More breadcrumbs.

debug() does this, but the automated tests aren't run with -d.
This also ensures that there is a breadcrumb if error_exit is
called without a preceding debug().

It's really hard to follow the breadcrumbs for debug when there
aren't any.

--insecure is almost always a bad idea.  In this case, it
is required for compatibility with Let's Encrypt.

Replace the less obvious '-k' with '--insecure' in the cURL
command, and document why it is used in the comments,

Prevent fallback to insecure when a secure protocol is requested.

Co-authored-by: Tim Kimber <timkimber@users.noreply.github.com>

Co-authored-by: Tim Kimber <timkimber@users.noreply.github.com>

ftses:// uses --insecure, which is, well, insecure.

When a suffix is applied to a filename lacking an extension,
a '.' in the host name is treated as the extension, and
the extension is inserted there instead of being appended
to the filename.

Inspect the basename of the destination, and append only the
suffix if no extension is present.

Thus ssh:host.example.net:/etc/ssl/private/foo will now be
copied to host.example.net/etc/ssl/private/foo.suffix instead
of host.example.suffix.net/etc./ssl/private/foo (which usually would fail).

Note that a local file, such as /etc/ssl/private/foo will
be copied to /etc/ssl/private/foo.suffix. (Not
/etc/ssl/private/foo.suffix. as before, which was incorrect).

Fix host idn bug

Only pass +noidnout param to dig/drill

Fix leading whitespace in heredoc so it's uniform

release-2.37

Do not redirect outputs on remote commands when the debug option is used

[DNS-01][OVH] Config from env

IDN fixes

When the debug option is used, it may be useful to see errors that may occured
on remote calls (ssh).

Remove spaces and sort when checking if SANS list changed

Request new certificate if SANs changed

shellcheck disable=SC2086

Update from tlhackque/getssl

Use a regexp rather than a partial match to skip any DNS_CHECK_OPTIONS,
which in the current tests create whitespace, but could be anything.

Catch a missing inclusion of DNS_CHECK_OPTIONS for dig CNAME

Add --version
Update default endpoint to acme-v02.

Local changes (to be pushed upstream):

add standard -v and --version options
dns_godaddy - correct fix for a godaddy API change
export AUTH_DNS_SERVER, PUBLIC_DNS_SERVER, LANG for hooks
apply $DNS_CHECK_OPTIONS to all dns lookups (for binding to an IP or
                                             applying a TSIG file)
When making combined cert/key files, force 077 permissions
In Makefile, handle *_scripts directories with install to get proper permissions.
Update template with advice on split views.
In dns_*_nsupdate, fix indent, prevent malformed commands

Fix DNS challenges with CNAMEs on different DNS servers