Home / acmesh-official / acme.sh
Repository Analysis

acmesh-official/acme.sh

A pure Unix shell script ACME client for SSL / TLS certificate automation

4.3 Likely human-written View on GitHub
4.3
Adjusted Score
4.3
Raw Score
100%
Time Factor
2026-05-24
Last Push
46,733
Stars
Shell
Language
60,326
Lines of Code
287
Files
146
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 1MEDIUM 39LOW 106

Pattern Findings

146 matches across 8 categories. Click a row to expand file-level details.

Decorative Section Separators25 hits · 87 pts
SeverityFileLineSnippet
MEDIUMdeploy/truenas_ws.sh15# ------------------------------------------------
MEDIUMdeploy/byteplus_alb.sh49# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh51# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh56# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh58# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh190 # ── 5. Save new CertificateId for next renewal ───────────────────────────────
MEDIUMdeploy/byteplus_alb.sh198# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh200# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh212# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh214# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh224# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh226# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh12# ┌─────────────────────────────────────────────────────────────────────┐
MEDIUMdeploy/byteplus_alb.sh23# └─────────────────────────────────────────────────────────────────────┘
MEDIUMdeploy/byteplus_alb.sh73 # ── 1. Load & validate credentials ──────────────────────────────────────────
MEDIUMdeploy/byteplus_alb.sh138 # ── 2. Build certificate name ────────────────────────────────────────────────
MEDIUMdeploy/byteplus_alb.sh163 # ── 3. Read cert and key ─────────────────────────────────────────────────────
MEDIUMdeploy/byteplus_alb.sh174 # ── 4. Deploy: first-time upload or renewal replace ─────────────────────────
MEDIUMdeploy/byteplus_alb.sh254# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh256# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh274# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh276# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh388# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdeploy/byteplus_alb.sh390# ══════════════════════════════════════════════════════════════════════════════
MEDIUMdnsapi/dns_inwx.sh13# -------------
Over-Commented Block64 hits · 62 pts
SeverityFileLineSnippet
LOWacme.sh5801 _debug Le_API "$Le_API"
LOWnotify/smtp.sh1#!/usr/bin/env sh
LOWnotify/bark.sh1#!/usr/bin/env sh
LOWnotify/dingtalk.sh41 # DINGTALK_SIGNING_KEY=""
LOWnotify/aws_ses.sh1#!/usr/bin/env sh
LOWdeploy/vault.sh1#!/usr/bin/env sh
LOWdeploy/directadmin.sh1#!/usr/bin/env sh
LOWdeploy/edgio.sh1#!/usr/bin/env sh
LOWdeploy/haproxy.sh1#!/usr/bin/env sh
LOWdeploy/haproxy.sh21# It is strongly recommended to set this something that makes sense
LOWdeploy/haproxy.sh41#
LOWdeploy/consul.sh1#!/usr/bin/env sh
LOWdeploy/vault_cli.sh1#!/usr/bin/env sh
LOWdeploy/multideploy.sh1#!/usr/bin/env sh
LOWdeploy/multideploy.sh21# 0 means success, otherwise error.
LOWdeploy/multideploy.sh181
LOWdeploy/localcopy.sh1#!/usr/bin/env sh
LOWdeploy/cpanel_uapi.sh1#!/usr/bin/env sh
LOWdeploy/netlify.sh1#!/usr/bin/env sh
LOWdeploy/keyhelp.sh1#!/usr/bin/env sh
LOWdeploy/lighttpd.sh1#!/usr/bin/env sh
LOWdeploy/lighttpd.sh21# It is strongly recommended to set this something that makes sense
LOWdeploy/unifi.sh1#!/usr/bin/env sh
LOWdeploy/unifi.sh21# The deploy-hook automatically detects standard Unifi installations
LOWdeploy/unifi.sh41# (same setting as above, default is updated when running on Cloud Key Gen1):
LOWdeploy/windows_rdp.sh1#!/usr/bin/env sh
LOWdeploy/windows_rdp.sh101 cat <<PSEOF
LOWdeploy/ssh.sh1#!/usr/bin/env sh
LOWdeploy/panos.sh1#!/usr/bin/env sh
LOWdeploy/zyxel_gs1900.sh1#!/usr/bin/env sh
LOWdeploy/zyxel_gs1900.sh21# Current GS1900 Switch Compatibility:
LOWdeploy/zyxel_gs1900.sh41#
LOWdeploy/mydevil.sh1#!/usr/bin/env sh
LOWdeploy/truenas_ws.sh1#!/usr/bin/env sh
LOWdeploy/truenas_ws.sh21
LOWdeploy/truenas_ws.sh81
LOWdeploy/truenas_ws.sh101 case "$1" in
LOWdeploy/truenas_ws.sh141
LOWdeploy/synology_dsm.sh1#!/bin/bash
LOWdeploy/synology_dsm.sh21# - export SYNO_HOSTNAME="localhost" - defaults to "localhost"
LOWdeploy/proxmoxve.sh1#!/usr/bin/env sh
LOWdeploy/gcore_cdn.sh1#!/usr/bin/env sh
LOWdeploy/ruckus.sh1#!/usr/bin/env sh
LOWdeploy/truenas.sh1#!/usr/bin/env sh
LOWdeploy/ali_dcdn.sh1#!/usr/bin/env sh
LOWdeploy/cleverreach.sh1#!/usr/bin/env sh
LOWdeploy/routeros.sh1#!/usr/bin/env sh
LOWdeploy/routeros.sh21# deploy script to work.
LOWdeploy/routeros.sh41# could be updated. Currently only the www-ssl service is beeing
LOWdeploy/proxmoxbs.sh1#!/usr/bin/env sh
LOWdeploy/qiniu.sh1#!/usr/bin/env sh
LOWdeploy/ali_cdn.sh1#!/usr/bin/env sh
LOWdeploy/byteplus_alb.sh1#!/usr/bin/env sh
LOWdeploy/byteplus_alb.sh21# │ → ReplaceCertificate (UpdateMode=new) — single API call │
LOWdeploy/byteplus_alb.sh41# - ReplaceCertificate with UpdateMode=new uploads + replaces in 1 call
LOWdeploy/peplink.sh1#!/usr/bin/env sh
LOWdnsapi/dns_hetzner.sh61 _info "Found record id: $_record_id."
LOWdnsapi/dns_bunny.sh161## _sub_domain="_acme-challenge.two"
LOWdnsapi/dns_dgon.sh161##################### Private functions below #####################
LOWdnsapi/dns_oci.sh21#
4 more matches not shown…
Redundant / Tautological Comments29 hits · 45 pts
SeverityFileLineSnippet
LOWdeploy/kemplm.sh55 # Check if certificate is already installed
LOWdeploy/haproxy.sh262 # Check if issuer cert is also a root CA cert
LOWdeploy/multideploy.sh82 # Check if yq is installed
LOWdeploy/multideploy.sh89 # Check if deploy file exists
LOWdeploy/multideploy.sh147 # Check if extracted services exist in services list
LOWdeploy/multideploy.sh150 # Check if service exists
LOWdeploy/kong.sh61 #Check if sslcreated (if not => POST else => PATCH)
LOWdeploy/lighttpd.sh210 # Check if issuer cert is also a root CA cert
LOWdeploy/truenas.sh219 # Check if the app use the same certificate TrueNAS web UI
LOWdeploy/byteplus_alb.sh185 # Check if deploy step set _new_cert_id
LOWdnsapi/dns_sotoon.sh63 # Check if there are existing TXT records for this subdomain
LOWdnsapi/dns_sotoon.sh78 # Check if this exact TXT value already exists (avoid duplicates)
LOWdnsapi/dns_sotoon.sh143 # Check if there are existing TXT records for this subdomain
LOWdnsapi/dns_sotoon.sh211 # Check if the response contains our domain
LOWdnsapi/dns_sotoon.sh225 # Check if the hyphenated name exists in the response
LOWdnsapi/dns_sotoon.sh229 # Check if the origin itself is used as name
LOWdnsapi/dns_infoblox_uddi.sh63 # Check if record already exists
LOWdnsapi/dns_infoblox_uddi.sh178 # Check if response contains results (even if empty)
LOWdnsapi/dns_bunny.sh22 # Check if API Key is set
LOWdnsapi/dns_bunny.sh79 # Check if API Key Exists
LOWdnsapi/dns_subreg.sh116# Check if the current $response contains a successful status in the ns2:Map format:
LOWdnsapi/dns_cyon.sh229 # Check if we got an error response (JSON) instead of HTML
LOWdnsapi/dns_dgon.sh21 # Check if API Key Exists
LOWdnsapi/dns_dgon.sh76 # Check if API Key Exists
LOWdnsapi/dns_one.sh33 #Check if the TXT exists
LOWdnsapi/dns_one.sh71 #Check if the TXT exists
LOWdnsapi/dns_huaweicloud.sh151 # Check if retry count is reached
LOWdnsapi/dns_huaweicloud.sh236 # Check if record exist
LOWdnsapi/dns_mgwm.sh76 # Check if credentials are set
Self-Referential Comments12 hits · 36 pts
SeverityFileLineSnippet
MEDIUMdeploy/haproxy.sh199 # Create a temporary PEM file
MEDIUMdeploy/lighttpd.sh147 # Create a temporary PEM file
MEDIUMdeploy/panos.sh27# This function is to parse the XML response from the firewall
MEDIUMdeploy/panos.sh58#This function is used to deploy to the firewall
MEDIUMdnsapi/dns_bunny.sh14## Create the text record for validation.
MEDIUMdnsapi/dns_bhosted.sh349# Create a unique config key for cached record ids
MEDIUMdnsapi/dns_dgon.sh13## Create the text record for validation.
MEDIUMdnsapi/dns_ali.sh13# This file is referenced by Alibaba Cloud Services deploy hooks
MEDIUMdnsapi/dns_online.sh159 # Creating a dummy record in this temporary version, because online.net doesn't accept enabling an empty version
MEDIUMdnsapi/dns_mgwm.sh16# This function is called by acme.sh to add a TXT record.
MEDIUMdnsapi/dns_mgwm.sh36# This function is called by acme.sh to remove a TXT record after validation.
MEDIUMdnsapi/dns_mgwm.sh87 # Create the Basic Auth Header. acme.sh's _base64 function is used for encoding.
Example Usage Blocks12 hits · 19 pts
SeverityFileLineSnippet
LOWdeploy/multideploy.sh79# Usage:
LOWdeploy/multideploy.sh121# Usage:
LOWdeploy/multideploy.sh175# Usage:
LOWdeploy/multideploy.sh203# Usage:
LOWdeploy/multideploy.sh223# Usage:
LOWdeploy/multideploy.sh265# Usage:
LOWdeploy/zyxel_gs1900.sh37# Usage:
LOWdeploy/truenas_ws.sh25# Usage:
LOWdeploy/truenas_ws.sh89# Usage:
LOWdeploy/truenas_ws.sh110# Usage:
LOWdnsapi/dns_bookmyname.sh25# Usage:
LOWdnsapi/dns_eurodns.sh20# Usage:
Magic Placeholder Names1 hit · 8 pts
SeverityFileLineSnippet
HIGHdnsapi/dns_eurodns.sh22# export EURODNS_API_KEY="your-api-key"
Excessive Try-Catch Wrapping2 hits · 4 pts
SeverityFileLineSnippet
MEDIUMnotify/smtp.sh343 print("Error sending: %r" % err)
MEDIUMnotify/smtp.sh347 print("Error connecting to %s:%d: %r" % (smtp_host, smtp_port, err))
Slop Phrases1 hit · 2 pts
SeverityFileLineSnippet
LOWdnsapi/dns_namecheap.sh15# Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a back