&1
+  return $?
+}
+
+################ Private functions below  ################
+_get_root() {
+  _fmi_d="$1"
+
+  echo "$_fmi_d" | rev | cut -d '.' -f 1-3 | rev
+}
+
+# There is random failure while calling freemyip API too fast. This function automatically retry until success.
+_freemyip_get_until_ok() {
+  _fmi_url="$1"
+  for i in $(seq 1 8); do
+    _debug "HTTP GET freemyip.com API '$_fmi_url', retry $i/8..."
+    _get "$_fmi_url" | tee /dev/fd/2 | grep OK && return 0
+    _sleep 1 # DO NOT send the request too fast
+  done
+  _err "Failed to request freemyip API: $_fmi_url . Server does not say 'OK'"
+  return 1
+}
+
+# Verify in public dns if domain is already there.
+_is_root_domain_published() {
+  _fmi_d="$1"
+  _webroot="$(_get_root "$_fmi_d")"
+
+  _info "Verifying '""$_fmi_d""' freemyip webroot (""$_webroot"") is not published yet"
+  for i in $(seq 1 3); do
+    _debug "'$_webroot' ns lookup, retry $i/3..."
+    if [ "$(_ns_lookup "$_fmi_d" TXT)" ]; then
+      _debug "'$_webroot' already has a TXT record published!"
+      return 0
+    fi
+    _sleep 10 # Give it some time to propagate the TXT record
+  done
+  return 1
+}

dnsapi/dns_he_ddns.sh

@@ -34,5 +34,11 @@ dns_he_ddns_add() {
   _contains "$response" "good" && return 0 || return 1
 }
 
-# dns_he_ddns_rm() is not implemented because the API call always updates the
+# dns_he_ddns_rm() is not doing anything because the API call always updates the
 # contents of the existing record (that the API key gives access to).
+
+dns_he_ddns_rm() {
+  fulldomain=$1
+  _debug "Delete TXT record called for '${fulldomain}', not doing anything."
+  return 0
+}

dnsapi/dns_world4you.sh

@@ -202,7 +202,7 @@ _get_paketnr() {
   fqdn="$1"
   form="$2"
 
-  domains=$(echo "$form" | grep '<ul class="nav header-paket-list">' | sed 's/<li/\n<li/g' | sed 's/<[^>]*>/ /g' | sed 's/^.*>\([^>]*\)$/\1/')
+  domains=$(echo "$form" | grep 'paketListData' | grep -o '"fqdn":"[^"]*"' | sed 's/.*:"\(.*\)"/\1/')
   _debug domains "$domains"
   domain=''
   for domain in $domains; do
@@ -218,7 +218,7 @@ _get_paketnr() {
   TLD="$domain"
   _debug domain "$domain"
   RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))")
-  PAKETNR=$(echo "$domains" | grep -o " $domain.*" | sed 's/^[^,]*, *\([0-9]*\).*$/\1/')
+  PAKETNR=$(echo "$form" | grep -o "\"id\":[^{}]*\"fqdn\":\"$domain\"" | sed 's/"id":\([0-9]*\).*$/\1/')
   return 0
 }
 

notify/cqhttp.sh

@@ -52,7 +52,7 @@ cqhttp_send() {
   _finalUrl="$CQHTTP_APIROOT$CQHTTP_APIPATH?access_token=$_access_token&user_id=$_user_id&message=$_message"
   response="$(_get "$_finalUrl")"
 
-  if [ "$?" = "0" ] && _contains "$response" "\"retcode\":0,\"status\":\"ok\""; then
+  if [ "$?" = "0" ] && _contains "$response" "\"retcode\":0" && _contains "$response" "\"status\":\"ok\""; then
     _info "QQ send success."
     return 0
   fi