Merge branch 'dev' into issue_4956

2024-11-05 11:07:20 -03:00 · 2024-11-05 11:07:20 -03:00 · af9425ed8f
parent 03906cc055 d058ac6174
commit af9425ed8f
177 changed files with 4082 additions and 1881 deletions
--- a/.github/workflows/DNS.yml
+++ b/.github/workflows/DNS.yml
@ -1,5 +1,6 @@
 name: DNS
 on:
  workflow_dispatch:
  push:
    paths:
      - 'dnsapi/*.sh'
@ -280,7 +281,7 @@ jobs:
    - uses: vmactions/openbsd-vm@v1
      with:
        envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
-        prepare: pkg_add socat curl
+        prepare: pkg_add socat curl libiconv
        usesh: true
        copyback: false
        run: |
--- a/.github/workflows/DragonFlyBSD.yml
+++ b/.github/workflows/DragonFlyBSD.yml
@ -29,7 +29,7 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
--- a/.github/workflows/FreeBSD.yml
+++ b/.github/workflows/FreeBSD.yml
@ -29,12 +29,12 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         - TEST_ACME_Server: "LetsEncrypt.org_test"
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
           ACME_USE_WGET: 1
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
--- a/.github/workflows/Linux.yml
+++ b/.github/workflows/Linux.yml
@ -26,11 +26,11 @@ jobs:
  Linux:
    strategy:
      matrix:
-        os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"]
+        os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"]
    runs-on: ubuntu-latest
    env:
      TEST_LOCAL: 1
-      TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+      TEST_PREFERRED_CHAIN: (STAGING)
      TEST_ACME_Server: "LetsEncrypt.org_test"
    steps:
    - uses: actions/checkout@v4
--- a/.github/workflows/MacOS.yml
+++ b/.github/workflows/MacOS.yml
@ -29,7 +29,7 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
--- a/.github/workflows/NetBSD.yml
+++ b/.github/workflows/NetBSD.yml
@ -29,7 +29,7 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
--- a/.github/workflows/Omnios.yml
+++ b/.github/workflows/Omnios.yml
@ -29,12 +29,12 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         - TEST_ACME_Server: "LetsEncrypt.org_test"
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
           ACME_USE_WGET: 1
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
--- a/.github/workflows/OpenBSD.yml
+++ b/.github/workflows/OpenBSD.yml
@ -29,12 +29,12 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         - TEST_ACME_Server: "LetsEncrypt.org_test"
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
           ACME_USE_WGET: 1
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
--- a/.github/workflows/PebbleStrict.yml
+++ b/.github/workflows/PebbleStrict.yml
@ -37,7 +37,7 @@ jobs:
    - name: Install tools
      run: sudo apt-get install -y socat
    - name: Run Pebble
-      run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
+      run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker compose up -d
    - name: Set up Pebble
      run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
    - name: Clone acmetest
--- a/.github/workflows/Solaris.yml
+++ b/.github/workflows/Solaris.yml
@ -29,12 +29,12 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         - TEST_ACME_Server: "LetsEncrypt.org_test"
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
           ACME_USE_WGET: 1
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
--- a/.github/workflows/Ubuntu.yml
+++ b/.github/workflows/Ubuntu.yml
@ -29,12 +29,12 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         - TEST_ACME_Server: "LetsEncrypt.org_test"
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
           ACME_USE_WGET: 1
         - TEST_ACME_Server: "ZeroSSL.com"
           CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
--- a/.github/workflows/Windows.yml
+++ b/.github/workflows/Windows.yml
@ -29,7 +29,7 @@ jobs:
           CA_ECDSA: ""
           CA: ""
           CA_EMAIL: ""
-           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
+           TEST_PREFERRED_CHAIN: (STAGING)
         #- TEST_ACME_Server: "ZeroSSL.com"
         #  CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
         #  CA: "ZeroSSL RSA Domain Secure Site CA"
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@ -15,6 +15,8 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 env:
  DOCKER_IMAGE: neilpang/acme.sh
 jobs:
  CheckToken:
@ -44,6 +46,11 @@ jobs:
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5.5.1
        with:
          images: ${DOCKER_IMAGE}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: login to docker hub
@ -51,8 +58,6 @@ jobs:
          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
      - name: build and push the image
        run: |
          DOCKER_IMAGE=neilpang/acme.sh
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/}
          fi
@ -66,8 +71,14 @@ jobs:
            fi
          fi
          DOCKER_LABELS=()
          while read -r label; do
            DOCKER_LABELS+=(--label "${label}")
          done <<<"${DOCKER_METADATA_OUTPUT_LABELS}"
          docker buildx build \
            --tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
            "${DOCKER_LABELS[@]}" \
            --output "type=image,push=true" \
            --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
            --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x .
--- a/.github/workflows/pr_notify.yml
+++ b/.github/workflows/pr_notify.yml
@ -1,4 +1,4 @@
-name: Check dns api
+name: Check notify api
 on:
  pull_request_target:
--- a/acme.sh
+++ b/acme.sh
--- a/deploy/ali_cdn.sh
+++ b/deploy/ali_cdn.sh
@ -0,0 +1,88 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034,SC2154
 # Script to create certificate to Alibaba Cloud CDN
 #
 # Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun
 #
 # This deployment required following variables
 # export Ali_Key="ALIACCESSKEY"
 # export Ali_Secret="ALISECRETKEY"
 # The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi
 #
 # To specify the CDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates
 # export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com"
 # If you have multiple CDN domains using the same certificate, just
 # export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
 #
 # For DCDN, see ali_dcdn deploy hook
 Ali_CDN_API="https://cdn.aliyuncs.com/"
 ali_cdn_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"
  # Load dnsapi/dns_ali.sh to reduce the duplicated codes
  # https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276
  dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)"
  # shellcheck source=/dev/null
  if ! . "$dnsapi_ali"; then
    _err "Error loading file $dnsapi_ali. Please check your API file and try again."
    return 1
  fi
  _prepare_ali_credentials || return 1
  _getdeployconf DEPLOY_ALI_CDN_DOMAIN
  if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then
    _savedeployconf DEPLOY_ALI_CDN_DOMAIN "$DEPLOY_ALI_CDN_DOMAIN"
  else
    DEPLOY_ALI_CDN_DOMAIN="$_cdomain"
  fi
  # read cert and key files and urlencode both
  _cert=$(_url_encode upper-hex <"$_cfullchain")
  _key=$(_url_encode upper-hex <"$_ckey")
  _debug2 _cert "$_cert"
  _debug2 _key "$_key"
  ## update domain ssl config
  for domain in $DEPLOY_ALI_CDN_DOMAIN; do
    _set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key"
    if _ali_rest "Set CDN domain SSL certificate for $domain" "" POST; then
      _info "Domain $domain certificate has been deployed successfully"
    fi
  done
  return 0
 }
 # domain pub pri
 _set_cdn_domain_ssl_certificate_query() {
  endpoint=$Ali_CDN_API
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=SetCdnDomainSSLCertificate'
  query=$query'&CertType=upload'
  query=$query'&DomainName='$1
  query=$query'&Format=json'
  query=$query'&SSLPri='$3
  query=$query'&SSLProtocol=on'
  query=$query'&SSLPub='$2
  query=$query'&SignatureMethod=HMAC-SHA1'
  query=$query"&SignatureNonce=$(_ali_nonce)"
  query=$query'&SignatureVersion=1.0'
  query=$query'&Timestamp='$(_timestamp)
  query=$query'&Version=2018-05-10'
 }
--- a/deploy/ali_dcdn.sh
+++ b/deploy/ali_dcdn.sh
@ -0,0 +1,88 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034,SC2154
 # Script to create certificate to Alibaba Cloud DCDN
 #
 # Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun
 #
 # This deployment required following variables
 # export Ali_Key="ALIACCESSKEY"
 # export Ali_Secret="ALISECRETKEY"
 # The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi
 #
 # To specify the DCDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates
 # export DEPLOY_ALI_DCDN_DOMAIN="dcdn.example.com"
 # If you have multiple CDN domains using the same certificate, just
 # export DEPLOY_ALI_DCDN_DOMAIN="dcdn1.example.com dcdn2.example.com"
 #
 # For regular CDN, see ali_cdn deploy hook
 Ali_DCDN_API="https://dcdn.aliyuncs.com/"
 ali_dcdn_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"
  # Load dnsapi/dns_ali.sh to reduce the duplicated codes
  # https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276
  dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)"
  # shellcheck source=/dev/null
  if ! . "$dnsapi_ali"; then
    _err "Error loading file $dnsapi_ali. Please check your API file and try again."
    return 1
  fi
  _prepare_ali_credentials || return 1
  _getdeployconf DEPLOY_ALI_DCDN_DOMAIN
  if [ "$DEPLOY_ALI_DCDN_DOMAIN" ]; then
    _savedeployconf DEPLOY_ALI_DCDN_DOMAIN "$DEPLOY_ALI_DCDN_DOMAIN"
  else
    DEPLOY_ALI_DCDN_DOMAIN="$_cdomain"
  fi
  # read cert and key files and urlencode both
  _cert=$(_url_encode upper-hex <"$_cfullchain")
  _key=$(_url_encode upper-hex <"$_ckey")
  _debug2 _cert "$_cert"
  _debug2 _key "$_key"
  ## update domain ssl config
  for domain in $DEPLOY_ALI_DCDN_DOMAIN; do
    _set_dcdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key"
    if _ali_rest "Set DCDN domain SSL certificate for $domain" "" POST; then
      _info "Domain $domain certificate has been deployed successfully"
    fi
  done
  return 0
 }
 # domain pub pri
 _set_dcdn_domain_ssl_certificate_query() {
  endpoint=$Ali_DCDN_API
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=SetDcdnDomainSSLCertificate'
  query=$query'&CertType=upload'
  query=$query'&DomainName='$1
  query=$query'&Format=json'
  query=$query'&SSLPri='$3
  query=$query'&SSLProtocol=on'
  query=$query'&SSLPub='$2
  query=$query'&SignatureMethod=HMAC-SHA1'
  query=$query"&SignatureNonce=$(_ali_nonce)"
  query=$query'&SignatureVersion=1.0'
  query=$query'&Timestamp='$(_timestamp)
  query=$query'&Version=2018-01-15'
 }
--- a/deploy/exim4.sh
+++ b/deploy/exim4.sh
@ -109,6 +109,5 @@ exim4_deploy() {
    fi
    return 1
  fi
  return 0
 }
--- a/deploy/routeros.sh
+++ b/deploy/routeros.sh
@ -137,7 +137,8 @@ routeros_deploy() {
    return $_err_code
  fi
-  DEPLOY_SCRIPT_CMD="/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \
+  DEPLOY_SCRIPT_CMD=":do {/system script remove \"LECertDeploy-$_cdomain\" } on-error={ }; \
 /system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \
 comment=\"generated by routeros deploy script in acme.sh\" \
 source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
 \n/certificate remove [ find name=$_cdomain.cer_1 ];\
@ -146,8 +147,8 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
 \n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\
 \n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\
 \ndelay 1;\
-\n/file remove $_cdomain.cer;\
+\n:do {/file remove $_cdomain.cer; } on-error={ }\
-\n/file remove $_cdomain.key;\
+\n:do {/file remove $_cdomain.key; } on-error={ }\
 \ndelay 2;\
 \n/ip service set www-ssl certificate=$_cdomain.cer_0;\
 \n$ROUTER_OS_ADDITIONAL_SERVICES;\
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@ -39,7 +39,7 @@
 ################################################################################
 # Dependencies:
 # - curl
-# - synouser & synogroup (When available and SYNO_USE_TEMP_ADMIN is set)
+# - synouser & synogroup & synosetkeyvalue (Required for SYNO_USE_TEMP_ADMIN=1)
 ################################################################################
 # Return value:
 # 0 means success, otherwise error.
@ -66,14 +66,18 @@ synology_dsm_deploy() {
  _getdeployconf SYNO_DEVICE_NAME
  # Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set
  _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
  _getdeployconf SYNO_USE_TEMP_ADMIN
  _check2cleardeployconfexp SYNO_USE_TEMP_ADMIN
  _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
  if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
-    if ! _exists synouser || ! _exists synogroup; then
+    if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then
-      _err "Tools are missing for creating temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
+      _err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
      _err "Notice: temp admin user authorization method only supports local deployment on DSM."
      return 1
    fi
    if synouser --help 2>&1 | grep -q 'Permission denied'; then
      _err "For creating temp admin user, the deploy script must be run as root."
      return 1
    fi
@ -109,9 +113,9 @@ synology_dsm_deploy() {
  # Default values for scheme, hostname and port
  # Defaulting to localhost and http, because it's localhost…
-  [ -n "$SYNO_SCHEME" ] || SYNO_SCHEME="http"
+  [ -n "$SYNO_SCHEME" ] || SYNO_SCHEME=http
-  [ -n "$SYNO_HOSTNAME" ] || SYNO_HOSTNAME="localhost"
+  [ -n "$SYNO_HOSTNAME" ] || SYNO_HOSTNAME=localhost
-  [ -n "$SYNO_PORT" ] || SYNO_PORT="5000"
+  [ -n "$SYNO_PORT" ] || SYNO_PORT=5000
  _savedeployconf SYNO_SCHEME "$SYNO_SCHEME"
  _savedeployconf SYNO_HOSTNAME "$SYNO_HOSTNAME"
  _savedeployconf SYNO_PORT "$SYNO_PORT"
@ -169,7 +173,7 @@ synology_dsm_deploy() {
      _debug3 H1 "${_H1}"
    fi
-    response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
+    response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/$api_path?enable_syno_token=yes")
    _debug3 response "$response"
  # ## END ## - DEPRECATED, for backward compatibility
  # If SYNO_DEVICE_ID or SYNO_OTP_CODE is set, we treat current account enabled 2FA-OTP.
@ -184,7 +188,7 @@ synology_dsm_deploy() {
        _debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}"
        if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then
          if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
-            _err "SYNO_USE_TEMP_ADMIN=1 Only support locally deployment, if you are sure that hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
+            _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
            return 1
          fi
        fi
@ -201,24 +205,27 @@ synology_dsm_deploy() {
            # shellcheck disable=SC2086
            synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null
          else
-            _err "Tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
+            _err "The tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
            return 1
          fi
        else
          _err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead."
          return 1
        fi
-        # havig a workaround to temporary disable enforce 2FA-OTP
+        # havig a workaround to temporary disable enforce 2FA-OTP, will restore
        # it soon (after a single request), though if any accident occurs like
        # unexpected interruption, this setting can be easily reverted manually.
        otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option)
        if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then
          synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none
-          _info "Temporary disabled enforce 2FA-OTP to complete authentication."
+          _info "Enforcing 2FA-OTP has been disabled to complete temp admin authentication."
          _info "Notice: it will be restored soon, if not, you can restore it manually via Control Panel."
          _info "previous_otp_enforce_option" "$otp_enforce_option"
        else
          otp_enforce_option=""
        fi
      fi
-      response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes")
+      response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes")
      if [ -n "$SYNO_USE_TEMP_ADMIN" ] && [ -n "$otp_enforce_option" ]; then
        synosetkeyvalue /etc/synoinfo.conf otp_enforce_option "$otp_enforce_option"
        _info "Restored previous enforce 2FA-OTP option."
@ -230,7 +237,7 @@ synology_dsm_deploy() {
  error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
  _debug2 error_code "$error_code"
  # Account has 2FA-OTP enabled, since error 403 reported.
-  # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_Administration_CLI_Guide.pdf
+  # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Os/DSM/All/enu/DSM_Login_Web_API_Guide_enu.pdf
  if [ "$error_code" == "403" ]; then
    if [ -z "$SYNO_DEVICE_NAME" ]; then
      printf "Enter device name or leave empty for default (CertRenewal): "
@ -274,12 +281,16 @@ synology_dsm_deploy() {
      _err "Failed to authenticate with provided 2FA-OTP code, please try again in a new terminal window."
    elif [ "$error_code" == "406" ]; then
      if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
-        _err "SYNO_USE_TEMP_ADMIN=1 is not supported if enforce auth with 2FA-OTP is enabled."
+        _err "Failed with unexcepted error, please report this by providing full log with '--debug 3'."
      else
        _err "Enforce auth with 2FA-OTP enabled, please configure the user to enable 2FA-OTP to continue."
      fi
-    elif [ "$error_code" == "400" ] || [ "$error_code" == "401" ] || [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then
+    elif [ "$error_code" == "400" ]; then
-      _err "Failed to authenticate with a non-existent or disabled account, or the account password is incorrect or has expired."
+      _err "Failed to authenticate, no such account or incorrect password."
    elif [ "$error_code" == "401" ]; then
      _err "Failed to authenticate with a non-existent account."
    elif [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then
      _err "Failed to authenticate, the account password has expired or must be changed."
    else
      _err "Failed to authenticate with error: $error_code."
    fi
@ -293,7 +304,7 @@ synology_dsm_deploy() {
  _debug SynoToken "$token"
  if [ -z "$sid" ] || [ -z "$token" ]; then
    # Still can't get necessary info even got no errors, may Synology have API updated?
-    _err "Unable to authenticate to $_base_url, you may report the full log to the community."
+    _err "Unable to authenticate to $_base_url, you may report this by providing full log with '--debug 3'."
    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    return 1
  fi
@ -331,7 +342,7 @@ synology_dsm_deploy() {
    if [ "$error_code" -eq 105 ]; then
      _err "Current user is not administrator and does not have sufficient permission for deploying."
    else
-      _err "Failed to fetch certificate info with error: $error_code, please try again or contact Synology to learn more."
+      _err "Failed to fetch certificate info: $error_code, please try again or contact Synology to learn more."
    fi
    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    return 1
--- a/deploy/unifi.sh
+++ b/deploy/unifi.sh
@ -5,6 +5,15 @@
 #   - self-hosted Unifi Controller
 #   - Unifi Cloud Key (Gen1/2/2+)
 #   - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only)
 #   - Unifi Dream Machine
 #       This has not been tested on other "all-in-one" devices such as
 #       UDM Pro or Unifi Express.
 #
 #       OS Version v2.0.0+
 #       Network Application version 7.0.0+
 #       OS version ~3.1 removed java and keytool from the UnifiOS.
 #       Using PKCS12 format keystore appears to work fine.
 #
 # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359
 #returns 0 means success, otherwise error.
@ -74,14 +83,16 @@ unifi_deploy() {
  _reload_cmd=""
  # Unifi Controller environment (self hosted or any Cloud Key) --
-  # auto-detect by file /usr/lib/unifi/data/keystore:
+  # auto-detect by file /usr/lib/unifi/data/keystore
  _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}"
  if [ -f "$_unifi_keystore" ]; then
    _info "Installing certificate for Unifi Controller (Java keystore)"
    _debug _unifi_keystore "$_unifi_keystore"
    if ! _exists keytool; then
-      _err "keytool not found"
+      _do_keytool=0
-      return 1
+      _info "Installing certificate for Unifi Controller (PKCS12 keystore)."
    else
      _do_keytool=1
      _info "Installing certificate for Unifi Controller (Java keystore)"
    fi
    if [ ! -w "$_unifi_keystore" ]; then
      _err "The file $_unifi_keystore is not writable, please change the permission."
@ -92,6 +103,7 @@ unifi_deploy() {
    _debug "Generate import pkcs12"
    _import_pkcs12="$(_mktemp)"
    _debug "_toPkcs $_import_pkcs12 $_ckey $_ccert $_cca $_unifi_keypass unifi root"
    _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root
    # shellcheck disable=SC2181
    if [ "$?" != "0" ]; then
@ -99,22 +111,57 @@ unifi_deploy() {
      return 1
    fi
    # Save the existing keystore in case something goes wrong.
    mv -f "${_unifi_keystore}" "${_unifi_keystore}"_original
    _info "Previous keystore saved to ${_unifi_keystore}_original."
    if [ "$_do_keytool" -eq 1 ]; then
      _debug "Import into keystore: $_unifi_keystore"
      if keytool -importkeystore \
        -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \
        -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \
        -alias unifi -noprompt; then
        _debug "Import keystore success!"
      rm "$_import_pkcs12"
      else
        _err "Error importing into Unifi Java keystore."
        _err "Please re-run with --debug and report a bug."
        _info "Restoring original keystore."
        mv -f "${_unifi_keystore}"_original "${_unifi_keystore}"
        rm "$_import_pkcs12"
        return 1
      fi
    else
      _debug "Copying new keystore to $_unifi_keystore"
      cp -f "$_import_pkcs12" "$_unifi_keystore"
    fi
    # Update unifi service for certificate cipher compatibility
    if ${ACME_OPENSSL_BIN:-openssl} pkcs12 \
      -in "$_import_pkcs12" \
      -password pass:aircontrolenterprise \
      -nokeys | ${ACME_OPENSSL_BIN:-openssl} x509 -text \
      -noout | grep -i "signature" | grep -iq ecdsa >/dev/null 2>&1; then
      cp -f /usr/lib/unifi/data/system.properties /usr/lib/unifi/data/system.properties_original
      _info "Updating system configuration for cipher compatibility."
      _info "Saved original system config to /usr/lib/unifi/data/system.properties_original"
      sed -i '/unifi\.https\.ciphers/d' /usr/lib/unifi/data/system.properties
      echo "unifi.https.ciphers=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256" >>/usr/lib/unifi/data/system.properties
      sed -i '/unifi\.https\.sslEnabledProtocols/d' /usr/lib/unifi/data/system.properties
      echo "unifi.https.sslEnabledProtocols=TLSv1.3,TLSv1.2" >>/usr/lib/unifi/data/system.properties
      _info "System configuration updated."
    fi
    rm "$_import_pkcs12"
    # Restarting unifi-core will bring up unifi, doing it out of order results in
    # a certificate error, and breaks wifiman.
    # Restart if we aren't doing unifi-core, otherwise stop for later restart.
    if systemctl -q is-active unifi; then
-      _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart"
+      if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then
        _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi"
      else
        _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl stop unifi"
      fi
    fi
    _services_updated="${_services_updated} unifi"
    _info "Install Unifi Controller certificate success!"
@ -165,6 +212,11 @@ unifi_deploy() {
      return 1
    fi
    # Save the existing certs in case something goes wrong.
    cp -f "${_unifi_core_config}"/unifi-core.crt "${_unifi_core_config}"/unifi-core_original.crt
    cp -f "${_unifi_core_config}"/unifi-core.key "${_unifi_core_config}"/unifi-core_original.key
    _info "Previous certificate and key saved to ${_unifi_core_config}/unifi-core_original.crt/key."
    cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt"
    cat "$_ckey" >"${_unifi_core_config}/unifi-core.key"
--- a/deploy/vault.sh
+++ b/deploy/vault.sh
@ -70,10 +70,10 @@ vault_deploy() {
  # JSON does not allow multiline strings.
  # So replacing new-lines with "\n" here
-  _ckey=$(sed -z 's/\n/\\n/g' <"$2")
+  _ckey=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$2")
-  _ccert=$(sed -z 's/\n/\\n/g' <"$3")
+  _ccert=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$3")
-  _cca=$(sed -z 's/\n/\\n/g' <"$4")
+  _cca=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$4")
-  _cfullchain=$(sed -z 's/\n/\\n/g' <"$5")
+  _cfullchain=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$5")
  export _H1="X-Vault-Token: $VAULT_TOKEN"
--- a/deploy/vsftpd.sh
+++ b/deploy/vsftpd.sh
@ -106,5 +106,5 @@ vsftpd_deploy() {
    fi
    return 1
  fi
-  return 0
+
 }
--- a/dnsapi/dns_1984hosting.sh
+++ b/dnsapi/dns_1984hosting.sh
@ -1,22 +1,18 @@
 #!/usr/bin/env sh
-# This file name is "dns_1984hosting.sh"
+# shellcheck disable=SC2034
-# So, here must be a method dns_1984hosting_add()
+dns_1984hosting_info='1984.hosting
-# Which will be called by acme.sh to add the txt record to your api system.
+Domains: 1984.is
-# returns 0 means success, otherwise error.
+Site: 1984.hosting
-
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_1984hosting
-# Author: Adrian Fedoreanu
+Options:
-# Report Bugs here: https://github.com/acmesh-official/acme.sh
+ One984HOSTING_Username Username
-# or here... https://github.com/acmesh-official/acme.sh/issues/2851
+ One984HOSTING_Password Password
 Issues: github.com/acmesh-official/acme.sh/issues/2851
 Author: Adrian Fedoreanu
 '
 ######## Public functions #####################
 # Export 1984HOSTING username and password in following variables
 #
 #  One984HOSTING_Username=username
 #  One984HOSTING_Password=password
 #
 # username/password and csrftoken/sessionid cookies are saved in ~/.acme.sh/account.conf
 # Usage: dns_1984hosting_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Add a text record.
 dns_1984hosting_add() {
@ -215,8 +211,8 @@ _get_root() {
      return 1
    fi
-    _authget "https://1984.hosting/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
+    _authget "https://1984.hosting/domains/zonestatus/$h/?cached=no"
-    if _contains "$_response" "serial" && ! _contains "$_response" "null"; then
+    if _contains "$_response" '"ok": true'; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain="$h"
      return 0
@ -250,7 +246,6 @@ _authget() {
 }
 # Truncate huge HTML response
 # Echo: Argument list too long
 _htmlget() {
  export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE"
  _response=$(_get "$1" | grep "$2")
--- a/dnsapi/dns_acmedns.sh
+++ b/dnsapi/dns_acmedns.sh
@ -1,18 +1,18 @@
 #!/usr/bin/env sh
-#
+# shellcheck disable=SC2034
-#Author: Wolfgang Ebner
+dns_acmedns_info='acme-dns Server API
-#Author: Sven Neubuaer
+ The acme-dns is a limited DNS server with RESTful API to handle ACME DNS challenges.
-#Report Bugs here: https://github.com/dampfklon/acme.sh
+Site: github.com/joohoi/acme-dns
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_acmedns
-# Usage:
+Options:
-# export ACMEDNS_BASE_URL="https://auth.acme-dns.io"
+ ACMEDNS_USERNAME Username. Optional.
-#
+ ACMEDNS_PASSWORD Password. Optional.
-# You can optionally define an already existing account:
+ ACMEDNS_SUBDOMAIN Subdomain. Optional.
-#
+ ACMEDNS_BASE_URL API endpoint. Default: "https://auth.acme-dns.io".
-# export ACMEDNS_USERNAME="<username>"
+Issues: github.com/dampfklon/acme.sh
-# export ACMEDNS_PASSWORD="<password>"
+Author: Wolfgang Ebner, Sven Neubuaer
-# export ACMEDNS_SUBDOMAIN="<subdomain>"
+'
-#
+
 ########  Public functions #####################
 #Usage: dns_acmedns_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
--- a/dnsapi/dns_acmeproxy.sh
+++ b/dnsapi/dns_acmeproxy.sh
@ -1,9 +1,17 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-## Acmeproxy DNS provider to be used with acmeproxy (https://github.com/mdbraber/acmeproxy)
+dns_acmeproxy_info='AcmeProxy Server API
-## API integration by Maarten den Braber
+ AcmeProxy can be used to as a single host in your network to request certificates through a DNS API.
-##
+ Clients can connect with the one AcmeProxy host so you do not need to store DNS API credentials on every single host.
-## Report any bugs via https://github.com/mdbraber/acme.sh
+Site: github.com/mdbraber/acmeproxy
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_acmeproxy
 Options:
 ACMEPROXY_ENDPOINT API Endpoint
 ACMEPROXY_USERNAME Username
 ACMEPROXY_PASSWORD Password
 Issues: github.com/acmesh-official/acme.sh/issues/2251
 Author: Maarten den Braber
 '
 dns_acmeproxy_add() {
  fulldomain="${1}"
--- a/dnsapi/dns_active24.sh
+++ b/dnsapi/dns_active24.sh
@ -1,6 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#ACTIVE24_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
+dns_active24_info='Active24.com
 Site: Active24.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_active24
 Options:
 ACTIVE24_Token API Token
 Issues: github.com/acmesh-official/acme.sh/issues/2059
 Author: Milan Pála
 '
 ACTIVE24_Api="https://api.active24.com"
@ -76,10 +83,10 @@ _get_root() {
    return 1
  fi
-  i=2
+  i=1
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug "h" "$h"
    if [ -z "$h" ]; then
      #not valid
@ -87,7 +94,7 @@ _get_root() {
    fi
    if _contains "$response" "\"$h\"" >/dev/null; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    fi
--- a/dnsapi/dns_ad.sh
+++ b/dnsapi/dns_ad.sh
@ -1,12 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_ad_info='AlwaysData.com
-#AD_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Site: AlwaysData.com
-
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ad
-#This is the Alwaysdata api wrapper for acme.sh
+Options:
-#
+ AD_API_KEY API Key
-#Author: Paul Koppen
+Issues: github.com/acmesh-official/acme.sh/pull/503
-#Report Bugs here: https://github.com/wpk-/acme.sh
+Author: Paul Koppen
 '
 AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1"
@ -94,7 +95,7 @@ _get_root() {
  if _ad_rest GET "domain/"; then
    response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')"
    while true; do
-      h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+      h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
      _debug h "$h"
      if [ -z "$h" ]; then
        #not valid
@ -105,7 +106,7 @@ _get_root() {
      if [ "$hostedzone" ]; then
        _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
        if [ "$_domain_id" ]; then
-          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
          _domain=$h
          return 0
        fi
--- a/dnsapi/dns_ali.sh
+++ b/dnsapi/dns_ali.sh
@ -1,27 +1,27 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_ali_info='AlibabaCloud.com
 Domains: Aliyun.com
 Site: AlibabaCloud.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ali
 Options:
 Ali_Key API Key
 Ali_Secret API Secret
 '
-Ali_API="https://alidns.aliyuncs.com/"
+# NOTICE:
 # This file is referenced by Alibaba Cloud Services deploy hooks
 # https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276
 # Be careful when modifying this file, especially when making breaking changes for common functions
-#Ali_Key="LTqIA87hOKdjevsf5"
+Ali_DNS_API="https://alidns.aliyuncs.com/"
 #Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
 #Usage: dns_ali_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_ali_add() {
  fulldomain=$1
  txtvalue=$2
-  Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
+  _prepare_ali_credentials || return 1
  Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
  if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
    Ali_Key=""
    Ali_Secret=""
    _err "You don't specify aliyun api key and secret yet."
    return 1
  fi
  #save the api key and secret to the account conf file.
  _saveaccountconf_mutable Ali_Key "$Ali_Key"
  _saveaccountconf_mutable Ali_Secret "$Ali_Secret"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
@ -46,14 +46,74 @@ dns_ali_rm() {
  _clean
 }
-####################  Private functions below ##################################
+####################  Alibaba Cloud common functions below  ####################
 _prepare_ali_credentials() {
  Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
  Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
  if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
    Ali_Key=""
    Ali_Secret=""
    _err "You don't specify aliyun api key and secret yet."
    return 1
  fi
  #save the api key and secret to the account conf file.
  _saveaccountconf_mutable Ali_Key "$Ali_Key"
  _saveaccountconf_mutable Ali_Secret "$Ali_Secret"
 }
 # act ign mtd
 _ali_rest() {
  act="$1"
  ign="$2"
  mtd="${3:-GET}"
  signature=$(printf "%s" "$mtd&%2F&$(printf "%s" "$query" | _url_encode upper-hex)" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
  signature=$(printf "%s" "$signature" | _url_encode upper-hex)
  url="$endpoint?Signature=$signature"
  if [ "$mtd" = "GET" ]; then
    url="$url&$query"
    response="$(_get "$url")"
  else
    response="$(_post "$query" "$url" "" "$mtd" "application/x-www-form-urlencoded")"
  fi
  _ret="$?"
  _debug2 response "$response"
  if [ "$_ret" != "0" ]; then
    _err "Error <$act>"
    return 1
  fi
  if [ -z "$ign" ]; then
    message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
    if [ "$message" ]; then
      _err "$message"
      return 1
    fi
  fi
 }
 _ali_nonce() {
  #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
  #Not so good...
  date +"%s%N" | sed 's/%N//g'
 }
 _timestamp() {
  date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
 }
 ####################  Private functions below  ####################
 _get_root() {
  domain=$1
-  i=2
+  i=1
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
@ -65,7 +125,7 @@ _get_root() {
    fi
    if _contains "$response" "PageNumber"; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _debug _sub_domain "$_sub_domain"
      _domain="$h"
      _debug _domain "$_domain"
@ -77,52 +137,10 @@ _get_root() {
  return 1
 }
 _ali_rest() {
  signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
  signature=$(_ali_urlencode "$signature")
  url="$Ali_API?$query&Signature=$signature"
  if ! response="$(_get "$url")"; then
    _err "Error <$1>"
    return 1
  fi
  _debug2 response "$response"
  if [ -z "$2" ]; then
    message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
    if [ "$message" ]; then
      _err "$message"
      return 1
    fi
  fi
 }
 _ali_urlencode() {
  _str="$1"
  _str_len=${#_str}
  _u_i=1
  while [ "$_u_i" -le "$_str_len" ]; do
    _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")"
    case $_str_c in [a-zA-Z0-9.~_-])
      printf "%s" "$_str_c"
      ;;
    *)
      printf "%%%02X" "'$_str_c"
      ;;
    esac
    _u_i="$(_math "$_u_i" + 1)"
  done
 }
 _ali_nonce() {
  #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
  #Not so good...
  date +"%s%N" | sed 's/%N//g'
 }
 _check_exist_query() {
  _qdomain="$1"
  _qsubdomain="$2"
  endpoint=$Ali_DNS_API
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=DescribeDomainRecords'
@ -138,6 +156,7 @@ _check_exist_query() {
 }
 _add_record_query() {
  endpoint=$Ali_DNS_API
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=AddDomainRecord'
@ -154,6 +173,7 @@ _add_record_query() {
 }
 _delete_record_query() {
  endpoint=$Ali_DNS_API
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=DeleteDomainRecord'
@ -167,6 +187,7 @@ _delete_record_query() {
 }
 _describe_records_query() {
  endpoint=$Ali_DNS_API
  query=''
  query=$query'AccessKeyId='$Ali_Key
  query=$query'&Action=DescribeDomainRecords'
@ -197,7 +218,3 @@ _clean() {
  fi
 }
 _timestamp() {
  date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
 }
--- a/dnsapi/dns_alviy.sh
+++ b/dnsapi/dns_alviy.sh
@ -0,0 +1,184 @@
 #!/usr/bin/env sh
 # Alviy domain api
 #
 # Get API key and secret from https://cloud.alviy.com/token
 #
 # Alviy_token="some-secret-key"
 #
 # Ex.: acme.sh --issue --staging --dns dns_alviy -d "*.s.example.com" -d "s.example.com"
 Alviy_Api="https://cloud.alviy.com/api/v1"
 ########  Public functions #####################
 #Usage: dns_alviy_add  _acme-challenge.www.domain.com   "content"
 dns_alviy_add() {
  fulldomain=$1
  txtvalue=$2
  Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}"
  if [ -z "$Alviy_token" ]; then
    Alviy_token=""
    _err "Please specify Alviy token."
    return 1
  fi
  #save the api key and email to the account conf file.
  _saveaccountconf_mutable Alviy_token "$Alviy_token"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug "Getting existing records"
  if _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
    _info "This record already exists, skipping"
    return 0
  fi
  _add_data="{\"content\":\"$txtvalue\",\"type\":\"TXT\"}"
  _debug2 _add_data "$_add_data"
  _info "Adding record"
  if _alviy_rest POST "zone/$_domain/domain/$fulldomain/" "$_add_data"; then
    _debug "Checking updated records of '${fulldomain}'"
    if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
      _err "TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!"
      return 1
    fi
  else
    _err "Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set."
    return 1
  fi
  _sleep 10
  _info "Added TXT record '${txtvalue}' for '${fulldomain}'."
  return 0
 }
 #fulldomain
 dns_alviy_rm() {
  fulldomain=$1
  txtvalue=$2
  Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}"
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
    _info "The record does not exist, skip"
    return 0
  fi
  _add_data=""
  uuid=$(echo "$response" | tr "{" "\n" | grep "$txtvalue" | tr "," "\n" | grep uuid | cut -d \" -f4)
  # delete record
  _debug "Delete TXT record for '${fulldomain}'"
  if ! _alviy_rest DELETE "zone/$_domain/record/$uuid" "{\"confirm\":1}"; then
    _err "Cannot delete empty TXT record for '$fulldomain'"
    return 1
  fi
  _info "The record '$fulldomain'='$txtvalue' deleted"
 }
 ####################  Private functions below ##################################
 #_acme-challenge.www.domain.com
 #returns
 # _sub_domain=_acme-challenge.www
 # _domain=domain.com
 _get_root() {
  domain=$1
  i=3
  a="init"
  while [ -n "$a" ]; do
    a=$(printf "%s" "$domain" | cut -d . -f $i-)
    i=$((i + 1))
  done
  n=$((i - 3))
  h=$(printf "%s" "$domain" | cut -d . -f $n-)
  if [ -z "$h" ]; then
    #not valid
    _alviy_rest GET "zone/$domain/"
    _debug "can't get host from $domain"
    return 1
  fi
  if ! _alviy_rest GET "zone/$h/"; then
    return 1
  fi
  if _contains "$response" '"code":"NOT_FOUND"'; then
    _debug "$h not found"
  else
    s=$((n - 1))
    _sub_domain=$(printf "%s" "$domain" | cut -d . -f -$s)
    _domain="$h"
    return 0
  fi
  return 1
 }
 _alviy_txt_exists() {
  zone=$1
  domain=$2
  content_data=$3
  _debug "Getting existing records"
  if ! _alviy_rest GET "zone/$zone/domain/$domain/TXT/"; then
    _info "The record does not exist"
    return 1
  fi
  if ! _contains "$response" "$3"; then
    _info "The record has other value"
    return 1
  fi
  # GOOD code return - TRUE function
  return 0
 }
 _alviy_rest() {
  method=$1
  path="$2"
  content_data="$3"
  _debug "$path"
  export _H1="Authorization: Bearer $Alviy_token"
  export _H2="Content-Type: application/json"
  if [ "$content_data" ] || [ "$method" = "DELETE" ]; then
    _debug "data ($method): " "$content_data"
    response="$(_post "$content_data" "$Alviy_Api/$path" "" "$method")"
  else
    response="$(_get "$Alviy_Api/$path")"
  fi
  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  if [ "$_code" = "401" ]; then
    _err "It seems that your api key or secret is not correct."
    return 1
  fi
  if [ "$_code" != "200" ]; then
    _err "API call error ($method): $path Response code $_code"
  fi
  if [ "$?" != "0" ]; then
    _err "error on rest call ($method): $path. Response:"
    _err "$response"
    return 1
  fi
  _debug2 response "$response"
  return 0
 }
--- a/dnsapi/dns_anx.sh
+++ b/dnsapi/dns_anx.sh
@ -1,9 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Anexia CloudDNS acme.sh hook
+dns_anx_info='Anexia.com CloudDNS
-# Author: MA
+Site: Anexia.com
-
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_anx
-#ANX_Token="xxxx"
+Options:
 ANX_Token API Token
 Issues: github.com/acmesh-official/acme.sh/issues/3238
 '
 ANX_API='https://engine.anexia-it.com/api/clouddns/v1'
@ -127,18 +130,17 @@ _get_root() {
  i=1
  p=1
  _anx_rest GET "zone.json"
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi
    _anx_rest GET "zone.json/${h}"
    if _contains "$response" "\"name\":\"$h\""; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    fi
--- a/dnsapi/dns_artfiles.sh
+++ b/dnsapi/dns_artfiles.sh
@ -1,17 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-################################################################################
+dns_artfiles_info='ArtFiles.de
-# ACME.sh 3rd party DNS API plugin for ArtFiles.de
+Site: ArtFiles.de
-################################################################################
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_artfiles
-# Author:   Martin Arndt, https://troublezone.net/
+Options:
-# Released: 2022-02-27
+ AF_API_USERNAME API Username
-# Issues:   https://github.com/acmesh-official/acme.sh/issues/4718
+ AF_API_PASSWORD API Password
-################################################################################
+Issues: github.com/acmesh-official/acme.sh/issues/4718
-# Usage:
+Author: Martin Arndt <https://troublezone.net/>
-# 1. export AF_API_USERNAME='api12345678'
+'
 # 2. export AF_API_PASSWORD='apiPassword'
 # 3. acme.sh --issue -d example.com --dns dns_artfiles
 ################################################################################
 ########## API configuration ###################################################
--- a/dnsapi/dns_arvan.sh
+++ b/dnsapi/dns_arvan.sh
@ -1,11 +1,16 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Arvan_Token="Apikey xxxx"
+dns_arvan_info='ArvanCloud.ir
 Site: ArvanCloud.ir
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_arvan
 Options:
 Arvan_Token API Token
 Issues: github.com/acmesh-official/acme.sh/issues/2796
 Author: Vahid Fardi
 '
 ARVAN_API_URL="https://napi.arvancloud.ir/cdn/4.0/domains"
-# Author: Vahid Fardi
+
 # Report Bugs here: https://github.com/Neilpang/acme.sh
 #
 ########  Public functions #####################
 #Usage: dns_arvan_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
@ -102,7 +107,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -115,7 +120,7 @@ _get_root() {
    if _contains "$response" "\"domain\":\"$h\""; then
      _domain_id=$(echo "$response" | cut -d : -f 3 | cut -d , -f 1 | tr -d \")
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_aurora.sh
+++ b/dnsapi/dns_aurora.sh
@ -1,9 +1,15 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_aurora_info='versio.nl AuroraDNS
-#AURORA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Domains: pcextreme.nl
-#
+Site: versio.nl
-#AURORA_Secret="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_aurora
 Options:
 AURORA_Key API Key
 AURORA_Secret API Secret
 Issues: github.com/acmesh-official/acme.sh/issues/3459
 Author: Jasper Zonneveld
 '
 AURORA_Api="https://api.auroradns.eu"
@ -111,7 +117,7 @@ _get_root() {
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -126,7 +132,7 @@ _get_root() {
      _domain_id=$(echo "$response" | _normalizeJson | tr -d "{}" | tr "," "\n" | grep "\"id\": *\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
      _debug _domain_id "$_domain_id"
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_autodns.sh
+++ b/dnsapi/dns_autodns.sh
@ -1,16 +1,15 @@
 #!/usr/bin/env sh
-# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
+# shellcheck disable=SC2034
-
+dns_autodns_info='InternetX autoDNS
-# This is the InternetX autoDNS xml api wrapper for acme.sh
+ InternetX autoDNS XML API
-# Author: auerswald@gmail.com
+Site: InternetX.com/autodns/
-# Created: 2018-01-14
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_autodns
-#
+Options:
-#     export AUTODNS_USER="username"
+ AUTODNS_USER Username
-#     export AUTODNS_PASSWORD="password"
+ AUTODNS_PASSWORD Password
-#     export AUTODNS_CONTEXT="context"
+ AUTODNS_CONTEXT Context
-#
+Author: <auerswald@gmail.com>
-# Usage:
+'
 #     acme.sh --issue --dns dns_autodns -d example.com
 AUTODNS_API="https://gateway.autodns.com"
@ -111,7 +110,7 @@ _get_autodns_zone() {
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
@ -129,7 +128,7 @@ _get_autodns_zone() {
    if _contains "$autodns_response" "<summary>1</summary>" >/dev/null; then
      _zone="$(echo "$autodns_response" | _egrep_o '<name>[^<]*</name>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
      _system_ns="$(echo "$autodns_response" | _egrep_o '<system_ns>[^<]*</system_ns>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      return 0
    fi
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@ -1,11 +1,13 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_aws_info='Amazon AWS Route53 domain API
 Site: docs.aws.amazon.com/route53/
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_aws
 Options:
 AWS_ACCESS_KEY_ID API Key ID
 AWS_SECRET_ACCESS_KEY API Secret
 '
 #
 #AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje"
 #
 #AWS_SECRET_ACCESS_KEY="xxxxxxx"
 #This is the Amazon Route53 api wrapper for acme.sh
 # All `_sleep` commands are included to avoid Route53 throttling, see
 # https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests
@ -156,7 +158,7 @@ _get_root() {
  # iterate over names (a.b.c.d -> b.c.d -> c.d -> d)
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100 | sed 's/\./\\./g')
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100 | sed 's/\./\\./g')
    _debug "Checking domain: $h"
    if [ -z "$h" ]; then
      _error "invalid domain"
@ -172,7 +174,7 @@ _get_root() {
        if [ "$hostedzone" ]; then
          _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>")
          if [ "$_domain_id" ]; then
-            _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+            _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
            _domain=$h
            return 0
          fi
--- a/dnsapi/dns_azion.sh
+++ b/dnsapi/dns_azion.sh
@ -1,9 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_azion_info='Azion.om
-#AZION_Email=""
+Site: Azion.com
-#AZION_Password=""
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_azion
-#
+Options:
 AZION_Email Email
 AZION_Password Password
 Issues: github.com/acmesh-official/acme.sh/issues/3555
 '
 AZION_Api="https://api.azionapi.net"
@ -96,7 +100,7 @@ _get_root() {
  fi
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      # not valid
@ -107,7 +111,7 @@ _get_root() {
      _domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \")
      _debug _domain_id "$_domain_id"
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_azure.sh
+++ b/dnsapi/dns_azure.sh
@ -1,13 +1,24 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_azure_info='Azure
 Site: Azure.microsoft.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_azure
 Options:
 AZUREDNS_SUBSCRIPTIONID Subscription ID
 AZUREDNS_TENANTID Tenant ID
 AZUREDNS_APPID App ID. App ID of the service principal
 AZUREDNS_CLIENTSECRET Client Secret. Secret from creating the service principal
 AZUREDNS_MANAGEDIDENTITY Use Managed Identity. Use Managed Identity assigned to a resource instead of a service principal. "true"/"false"
 '
-WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS"
+wiki=https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS
 ########  Public functions #####################
 # Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Used to add txt record
 #
-# Ref: https://docs.microsoft.com/en-us/rest/api/dns/recordsets/createorupdate
+# Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/create-or-update?view=rest-dns-2018-05-01&tabs=HTTP
 #
 dns_azure_add() {
@ -124,7 +135,7 @@ dns_azure_add() {
 # Usage: fulldomain txtvalue
 # Used to remove the txt record after validation
 #
-# Ref: https://docs.microsoft.com/en-us/rest/api/dns/recordsets/delete
+# Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/delete?view=rest-dns-2018-05-01&tabs=HTTP
 #
 dns_azure_rm() {
  fulldomain=$1
@ -256,10 +267,10 @@ _azure_rest() {
    if [ "$_code" = "401" ]; then
      # we have an invalid access token set to expired
      _saveaccountconf_mutable AZUREDNS_TOKENVALIDTO "0"
-      _err "access denied make sure your Azure settings are correct. See $WIKI"
+      _err "Access denied. Invalid access token. Make sure your Azure settings are correct. See: $wiki"
      return 1
    fi
-    # See https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes
+    # See https://learn.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes
    if [ "$_ret" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
      _request_retry_times="$(_math "$_request_retry_times" + 1)"
      _info "REST call error $_code retrying $ep in $_request_retry_times s"
@ -277,7 +288,7 @@ _azure_rest() {
  return 0
 }
-## Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token
+## Ref: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#request-an-access-token
 _azure_getaccess_token() {
  managedIdentity=$1
  tenantID=$2
@ -301,7 +312,7 @@ _azure_getaccess_token() {
  _debug "getting new bearer token"
  if [ "$managedIdentity" = true ]; then
-    # https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http
+    # https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http
    export _H1="Metadata: true"
    response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)"
    response="$(echo "$response" | _normalizeJson)"
@ -321,7 +332,7 @@ _azure_getaccess_token() {
  fi
  if [ -z "$accesstoken" ]; then
-    _err "no acccess token received. Check your Azure settings see $WIKI"
+    _err "No acccess token received. Check your Azure settings. See: $wiki"
    return 1
  fi
  if [ "$_ret" != "0" ]; then
@ -341,15 +352,18 @@ _get_root() {
  i=1
  p=1
-  ## Ref: https://docs.microsoft.com/en-us/rest/api/dns/zones/list
+  ## Ref: https://learn.microsoft.com/en-us/rest/api/dns/zones/list?view=rest-dns-2018-05-01&tabs=HTTP
-  ## returns up to 100 zones in one response therefore handling more results is not not implemented
+  ## returns up to 100 zones in one response. Handling more results is not implemented
  ## (ZoneListResult with continuation token for the next page of results)
-  ## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways
+  ##
  ## TODO: handle more than 100 results, as per:
  ## https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-dns-limits
  ## The new limit is 250 Public DNS zones per subscription, while the old limit was only 100
  ##
  _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken"
  # Find matching domain name in Json response
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug2 "Checking domain: $h"
    if [ -z "$h" ]; then
      #not valid
@ -364,7 +378,7 @@ _get_root() {
          #create the record at the domain apex (@) if only the domain name was provided as --domain-alias
          _sub_domain="@"
        else
-          _sub_domain=$(echo "$domain" | cut -d . -f 1-$p)
+          _sub_domain=$(echo "$domain" | cut -d . -f 1-"$p")
        fi
        _domain=$h
        return 0
--- a/dnsapi/dns_bookmyname.sh
+++ b/dnsapi/dns_bookmyname.sh
@ -1,18 +1,17 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_bookmyname_info='BookMyName.com
 Site: BookMyName.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bookmyname
 Options:
 BOOKMYNAME_USERNAME Username
 BOOKMYNAME_PASSWORD Password
 Issues: github.com/acmesh-official/acme.sh/issues/3209
 Author: Neilpang
 '
 #Here is a sample custom api script.
 #This file name is "dns_bookmyname.sh"
 #So, here must be a method   dns_bookmyname_add()
 #Which will be called by acme.sh to add the txt record to your api system.
 #returns 0 means success, otherwise error.
 #
 #Author: Neilpang
 #Report Bugs here: https://github.com/acmesh-official/acme.sh
 #
 ########  Public functions #####################
 # Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide
 # BookMyName urls:
 # https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"'
 # https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"'
--- a/dnsapi/dns_bunny.sh
+++ b/dnsapi/dns_bunny.sh
@ -1,16 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-## Will be called by acme.sh to add the TXT record via the Bunny DNS API.
+dns_bunny_info='Bunny.net
-## returns 0 means success, otherwise error.
+Site: Bunny.net/dns/
-
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bunny
-## Author: nosilver4u <nosilver4u at ewww.io>
+Options:
-## GitHub: https://github.com/nosilver4u/acme.sh
+ BUNNY_API_KEY API Key
-
+Issues: github.com/acmesh-official/acme.sh/issues/4296
-##
+Author: <nosilver4u@ewww.io>
-## Environment Variables Required:
+'
 ##
 ## BUNNY_API_KEY="75310dc4-ca77-9ac3-9a19-f6355db573b49ce92ae1-2655-3ebd-61ac-3a3ae34834cc"
 ##
 #####################  Public functions  #####################
@ -199,7 +196,7 @@ _get_base_domain() {
    _debug2 domain_list "$domain_list"
    i=1
-    while [ $i -gt 0 ]; do
+    while [ "$i" -gt 0 ]; do
      ## get next longest domain
      _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM")
      ## check we got something back from our cut (or are we at the end)
@ -211,7 +208,7 @@ _get_base_domain() {
      ## check if it exists
      if [ -n "$found" ]; then
        ## exists - exit loop returning the parts
-        sub_point=$(_math $i - 1)
+        sub_point=$(_math "$i" - 1)
        _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point")
        _domain_id="$(echo "$found" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
        _debug _domain_id "$_domain_id"
@ -221,11 +218,11 @@ _get_base_domain() {
        return 0
      fi
      ## increment cut point $i
-      i=$(_math $i + 1)
+      i=$(_math "$i" + 1)
    done
    if [ -z "$found" ]; then
-      page=$(_math $page + 1)
+      page=$(_math "$page" + 1)
      nextpage="https://api.bunny.net/dnszone?page=$page"
      ## Find the next page if we don't have a match.
      hasnextpage="$(echo "$domain_list" | _egrep_o "\"HasMoreItems\"\s*:\s*true")"
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@ -1,13 +1,16 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_cf_info='CloudFlare
-#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Site: CloudFlare.com
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf
-#CF_Email="xxxx@sss.com"
+Options:
-
+ CF_Key API Key
-#CF_Token="xxxx"
+ CF_Email Your account email
-#CF_Account_ID="xxxx"
+OptionsAlt:
-#CF_Zone_ID="xxxx"
+ CF_Token API Token
 CF_Account_ID Account ID
 CF_Zone_ID Zone ID. Optional.
 '
 CF_Api="https://api.cloudflare.com/client/v4"
@ -183,7 +186,7 @@ _get_root() {
  fi
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -203,7 +206,7 @@ _get_root() {
    if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_clouddns.sh
+++ b/dnsapi/dns_clouddns.sh
@ -1,10 +1,15 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Author: Radek Sprta <sprta@vshosting.cz>
+dns_clouddns_info='vshosting.cz CloudDNS
-
+Site: github.com/vshosting/clouddns
-#CLOUDDNS_EMAIL=XXXXX
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_clouddns
-#CLOUDDNS_PASSWORD="YYYYYYYYY"
+Options:
-#CLOUDDNS_CLIENT_ID=XXXXX
+ CLOUDDNS_EMAIL Email
 CLOUDDNS_PASSWORD Password
 CLOUDDNS_CLIENT_ID Client ID
 Issues: github.com/acmesh-official/acme.sh/issues/2699
 Author: Radek Sprta <sprta@vshosting.cz>
 '
 CLOUDDNS_API='https://admin.vshosting.cloud/clouddns'
 CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login'
--- a/dnsapi/dns_cloudns.sh
+++ b/dnsapi/dns_cloudns.sh
@ -1,12 +1,15 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_cloudns_info='ClouDNS.net
 Site: ClouDNS.net
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cloudns
 Options:
 CLOUDNS_AUTH_ID Regular auth ID
 CLOUDNS_SUB_AUTH_ID Sub auth ID
 CLOUDNS_AUTH_PASSWORD Auth Password
 Author: Boyan Peychev <boyan@cloudns.net>
 '
 # Author: Boyan Peychev <boyan at cloudns dot net>
 # Repository: https://github.com/ClouDNS/acme.sh/
 # Editor: I Komang Suryadana
 #CLOUDNS_AUTH_ID=XXXXX
 #CLOUDNS_SUB_AUTH_ID=XXXXX
 #CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
 CLOUDNS_API="https://api.cloudns.net"
 DOMAIN_TYPE=
 DOMAIN_MASTER=
@ -161,7 +164,7 @@ _dns_cloudns_get_zone_info() {
 _dns_cloudns_get_zone_name() {
  i=2
  while true; do
-    zoneForCheck=$(printf "%s" "$1" | cut -d . -f $i-100)
+    zoneForCheck=$(printf "%s" "$1" | cut -d . -f "$i"-100)
    if [ -z "$zoneForCheck" ]; then
      return 1
--- a/dnsapi/dns_cn.sh
+++ b/dnsapi/dns_cn.sh
@ -1,7 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/).
+dns_cn_info='Core-Networks.de
-# created by 5ll and francis
+Site: beta.api.Core-Networks.de/doc/
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cn
 Options:
 CN_User User
 CN_Password Password
 Issues: github.com/acmesh-official/acme.sh/issues/2142
 Author: 5ll, francis
 '
 CN_API="https://beta.api.core-networks.de"
@ -124,7 +131,7 @@ _cn_get_root() {
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    _debug _H1 "${_H1}"
@ -142,7 +149,7 @@ _cn_get_root() {
    fi
    if _contains "$_cn_zonelist" "\"name\":\"$h\"" >/dev/null; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    else
--- a/dnsapi/dns_conoha.sh
+++ b/dnsapi/dns_conoha.sh
@ -1,4 +1,15 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_conoha_info='ConoHa.jp
 Domains: ConoHa.io
 Site: ConoHa.jp
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_conoha
 Options:
 CONOHA_Username Username
 CONOHA_Password Password
 CONOHA_TenantId TenantId
 CONOHA_IdentityServiceApi Identity Service API. E.g. "https://identity.xxxx.conoha.io/v2.0"
 '
 CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."
@ -226,7 +237,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100).
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100).
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -240,7 +251,7 @@ _get_root() {
    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_constellix.sh
+++ b/dnsapi/dns_constellix.sh
@ -1,10 +1,16 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Author: Wout Decre <wout@canodus.be>
+dns_constellix_info='Constellix.com
 Site: Constellix.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_constellix
 Options:
 CONSTELLIX_Key API Key
 CONSTELLIX_Secret API Secret
 Issues: github.com/acmesh-official/acme.sh/issues/2724
 Author: Wout Decre <wout@canodus.be>
 '
 CONSTELLIX_Api="https://api.dns.constellix.com/v1"
 #CONSTELLIX_Key="XXX"
 #CONSTELLIX_Secret="XXX"
 ########  Public functions #####################
@ -116,7 +122,7 @@ _get_root() {
  p=1
  _debug "Detecting root zone"
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      return 1
    fi
@ -128,7 +134,7 @@ _get_root() {
    if _contains "$response" "\"name\":\"$h\""; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2)
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-"$p")
        _domain="$h"
        _debug _domain_id "$_domain_id"
--- a/dnsapi/dns_cpanel.sh
+++ b/dnsapi/dns_cpanel.sh
@ -1,18 +1,18 @@
 #!/usr/bin/env sh
-#
+# shellcheck disable=SC2034
-#Author: Bjarne Saltbaek
+dns_cpanel_info='cPanel Server API
-#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732
+ Manage DNS via cPanel Dashboard.
-#
+Site: cPanel.net
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_cpanel
 Options:
 cPanel_Username Username
 cPanel_Apitoken API Token
 cPanel_Hostname Server URL. E.g. "https://hostname:port"
 Issues: github.com/acmesh-official/acme.sh/issues/3732
 Author: Bjarne Saltbaek
 '
 ########  Public functions #####################
 #
 # Export CPANEL username,api token and hostname in the following variables
 #
 # cPanel_Username=username
 # cPanel_Apitoken=apitoken
 # cPanel_Hostname=hostname
 #
 # Usage: add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Used to add txt record
 dns_cpanel_add() {
--- a/dnsapi/dns_curanet.sh
+++ b/dnsapi/dns_curanet.sh
@ -1,9 +1,15 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management.
+dns_curanet_info='Curanet.dk
-#Requires api credentials with scope: dns
+Domains: scannet.dk wannafind.dk dandomain.dk
-#Author: Peter L. Hansen <peter@r12.dk>
+Site: Curanet.dk
-#Version 1.0
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_curanet
 Options:
 CURANET_AUTHCLIENTID Auth ClientID. Requires scope dns
 CURANET_AUTHSECRET Auth Secret
 Issues: github.com/acmesh-official/acme.sh/issues/3933
 Author: Peter L. Hansen <peter@r12.dk>
 '
 CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains"
 CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token"
@ -136,7 +142,7 @@ _get_root() {
  i=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
--- a/dnsapi/dns_cyon.sh
+++ b/dnsapi/dns_cyon.sh
@ -1,21 +1,15 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-########
+dns_cyon_info='cyon.ch
-# Custom cyon.ch DNS API for use with [acme.sh](https://github.com/acmesh-official/acme.sh)
+Site: cyon.ch
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cyon
-# Usage: acme.sh --issue --dns dns_cyon -d www.domain.com
+Options:
-#
+ CY_Username Username
-# Dependencies:
+ CY_Password API Token
-# -------------
+ CY_OTP_Secret OTP token. Only required if using 2FA
-# - oathtool (When using 2 Factor Authentication)
+Issues: github.com/noplanman/cyon-api/issues
-#
+Author: Armando Lüscher <armando@noplanman.ch>
-# Issues:
+'
 # -------
 # Any issues / questions / suggestions can be posted here:
 # https://github.com/noplanman/cyon-api/issues
 #
 # Author: Armando Lüscher <armando@noplanman.ch>
 ########
 dns_cyon_add() {
  _cyon_load_credentials &&
--- a/dnsapi/dns_da.sh
+++ b/dnsapi/dns_da.sh
@ -1,31 +1,14 @@
 #!/usr/bin/env sh
-# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
+# shellcheck disable=SC2034
-# vim: et ts=2 sw=2
+dns_da_info='DirectAdmin Server API
-#
+Site: DirectAdmin.com/api.php
-# DirectAdmin 1.41.0 API
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_da
-# The DirectAdmin interface has it's own Let's encrypt functionality, but this
+Options:
-# script can be used to generate certificates for names which are not hosted on
+ DA_Api API Server URL. E.g. "https://remoteUser:remotePassword@da.domain.tld:8443"
-# DirectAdmin
+ DA_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept
-#
+Issues: github.com/TigerP/acme.sh/issues
-# User must provide login data and URL to DirectAdmin incl. port.
+'
-# You can create login key, by using the Login Keys function
+
 # ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to
 # - CMD_API_DNS_CONTROL
 # - CMD_API_SHOW_DOMAINS
 #
 # See also https://www.directadmin.com/api.php and
 # https://www.directadmin.com/features.php?id=1298
 #
 # Report bugs to https://github.com/TigerP/acme.sh/issues
 #
 # Values to export:
 # export DA_Api="https://remoteUser:remotePassword@da.example.com:8443"
 # export DA_Api_Insecure=1
 #
 # Set DA_Api_Insecure to 1 for insecure and 0 for secure -> difference is
 # whether ssl cert is checked for validity (0) or whether it is just accepted
 # (1)
 #
 ########  Public functions #####################
 # Usage: dns_myapi_add  _acme-challenge.www.example.com  "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
@ -78,7 +61,7 @@ _get_root() {
  # response will contain "list[]=example.com&list[]=example.org"
  _da_api CMD_API_SHOW_DOMAINS "" "${domain}"
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      # not valid
@ -86,7 +69,7 @@ _get_root() {
      return 1
    fi
    if _contains "$response" "$h" >/dev/null; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    fi
--- a/dnsapi/dns_ddnss.sh
+++ b/dnsapi/dns_ddnss.sh
@ -1,16 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#Created by RaidenII, to use DuckDNS's API to add/remove text records
+dns_ddnss_info='DDNSS.de
-#modified by helbgd @ 03/13/2018 to support ddnss.de
+Site: DDNSS.de
-#modified by mod242 @ 04/24/2018 to support different ddnss domains
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ddnss
-#Please note: the Wildcard Feature must be turned on for the Host record
+Options:
-#and the checkbox for TXT needs to be enabled
+ DDNSS_Token API Token
-
+Issues: github.com/acmesh-official/acme.sh/issues/2230
-# Pass credentials before "acme.sh --issue --dns dns_ddnss ..."
+Author: RaidenII, helbgd, mod242
-# --
+'
 # export DDNSS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
 # --
 #
 DDNSS_DNS_API="https://ddnss.de/upd.php"
--- a/dnsapi/dns_desec.sh
+++ b/dnsapi/dns_desec.sh
@ -1,11 +1,13 @@
 #!/usr/bin/env sh
-#
+# shellcheck disable=SC2034
-# deSEC.io Domain API
+dns_desec_info='deSEC.io
-#
+Site: desec.readthedocs.io/en/latest/
-# Author: Zheng Qian
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_desec
-#
+Options:
-# deSEC API doc
+ DDNSS_Token API Token
-# https://desec.readthedocs.io/en/latest/
+Issues: github.com/acmesh-official/acme.sh/issues/2180
 Author: Zheng Qian
 '
 REST_API="https://desec.io/api/v1/domains"
@ -174,7 +176,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -186,7 +188,7 @@ _get_root() {
    fi
    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    fi
--- a/dnsapi/dns_df.sh
+++ b/dnsapi/dns_df.sh
@ -1,18 +1,15 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-########################################################################
+dns_df_info='DynDnsFree.de
-# https://dyndnsfree.de hook script for acme.sh
+Domains: dynup.de
-#
+Site: DynDnsFree.de
-# Environment variables:
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_df
-#
+Options:
-#  - $DF_user      (your dyndnsfree.de username)
+ DF_user Username
-#  - $DF_password  (your dyndnsfree.de password)
+ DF_password Password
-#
+Issues: github.com/acmesh-official/acme.sh/issues/2897
-# Author: Thilo Gass <thilo.gass@gmail.com>
+Author: Thilo Gass <thilo.gass@gmail.com>
-# Git repo: https://github.com/ThiloGa/acme.sh
+'
 #-- dns_df_add() - Add TXT record --------------------------------------
 # Usage: dns_df_add _acme-challenge.subdomain.domain.com "XyZ123..."
 dyndnsfree_api="https://dynup.de/acme.php"
--- a/dnsapi/dns_dgon.sh
+++ b/dnsapi/dns_dgon.sh
@ -1,16 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-## Will be called by acme.sh to add the txt record to your api system.
+dns_dgon_info='DigitalOcean.com
-## returns 0 means success, otherwise error.
+Site: DigitalOcean.com/help/api/
-
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dgon
-## Author: thewer <github at thewer.com>
+Options:
-## GitHub: https://github.com/gitwer/acme.sh
+ DO_API_KEY API Key
-
+Author: <github@thewer.com>
-##
+'
 ## Environment Variables Required:
 ##
 ## DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc"
 ##
 #####################  Public functions  #####################
@ -207,7 +203,7 @@ _get_base_domain() {
    _debug2 domain_list "$domain_list"
    i=1
-    while [ $i -gt 0 ]; do
+    while [ "$i" -gt 0 ]; do
      ## get next longest domain
      _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM")
      ## check we got something back from our cut (or are we at the end)
@ -219,14 +215,14 @@ _get_base_domain() {
      ## check if it exists
      if [ -n "$found" ]; then
        ## exists - exit loop returning the parts
-        sub_point=$(_math $i - 1)
+        sub_point=$(_math "$i" - 1)
        _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point")
        _debug _domain "$_domain"
        _debug _sub_domain "$_sub_domain"
        return 0
      fi
      ## increment cut point $i
-      i=$(_math $i + 1)
+      i=$(_math "$i" + 1)
    done
    if [ -z "$found" ]; then
--- a/dnsapi/dns_dnsexit.sh
+++ b/dnsapi/dns_dnsexit.sh
@ -1,13 +1,16 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_dnsexit_info='DNSExit.com
 Site: DNSExit.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsexit
 Options:
 DNSEXIT_API_KEY API Key
 DNSEXIT_AUTH_USER Username
 DNSEXIT_AUTH_PASS Password
 Issues: github.com/acmesh-official/acme.sh/issues/4719
 Author: Samuel Jimenez
 '
 #use dns-01 at DNSExit.com
 #Author: Samuel Jimenez
 #Report Bugs here: https://github.com/acmesh-official/acme.sh
 #DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij
 #DNSEXIT_AUTH_USER=login@email.address
 #DNSEXIT_AUTH_PASS=aStrongPassword
 DNSEXIT_API_URL="https://api.dnsexit.com/dns/"
 DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp"
@ -81,7 +84,7 @@ _get_root() {
  domain=$1
  i=1
  while true; do
-    _domain=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _domain=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$_domain"
    if [ -z "$_domain" ]; then
      return 1
--- a/dnsapi/dns_dnshome.sh
+++ b/dnsapi/dns_dnshome.sh
@ -1,15 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# dnsHome.de API for acme.sh
+dns_dnshome_info='dnsHome.de
-#
+Site: dnsHome.de
-# This Script adds the necessary TXT record to a Subdomain
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnshome
-#
+Options:
-# Author dnsHome.de (https://github.com/dnsHome-de)
+ DNSHOME_Subdomain Subdomain
-#
+ DNSHOME_SubdomainPassword Subdomain Password
-# Report Bugs to https://github.com/acmesh-official/acme.sh/issues/3819
+Issues: github.com/acmesh-official/acme.sh/issues/3819
-#
+Author: dnsHome.de https://github.com/dnsHome-de
-# export DNSHOME_Subdomain=""
+'
 # export DNSHOME_SubdomainPassword=""
 # Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 # Used to add txt record
--- a/dnsapi/dns_dnsimple.sh
+++ b/dnsapi/dns_dnsimple.sh
@ -1,12 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# DNSimple domain api
+dns_dnsimple_info='DNSimple.com
-# https://github.com/pho3nixf1re/acme.sh/issues
+Site: DNSimple.com
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dnsimple
-# This is your oauth token which can be acquired on the account page. Please
+Options:
-# note that this must be an _account_ token and not a _user_ token.
+ DNSimple_OAUTH_TOKEN OAuth Token
-# https://dnsimple.com/a/<your account id>/account/access_tokens
+Issues: github.com/pho3nixf1re/acme.sh/issues
-# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"
+'
 DNSimple_API="https://api.dnsimple.com/v2"
@ -92,7 +92,7 @@ _get_root() {
  i=2
  previous=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      # not valid
      return 1
@ -105,7 +105,7 @@ _get_root() {
    if _contains "$response" 'not found'; then
      _debug "$h not found"
    else
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$previous)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$previous")
      _domain="$h"
      _debug _domain "$_domain"
--- a/dnsapi/dns_dnsservices.sh
+++ b/dnsapi/dns_dnsservices.sh
@ -1,12 +1,15 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_dnsservices_info='DNS.Services
 Site: DNS.Services
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsservices
 Options:
 DnsServices_Username Username
 DnsServices_Password Password
 Issues: github.com/acmesh-official/acme.sh/issues/4152
 Author: Bjarke Bruun <bbruun@gmail.com>
 '
 #This file name is "dns_dnsservices.sh"
 #Script for Danish DNS registra and DNS hosting provider https://dns.services
 #Author: Bjarke Bruun <bbruun@gmail.com>
 #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152
 # Global variable to connect to the DNS.Services API
 DNSServices_API=https://dns.services/api
 ########  Public functions #####################
--- a/dnsapi/dns_doapi.sh
+++ b/dnsapi/dns_doapi.sh
@ -1,14 +1,16 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_doapi_info='Domain-Offensive do.de
 Official LetsEncrypt API for do.de / Domain-Offensive.
 This API is also available to private customers/individuals.
 Site: do.de
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_doapi
 Options:
 DO_LETOKEN LetsEncrypt Token
 Issues: github.com/acmesh-official/acme.sh/issues/2057
 '
-# Official Let's Encrypt API for do.de / Domain-Offensive
+DO_API="https://my.do.de/api/letsencrypt"
 #
 # This is different from the dns_do adapter, because dns_do is only usable for enterprise customers
 # This API is also available to private customers/individuals
 #
 # Provide the required LetsEncrypt token like this:
 # DO_LETOKEN="FmD408PdqT1E269gUK57"
 DO_API="https://www.do.de/api/letsencrypt"
 ########  Public functions #####################
--- a/dnsapi/dns_domeneshop.sh
+++ b/dnsapi/dns_domeneshop.sh
@ -1,4 +1,13 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_domeneshop_info='DomeneShop.no
 Site: DomeneShop.no
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_domeneshop
 Options:
 DOMENESHOP_Token Token
 DOMENESHOP_Secret Secret
 Issues: github.com/acmesh-official/acme.sh/issues/2457
 '
 DOMENESHOP_Api_Endpoint="https://api.domeneshop.no/v0"
@ -84,7 +93,7 @@ _get_domainid() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug "h" "$h"
    if [ -z "$h" ]; then
      #not valid
@ -93,7 +102,7 @@ _get_domainid() {
    if _contains "$response" "\"$h\"" >/dev/null; then
      # We have found the domain name.
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      _domainid=$(printf "%s" "$response" | _egrep_o "[^{]*\"domain\":\"$_domain\"[^}]*" | _egrep_o "\"id\":[0-9]+" | cut -d : -f 2)
      return 0
--- a/dnsapi/dns_dp.sh
+++ b/dnsapi/dns_dp.sh
@ -1,10 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Dnspod.cn Domain api
+dns_dp_info='DNSPod.cn
-#
+Site: DNSPod.cn
-#DP_Id="1234"
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dp
-#
+Options:
-#DP_Key="sADDsdasdgdsf"
+ DP_Id Id
 DP_Key Key
 '
 REST_API="https://dnsapi.cn"
@ -107,7 +109,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
@ -121,7 +123,7 @@ _get_root() {
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
      _debug _domain_id "$_domain_id"
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _debug _sub_domain "$_sub_domain"
        _domain="$h"
        _debug _domain "$_domain"
--- a/dnsapi/dns_dpi.sh
+++ b/dnsapi/dns_dpi.sh
@ -1,10 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Dnspod.com Domain api
+dns_dpi_info='DNSPod.com
-#
+Site: DNSPod.com
-#DPI_Id="1234"
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dpi
-#
+Options:
-#DPI_Key="sADDsdasdgdsf"
+ DPI_Id Id
 DPI_Key Key
 '
 REST_API="https://api.dnspod.com"
@ -107,7 +109,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
@ -121,7 +123,7 @@ _get_root() {
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
      _debug _domain_id "$_domain_id"
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _debug _sub_domain "$_sub_domain"
        _domain="$h"
        _debug _domain "$_domain"
--- a/dnsapi/dns_dreamhost.sh
+++ b/dnsapi/dns_dreamhost.sh
@ -1,10 +1,14 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_dreamhost_info='DreamHost.com
 Site: DreamHost.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dreamhost
 Options:
 DH_API_KEY API Key
 Issues: github.com/RhinoLance/acme.sh
 Author: RhinoLance
 '
 #Author: RhinoLance
 #Report Bugs here: https://github.com/RhinoLance/acme.sh
 #
 #define the api endpoint
 DH_API_ENDPOINT="https://api.dreamhost.com/"
 querystring=""
--- a/dnsapi/dns_duckdns.sh
+++ b/dnsapi/dns_duckdns.sh
@ -1,14 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#Created by RaidenII, to use DuckDNS's API to add/remove text records
+dns_duckdns_info='DuckDNS.org
-#06/27/2017
+Site: www.DuckDNS.org
-
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns
-# Pass credentials before "acme.sh --issue --dns dns_duckdns ..."
+Options:
-# --
+ DuckDNS_Token API Token
-# export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
+Author: RaidenII
-# --
+'
 #
 # Due to the fact that DuckDNS uses StartSSL as cert provider, --insecure may need to be used with acme.sh
 DuckDNS_API="https://www.duckdns.org/update"
--- a/dnsapi/dns_durabledns.sh
+++ b/dnsapi/dns_durabledns.sh
@ -1,7 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#DD_API_User="xxxxx"
+dns_durabledns_info='DurableDNS.com
-#DD_API_Key="xxxxxx"
+Site: DurableDNS.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_durabledns
 Options:
 DD_API_User API User
 DD_API_Key API Key
 Issues: github.com/acmesh-official/acme.sh/issues/2281
 '
 _DD_BASE="https://durabledns.com/services/dns"
@ -104,7 +110,7 @@ _get_root() {
  i=1
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -112,7 +118,7 @@ _get_root() {
    fi
    if _contains "$response" ">$h.</origin>"; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    fi
--- a/dnsapi/dns_dyn.sh
+++ b/dnsapi/dns_dyn.sh
@ -1,10 +1,16 @@
 #!/usr/bin/env sh
-#
+# shellcheck disable=SC2034
-# Dyn.com Domain API
+dns_dyn_info='Dyn.com
-#
+Domains: dynect.net
-# Author: Gerd Naschenweng
+Site: Dyn.com
-# https://github.com/magicdude4eva
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dyn
-#
+Options:
 DYN_Customer Customer
 DYN_Username API Username
 DYN_Password Secret
 Author: Gerd Naschenweng <https://github.com/magicdude4eva>
 '
 # Dyn Managed DNS API
 # https://help.dyn.com/dns-api-knowledge-base/
 #
@ -20,13 +26,6 @@
 # ZoneRemoveNode
 # ZonePublish
 # --
 #
 # Pass credentials before "acme.sh --issue --dns dns_dyn ..."
 # --
 # export DYN_Customer="customer"
 # export DYN_Username="apiuser"
 # export DYN_Password="secret"
 # --
 DYN_API="https://api.dynect.net/REST"
--- a/dnsapi/dns_dynu.sh
+++ b/dnsapi/dns_dynu.sh
@ -1,20 +1,21 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_dynu_info='Dynu.com
 Site: Dynu.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dynu
 Options:
 Dynu_ClientId Client ID
 Dynu_Secret Secret
 Issues: github.com/shar0119/acme.sh
 Author: Dynu Systems Inc
 '
 #Client ID
 #Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d"
 #
 #Secret
 #Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9"
 #
 #Token
 Dynu_Token=""
 #
 #Endpoint
 Dynu_EndPoint="https://api.dynu.com/v2"
-#
+
 #Author: Dynu Systems, Inc.
 #Report Bugs here: https://github.com/shar0119/acme.sh
 #
 ########  Public functions #####################
 #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
@ -125,7 +126,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -139,7 +140,7 @@ _get_root() {
    if _contains "$response" "\"domainName\":\"$h\"" >/dev/null; then
      dnsId=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 2 | cut -d : -f 2)
      _domain_name=$h
-      _node=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _node=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      return 0
    fi
    p=$i
--- a/dnsapi/dns_dynv6.sh
+++ b/dnsapi/dns_dynv6.sh
@ -1,16 +1,23 @@
 #!/usr/bin/env sh
-#Author StefanAbl
+# shellcheck disable=SC2034
-#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"'
+dns_dynv6_info='DynV6.com
-#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value"
+Site: DynV6.com
-#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dynv6
 Options:
 DYNV6_TOKEN REST API token. Get from https://DynV6.com/keys
 OptionsAlt:
 KEY Path to SSH private key file. E.g. "/root/.ssh/dynv6"
 Issues: github.com/acmesh-official/acme.sh/issues/2702
 Author: StefanAbl
 '
 dynv6_api="https://dynv6.com/api/v2"
 ########  Public functions #####################
 # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
 #Usage: dns_dynv6_add  _acme-challenge.www.domain.com  "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_dynv6_add() {
-  fulldomain=$1
+  fulldomain="$(echo "$1" | _lower_case)"
-  txtvalue=$2
+  txtvalue="$2"
  _info "Using dynv6 api"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
@ -36,15 +43,14 @@ dns_dynv6_add() {
      _err "Something went wrong! it does not seem like the record was added successfully"
      return 1
    fi
    return 1
  fi
-  return 1
+
 }
 #Usage: fulldomain txtvalue
 #Remove the txt record after validation.
 dns_dynv6_rm() {
-  fulldomain=$1
+  fulldomain="$(echo "$1" | _lower_case)"
-  txtvalue=$2
+  txtvalue="$2"
  _info "Using dynv6 API"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"
@ -199,7 +205,7 @@ _get_zone_id() {
    return 1
  fi
-  zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')"
+  zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep '"id":' | tr -d '"')"
  _zone_id="${zone_id#id:}"
  _debug "zone id: $_zone_id"
 }
--- a/dnsapi/dns_easydns.sh
+++ b/dnsapi/dns_easydns.sh
@ -1,14 +1,17 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_easydns_info='easyDNS.net
 Site: easyDNS.net
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_easydns
 Options:
 EASYDNS_Token API Token
 EASYDNS_Key API Key
 Issues: github.com/acmesh-official/acme.sh/issues/2647
 Author: Neilpang, wurzelpanzer <wurzelpanzer@maximolider.net>
 '
 #######################################################
 #
 # easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh
 #
 # API Documentation: https://sandbox.rest.easydns.net:3001/
-#
+
 # Author: wurzelpanzer [wurzelpanzer@maximolider.net]
 # Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2647
 #
 ####################  Public functions #################
 #EASYDNS_Key="xxxxxxxxxxxxxxxxxxxxxxxx"
@ -118,7 +121,7 @@ _get_root() {
  i=1
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -130,7 +133,7 @@ _get_root() {
    fi
    if _contains "$response" "\"status\":200"; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    fi
--- a/dnsapi/dns_edgedns.sh
+++ b/dnsapi/dns_edgedns.sh
@ -1,4 +1,15 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_edgedns_info='Akamai.com Edge DNS
 Site: techdocs.Akamai.com/edge-dns/reference/edge-dns-api
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_edgedns
 Options: Specify individual credentials
 AKAMAI_HOST Host
 AKAMAI_ACCESS_TOKEN Access token
 AKAMAI_CLIENT_TOKEN Client token
 AKAMAI_CLIENT_SECRET Client secret
 Issues: github.com/acmesh-official/acme.sh/issues/3157
 '
 # Akamai Edge DNS v2  API
 # User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to
@ -6,18 +17,10 @@
 # Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support
 # Values to export:
 # --EITHER--
 # *** TBD. NOT IMPLEMENTED YET ***
-# specify Edgegrid credentials file and section
+# Specify Edgegrid credentials file and section.
-# AKAMAI_EDGERC=<full file path>
+# AKAMAI_EDGERC Edge RC. Full file path
-# AKAMAI_EDGERC_SECTION="default"
+# AKAMAI_EDGERC_SECTION Edge RC Section. E.g. "default"
 ## --OR--
 # specify indiviual credentials
 # export AKAMAI_HOST = <host>
 # export AKAMAI_ACCESS_TOKEN = <access token>
 # export AKAMAI_CLIENT_TOKEN = <client token>
 # export AKAMAI_CLIENT_SECRET = <client secret>
 ACME_EDGEDNS_VERSION="0.1.0"
--- a/dnsapi/dns_euserv.sh
+++ b/dnsapi/dns_euserv.sh
@ -1,18 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#This is the euserv.eu api wrapper for acme.sh
+dns_euserv_info='EUserv.com
-#
+Domains: EUserv.eu
-#Author: Michael Brueckner
+Site: EUserv.com
-#Report Bugs: https://www.github.com/initit/acme.sh  or  mbr@initit.de
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_euserv
-
+Options:
-#
+ EUSERV_Username Username
-#EUSERV_Username="username"
+ EUSERV_Password Password
-#
+Author: Michael Brueckner
-#EUSERV_Password="password"
+'
 #
 # Dependencies:
 # -------------
 # - none -
 EUSERV_Api="https://api.euserv.net"
@ -155,7 +151,7 @@ _get_root() {
  response="$_euserv_domain_orders"
  while true; do
-    h=$(echo "$domain" | cut -d . -f $i-100)
+    h=$(echo "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -163,7 +159,7 @@ _get_root() {
    fi
    if _contains "$response" "$h"; then
-      _sub_domain=$(echo "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(echo "$domain" | cut -d . -f 1-"$p")
      _domain="$h"
      if ! _euserv_get_domain_id "$_domain"; then
        _err "invalid domain"
--- a/dnsapi/dns_exoscale.sh
+++ b/dnsapi/dns_exoscale.sh
@ -1,4 +1,12 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_exoscale_info='Exoscale.com
 Site: Exoscale.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_exoscale
 Options:
 EXOSCALE_API_KEY API Key
 EXOSCALE_SECRET_KEY API Secret key
 '
 EXOSCALE_API=https://api.exoscale.com/dns/v1
@ -111,7 +119,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -122,7 +130,7 @@ _get_root() {
      _domain_id=$(echo "$response" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "\"id\":[^,]+" | _head_n 1 | cut -d : -f 2 | tr -d \")
      _domain_token=$(echo "$response" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "\"token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_token" ] && [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_fornex.sh
+++ b/dnsapi/dns_fornex.sh
@ -1,6 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#Author: Timur Umarov <inbox@tumarov.com>
+dns_fornex_info='Fornex.com
 Site: Fornex.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_fornex
 Options:
 FORNEX_API_KEY API Key
 Issues: github.com/acmesh-official/acme.sh/issues/3998
 Author: Timur Umarov <inbox@tumarov.com>
 '
 FORNEX_API_URL="https://fornex.com/api/dns/v0.1"
@ -83,7 +90,7 @@ _get_root() {
  i=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
--- a/dnsapi/dns_freedns.sh
+++ b/dnsapi/dns_freedns.sh
@ -1,14 +1,15 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_freedns_info='FreeDNS
 Site: FreeDNS.afraid.org
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_freedns
 Options:
 FREEDNS_User Username
 FREEDNS_Password Password
 Issues: github.com/acmesh-official/acme.sh/issues/2305
 Author: David Kerr <https://github.com/dkerr64>
 '
 #This file name is "dns_freedns.sh"
 #So, here must be a method dns_freedns_add()
 #Which will be called by acme.sh to add the txt record to your api system.
 #returns 0 means success, otherwise error.
 #
 #Author: David Kerr
 #Report Bugs here: https://github.com/dkerr64/acme.sh
 #or here... https://github.com/acmesh-official/acme.sh/issues/2305
 #
 ########  Public functions #####################
 # Export FreeDNS userid and password in following variables...
--- a/dnsapi/dns_gandi_livedns.sh
+++ b/dnsapi/dns_gandi_livedns.sh
@ -1,16 +1,19 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_gandi_livedns_info='Gandi.net LiveDNS
 Site: Gandi.net/domain/dns
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gandi_livedns
 Options:
 GANDI_LIVEDNS_KEY API Key
 Issues: github.com/fcrozat/acme.sh
 Author: Frédéric Crozat <fcrozat@suse.com>, Dominik Röttsches <drott@google.com>
 '
 # Gandi LiveDNS v5 API
 # https://api.gandi.net/docs/livedns/
 # https://api.gandi.net/docs/authentication/ for token + apikey (deprecated) authentication
 # currently under beta
-#
+
 # Requires GANDI API KEY set in GANDI_LIVEDNS_KEY set as environment variable
 #
 #Author: Frédéric Crozat <fcrozat@suse.com>
 #        Dominik Röttsches <drott@google.com>
 #Report Bugs here: https://github.com/fcrozat/acme.sh
 #
 ########  Public functions #####################
 GANDI_LIVEDNS_API="https://api.gandi.net/v5/livedns"
@ -92,7 +95,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -109,7 +112,7 @@ _get_root() {
    elif _contains "$response" '"code": 404'; then
      _debug "$h not found"
    else
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain="$h"
      return 0
    fi
--- a/dnsapi/dns_gcloud.sh
+++ b/dnsapi/dns_gcloud.sh
@ -1,6 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Author: Janos Lenart <janos@lenart.io>
+dns_gcloud_info='Google Cloud DNS
 Site: Cloud.Google.com/dns
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcloud
 Options:
 CLOUDSDK_ACTIVE_CONFIG_NAME Active config name. E.g. "default"
 Author: Janos Lenart <janos@lenart.io>
 '
 ########  Public functions #####################
--- a/dnsapi/dns_gcore.sh
+++ b/dnsapi/dns_gcore.sh
@ -1,8 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_gcore_info='Gcore.com
-#GCORE_Key='773$7b7adaf2a2b32bfb1b83787b4ff32a67eb178e3ada1af733e47b1411f2461f7f4fa7ed7138e2772a46124377bad7384b3bb8d87748f87b3f23db4b8bbe41b2bb'
+Site: Gcore.com
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcore
 Options:
 GCORE_Key API Key
 Issues: github.com/acmesh-official/acme.sh/issues/4460
 '
 GCORE_Api="https://api.gcore.com/dns/v2"
 GCORE_Doc="https://api.gcore.com/docs/dns"
@ -24,7 +28,7 @@ dns_gcore_add() {
  fi
  #save the api key to the account conf file.
-  _saveaccountconf_mutable GCORE_Key "$GCORE_Key"
+  _saveaccountconf_mutable GCORE_Key "$GCORE_Key" "base64"
  _debug "First detect the zone name"
  if ! _get_root "$fulldomain"; then
@ -134,7 +138,7 @@ _get_root() {
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -148,7 +152,7 @@ _get_root() {
    if _contains "$response" "\"name\":\"$h\""; then
      _zone_name=$h
      if [ "$_zone_name" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        return 0
      fi
--- a/dnsapi/dns_gd.sh
+++ b/dnsapi/dns_gd.sh
@ -1,12 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#Godaddy domain api
+dns_gd_info='GoDaddy.com
-# Get API key and secret from https://developer.godaddy.com/
+Site: GoDaddy.com
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gd
-# GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Options:
-# GD_Secret="asdfsdfsfsdfsdfdfsdf"
+ GD_Key API Key
-#
+ GD_Secret API Secret
-# Ex.: acme.sh --issue --staging --dns dns_gd -d "*.s.example.com" -d "s.example.com"
+'
 GD_Api="https://api.godaddy.com/v1"
@ -148,7 +148,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
@ -161,7 +161,7 @@ _get_root() {
    if _contains "$response" '"code":"NOT_FOUND"'; then
      _debug "$h not found"
    else
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain="$h"
      return 0
    fi
--- a/dnsapi/dns_geoscaling.sh
+++ b/dnsapi/dns_geoscaling.sh
@ -1,12 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-########################################################################
+dns_geoscaling_info='GeoScaling.com
-# Geoscaling hook script for acme.sh
+Site: GeoScaling.com
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_geoscaling
-# Environment variables:
+Options:
-#
+ GEOSCALING_Username Username. This is usually NOT an email address
-#  - $GEOSCALING_Username  (your Geoscaling username - this is usually NOT an amail address)
+ GEOSCALING_Password Password
-#  - $GEOSCALING_Password  (your Geoscaling password)
+'
 #-- dns_geoscaling_add() - Add TXT record --------------------------------------
 # Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com "XyZ123..."
@ -202,7 +202,7 @@ find_zone() {
  # Walk through all possible zone names
  strip_counter=1
  while true; do
-    attempted_zone=$(echo "${domain}" | cut -d . -f ${strip_counter}-)
+    attempted_zone=$(echo "${domain}" | cut -d . -f "${strip_counter}"-)
    # All possible zone names have been tried
    if [ -z "${attempted_zone}" ]; then
--- a/dnsapi/dns_googledomains.sh
+++ b/dnsapi/dns_googledomains.sh
@ -1,10 +1,15 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_googledomains_info='Google Domains
 Site: Domains.Google.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_googledomains
 Options:
 GOOGLEDOMAINS_ACCESS_TOKEN API Access Token
 GOOGLEDOMAINS_ZONE Zone
 Issues: github.com/acmesh-official/acme.sh/issues/4545
 Author: Alex Leigh <leigh@alexleigh.me>
 '
 # Author: Alex Leigh <leigh at alexleigh dot me>
 # Created: 2023-03-02
 #GOOGLEDOMAINS_ACCESS_TOKEN="xxxx"
 #GOOGLEDOMAINS_ZONE="xxxx"
 GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets"
 ######## Public functions ########
@ -127,7 +132,7 @@ _dns_googledomains_get_zone() {
  i=2
  while true; do
-    curr=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    curr=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug curr "$curr"
    if [ -z "$curr" ]; then
--- a/dnsapi/dns_he.sh
+++ b/dnsapi/dns_he.sh
@ -1,15 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-########################################################################
+dns_he_info='Hurricane Electric HE.net
-# Hurricane Electric hook script for acme.sh
+Site: dns.he.net
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_he
-# Environment variables:
+Options:
-#
+ HE_Username Username
-#  - $HE_Username  (your dns.he.net username)
+ HE_Password Password
-#  - $HE_Password  (your dns.he.net password)
+Issues: github.com/angel333/acme.sh/issues/
-#
+Author: Ondrej Simek <me@ondrejsimek.com>
-# Author: Ondrej Simek <me@ondrejsimek.com>
+'
 # Git repo: https://github.com/angel333/acme.sh
 #-- dns_he_add() - Add TXT record --------------------------------------
 # Usage: dns_he_add _acme-challenge.subdomain.domain.com "XyZ123..."
@ -144,7 +143,7 @@ _find_zone() {
  # Walk through all possible zone names
  _strip_counter=1
  while true; do
-    _attempted_zone=$(echo "$_domain" | cut -d . -f ${_strip_counter}-)
+    _attempted_zone=$(echo "$_domain" | cut -d . -f "${_strip_counter}"-)
    # All possible zone names have been tried
    if [ -z "$_attempted_zone" ]; then
--- a/dnsapi/dns_hetzner.sh
+++ b/dnsapi/dns_hetzner.sh
@ -1,8 +1,12 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_hetzner_info='Hetzner.com
-#HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Site: Hetzner.com
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hetzner
 Options:
 HETZNER_Token API Token
 Issues: github.com/acmesh-official/acme.sh/issues/2943
 '
 HETZNER_Api="https://dns.hetzner.com/api/v1"
@ -177,7 +181,7 @@ _get_root() {
  _debug "Trying to get zone id by domain name for '$domain_without_acme'."
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
@ -189,7 +193,7 @@ _get_root() {
    if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_entries":1'; then
      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain=$h
        HETZNER_Zone_ID=$_domain_id
        _savedomainconf "$domain_param_name" "$HETZNER_Zone_ID"
--- a/dnsapi/dns_hexonet.sh
+++ b/dnsapi/dns_hexonet.sh
@ -1,9 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_hexonet_info='Hexonet.com
-# Hexonet_Login="username!roleId"
+Site: Hexonet.com
-#
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_hexonet
-# Hexonet_Password="rolePassword"
+Options:
 Hexonet_Login Login. E.g. "username!roleId"
 Hexonet_Password Role Password
 Issues: github.com/acmesh-official/acme.sh/issues/2389
 '
 Hexonet_Api="https://coreapi.1api.net/api/call.cgi"
@ -119,7 +123,7 @@ _get_root() {
  i=1
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -131,7 +135,7 @@ _get_root() {
    fi
    if _contains "$response" "CODE=200"; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain=$h
      return 0
    fi
--- a/dnsapi/dns_hostingde.sh
+++ b/dnsapi/dns_hostingde.sh
@ -1,10 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# hosting.de API
+dns_hostingde_info='Hosting.de
-
+Site: Hosting.de
-# Values to export:
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hostingde
-# export HOSTINGDE_ENDPOINT='https://secure.hosting.de'
+Options:
-# export HOSTINGDE_APIKEY='xxxxx'
+ HOSTINGDE_ENDPOINT Endpoint. E.g. "https://secure.hosting.de"
 HOSTINGDE_APIKEY API Key
 Issues: github.com/acmesh-official/acme.sh/issues/2058
 '
 ########  Public functions #####################
--- a/dnsapi/dns_huaweicloud.sh
+++ b/dnsapi/dns_huaweicloud.sh
@ -1,8 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# HUAWEICLOUD_Username
+dns_huaweicloud_info='HuaweiCloud.com
-# HUAWEICLOUD_Password
+Site: HuaweiCloud.com
-# HUAWEICLOUD_DomainName
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_huaweicloud
 Options:
 HUAWEICLOUD_Username Username
 HUAWEICLOUD_Password Password
 HUAWEICLOUD_DomainName DomainName
 Issues: github.com/acmesh-official/acme.sh/issues/3265
 '
 iam_api="https://iam.myhuaweicloud.com"
 dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work
@ -204,7 +210,7 @@ _get_recordset_id() {
  _zoneid=$3
  export _H1="X-Auth-Token: ${_token}"
-  response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
+  response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}&status=ACTIVE")
  if _contains "${response}" '"id"'; then
    _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")"
    printf "%s" "${_id}"
@ -221,7 +227,7 @@ _add_record() {
  # Get Existing Records
  export _H1="X-Auth-Token: ${_token}"
-  response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")
+  response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}&status=ACTIVE")
  _debug2 "${response}"
  _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g')
--- a/dnsapi/dns_infoblox.sh
+++ b/dnsapi/dns_infoblox.sh
@ -1,8 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-## Infoblox API integration by Jason Keller and Elijah Tenai
+dns_infoblox_info='Infoblox.com
-##
+Site: Infoblox.com
-## Report any bugs via https://github.com/jasonkeller/acme.sh
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_infoblox
 Options:
 Infoblox_Creds Credentials. E.g. "username:password"
 Infoblox_Server Server hostname. IP or FQDN of infoblox appliance
 Issues: github.com/jasonkeller/acme.sh
 Author: Jason Keller, Elijah Tenai
 '
 dns_infoblox_add() {
--- a/dnsapi/dns_infomaniak.sh
+++ b/dnsapi/dns_infomaniak.sh
@ -1,19 +1,20 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_infomaniak_info='Infomaniak.com
 Site: Infomaniak.com
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak
 Options:
 INFOMANIAK_API_TOKEN API Token
 Issues: github.com/acmesh-official/acme.sh/issues/3188
 '
 ###############################################################################
 # Infomaniak API integration
 #
 # To use this API you need visit the API dashboard of your account
 # once logged into https://manager.infomaniak.com add /api/dashboard to the URL
 #
 # Please report bugs to
 # https://github.com/acmesh-official/acme.sh/issues/3188
 #
 # Note: the URL looks like this:
 # https://manager.infomaniak.com/v3/<account_id>/api/dashboard
 # Then generate a token with the scope Domain
 # this is given as an environment variable INFOMANIAK_API_TOKEN
 ###############################################################################
 # base variables
--- a/dnsapi/dns_internetbs.sh
+++ b/dnsapi/dns_internetbs.sh
@ -1,12 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#This is the Internet.BS api wrapper for acme.sh
+dns_internetbs_info='InternetBS.net
-#
+Site: InternetBS.net
-#Author: <alexey@nelexa.ru> Ne-Lexa
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_internetbs
-#Report Bugs here: https://github.com/Ne-Lexa/acme.sh
+Options:
-
+ INTERNETBS_API_KEY API Key
-#INTERNETBS_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
+ INTERNETBS_API_PASSWORD API Password
-#INTERNETBS_API_PASSWORD="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Issues: github.com/acmesh-official/acme.sh/issues/2261
 Author: Ne-Lexa <alexey@nelexa.ru>
 '
 INTERNETBS_API_URL="https://api.internet.bs"
@ -131,7 +133,7 @@ _get_root() {
    fi
    while true; do
-      h=$(printf "%s" "$domain" | cut -d . -f ${i}-100)
+      h=$(printf "%s" "$domain" | cut -d . -f "${i}"-100)
      _debug h "$h"
      if [ -z "$h" ]; then
        #not valid
@ -139,7 +141,7 @@ _get_root() {
      fi
      if _contains "$response" "\"$h\""; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-${p})
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"${p}")
        _domain=${h}
        return 0
      fi
--- a/dnsapi/dns_inwx.sh
+++ b/dnsapi/dns_inwx.sh
@ -1,10 +1,13 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_inwx_info='INWX.de
 Site: INWX.de
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_inwx
 Options:
 INWX_User Username
 INWX_Password Password
 '
 #
 #INWX_User="username"
 #
 #INWX_Password="password"
 #
 # Dependencies:
 # -------------
 # - oathtool (When using 2 Factor Authentication)
@ -160,6 +163,15 @@ _inwx_check_cookie() {
  return 1
 }
 _htmlEscape() {
  _s="$1"
  _s=$(echo "$_s" | sed "s/&/&amp;/g")
  _s=$(echo "$_s" | sed "s/</\&lt;/g")
  _s=$(echo "$_s" | sed "s/>/\&gt;/g")
  _s=$(echo "$_s" | sed 's/"/\&quot;/g')
  printf -- %s "$_s"
 }
 _inwx_login() {
  if _inwx_check_cookie; then
@ -167,6 +179,8 @@ _inwx_login() {
    return 0
  fi
  XML_PASS=$(_htmlEscape "$INWX_Password")
  xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
  <methodCall>
  <methodName>account.login</methodName>
@ -190,7 +204,7 @@ _inwx_login() {
    </value>
   </param>
  </params>
-  </methodCall>' "$INWX_User" "$INWX_Password")
+  </methodCall>' "$INWX_User" "$XML_PASS")
  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
@ -279,7 +293,7 @@ _get_root() {
  response="$(_post "$xml_content" "$INWX_Api" "" "POST")"
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
@ -287,7 +301,7 @@ _get_root() {
    fi
    if _contains "$response" "$h"; then
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain="$h"
      return 0
    fi
--- a/dnsapi/dns_ionos.sh
+++ b/dnsapi/dns_ionos.sh
@ -1,14 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Supports IONOS DNS API v1.0.1
+dns_ionos_info='IONOS.de
-#
+Site: IONOS.de
-# Usage:
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos
-#   Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh:
+Options:
-#
+ IONOS_PREFIX Prefix
-#   $ export IONOS_PREFIX="..."
+ IONOS_SECRET Secret
-#   $ export IONOS_SECRET="..."
+Issues: github.com/acmesh-official/acme.sh/issues/3379
-#
+'
 #   $ acme.sh --issue --dns dns_ionos ...
 IONOS_API="https://api.hosting.ionos.com/dns"
 IONOS_ROUTE_ZONES="/v1/zones"
@ -88,7 +87,7 @@ _get_root() {
    _response="$(echo "$_response" | tr -d "\n")"
    while true; do
-      h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+      h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
      if [ -z "$h" ]; then
        return 1
      fi
@ -97,7 +96,7 @@ _get_root() {
      if [ "$_zone" ]; then
        _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"')
        if [ "$_zone_id" ]; then
-          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
          _domain=$h
          return 0
--- a/dnsapi/dns_ionos_cloud.sh
+++ b/dnsapi/dns_ionos_cloud.sh
@ -0,0 +1,145 @@
 #!/usr/bin/env sh
 # Supports IONOS Cloud DNS API v1.15.4
 #
 # Usage:
 #   Export IONOS_TOKEN before calling acme.sh:
 #   $ export IONOS_TOKEN="..."
 #
 #   $ acme.sh --issue --dns dns_ionos_cloud ...
 IONOS_CLOUD_API="https://dns.de-fra.ionos.com"
 IONOS_CLOUD_ROUTE_ZONES="/zones"
 dns_ionos_cloud_add() {
  fulldomain=$1
  txtvalue=$2
  if ! _ionos_init; then
    return 1
  fi
  _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1)
  _body="{\"properties\":{\"name\":\"$_record_name\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}"
  if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then
    _info "TXT record has been created successfully."
    return 0
  fi
  return 1
 }
 dns_ionos_cloud_rm() {
  fulldomain=$1
  txtvalue=$2
  if ! _ionos_init; then
    return 1
  fi
  if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then
    _err "Could not find _acme-challenge TXT record."
    return 1
  fi
  if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then
    _info "TXT record has been deleted successfully."
    return 0
  fi
  return 1
 }
 _ionos_init() {
  IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}"
  if [ -z "$IONOS_TOKEN" ]; then
    _err "You didn't specify an IONOS token yet."
    _err "Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token."
    _err "You need to set it before calling acme.sh:"
    _err "\$ export IONOS_TOKEN=\"...\""
    _err "\$ acme.sh --issue -d ... --dns dns_ionos_cloud"
    return 1
  fi
  _saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN"
  if ! _get_cloud_zone "$fulldomain"; then
    _err "Cannot find zone $zone in your IONOS account."
    return 1
  fi
  return 0
 }
 _get_cloud_zone() {
  domain=$1
  zone=$(printf "%s" "$domain" | cut -d . -f 2-)
  if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then
    _response="$(echo "$_response" | tr -d "\n")"
    _zone_list_items=$(echo "$_response" | _egrep_o "\"items\":.*")
    _zone_id=$(printf "%s\n" "$_zone_list_items" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"')
    if [ "$_zone_id" ]; then
      return 0
    fi
  fi
  return 1
 }
 _ionos_cloud_get_record() {
  zone_id=$1
  txtrecord=$2
  # this is to transform the domain to lower case
  fulldomain=$(printf "%s" "$3" | _lower_case)
  # this is to transform record name to lower case
  # IONOS Cloud API transforms all record names to lower case
  _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | _lower_case)
  if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then
    _response="$(echo "$_response" | tr -d "\n")"
    pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}"
    _record="$(echo "$_response" | _egrep_o "$pattern")"
    if [ "$_record" ]; then
      _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"')
      return 0
    fi
  fi
  return 1
 }
 _ionos_cloud_rest() {
  method="$1"
  route="$2"
  data="$3"
  export _H1="Authorization: Bearer $IONOS_TOKEN"
  # clear headers
  : >"$HTTP_HEADER"
  if [ "$method" != "GET" ]; then
    _response="$(_post "$data" "$IONOS_CLOUD_API$route" "" "$method" "application/json")"
  else
    _response="$(_get "$IONOS_CLOUD_API$route")"
  fi
  _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  if [ "$?" != "0" ]; then
    _err "Error $route: $_response"
    return 1
  fi
  _debug2 "_response" "$_response"
  _debug2 "_code" "$_code"
  return 0
 }
--- a/dnsapi/dns_ipv64.sh
+++ b/dnsapi/dns_ipv64.sh
@ -1,13 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#Created by Roman Lumetsberger, to use ipv64.net's API to add/remove text records
+dns_ipv64_info='IPv64.net
-#2022/11/29
+Site: IPv64.net
-
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ipv64
-# Pass credentials before "acme.sh --issue --dns dns_ipv64 ..."
+Options:
-# --
+ IPv64_Token API Token
-# export IPv64_Token="aaaaaaaaaaaaaaaaaaaaaaaaaa"
+Issues: github.com/acmesh-official/acme.sh/issues/4419
-# --
+Author: Roman Lumetsberger
-#
+'
 IPv64_API="https://ipv64.net/api"
--- a/dnsapi/dns_ispconfig.sh
+++ b/dnsapi/dns_ispconfig.sh
@ -1,16 +1,21 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_ispconfig_info='ISPConfig Server API
 Site: ISPConfig.org
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ispconfig
 Options:
 ISPC_User Remote User
 ISPC_Password Remote Password
 ISPC_Api API URL. E.g. "https://ispc.domain.tld:8080/remote/json.php"
 ISPC_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept
 '
 # ISPConfig 3.1 API
-# User must provide login data and URL to the ISPConfig installation incl. port. The remote user in ISPConfig must have access to:
+# User must provide login data and URL to the ISPConfig installation incl. port.
 # The remote user in ISPConfig must have access to:
 # - DNS txt Functions
-
+# - DNS zone functions
-# Report bugs to https://github.com/sjau/acme.sh
+# - Client functions
 # Values to export:
 # export ISPC_User="remoteUser"
 # export ISPC_Password="remotePassword"
 # export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php"
 # export ISPC_Api_Insecure=1     # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
 ########  Public functions #####################
--- a/dnsapi/dns_jd.sh
+++ b/dnsapi/dns_jd.sh
@ -1,9 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#
+dns_jd_info='jdcloud.com
-#JD_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje"
+Site: jdcloud.com
-#JD_ACCESS_KEY_SECRET="xxxxxxx"
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_jd
-#JD_REGION="cn-north-1"
+Options:
 JD_ACCESS_KEY_ID Access key ID
 JD_ACCESS_KEY_SECRET Access key secret
 JD_REGION Region. E.g. "cn-north-1"
 Issues: github.com/acmesh-official/acme.sh/issues/2388
 '
 _JD_ACCOUNT="https://uc.jdcloud.com/account/accesskey"
@ -130,7 +135,7 @@ _get_root() {
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug2 "Checking domain: $h"
    if ! jd_rest GET "domain"; then
      _err "error get domain list"
@ -148,7 +153,7 @@ _get_root() {
      if [ "$hostedzone" ]; then
        _domain_id="$(echo "$hostedzone" | tr ',' '\n' | grep "\"id\":" | cut -d : -f 2)"
        if [ "$_domain_id" ]; then
-          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+          _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
          _domain=$h
          return 0
        fi
--- a/dnsapi/dns_joker.sh
+++ b/dnsapi/dns_joker.sh
@ -1,27 +1,14 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# Joker.com API for acme.sh
+dns_joker_info='Joker.com
-#
+Site: Joker.com
-# This script adds the necessary TXT record to a domain in Joker.com.
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_joker
-#
+Options:
-# You must activate Dynamic DNS in Joker.com DNS configuration first.
+ JOKER_USERNAME Username
-# Username and password below refer to Dynamic DNS authentication,
+ JOKER_PASSWORD Password
-# not your Joker.com login credentials.
+Issues: github.com/acmesh-official/acme.sh/issues/2840
-# See: https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html
+Author: <https://github.com/aattww/>
-#
+'
 # NOTE: This script does not support wildcard certificates, because
 # Joker.com API does not support adding two TXT records with the same
 # subdomain. Adding the second record will overwrite the first one.
 # See: https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html
 #   "... this request will replace all TXT records for the specified
 #    label by the provided content"
 #
 # Author: aattww (https://github.com/aattww/)
 #
 # Report bugs to https://github.com/acmesh-official/acme.sh/issues/2840
 #
 # JOKER_USERNAME="xxxx"
 # JOKER_PASSWORD="xxxx"
 JOKER_API="https://svc.joker.com/nic/replace"
@ -93,7 +80,7 @@ _get_root() {
  fulldomain=$1
  i=1
  while true; do
-    h=$(printf "%s" "$fulldomain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      return 1
--- a/dnsapi/dns_kappernet.sh
+++ b/dnsapi/dns_kappernet.sh
@ -1,12 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-# kapper.net domain api
+dns_kappernet_info='kapper.net
-# for further questions please contact: support@kapper.net
+Site: kapper.net
-# please report issues here: https://github.com/acmesh-official/acme.sh/issues/2977
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kappernet
-
+Options:
-#KAPPERNETDNS_Key="yourKAPPERNETapikey"
+ KAPPERNETDNS_Key API Key
-#KAPPERNETDNS_Secret="yourKAPPERNETapisecret"
+ KAPPERNETDNS_Secret API Secret
-#KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
+Issues: github.com/acmesh-official/acme.sh/issues/2977
 '
 ###############################################################################
 # called with
@ -101,7 +102,7 @@ _get_root() {
  i=2
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
@ -112,7 +113,7 @@ _get_root() {
    if _contains "$response" '"OK":false'; then
      _debug "$h not found"
    else
-      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
      _domain="$h"
      return 0
    fi
--- a/dnsapi/dns_kas.sh
+++ b/dnsapi/dns_kas.sh
@ -1,19 +1,16 @@
 #!/usr/bin/env sh
-########################################################################
+# shellcheck disable=SC2034
-# All-inkl Kasserver hook script for acme.sh
+dns_kas_info='All-inkl Kas Server
-#
+Site: kas.all-inkl.com
-# Environment variables:
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kas
-#
+Options:
-#  - $KAS_Login (Kasserver API login name)
+ KAS_Login API login name
-#  - $KAS_Authtype (Kasserver API auth type. Default: plain)
+ KAS_Authtype API auth type. Default: "plain"
-#  - $KAS_Authdata (Kasserver API auth data.)
+ KAS_Authdata API auth data
-#
+Issues: github.com/acmesh-official/acme.sh/issues/2715
-# Last update: squared GmbH <github@squaredgmbh.de>
+Author: squared GmbH <github@squaredgmbh.de>, Martin Kammerlander <martin.kammerlander@phlegx.com>, Marc-Oliver Lange <git@die-lang.es>
-# Credits:
+'
-# - dns_he.sh. Thanks a lot man!
+
 # - Martin Kammerlander, Phlegx Systems OG <martin.kammerlander@phlegx.com>
 # - Marc-Oliver Lange <git@die-lang.es>
 # - https://github.com/o1oo11oo/kasapi.sh
 ########################################################################
 KAS_Api_GET="$(_get "https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl")"
 KAS_Api="$(echo "$KAS_Api_GET" | tr -d ' ' | grep -i "<soap:addresslocation=" | sed "s/='/\n/g" | grep -i "http" | sed "s/'\/>//g")"
--- a/dnsapi/dns_kinghost.sh
+++ b/dnsapi/dns_kinghost.sh
@ -1,16 +1,17 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_kinghost_info='King.host
 Domains: KingHost.net KingHost.com.br
 Site: King.host
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_kinghost
 Options:
 KINGHOST_Username Username
 KINGHOST_Password Password
 Author: Felipe Keller Braz <felipebraz@kinghost.com.br>
 '
 ############################################################
 # KingHost API support                                     #
 # https://api.kinghost.net/doc/                             #
 #                                                          #
 # Author: Felipe Keller Braz <felipebraz@kinghost.com.br>  #
 # Report Bugs here: https://github.com/kinghost/acme.sh    #
 #                                                          #
 # Values to export:                                        #
 # export KINGHOST_Username="email@provider.com"            #
 # export KINGHOST_Password="xxxxxxxxxx"                    #
 ############################################################
 KING_Api="https://api.kinghost.net/acme"
--- a/dnsapi/dns_knot.sh
+++ b/dnsapi/dns_knot.sh
@ -1,4 +1,14 @@
 #!/usr/bin/env sh
 # shellcheck disable=SC2034
 dns_knot_info='Knot Server knsupdate
 Site: www.knot-dns.cz/docs/2.5/html/man_knsupdate.html
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_knot
 Options:
 KNOT_SERVER Server hostname. Default: "localhost".
 KNOT_KEY File path to TSIG key
 '
 # See also dns_nsupdate.sh
 ########  Public functions #####################
--- a/dnsapi/dns_la.sh
+++ b/dnsapi/dns_la.sh
@ -1,7 +1,13 @@
 #!/usr/bin/env sh
-
+# shellcheck disable=SC2034
-#LA_Id="test123"
+dns_la_info='dns.la
-#LA_Key="d1j2fdo4dee3948"
+Site: dns.la
 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_la
 Options:
 LA_Id API ID
 LA_Key API key
 Issues: github.com/acmesh-official/acme.sh/issues/4257
 '
 LA_Api="https://api.dns.la/api"
@ -107,7 +113,7 @@ _get_root() {
  p=1
  while true; do
-    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    if [ -z "$h" ]; then
      #not valid
      return 1
@ -120,7 +126,7 @@ _get_root() {
    if _contains "$response" '"domainid":'; then
      _domain_id=$(printf "%s" "$response" | grep '"domainid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n')
      if [ "$_domain_id" ]; then
-        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
        _domain="$h"
        return 0
      fi
--- a/Show More
+++ b/Show More