change to routeros native script rather than bash multiline commands

[cngarrison]

I was unable to deploy to RouterOS device due to use of bash in the ssh command. Since RouterOS will only run a single command with each ssh command, a different solution is needed for multi-line commands. This PR uses native RouterOS script instead of bash.

The same RouterOS commands are used to deploy the cert, but the commands are used as source for a RouterOS script which is added via a ssh command. Two subsequent commands run the new script, and then delete the script.

I made a minor change to the /certificate remove command so that it's more robust if the certs don't already exist. (Uses the [ find ... ] syntax rather than hard-coded cert names.)

[Neilpang]

please fix the CI errors first.

[cngarrison]

I had to read up on shfmt; this one should pass CI. I'll check the test results when done.

[Neilpang]

can you confirm the latest changes works as expected?

[cngarrison]

Yes, it works as expected.

Specifically, I tested with the following commands:

export ROUTER_OS_USERNAME=charlie 
export ROUTER_OS_HOST=router.garrison.com.au 
export ROUTER_OS_ADDITIONAL_SERVICES="/ip service set api-ssl certificate=router.garrison.com.au.cer_0"
acme.sh --deploy -d router.garrison.com.au --deploy-hook routeros  --debug

The deploy command printed output (with debug enabled):

[Mon 17 Jun 2019 09:33:39 AEST] Lets find script dir.
[Mon 17 Jun 2019 09:33:39 AEST] _SCRIPT_='/Users/charlie/.acme.sh/acme.sh'
[Mon 17 Jun 2019 09:33:39 AEST] _script='/Users/charlie/.acme.sh/acme.sh'
[Mon 17 Jun 2019 09:33:39 AEST] _script_home='/Users/charlie/.acme.sh'
[Mon 17 Jun 2019 09:33:39 AEST] Using config home:/Users/charlie/.acme.sh
https://github.com/Neilpang/acme.sh
v2.8.2
[Mon 17 Jun 2019 09:33:39 AEST] Using config home:/Users/charlie/.acme.sh
[Mon 17 Jun 2019 09:33:39 AEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 17 Jun 2019 09:33:39 AEST] DOMAIN_PATH='/Users/charlie/.acme.sh/router.garrison.com.au'
[Mon 17 Jun 2019 09:33:39 AEST] _deployApi='/Users/charlie/.acme.sh/deploy/routeros.sh'
[Mon 17 Jun 2019 09:33:39 AEST] _cdomain='router.garrison.com.au'
[Mon 17 Jun 2019 09:33:39 AEST] _ckey='/Users/charlie/.acme.sh/router.garrison.com.au/router.garrison.com.au.key'
[Mon 17 Jun 2019 09:33:39 AEST] _ccert='/Users/charlie/.acme.sh/router.garrison.com.au/router.garrison.com.au.cer'
[Mon 17 Jun 2019 09:33:39 AEST] _cca='/Users/charlie/.acme.sh/router.garrison.com.au/ca.cer'
[Mon 17 Jun 2019 09:33:39 AEST] _cfullchain='/Users/charlie/.acme.sh/router.garrison.com.au/fullchain.cer'
[Mon 17 Jun 2019 09:33:39 AEST] Trying to push key '/Users/charlie/.acme.sh/router.garrison.com.au/router.garrison.com.au.key' to router
router.garrison.com.au.key                                                                                                                                                                                                                                            100% 1675   774.5KB/s   00:00
[Mon 17 Jun 2019 09:33:40 AEST] Trying to push cert '/Users/charlie/.acme.sh/router.garrison.com.au/fullchain.cer' to router
fullchain.cer                                                                                                                                                                                                                                                         100% 3575     1.8MB/s   00:00
[Mon 17 Jun 2019 09:33:43 AEST] Success

I confirmed the correct cert is installed:

$ openssl s_client -showcerts -connect router.garrison.com.au:443 2>/dev/null | openssl x509 -noout -dates
notBefore=May 25 14:22:29 2019 GMT
notAfter=Aug 23 14:22:29 2019 GMT

And

$ openssl s_client -showcerts -connect router.garrison.com.au:443 2>/dev/null | openssl x509 -noout -subject -issuer
subject= /CN=router.garrison.com.au
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

During testing, I also manually ran the contents of the RouterOS script to confirm each command is successful.

Is there any further testing you would like done?

-cng

[Neilpang]

I know it's a deploy hook, please create an issue for reporting future bugs.
example:
https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide#10-please-create-a-new-issue-for-future-bugs

[cngarrison]

Issue is created: #2344

I have subscribed to notifications.

[bjmgeek]

This is working for me, but I had to manually put my ROUTER_OS env vars in my ~/.acme.sh/account.conf file. I'm looking forward to them being set automatically.