Ref https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

substitute for $domain in default .cfg file

looks for a default .cfg file in "$WORKING_DIR/getssl_default.cfg"

Some environments might delegate dns validation to a subzone by using CNAME records. These changes allow getssl to validate dns updates when the verification name is a CNAME to the TXT record rather than a TXT record itself.

Fixes #425

Co-authored-by: Robert Eden <rmeden@yahoo.com>

Fixes #423

Newer curl uses http2 by default, results in

getssl: Error registering account ... JWS has no anti-replay nonce

Force http1.1 as a work-around.

Also add debugging info for "error in EC signing".issue opened

Grammar fixes.

Signed-off-by: Scott Gustafson <scott@garlicsoftware.com>

Signed-off-by: Scott Gustafson <scott@garlicsoftware.com>

rdbath suggested how to implement a timeout on s_client probes.
Unfortunately, wait -n is a bash 4.3 feature.  So this requires
bash 4.3.  CHECK_CERT_TIMEOUT can be used to override the default, which
is 4 seconds.  Fallback is provided for older versions.

Views may require the 'nslookup' process to do somthing special, usually
provide a TSIG key or bind to a specific local address.  Add a
hook for that - export the VARIABLE DNS_CHECK_FUNC_OPTIONS with the
desired options._Set DNS_CHECK_FUNC to the desired command, which
must be one of the supported ones: 'dig', 'drill', 'host' or 'nslookup'.


However, this turned up the fact that the dig/drill code had the domain
and record type arguments in the wrong order on the command line.
(The domain comes first, see the man page.)  Fixed.

In some cases defining the previously undocumented PUBLIC_DNS_SERVER
may work.  This commit adds it to the template file, and exports it
for the benefit of DNS_UPDATE scripts.  Also AUTH_DNS_SERVER.

Squashed awk complaints about curl.header in some cases with debugging on.

Support older curl (--trace-time is somewhat recent)