search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.35k stars 4.97k forks source link

Wrong regular expression to parse response for _authorizations_seg on Ubuntu 18.04 #2833

Open christoph-bach opened 4 years ago

christoph-bach commented 4 years ago

There is an error in the regular expression on line 4022 when running acme.sh on Ubuntu 18.04:

_authorizations_seg="$(echo "$response" | _egrep_o '"authorizations" *: *\[[^\]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')"

Correct would be the following: _authorizations_seg="$(echo "$response" | _egrep_o '"authorizations" *: *\[[^]]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')"

Steps to reproduce

Our ACME server sends back the following valid response, which cannot be parsed by above line without fixing the regular expression: myresponse='{"authorizations":["https:\/\/SVR04.txra.test:21443\/acme\/ws\/Acme.svc\/authorization\/cfxzACqH46gcR6A7IXkr"],"finalize":"https:\/\/SVR04.txra.test:21443\/acme\/ws\/Acme.svc\/order\/Id7lrj9t7T1H8nI\/finalize","identifiers":[{"type":"dns","value":"ubuntu2.txra.test"}],"status":"pending"}'

Neilpang commented 4 years ago

fixed .please try again.

olibu commented 4 years ago

This didn't solved the issue for me. There are more places where URLs are part of JSON responses. I removed it from the authorization segment part and added it on the following positions. Then it worked fine.

` _initAPI() { _api_server="${1:-$ACME_DIRECTORY}" _debug "_init api for server: $_api_server"

if [ -z "$ACME_NEW_ACCOUNT" ]; then response=$(_get "$_api_server") if [ "$?" != "0" ]; then _debug2 "response" "$response" _err "Can not init api." return 1 fi response=$(echo "$response" | _json_decode) _debug2 "response" "$response" ...

_send_signed_request() { ... if echo "$responseHeaders" | grep -i "Content-Type: *application/json" >/dev/null 2>&1; then response="$(echo "$response" | _normalizeJson | _json_decode)" fi `

Neilpang commented 4 years ago

can you please give log with --debug 2 ?

olibu commented 4 years ago

Sorry for the late reply. Here a the anonymised log. There will be more errors if you just fix the issue shown in the this log. Therefore it would be better to replace this special characters for all JSON objects as mentioned earlier.

[Sat Apr 25 14:38:31 UTC 2020] Lets find script dir. [Sat Apr 25 14:38:31 UTC 2020] SCRIPT='./acme.org.sh' [Sat Apr 25 14:38:31 UTC 2020] _script='/home/acme.org.sh' [Sat Apr 25 14:38:31 UTC 2020] _script_home='/home' [Sat Apr 25 14:38:31 UTC 2020] Using default home:/root/.acme.sh [Sat Apr 25 14:38:31 UTC 2020] Using config home:/root/.acme.sh [Sat Apr 25 14:38:31 UTC 2020] LE_WORKING_DIR='/root/.acme.sh' [Sat Apr 25 14:38:31 UTC 2020] Running cmd: issue [Sat Apr 25 14:38:31 UTC 2020] _main_domain='myserver.mydomain.net' [Sat Apr 25 14:38:31 UTC 2020] _alt_domains='no' [Sat Apr 25 14:38:31 UTC 2020] Using config home:/root/.acme.sh [Sat Apr 25 14:38:31 UTC 2020] ACME_DIRECTORY='https://myacme.server.com/directory' [Sat Apr 25 14:38:31 UTC 2020] _ACME_SERVER_HOST='myacme.server.com' [Sat Apr 25 14:38:31 UTC 2020] DOMAIN_PATH='/root/.acme.sh/myserver.mydomain.net' [Sat Apr 25 14:38:31 UTC 2020] 'no' does not contain 'dns' [Sat Apr 25 14:38:31 UTC 2020] Using ACME_DIRECTORY: https://myacme.server.com/directory [Sat Apr 25 14:38:31 UTC 2020] _init api for server: https://myacme.server.com/directory [Sat Apr 25 14:38:31 UTC 2020] GET [Sat Apr 25 14:38:31 UTC 2020] url='https://myacme.server.com/directory' [Sat Apr 25 14:38:31 UTC 2020] timeout= [Sat Apr 25 14:38:31 UTC 2020] _WGET='wget -q --content-on-error --no-check-certificate ' [Sat Apr 25 14:38:31 UTC 2020] ret='0' [Sat Apr 25 14:38:31 UTC 2020] response='{"keyChange":"https:\/\/myacme.server.com:443\/key-change","newAccount":"https:\/\/myacme.server.com:443\/new-account","newNonce":"https:\/\/myacme.server.com:443\/new-nonce","newOrder":"https:\/\/myacme.server.com:443\/new-order","revokeCert":"https:\/\/myacme.server.com:443\/revoke-cert"}' [Sat Apr 25 14:38:31 UTC 2020] ACME_KEY_CHANGE='https:\/\/myacme.server.com:443\/key-change' [Sat Apr 25 14:38:31 UTC 2020] ACME_NEW_AUTHZ [Sat Apr 25 14:38:31 UTC 2020] ACME_NEW_ORDER='https:\/\/myacme.server.com:443\/new-order' [Sat Apr 25 14:38:31 UTC 2020] ACME_NEW_ACCOUNT='https:\/\/myacme.server.com:443\/new-account' [Sat Apr 25 14:38:31 UTC 2020] ACME_REVOKE_CERT='https:\/\/myacme.server.com:443\/revoke-cert' [Sat Apr 25 14:38:31 UTC 2020] ACME_AGREEMENT [Sat Apr 25 14:38:31 UTC 2020] ACME_NEW_NONCE='https:\/\/myacme.server.com:443\/new-nonce' [Sat Apr 25 14:38:31 UTC 2020] ACME_VERSION='2' [Sat Apr 25 14:38:31 UTC 2020] Le_NextRenewTime [Sat Apr 25 14:38:31 UTC 2020] _on_before_issue [Sat Apr 25 14:38:31 UTC 2020] _chk_main_domain='myserver.mydomain.net' [Sat Apr 25 14:38:31 UTC 2020] _chk_alt_domains [Sat Apr 25 14:38:31 UTC 2020] 'no' contains 'no' [Sat Apr 25 14:38:31 UTC 2020] Le_LocalAddress [Sat Apr 25 14:38:31 UTC 2020] d='myserver.mydomain.net' [Sat Apr 25 14:38:31 UTC 2020] Check for domain='myserver.mydomain.net' [Sat Apr 25 14:38:31 UTC 2020] _currentRoot='no' [Sat Apr 25 14:38:31 UTC 2020] Standalone mode. [Sat Apr 25 14:38:31 UTC 2020] _checkport='80' [Sat Apr 25 14:38:31 UTC 2020] _checkaddr [Sat Apr 25 14:38:31 UTC 2020] d [Sat Apr 25 14:38:31 UTC 2020] 'no' does not contain 'apache' [Sat Apr 25 14:38:31 UTC 2020] config file is empty, can not read CA_KEY_HASH [Sat Apr 25 14:38:31 UTC 2020] _saved_account_key_hash [Sat Apr 25 14:38:31 UTC 2020] Using config home:/root/.acme.sh [Sat Apr 25 14:38:31 UTC 2020] ACME_DIRECTORY='https://myacme.server.com/directory' [Sat Apr 25 14:38:31 UTC 2020] _ACME_SERVER_HOST='myacme.server.com' [Sat Apr 25 14:38:31 UTC 2020] _init api for server: https://myacme.server.com/directory [Sat Apr 25 14:38:31 UTC 2020] RSA key [Sat Apr 25 14:38:31 UTC 2020] Registering account [Sat Apr 25 14:38:31 UTC 2020] url='https:\/\/myacme.server.com:443\/new-account' [Sat Apr 25 14:38:31 UTC 2020] payload='{"contact": ["mailto:name.surname@mydomain.com"], "termsOfServiceAgreed": true}' [Sat Apr 25 14:38:31 UTC 2020] Use cached jwk for file: /root/.acme.sh/ca/myacme.server.com/account.key [Sat Apr 25 14:38:31 UTC 2020] Get nonce with HEAD. ACME_NEW_NONCE='https:\/\/myacme.server.com:443\/new-nonce' [Sat Apr 25 14:38:31 UTC 2020] HEAD [Sat Apr 25 14:38:31 UTC 2020] _post_url='https:\/\/myacme.server.com:443\/new-nonce' [Sat Apr 25 14:38:31 UTC 2020] body [Sat Apr 25 14:38:31 UTC 2020] _postContentType='application/jose+json' [Sat Apr 25 14:38:31 UTC 2020] _WGET='wget -q --content-on-error --no-check-certificate --read-timeout=3.0 --tries=2 ' [Sat Apr 25 14:38:31 UTC 2020] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4 [Sat Apr 25 14:38:31 UTC 2020] options='s/^ //g' [Sat Apr 25 14:38:31 UTC 2020] Using sed -i [Sat Apr 25 14:38:31 UTC 2020] _ret='4' [Sat Apr 25 14:38:31 UTC 2020] Get nonce with GET. ACME_DIRECTORY='https://myacme.server.com/directory' [Sat Apr 25 14:38:31 UTC 2020] GET [Sat Apr 25 14:38:31 UTC 2020] url='https://myacme.server.com/directory' [Sat Apr 25 14:38:31 UTC 2020] timeout= [Sat Apr 25 14:38:31 UTC 2020] Http already initialized. [Sat Apr 25 14:38:31 UTC 2020] _WGET='wget -q --content-on-error --no-check-certificate ' [Sat Apr 25 14:38:32 UTC 2020] ret='0' [Sat Apr 25 14:38:32 UTC 2020] _headers='HTTP/1.1 200 replay-nonce: wo136WewliJL6UeHX_RBTo5eh4TLQR_K Content-Type: application/json;charset=utf-8 Content-Length: 464 Date: Sat, 25 Apr 2020 14:38:31 GMT' [Sat Apr 25 14:38:32 UTC 2020] _CACHED_NONCE='wo136WewliJL6UeHX_RBTo5eh4TLQR_K' [Sat Apr 25 14:38:32 UTC 2020] nonce='wo136WewliJL6UeHX_RBTo5eh4TLQR_K' [Sat Apr 25 14:38:32 UTC 2020] POST [Sat Apr 25 14:38:32 UTC 2020] _post_url='https:\/\/myacme.server.com:443\/new-account' [Sat Apr 25 14:38:32 UTC 2020] body='{"protected": "eyJub25jZSI6ICJ3bzEzNldld2xpSkw2VWVIWF9SQlRvNWVoNFRMUVJfSyIsICJ1cmwiOiAiaHR0cHM6XC9cL215YWNtZS5zZXJ2ZXIuY29tOjQ0M1wvbmV3LWFjY291bnQiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJmbGtnanNka2ZnamxzZGpnZnNscmpnbGtkbWZsa2dqZGxrZmdqZGxza2psa3JqZ2xrZGpmZ2xpcmV0NjVpNmppajRvaTU2am80NWo2b2k0NWpsa2rDtmxld2vDtmZ3bGVkZmtwb3NpZndybzN1bzJpZWhmZGprZmhzZXVoaWZsamtzaGZpdWV3aGZrc2pkZ2hzZGpmZ2hzZGZzZGZGbGtzamRnIn19", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86bmFtZS5zdXJuYW1lQGRhaW1sZXIuY29tIl0sICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "i_IXu2kcEH3lkhHlfM2mRRPy_DsKfkccU4_a8kBXYNKT6sdklghHhghslklKLHLhLHgOev21R6xG4XvbhMuB_rHLmRdlkHGlhklkfLJkMyXdiB2libXpe5c-1Zv5K4Pr3xomMvu2JVDYLnF3IKwR47n3MKOSqXsdkjghhjksdkfgnIx5uZXtLcZP-vmdrCdFOLnIB8JThWIkD4toHknltm-Jse5_cNVf3AzHILN4cp6ZPY-BN8JRuvBcvQJR6yOldkfslkdfj898sd5sd7fsdfJowJdegDG9fxGvOCISXf1HknSFH0nZJQs_GuRLMOYT80t8Bc7z8D942XEkBzK8Wh2fo0png"}' [Sat Apr 25 14:38:32 UTC 2020] _postContentType='application/jose+json' [Sat Apr 25 14:38:32 UTC 2020] Http already initialized. [Sat Apr 25 14:38:32 UTC 2020] _WGET='wget -q --content-on-error --no-check-certificate ' [Sat Apr 25 14:38:32 UTC 2020] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4 [Sat Apr 25 14:38:32 UTC 2020] options='s/^ //g' [Sat Apr 25 14:38:32 UTC 2020] Using sed -i [Sat Apr 25 14:38:32 UTC 2020] _ret='4' [Sat Apr 25 14:38:32 UTC 2020] responseHeaders [Sat Apr 25 14:38:32 UTC 2020] code [Sat Apr 25 14:38:32 UTC 2020] original [Sat Apr 25 14:38:32 UTC 2020] response [Sat Apr 25 14:38:32 UTC 2020] Registered [Sat Apr 25 14:38:32 UTC 2020] responseHeaders [Sat Apr 25 14:38:32 UTC 2020] _accUri [Sat Apr 25 14:38:32 UTC 2020] Can not find account id url. [Sat Apr 25 14:38:32 UTC 2020] [Sat Apr 25 14:38:32 UTC 2020] _on_issue_err [Sat Apr 25 14:38:32 UTC 2020] Please check log file for more details: acme.log [Sat Apr 25 14:38:32 UTC 2020] _chk_vlist

Neilpang commented 4 years ago

[Sat Apr 25 14:38:32 UTC 2020] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4

olibu commented 4 years ago

Yes, I've already taken a look at the code 4 documentation of wget. However removing the backslash form the POST request fixes the code 4 error. It seems that executing a POST request with backslashes results in a code 4 error.

Unfortunately the editor has removed the backslashs from the log. All https URLs have escaped / with a backslash.

If you like I can create a pull request with the fixes how I have solved the JSON format fix in my environment.

When I fixed the first calls manually I recognized with debug level 3 that the URL is somehow changed to an ftp address.

julian-j-d commented 4 years ago

We have a similar problem, here is a snipped after halfe way of correction:

[Mon Aug 17 21:44:47 CEST 2020] code='200' [Mon Aug 17 21:44:47 CEST 2020] original='{"authorizations":["https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/authorization\/hPd4Fxr_ZahmqcRHvFj7"],"finalize":"https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/finalize","identifiers":[{"type":"dns","value":"ssl-requesting-client"}],"status":"processing"}' [Mon Aug 17 21:44:47 CEST 2020] response='{"authorizations":["https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/authorization\/hPd4Fxr_ZahmqcRHvFj7"],"finalize":"https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/finalize","identifiers":[{"type":"dns","value":"ssl-requesting-client"}],"status":"processing"}' [Mon Aug 17 21:44:47 CEST 2020] Order status is processing, lets sleep and retry. [Mon Aug 17 21:44:47 CEST 2020] _retryafter [Mon Aug 17 21:44:50 CEST 2020] Polling order status: https://internal-acme:443/acme/ws/Acme.svc/order/4eaUVtXtgbrW2qO [Mon Aug 17 21:44:50 CEST 2020] url='https://internal-acme:443/acme/ws/Acme.svc/order/4eaUVtXtgbrW2qO' [Mon Aug 17 21:44:50 CEST 2020] payload [Mon Aug 17 21:44:50 CEST 2020] Use cached jwk for file: /root/.acme.sh/ca/internal-acme/account.key [Mon Aug 17 21:44:50 CEST 2020] Use _CACHED_NONCE='N1FXIG6VIoEmJ-eqzbolK4RGJ6SAG9si' [Mon Aug 17 21:44:50 CEST 2020] nonce='N1FXIG6VIoEmJ-eqzbolK4RGJ6SAG9si' [Mon Aug 17 21:44:50 CEST 2020] POST [Mon Aug 17 21:44:50 CEST 2020] _post_url='https://internal-acme:443/acme/ws/Acme.svc/order/4eaUVtXtgbrW2qO' [Mon Aug 17 21:44:50 CEST 2020] body='{"protected": "xx", "payload": "", "signature": "OjWvMQsDvC7EShxx"}' [Mon Aug 17 21:44:50 CEST 2020] _postContentType='application/jose+json' [Mon Aug 17 21:44:50 CEST 2020] Http already initialized. [Mon Aug 17 21:44:50 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.gDJ4nd8Z8f -g ' [Mon Aug 17 21:44:51 CEST 2020] _ret='0' [Mon Aug 17 21:44:51 CEST 2020] responseHeaders='HTTP/1.1 200 location: https://internal-acme:443/acme/ws/Acme.svc/order/4eaUVtXtgbrW2qO replay-nonce: 2-RSUiCh7OLm_u0oZrF7sYhrg4ErEg6b Content-Type: application/json;charset=utf-8 Content-Length: 431 Date: Mon, 17 Aug 2020 19:44:51 GMT ' [Mon Aug 17 21:44:51 CEST 2020] code='200' [Mon Aug 17 21:44:51 CEST 2020] original='{"authorizations":["https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/authorization\/hPd4Fxr_ZahmqcRHvFj7"],"certificate":"https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/certificate","finalize":"https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/finalize","identifiers":[{"type":"dns","value":"ssl-requesting-client"}],"status":"valid"}' [Mon Aug 17 21:44:51 CEST 2020] response='{"authorizations":["https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/authorization\/hPd4Fxr_ZahmqcRHvFj7"],"certificate":"https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/certificate","finalize":"https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/finalize","identifiers":[{"type":"dns","value":"ssl-requesting-client"}],"status":"valid"}' [Mon Aug 17 21:44:51 CEST 2020] Order status is valid. [Mon Aug 17 21:44:51 CEST 2020] Le_LinkCert='https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/certificate' [Mon Aug 17 21:44:51 CEST 2020] Downloading cert, Le_LinkCert: https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/certificate [Mon Aug 17 21:44:51 CEST 2020] url='https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/certificate' [Mon Aug 17 21:44:51 CEST 2020] payload [Mon Aug 17 21:44:51 CEST 2020] Use cached jwk for file: /root/.acme.sh/ca/internal-acme/account.key [Mon Aug 17 21:44:51 CEST 2020] Use _CACHED_NONCE='2-RSUiCh7OLm_u0oZrF7sYhrg4ErEg6b' [Mon Aug 17 21:44:51 CEST 2020] nonce='2-RSUiCh7OLm_u0oZrF7sYhrg4ErEg6b' [Mon Aug 17 21:44:51 CEST 2020] POST [Mon Aug 17 21:44:51 CEST 2020] _post_url='https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/certificate' [Mon Aug 17 21:44:51 CEST 2020] body='{"protected": "xxx", "payload": "", "signature": "xxx"}' [Mon Aug 17 21:44:51 CEST 2020] _postContentType='application/jose+json' [Mon Aug 17 21:44:51 CEST 2020] Http already initialized. [Mon Aug 17 21:44:51 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.gDJ4nd8Z8f -g ' [Mon Aug 17 21:44:51 CEST 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3 [Mon Aug 17 21:44:51 CEST 2020] Here is the curl dump log: [Mon Aug 17 21:44:51 CEST 2020] == Info: Port number ended with '\' == Info: Closing connection -1 [Mon Aug 17 21:44:51 CEST 2020] _ret='3' [Mon Aug 17 21:44:51 CEST 2020] responseHeaders [Mon Aug 17 21:44:51 CEST 2020] code [Mon Aug 17 21:44:51 CEST 2020] original [Mon Aug 17 21:44:51 CEST 2020] response [Mon Aug 17 21:44:51 CEST 2020] Le_LinkCert='https:\/\/internal-acme:443\/acme\/ws\/Acme.svc\/order\/4eaUVtXtgbrW2qO\/certificate' unable to load certificate 140092045107648:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE [Mon Aug 17 21:44:51 CEST 2020] Sign failed: [Mon Aug 17 21:44:51 CEST 2020] _on_issue_err [Mon Aug 17 21:44:51 CEST 2020] Please add '--debug' or '--log' to check more details. [Mon Aug 17 21:44:51 CEST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon Aug 17 21:44:51 CEST 2020] _chk_vlist [Mon Aug 17 21:44:51 CEST 2020] Diagnosis versions: openssl:openssl OpenSSL 1.1.1 11 Sep 2018 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.3.2 on Apr 4 2018 10:06:49 running on Linux version #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020, release 4.15.0-112-generic, machine x86_64

I solved this, by explicitly removing the \/ to / where needed:

diff: 2500c2500 < response=$(_get "$_api_server") --- > response=$(_get "$_api_server" | sed 's#\\/#/#g') 4181c4181 < Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)" --- > Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2- | sed 's#\\/#/#g')" 4183c4183 < Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" --- > Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4 | sed 's#\\/#/#g')" 4195c4195 < _authorizations_seg="$(echo "$response" | _json_decode | _egrep_o '"authorizations" *: *\[[^\[]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')" --- > _authorizations_seg="$(echo "$response" | _json_decode | _egrep_o '"authorizations" *: *\[[^\[]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"' | sed 's#\\/#/#g')" 4217c4217 < response="$(echo "$response" | _normalizeJson)" --- > response="$(echo "$response" | _normalizeJson | sed 's#\\/#/#g')" 4721c4721 < Le_LinkCert="$(echo "$response" | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)" --- > Le_LinkCert="$(echo "$response" | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4 | sed 's#\\/#/#g')"

But I'd guess, this behavior should be worked on, when curl is being used.