From 815230943543fe74205e1a23ddbf1e575a30e6e5 Mon Sep 17 00:00:00 2001
From: Awal Garg <awalgarg@gmail.com>
Date: Tue, 26 Mar 2019 12:18:53 +0530
Subject: [PATCH 1/3] Add support for MaraDNS

MaraDNS is a lightweight self-hosting DNS server. This patch adds
support for adding records to zone files stored on the server in the
format expected by MaraDNS. Path to the file should be exported in
MARA_ZONE_FILE environment variable. To reload the configuration
automatically, the user must provide path to the pid file of duende (the
daemonization tool that ships with MaraDNS) in MARA_DUENDE_PID_PATH
(--pid argument to duende).
---
 dnsapi/dns_maradns.sh | 69 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100755 dnsapi/dns_maradns.sh

diff --git a/dnsapi/dns_maradns.sh b/dnsapi/dns_maradns.sh
new file mode 100755
index 00000000..4ff6ca2d
--- /dev/null
+++ b/dnsapi/dns_maradns.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env sh
+
+#Usage: dns_maradns_add _acme-challenge.www.domain.com "token"
+dns_maradns_add() {
+  fulldomain="$1"
+  txtvalue="$2"
+
+  MARA_ZONE_FILE="${MARA_ZONE_FILE:-$(_readaccountconf_mutable MARA_ZONE_FILE)}"
+  MARA_DUENDE_PID_PATH="${MARA_DUENDE_PID_PATH:-$(_readaccountconf_mutable MARA_DUENDE_PID_PATH)}"
+
+  _check_zone_file "$MARA_ZONE_FILE" || return 1
+  _check_duende_pid_path "$MARA_DUENDE_PID_PATH" || return 1
+
+  _saveaccountconf_mutable MARA_ZONE_FILE "$MARA_ZONE_FILE"
+  _saveaccountconf_mutable MARA_DUENDE_PID_PATH "$MARA_DUENDE_PID_PATH"
+
+  printf "%s. TXT '%s' ~\n" "$fulldomain" "$txtvalue" >>"$MARA_ZONE_FILE"
+  _reload_maradns "$MARA_DUENDE_PID_PATH" || return 1
+}
+
+#Usage: dns_maradns_rm _acme-challenge.www.domain.com "token"
+dns_maradns_rm() {
+  fulldomain="$1"
+  txtvalue="$2"
+
+  MARA_ZONE_FILE="${MARA_ZONE_FILE:-$(_readaccountconf_mutable MARA_ZONE_FILE)}"
+  MARA_DUENDE_PID_PATH="${MARA_DUENDE_PID_PATH:-$(_readaccountconf_mutable MARA_DUENDE_PID_PATH)}"
+
+  _check_zone_file "$MARA_ZONE_FILE" || return 1
+  _check_duende_pid_path "$MARA_DUENDE_PID_PATH" || return 1
+
+  _saveaccountconf_mutable MARA_ZONE_FILE "$MARA_ZONE_FILE"
+  _saveaccountconf_mutable MARA_DUENDE_PID_PATH "$MARA_DUENDE_PID_PATH"
+
+  _sed_i "/^$fulldomain.\+TXT '$txtvalue' ~/d" "$MARA_ZONE_FILE"
+  _reload_maradns "$MARA_DUENDE_PID_PATH" || return 1
+}
+
+_check_zone_file() {
+  zonefile="$1"
+  if [ -z "$zonefile" ]; then
+    _err "MARA_ZONE_FILE not passed!"
+    return 1
+  elif [ ! -w "$zonefile" ]; then
+    _err "MARA_ZONE_FILE not writable: $zonefile"
+    return 1
+  fi
+}
+
+_check_duende_pid_path() {
+  pidpath="$1"
+  if [ -z "$pidpath" ]; then
+    _err "MARA_DUENDE_PID_PATH not passed!"
+    return 1
+  fi
+  if [ ! -r "$pidpath" ]; then
+    _err "MARA_DUENDE_PID_PATH not readable: $pidpath"
+    return 1
+  fi
+}
+
+_reload_maradns() {
+  pidpath="$1"
+  kill -s HUP -- "$(cat "$pidpath")"
+  if [ $? -ne 0 ]; then
+    _err "Unable to reload MaraDNS, kill returned $?"
+    return 1
+  fi
+}

From 9b564431b08bc433e34c4d4b1cdac45eb333c4c5 Mon Sep 17 00:00:00 2001
From: Endre Szabo <endreszabo@users.noreply.github.com>
Date: Thu, 13 Jun 2019 12:39:38 +0200
Subject: [PATCH 2/3] Help text suggests bad practice.

Please remove the phrase `No news is good news.` as it suggests to decide to go on with a bad operational habit.

Why I am stating this is because that `no news` also could mean that:
- your `cron` daemon stopped working,
- your MTA has issues (in case or mail notifications of course),
- anything in between the host running `acme.sh` and your client went wrong.

(... and probably you will not notice in time if `acme.sh` would otherwise send an error notification (if it runs anyway))

If you expect a daily mail (using `--notify-level 3`) you can always be sure that `acme.sh` has ran successfully before. You can also tick the `acme.sh` checkbox in the daily operational report of your enterprise. ;)
---
 acme.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acme.sh b/acme.sh
index 7aa500e3..9bcab813 100755
--- a/acme.sh
+++ b/acme.sh
@@ -6108,7 +6108,7 @@ Parameters:
 
   --notify-level  0|1|2|3           Set the notification level:  Default value is $NOTIFY_LEVEL_DEFAULT.
                                      0: disabled, no notification will be sent. 
-                                     1: send notification only when there is an error. No news is good news.
+                                     1: send notification only when there is an error.
                                      2: send notification when a cert is successfully renewed, or there is an error
                                      3: send notification when a cert is skipped, renewdd, or error
   --notify-mode   0|1               Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.

From 882ac74a0c0dfa1e389dd54e6ce8180eddcfda91 Mon Sep 17 00:00:00 2001
From: neilpang <neil@neilpang.com>
Date: Fri, 14 Jun 2019 22:41:28 +0800
Subject: [PATCH 3/3] fix issue: clear Le_Vlist earlier

---
 acme.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/acme.sh b/acme.sh
index 9bcab813..70425335 100755
--- a/acme.sh
+++ b/acme.sh
@@ -3863,7 +3863,7 @@ issue() {
   _savedomainconf "Le_Keylength" "$_key_length"
 
   vlist="$Le_Vlist"
-
+  _cleardomainconf "Le_Vlist"
   _info "Getting domain auth token for each domain"
   sep='#'
   dvsep=','
@@ -4512,8 +4512,6 @@ $_authorizations_map"
     fi
   fi
 
-  _cleardomainconf "Le_Vlist"
-
   if [ "$ACME_VERSION" = "2" ]; then
     _debug "v2 chain."
   else