Sounds about par for the course for folks that think shell is a productively sustainable way of writing secure or reliable software. Not even remotely sorry about that opinion. The gall to claim ACME compat, then force require a single client, all so you can remote execute arbitrary commands. Should be enough to ruin the CA, but we know how people handle things like this "oh, won't affect me" (until it does). Seemingly just so they can avoid some reverse proxy rules to host the challenge endpoints at the right place? Holy wow. Oh there we go baby, eval'ing with arbitrary input in the shell script, complete with lazy inproper string quoting. I should probably just stop before I say more unkind things.

Was it even run through shellcheck?!

Stop writing this stuff in shell people. 95% of the time I review any (posix, nushell lacks most of these issues) shell scripts, it's obvious they would fall apart the second any string unexpectedly had a space in it. Even scripts written by darling companies of HN.

Shell is a bad fit for many uses (an ACME client is more ambitious than I would build in shell, personally), but the things it's good at, it's really good at. I have yet to find anything else that's even close to as good for glue code when I have a handful of tools and/or a bunch of files that I need to string together. Unless you're writing in Ada, I promise whatever language you think is better has its own sharp edges (if we're allowing eval, then not many languages are going to be safe, really).

I usually replace shell scripts with python (using sh module: https://amoffat.github.io/sh/ for calling other scripts/programs).

Golang is better suited for this, for my needs at least.

Yeah, lego-acme is a solid alternative.

https://github.com/go-acme/lego