Saved GD Key and GD Secret should be stored per domain rather than globally

[paddylandau]

Introduction

acme.sh stores the API Key and API Secret values globally, not per domain.

But domains don't necessarily all have the same API values. Thus, acme.sh needs to store these API values per domain rather than globally.

Detail

acme.sh stores the Key (SAVED_GD_Key) and Secret (SAVED_GD_Secret) in ~/acme.sh/account.conf.

However, not all domains use the same API values. In my case, I have an account on GoDaddy, where I host a few community (charity) websites. Their domain names, however, are not all owned by me (i.e. those ones are in a different account), which means that the API values for each domain can differ.

The result is that auto-renewal succeeds only for the domains that have their last-saved Key and Secret values in account.conf.

The auto-renew fails for every other domain.

To overcome this, I had to write my own renew script, which I am now converting into an auto-renew script where I store the API Key and Secret values in my own file. But it would be far better for acme.sh to take this into account, and build it in.

Steps to reproduce

I don't know about other systems, but this is how on GoDaddy.

1. Host multiple websites on GoDaddy on a single account.
2. Some of the domain names are held in the same account, while others are held in other accounts.
3. For each domain, create a new certificate with acme.sh --issue ... and acme.sh --deploy .... They won't all share the same GD_Key and GD_Secret.
4. When the time comes for auto-renew, the last-renewed domain, and all other domains stored on the same account (i.e. with the same API Key and Secret) will successfully renew, but the other domains will fail.

Version

$ acme.sh --version
https://github.com/acmesh-official/acme.sh
v2.8.8

[elimisteve]

Dupe of https://github.com/acmesh-official/acme.sh/issues/2908 , FYI

[elimisteve]

Partial solution: https://github.com/acmesh-official/acme.sh/issues/2908#issuecomment-625854927