looks for a default .cfg file in "$WORKING_DIR/getssl_default.cfg"

Update getssl

Allow dns checks to deal with CNAME records

Some environments might delegate dns validation to a subzone by using CNAME records. These changes allow getssl to validate dns updates when the verification name is a CNAME to the TXT record rather than a TXT record itself.

Case insensitive processing of agreement url because of HTTP/2

Fixes #425

Spelling

Pipe the commands to nsupdate

Use HTTP 1.1 as workaround atm

Co-authored-by: Robert Eden <rmeden@yahoo.com>

Fixes #423

[Route53] Make a stricter comparison for matching against zone names

This adds a dot in front of the fqdn and the zone name, so the
comparison will only check against full DNS parts of the fqdn and the
zone name. This will prevent to match a fqdn against an unrelated zone
name which overlaps with the wanted zone in the naming.

Fixes #398

Newer curl uses http2 by default, results in

getssl: Error registering account ... JWS has no anti-replay nonce

Force http1.1 as a work-around.

Also add debugging info for "error in EC signing".issue opened

PUT now requires a relative domain name.
GET changed the order of name and data in the JSON.

Note: Due to the API changes, you may need to add
GODADDY_BASE to getssl.cfg.  This is a space-separated
list of base domain names (zones) in which the challenge
responses are entered.  There doesn't seem to be a way
around this that works in all cases, as the GoDaddy API
requires that the zone name be known.

Grammar fixes.

The GoDaddy API now strictly requires any array when
adding a single TXT record.

Adding the Route53 dns script and some docs.

Signed-off-by: Scott Gustafson <scott@garlicsoftware.com>

Signed-off-by: Scott Gustafson <scott@garlicsoftware.com>

Inadvertently duplicated seconds & truncated fraction.

rdbath suggested how to implement a timeout on s_client probes.
Unfortunately, wait -n is a bash 4.3 feature.  So this requires
bash 4.3.  CHECK_CERT_TIMEOUT can be used to override the default, which
is 4 seconds.  Fallback is provided for older versions.

Views may require the 'nslookup' process to do somthing special, usually
provide a TSIG key or bind to a specific local address.  Add a
hook for that - export the VARIABLE DNS_CHECK_FUNC_OPTIONS with the
desired options._Set DNS_CHECK_FUNC to the desired command, which
must be one of the supported ones: 'dig', 'drill', 'host' or 'nslookup'.


However, this turned up the fact that the dig/drill code had the domain
and record type arguments in the wrong order on the command line.
(The domain comes first, see the man page.)  Fixed.

In some cases defining the previously undocumented PUBLIC_DNS_SERVER
may work.  This commit adds it to the template file, and exports it
for the benefit of DNS_UPDATE scripts.  Also AUTH_DNS_SERVER.

Squashed awk complaints about curl.header in some cases with debugging on.

Support older curl (--trace-time is somewhat recent)

-t FILE (or GODADDY_TFILE=FILE) will append command arguments
and all wire traffic to a file.

This provides all the information needed for debugging future issues.

Prevents GoDaddy secret and key from exposure via ps.

There is still an issue if environment variables can be read.

all files

Simplifies installation; private directory no longer required since
the scripts don't need to be customized.

-v makes sure that the installer knows what is happening.

Old versions did not return correct exit status.
Did not provide for pre/post processing hooks (e.g. to mount a disk)
Required custom edits/copies for each instance.

These fix all those issues.

Issue #288

Uses the GoDaddy "Developer" API to add and remove the ACME challenge
records.