Use the GitHub release data to decide if an upgrade is available.

Only download the release if a newer stable release is published.

Install the full release - including the DNS scripts (requires "make")

Don't check for upgrades when restarting.

Remove --keep logic - only 1 old version is kept, only if make isn't available.
Old versions are availablel from the repo; if you have local changes, --upgrade doesn't make sense.

Can upgrade (or downgrade) to any tagged release with --experimental vx.yy

Note that GitHub API requests are rate-limited; this shouldn't be an issue
unless getssl is run more than ~60 times/hr.  If the limit is exceeded,
getssl will sleep until the limit is reset.  The limit is per-IP address.

The tests have been modified to only check for updates in the tests that
verify the check for updates logic.  This has the side effect of not
doing MANY pointless checks for updates in the tests...

Document the accounts and repo-specific domain names required to run the dynamic DNS tests.

Also document the GitHub "secrets" that must be stored for CI testing to work.

Avoids having to push, e.g. when adding a tag or updating credentials.

For now, srvrco is excluded.

The domain name will be <repo>-<os>-getssl.<duckdns.org|freedns.org>

Must be added to accounts on these services.

Some versions of nginx create directories, so use -p with mkdir.

Note: To add the secrets to your repository on GitHub

Goto Actions -> Settings -> Secrets

New Repository Secret

Add DUCKDNS_TOKEN
Add DYNU_API_KEY

Prefer API V2 when both offered in a single directory, improve test error reports

Verify that a unified directory, API V2 is selected.

Only run cURL once to determine it's version.

The first fail logic seems scoped to a single test file.

Set the flag globally.
Since the tests run in a container, cleanup is automagic.

Various test tweaks to allow for skipping tests & null strings.

From https://github.com/sstephenson/bats/issues/135 via @timkimber

The test harness will suppress output unless an error occurs.

Upgrade testing was failing in forked repos CI because the
source repo was hard-coded.  Use the CI environment to use
the fork's repo.

This doesn't happen with Let'sEncrypt, but it does with at least
one other CA.  The ACME spec allows it.

Fix copy_file_to_location failures with ssh, missing ftps://

More breadcrumbs.

debug() does this, but the automated tests aren't run with -d.
This also ensures that there is a breadcrumb if error_exit is
called without a preceding debug().

It's really hard to follow the breadcrumbs for debug when there
aren't any.

--insecure is almost always a bad idea.  In this case, it
is required for compatibility with Let's Encrypt.

Replace the less obvious '-k' with '--insecure' in the cURL
command, and document why it is used in the comments,

Prevent fallback to insecure when a secure protocol is requested.

Co-authored-by: Tim Kimber <timkimber@users.noreply.github.com>

Co-authored-by: Tim Kimber <timkimber@users.noreply.github.com>

ftses:// uses --insecure, which is, well, insecure.

When a suffix is applied to a filename lacking an extension,
a '.' in the host name is treated as the extension, and
the extension is inserted there instead of being appended
to the filename.

Inspect the basename of the destination, and append only the
suffix if no extension is present.

Thus ssh:host.example.net:/etc/ssl/private/foo will now be
copied to host.example.net/etc/ssl/private/foo.suffix instead
of host.example.suffix.net/etc./ssl/private/foo (which usually would fail).

Note that a local file, such as /etc/ssl/private/foo will
be copied to /etc/ssl/private/foo.suffix. (Not
/etc/ssl/private/foo.suffix. as before, which was incorrect).

Fix host idn bug

Only pass +noidnout param to dig/drill

Fix leading whitespace in heredoc so it's uniform

release-2.37

Do not redirect outputs on remote commands when the debug option is used

[DNS-01][OVH] Config from env

IDN fixes

When the debug option is used, it may be useful to see errors that may occured
on remote calls (ssh).

Remove spaces and sort when checking if SANS list changed