Merge pull request #3349 from acmesh-official/dev

sync

Dockerfile

@@ -12,6 +12,7 @@ RUN apk update -f \
   tzdata \
   oath-toolkit-oathtool \
   tar \
+  libidn \
   && rm -rf /var/cache/apk/*
 
 ENV LE_CONFIG_HOME /acme.sh

acme.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-VER=2.8.8
+VER=2.8.9
 
 PROJECT_NAME="acme.sh"
 
@@ -160,6 +160,8 @@ _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
 
 _PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
 
+_DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck"
+
 _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
 
 _DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
@@ -3958,6 +3960,8 @@ _check_dns_entries() {
   _end_time="$(_math "$_end_time" + 1200)" #let's check no more than 20 minutes.
 
   while [ "$(_time)" -le "$_end_time" ]; do
+    _info "You can use '--dnssleep' to disable public dns checks."
+    _info "See: $_DNSCHECK_WIKI"
     _left=""
     for entry in $dns_entries; do
       d=$(_getfield "$entry" 1)

deploy/docker.sh

@@ -275,6 +275,7 @@ _check_curl_version() {
 
   if [ "$_major$_minor" -lt "740" ]; then
     _err "curl v$_cversion doesn't support unit socket"
+    _err "Please upgrade to curl 7.40 or later."
     return 1
   fi
   if [ "$_major$_minor" -lt "750" ]; then

deploy/mailcow.sh

@@ -27,26 +27,43 @@ mailcow_deploy() {
     return 1
   fi
 
-  _ssl_path="${_mailcow_path}/data/assets/ssl/"
+  #Tests if _ssl_path is the mailcow root directory.
+  if [ -f "${_mailcow_path}/generate_config.sh" ]; then
+    _ssl_path="${_mailcow_path}/data/assets/ssl/"
+  else
+    _ssl_path="${_mailcow_path}"
+  fi
+
   if [ ! -d "$_ssl_path" ]; then
     _err "Cannot find mailcow ssl path: $_ssl_path"
     return 1
   fi
 
+  # ECC or RSA
+  if [ -z "${Le_Keylength}" ]; then
+    Le_Keylength=""
+  fi
+  if _isEccKey "${Le_Keylength}"; then
+    _info "ECC key type detected"
+    _cert_name_prefix="ecdsa-"
+  else
+    _info "RSA key type detected"
+    _cert_name_prefix=""
+  fi
   _info "Copying key and cert"
-  _real_key="$_ssl_path/key.pem"
+  _real_key="$_ssl_path/${_cert_name_prefix}key.pem"
   if ! cat "$_ckey" >"$_real_key"; then
     _err "Error: write key file to: $_real_key"
     return 1
   fi
 
-  _real_fullchain="$_ssl_path/cert.pem"
+  _real_fullchain="$_ssl_path/${_cert_name_prefix}cert.pem"
   if ! cat "$_cfullchain" >"$_real_fullchain"; then
     _err "Error: write cert file to: $_real_fullchain"
     return 1
   fi
 
-  DEFAULT_MAILCOW_RELOAD="cd ${_mailcow_path} && docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow"
+  DEFAULT_MAILCOW_RELOAD="docker restart $(docker ps -qaf name=postfix-mailcow); docker restart $(docker ps -qaf name=nginx-mailcow); docker restart $(docker ps -qaf name=dovecot-mailcow)"
   _reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}"
 
   _info "Run reload: $_reload"

deploy/synology_dsm.sh

@@ -21,10 +21,6 @@
 
 ########  Public functions #####################
 
-_syno_get_cookie_data() {
-  grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
-}
-
 #domain keyfile certfile cafile fullchain
 synology_dsm_deploy() {
 
@@ -73,13 +69,25 @@ synology_dsm_deploy() {
   _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
   _debug _base_url "$_base_url"
 
+  _debug "Getting API version"
+  response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
+  api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
+  _debug3 response "$response"
+  _debug3 api_version "$api_version"
+
   # Login, get the token from JSON and session id from cookie
   _info "Logging into $SYNO_Hostname:$SYNO_Port"
   encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
   encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
-  encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)"
-  response=$(_get "$_base_url/webman/login.cgi?username=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_id=$encoded_did" 1)
-  token=$(echo "$response" | grep -i "X-SYNO-TOKEN:" | sed -n 's/^X-SYNO-TOKEN: \(.*\)$/\1/pI' | tr -d "\r\n")
+
+  if [ -n "$SYNO_DID" ]; then
+    _H1="Cookie: did=$SYNO_DID"
+    export _H1
+    _debug3 H1 "${_H1}"
+  fi
+
+  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
+  token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
   _debug3 response "$response"
   _debug token "$token"
 
@@ -88,13 +96,11 @@ synology_dsm_deploy() {
     _err "Check your username and password."
     return 1
   fi
+  sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
 
-  _H1="Cookie: $(echo "$response" | _syno_get_cookie_data "id"); $(echo "$response" | _syno_get_cookie_data "smid")"
-  _H2="X-SYNO-TOKEN: $token"
+  _H1="X-SYNO-TOKEN: $token"
   export _H1
-  export _H2
   _debug2 H1 "${_H1}"
-  _debug2 H2 "${_H2}"
 
   # Now that we know the username and password are good, save them
   _savedeployconf SYNO_Username "$SYNO_Username"
@@ -102,7 +108,7 @@ synology_dsm_deploy() {
   _savedeployconf SYNO_DID "$SYNO_DID"
 
   _info "Getting certificates in Synology DSM"
-  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi")
+  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
   _debug3 response "$response"
   id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
   _debug2 id "$id"
@@ -135,7 +141,7 @@ synology_dsm_deploy() {
   content="${content%_}" # protect trailing \n
 
   _info "Upload certificate to the Synology DSM"
-  response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}")
+  response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
   _debug3 response "$response"
 
   if ! echo "$response" | grep '"error":' >/dev/null; then

dnsapi/dns_duckdns.sh

@@ -96,7 +96,7 @@ dns_duckdns_rm() {
 _duckdns_get_domain() {
 
   # We'll extract the domain/username from full domain
-  _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?[a-z0-9-]*\.duckdns\.org' | sed 's/^\(_acme-challenge\.\)\?\([a-z0-9-]*\)\.duckdns\.org/\2/')"
+  _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?([a-z0-9-]+\.)+duckdns\.org' | sed -n 's/^\([^.]\{1,\}\.\)*\([a-z0-9-]\{1,\}\)\.duckdns\.org$/\2/p;')"
 
   if [ -z "$_duckdns_domain" ]; then
     _err "Error extracting the domain."

dnsapi/dns_scaleway.sh

@@ -0,0 +1,176 @@
+#!/usr/bin/env sh
+
+# Scaleway API
+# https://developers.scaleway.com/en/products/domain/dns/api/
+#
+# Requires Scaleway API token set in SCALEWAY_API_TOKEN
+
+########  Public functions #####################
+
+SCALEWAY_API="https://api.scaleway.com/domain/v2beta1"
+
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_scaleway_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _scaleway_check_config; then
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Adding record"
+  _scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue"
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err error "$response"
+    return 1
+  fi
+  _info "Record added."
+
+  return 0
+}
+
+dns_scaleway_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _scaleway_check_config; then
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Deleting record"
+  _scaleway_delete_TXT_record "$_domain" "$_sub_domain" "$txtvalue"
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err error "$response"
+    return 1
+  fi
+  _info "Record deleted."
+
+  return 0
+}
+
+####################  Private functions below ##################################
+
+_scaleway_check_config() {
+  SCALEWAY_API_TOKEN="${SCALEWAY_API_TOKEN:-$(_readaccountconf_mutable SCALEWAY_API_TOKEN)}"
+  if [ -z "$SCALEWAY_API_TOKEN" ]; then
+    _err "No API key specified for Scaleway API."
+    _err "Create your key and export it as SCALEWAY_API_TOKEN"
+    return 1
+  fi
+  if ! _scaleway_rest GET "dns-zones"; then
+    _err "Invalid API key specified for Scaleway API."
+    return 1
+  fi
+
+  _saveaccountconf_mutable SCALEWAY_API_TOKEN "$SCALEWAY_API_TOKEN"
+
+  return 0
+}
+
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+  domain=$1
+  i=1
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    _scaleway_rest GET "dns-zones/$h/records"
+
+    if ! _contains "$response" "subdomain not found" >/dev/null; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain="$h"
+      return 0
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  _err "Unable to retrive DNS zone matching this domain"
+  return 1
+}
+
+# this function add a TXT record
+_scaleway_create_TXT_record() {
+  txt_zone=$1
+  txt_name=$2
+  txt_value=$3
+
+  _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"add\":{\"records\":[{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\",\"ttl\":60}]}}]}"
+
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err "error1 $response"
+    return 1
+  fi
+}
+
+# this function delete a TXT record based on name and content
+_scaleway_delete_TXT_record() {
+  txt_zone=$1
+  txt_name=$2
+  txt_value=$3
+
+  _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"delete\":{\"id_fields\":{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\"}}}]}"
+
+  if _contains "$response" "records"; then
+    return 0
+  else
+    _err "error2 $response"
+    return 1
+  fi
+}
+
+_scaleway_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+  _scaleway_url="$SCALEWAY_API/$ep"
+  _debug2 _scaleway_url "$_scaleway_url"
+  export _H1="x-auth-token: $SCALEWAY_API_TOKEN"
+  export _H2="Accept: application/json"
+  export _H3="Content-Type: application/json"
+
+  if [ "$data" ] || [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$_scaleway_url" "" "$m")"
+  else
+    response="$(_get "$_scaleway_url")"
+  fi
+  if [ "$?" != "0" ] || _contains "$response" "denied_authentication" || _contains "$response" "Method not allowed" || _contains "$response" "json parse error: unexpected EOF"; then
+    _err "error $response"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}

dnsapi/dns_simply.sh

@@ -0,0 +1,247 @@
+#!/usr/bin/env sh
+
+#
+#SIMPLY_AccountName="accountname"
+#
+#SIMPLY_ApiKey="apikey"
+#
+#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]"
+
+SIMPLY_Api_Default="https://api.simply.com/1"
+
+########  Public functions #####################
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_simply_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _simply_load_config; then
+    return 1
+  fi
+
+  _simply_save_config
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Adding record"
+
+  if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then
+    _err "Could not add DNS record"
+    return 1
+  fi
+  return 0
+}
+
+dns_simply_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  if ! _simply_load_config; then
+    return 1
+  fi
+
+  _simply_save_config
+
+  _debug "First detect the root zone"
+
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+  _debug txtvalue "$txtvalue"
+
+  _info "Getting all existing records"
+
+  if ! _simply_get_all_records "$_domain"; then
+    _err "invalid domain"
+    return 1
+  fi
+
+  records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' ' | tr -d ' ' | tr ';' ' ')
+
+  nr_of_deleted_records=0
+  _info "Fetching txt record"
+
+  for record in $records; do
+    _debug record "$record"
+
+    record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2)
+    record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2)
+
+    _debug2 record_data "$record_data"
+    _debug2 record_type "$record_type"
+
+    if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then
+
+      record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2)
+
+      _info "Deleting record $record"
+      _debug2 record_id "$record_id"
+
+      if [ "$record_id" -gt 0 ]; then
+
+        if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then
+          _err "Record with id $record_id could not be deleted"
+          return 1
+        fi
+
+        nr_of_deleted_records=1
+        break
+      else
+        _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record"
+        break
+      fi
+    fi
+
+  done
+
+  if [ "$nr_of_deleted_records" -eq 0 ]; then
+    _err "No record deleted, the DNS record needs to be removed manually."
+  else
+    _info "Deleted $nr_of_deleted_records record"
+  fi
+
+  return 0
+}
+
+####################  Private functions below ##################################
+
+_simply_load_config() {
+  SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}"
+  SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}"
+  SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}"
+
+  if [ -z "$SIMPLY_Api" ]; then
+    SIMPLY_Api="$SIMPLY_Api_Default"
+  fi
+
+  if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then
+    SIMPLY_AccountName=""
+    SIMPLY_ApiKey=""
+
+    _err "A valid Simply API account and apikey not provided."
+    _err "Please provide a valid API user and try again."
+
+    return 1
+  fi
+
+  return 0
+}
+
+_simply_save_config() {
+  if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then
+    _saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api"
+  fi
+  _saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName"
+  _saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey"
+}
+
+_simply_get_all_records() {
+  domain=$1
+
+  if ! _simply_rest GET "my/products/$domain/dns/records"; then
+    return 1
+  fi
+
+  return 0
+}
+
+_get_root() {
+  domain=$1
+  i=2
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    if ! _simply_rest GET "my/products/$h/dns"; then
+      return 1
+    fi
+
+    if _contains "$response" '"code":"NOT_FOUND"'; then
+      _debug "$h not found"
+    else
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain="$h"
+      return 0
+    fi
+    p="$i"
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_simply_add_record() {
+  domain=$1
+  sub_domain=$2
+  txtval=$3
+
+  data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}"
+
+  if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then
+    _err "Adding record not successfull!"
+    return 1
+  fi
+
+  return 0
+}
+
+_simply_delete_record() {
+  domain=$1
+  sub_domain=$2
+  record_id=$3
+
+  _debug record_id "Delete record with id $record_id"
+
+  if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then
+    _err "Deleting record not successfull!"
+    return 1
+  fi
+
+  return 0
+}
+
+_simply_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+
+  _debug2 data "$data"
+  _debug2 ep "$ep"
+  _debug2 m "$m"
+
+  export _H1="Content-Type: application/json"
+
+  if [ "$m" != "GET" ]; then
+    response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")"
+  else
+    response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")"
+  fi
+
+  if [ "$?" != "0" ]; then
+    _err "error $ep"
+    return 1
+  fi
+
+  _debug2 response "$response"
+
+  if _contains "$response" "Invalid account authorization"; then
+    _err "It seems that your api key or accountnumber is not correct."
+    return 1
+  fi
+
+  return 0
+}

dnsapi/dns_world4you.sh

@@ -52,17 +52,26 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke
   ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded')
   _resethttp
 
-  if grep '302' >/dev/null <"$HTTP_HEADER"; then
+  if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then
     res=$(_get "$WORLD4YOU_API/$paketnr/dns")
     if _contains "$res" "successfully"; then
       return 0
     else
       msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/')
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        msg='Unknown error'
+      fi
       _err "Unable to add record: $msg"
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        echo "$ret" >'error-01.html'
+        echo "$res" >'error-02.html'
+        _err "View error-01.html and error-02.html for debugging"
+      fi
       return 1
     fi
   else
-    _err "$(_head_n 1 <"$HTTP_HEADER")"
+    _err "$(_head_n 3 <"$HTTP_HEADER")"
+    _err "View $HTTP_HEADER for debugging"
     return 1
   fi
 }
@@ -111,17 +120,26 @@ DeleteDnsRecordForm[_token]=$form_token"
   ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded')
   _resethttp
 
-  if grep '302' >/dev/null <"$HTTP_HEADER"; then
+  if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then
     res=$(_get "$WORLD4YOU_API/$paketnr/dns")
     if _contains "$res" "successfully"; then
       return 0
     else
       msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/')
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        msg='Unknown error'
+      fi
       _err "Unable to remove record: $msg"
+      if _contains "$msg" '^<\!DOCTYPE html>'; then
+        echo "$ret" >'error-01.html'
+        echo "$res" >'error-02.html'
+        _err "View error-01.html and error-02.html for debugging"
+      fi
       return 1
     fi
   else
-    _err "$(_head_n 1 <"$HTTP_HEADER")"
+    _err "$(_head_n 3 <"$HTTP_HEADER")"
+    _err "View $HTTP_HEADER for debugging"
     return 1
   fi
 }
@@ -175,7 +193,7 @@ _get_paketnr() {
   domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/')
   domain=''
   for domain in $domains; do
-    if echo "$fqdn" | grep "$domain\$" >/dev/null; then
+    if _contains "$fqdn" "$domain\$"; then
       break
     fi
     domain=''
@@ -185,7 +203,8 @@ _get_paketnr() {
   fi
 
   TLD="$domain"
+  _debug domain "$domain"
   RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))")
-  PAKETNR=$(echo "$form" | grep "data-textfilter=\" $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/')
+  PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/')
   return 0
 }