Sebastian Krause source of strange incompatibility with the service script , used to automate the receipt of TLS certificates via the ACME protocol. Both the reference client and uacme work with Bypass, but not dehydrated (more precisely, it also worked with some workarounds, but only in dns-1 mode).
The reason turned out to be banal: instead of parsing the JSON response for real, the author of dehydrated used the specific JSON output formatting feature from the Let's Encrypt service and performed the parsing using a regular expression. But Bypass returns not nicely formatted, but minified JSON, and used did not work. This approach does not exclude problems with LetsEncrypt if this service changes the issuance format in the future without warning, while remaining completely within the official protocol.
When discussing the problem, it was suggested to use an external JSON parser such as or (add to pipe 'jq -r ".authorizations | .[]"' for correct parsing).
The disadvantage of this approach is the blurring of the idea of ββgetting by with minimal and easily verified means, as well as problems with error handling.
The author of the dehydrated project (the project was recently Apilayer GmbH) that parsing JSON is a big problem, but he does not consider it a good idea to add external parsers, since one of the key advantages of the script is the lack of binding to external dependencies. He is busy at the moment, but he hopes to pay attention to solving the problem in the next few days. The plans include reworking the JSON parser or integrating a ready-made parser in the shell language - .
Source: opennet.ru