The first fail logic seems scoped to a single test file.

Set the flag globally.
Since the tests run in a container, cleanup is automagic.

Various test tweaks to allow for skipping tests & null strings.

From https://github.com/sstephenson/bats/issues/135 via @timkimber

The test harness will suppress output unless an error occurs.

Upgrade testing was failing in forked repos CI because the
source repo was hard-coded.  Use the CI environment to use
the fork's repo.

This doesn't happen with Let'sEncrypt, but it does with at least
one other CA.  The ACME spec allows it.

Fix copy_file_to_location failures with ssh, missing ftps://

More breadcrumbs.

debug() does this, but the automated tests aren't run with -d.
This also ensures that there is a breadcrumb if error_exit is
called without a preceding debug().

It's really hard to follow the breadcrumbs for debug when there
aren't any.

--insecure is almost always a bad idea.  In this case, it
is required for compatibility with Let's Encrypt.

Replace the less obvious '-k' with '--insecure' in the cURL
command, and document why it is used in the comments,

Prevent fallback to insecure when a secure protocol is requested.

Co-authored-by: Tim Kimber <timkimber@users.noreply.github.com>

Co-authored-by: Tim Kimber <timkimber@users.noreply.github.com>

ftses:// uses --insecure, which is, well, insecure.

When a suffix is applied to a filename lacking an extension,
a '.' in the host name is treated as the extension, and
the extension is inserted there instead of being appended
to the filename.

Inspect the basename of the destination, and append only the
suffix if no extension is present.

Thus ssh:host.example.net:/etc/ssl/private/foo will now be
copied to host.example.net/etc/ssl/private/foo.suffix instead
of host.example.suffix.net/etc./ssl/private/foo (which usually would fail).

Note that a local file, such as /etc/ssl/private/foo will
be copied to /etc/ssl/private/foo.suffix. (Not
/etc/ssl/private/foo.suffix. as before, which was incorrect).

Fix host idn bug

Only pass +noidnout param to dig/drill

Fix leading whitespace in heredoc so it's uniform

release-2.37

Do not redirect outputs on remote commands when the debug option is used

[DNS-01][OVH] Config from env

IDN fixes

When the debug option is used, it may be useful to see errors that may occured
on remote calls (ssh).

Remove spaces and sort when checking if SANS list changed

Request new certificate if SANs changed

shellcheck disable=SC2086

Update from tlhackque/getssl

Use a regexp rather than a partial match to skip any DNS_CHECK_OPTIONS,
which in the current tests create whitespace, but could be anything.

Catch a missing inclusion of DNS_CHECK_OPTIONS for dig CNAME