Fix: Add TTL and custom Timeout in DigitalOcean DNS provider

2018-04-06 17:04:03 +02:00 · 2018-04-06 17:04:03 +02:00 · 0ef1b7b683
commit 0ef1b7b683
parent 66485e81b4
120 changed files with 23764 additions and 9782 deletions
--- a/vendor/github.com/xenolf/lego/providers/dns/auroradns/auroradns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/auroradns/auroradns.go
@ -2,12 +2,13 @@ package auroradns

 import (
 	"fmt"
+	"os"
+	"sync"
+
 	"github.com/edeckers/auroradnsclient"
 	"github.com/edeckers/auroradnsclient/records"
 	"github.com/edeckers/auroradnsclient/zones"
-	"github.com/xenolf/lego/acme"
-	"os"
-	"sync"
+	"github.com/xenolf/lego/acmev2"
 )

 // DNSProvider describes a provider for AuroraDNS
@ -64,9 +65,9 @@ func (provider *DNSProvider) getZoneInformationByName(name string) (zones.ZoneRe

 // Present creates a record with a secret
 func (provider *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
 	}
@ -80,7 +81,7 @@ func (provider *DNSProvider) Present(domain, token, keyAuth string) error {

 	subdomain := fqdn[0 : len(fqdn)-len(authZone)-1]

-	authZone = acme.UnFqdn(authZone)
+	authZone = acmev2.UnFqdn(authZone)

 	zoneRecord, err := provider.getZoneInformationByName(authZone)

@ -106,7 +107,7 @@ func (provider *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes a given record that was generated by Present
 func (provider *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	provider.recordIDsMu.Lock()
 	recordID, ok := provider.recordIDs[fqdn]
@ -116,12 +117,12 @@ func (provider *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("Unknown recordID for '%s'", fqdn)
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = acmev2.UnFqdn(authZone)

 	zoneRecord, err := provider.getZoneInformationByName(authZone)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go
@ -16,10 +16,10 @@ import (
 	"github.com/Azure/go-autorest/autorest/adal"
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/to"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 type DNSProvider struct {
 	clientId       string
 	clientSecret   string
@ -64,7 +64,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfil the dns-01 challenge
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	zone, err := c.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
@ -74,7 +74,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {
 	spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)
 	rsc.Authorizer = autorest.NewBearerAuthorizer(spt)

-	relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
+	relative := toRelativeRecord(fqdn, acmev2.ToFqdn(zone))
 	rec := dns.RecordSet{
 		Name: &relative,
 		RecordSetProperties: &dns.RecordSetProperties{
@ -93,19 +93,19 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // Returns the relative record to the domain
 func toRelativeRecord(domain, zone string) string {
-	return acme.UnFqdn(strings.TrimSuffix(domain, zone))
+	return acmev2.UnFqdn(strings.TrimSuffix(domain, zone))
 }

 // CleanUp removes the TXT record matching the specified parameters
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	zone, err := c.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
 	}

-	relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
+	relative := toRelativeRecord(fqdn, acmev2.ToFqdn(zone))
 	rsc := dns.NewRecordSetsClient(c.subscriptionId)
 	spt, err := c.newServicePrincipalTokenFromCredentials(azure.PublicCloud.ResourceManagerEndpoint)
 	rsc.Authorizer = autorest.NewBearerAuthorizer(spt)
@ -119,7 +119,7 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 // Checks that azure has a zone for this domain name.
 func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", err
 	}
@ -130,7 +130,7 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 	dc := dns.NewZonesClient(c.subscriptionId)
 	dc.Authorizer = autorest.NewBearerAuthorizer(spt)

-	zone, err := dc.Get(c.resourceGroup, acme.UnFqdn(authZone))
+	zone, err := dc.Get(c.resourceGroup, acmev2.UnFqdn(authZone))

 	if err != nil {
 		return "", err
--- a/vendor/github.com/xenolf/lego/providers/dns/bluecat/bluecat.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/bluecat/bluecat.go
@ -0,0 +1,419 @@
+// Package bluecat implements a DNS provider for solving the DNS-01 challenge
+// using a self-hosted Bluecat Address Manager.
+package bluecat
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"io/ioutil"
+
+	"github.com/xenolf/lego/acmev2"
+)
+
+const bluecatUrlTemplate = "%s/Services/REST/v1"
+const configType = "Configuration"
+const viewType = "View"
+const txtType = "TXTRecord"
+const zoneType = "Zone"
+
+type entityResponse struct {
+	Id         uint   `json:"id"`
+	Name       string `json:"name"`
+	Type       string `json:"type"`
+	Properties string `json:"properties"`
+}
+
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that uses
+// Bluecat's Address Manager REST API to manage TXT records for a domain.
+type DNSProvider struct {
+	baseUrl    string
+	userName   string
+	password   string
+	configName string
+	dnsView    string
+	token      string
+	httpClient *http.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for Bluecat DNS.
+// Credentials must be passed in the environment variables: BLUECAT_SERVER_URL,
+// BLUECAT_USER_NAME and BLUECAT_PASSWORD. BLUECAT_SERVER_URL should have the
+// scheme, hostname, and port (if required) of the authoritative Bluecat BAM
+// server. The REST endpoint will be appended. In addition, the Configuration name
+// and external DNS View Name must be passed in BLUECAT_CONFIG_NAME and
+// BLUECAT_DNS_VIEW
+func NewDNSProvider() (*DNSProvider, error) {
+	server := os.Getenv("BLUECAT_SERVER_URL")
+	userName := os.Getenv("BLUECAT_USER_NAME")
+	password := os.Getenv("BLUECAT_PASSWORD")
+	configName := os.Getenv("BLUECAT_CONFIG_NAME")
+	dnsView := os.Getenv("BLUECAT_DNS_VIEW")
+	httpClient := http.Client{Timeout: time.Duration(30 * time.Second)}
+	return NewDNSProviderCredentials(server, userName, password, configName, dnsView, httpClient)
+}
+
+// NewDNSProviderCredentials uses the supplied credentials to return a
+// DNSProvider instance configured for Bluecat DNS.
+func NewDNSProviderCredentials(server, userName, password, configName, dnsView string, httpClient http.Client) (*DNSProvider, error) {
+	if server == "" || userName == "" || password == "" || configName == "" || dnsView == "" {
+		return nil, fmt.Errorf("Bluecat credentials missing")
+	}
+
+	return &DNSProvider{
+		baseUrl:    fmt.Sprintf(bluecatUrlTemplate, server),
+		userName:   userName,
+		password:   password,
+		configName: configName,
+		dnsView:    dnsView,
+		httpClient: http.DefaultClient,
+	}, nil
+}
+
+// Send a REST request, using query parameters specified. The Authorization
+// header will be set if we have an active auth token
+func (d *DNSProvider) sendRequest(method, resource string, payload interface{}, queryArgs map[string]string) (*http.Response, error) {
+	url := fmt.Sprintf("%s/%s", d.baseUrl, resource)
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(method, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	if len(d.token) > 0 {
+		req.Header.Set("Authorization", d.token)
+	}
+
+	// Add all query parameters
+	q := req.URL.Query()
+	for argName, argVal := range queryArgs {
+		q.Add(argName, argVal)
+	}
+	req.URL.RawQuery = q.Encode()
+	resp, err := d.httpClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode >= 400 {
+		errBytes, _ := ioutil.ReadAll(resp.Body)
+		errResp := string(errBytes)
+		return nil, fmt.Errorf("Bluecat API request failed with HTTP status code %d\n Full message: %s",
+			resp.StatusCode, errResp)
+	}
+
+	return resp, nil
+}
+
+// Starts a new Bluecat API Session. Authenticates using customerName, userName,
+// password and receives a token to be used in for subsequent requests.
+func (d *DNSProvider) login() error {
+	queryArgs := map[string]string{
+		"username": d.userName,
+		"password": d.password,
+	}
+
+	resp, err := d.sendRequest("GET", "login", nil, queryArgs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	authBytes, _ := ioutil.ReadAll(resp.Body)
+	authResp := string(authBytes)
+
+	if strings.Contains(authResp, "Authentication Error") {
+		msg := strings.Trim(authResp, "\"")
+		return fmt.Errorf("Bluecat API request failed: %s", msg)
+	}
+	// Upon success, API responds with "Session Token-> BAMAuthToken: dQfuRMTUxNjc3MjcyNDg1ODppcGFybXM= <- for User : username"
+	re := regexp.MustCompile("BAMAuthToken: [^ ]+")
+	token := re.FindString(authResp)
+	d.token = token
+	return nil
+}
+
+// Destroys Bluecat Session
+func (d *DNSProvider) logout() error {
+	if len(d.token) == 0 {
+		// nothing to do
+		return nil
+	}
+
+	resp, err := d.sendRequest("GET", "logout", nil, nil)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return fmt.Errorf("Bluecat API request failed to delete session with HTTP status code %d", resp.StatusCode)
+	} else {
+		authBytes, _ := ioutil.ReadAll(resp.Body)
+		authResp := string(authBytes)
+
+		if !strings.Contains(authResp, "successfully") {
+			msg := strings.Trim(authResp, "\"")
+			return fmt.Errorf("Bluecat API request failed to delete session: %s", msg)
+		}
+	}
+
+	d.token = ""
+
+	return nil
+}
+
+// Lookup the entity ID of the configuration named in our properties
+func (d *DNSProvider) lookupConfId() (uint, error) {
+	queryArgs := map[string]string{
+		"parentId": strconv.Itoa(0),
+		"name":     d.configName,
+		"type":     configType,
+	}
+
+	resp, err := d.sendRequest("GET", "getEntityByName", nil, queryArgs)
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+
+	var conf entityResponse
+	err = json.NewDecoder(resp.Body).Decode(&conf)
+	if err != nil {
+		return 0, err
+	}
+	return conf.Id, nil
+}
+
+// Find the DNS view with the given name within
+func (d *DNSProvider) lookupViewId(viewName string) (uint, error) {
+	confId, err := d.lookupConfId()
+	if err != nil {
+		return 0, err
+	}
+
+	queryArgs := map[string]string{
+		"parentId": strconv.FormatUint(uint64(confId), 10),
+		"name":     d.dnsView,
+		"type":     viewType,
+	}
+
+	resp, err := d.sendRequest("GET", "getEntityByName", nil, queryArgs)
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+
+	var view entityResponse
+	err = json.NewDecoder(resp.Body).Decode(&view)
+	if err != nil {
+		return 0, err
+	}
+
+	return view.Id, nil
+}
+
+// Return the entityId of the parent zone by recursing from the root view
+// Also return the simple name of the host
+func (d *DNSProvider) lookupParentZoneId(viewId uint, fqdn string) (uint, string, error) {
+	parentViewId := viewId
+	name := ""
+
+	if fqdn != "" {
+		zones := strings.Split(strings.Trim(fqdn, "."), ".")
+		last := len(zones) - 1
+		name = zones[0]
+
+		for i := last; i > -1; i-- {
+			zoneId, err := d.getZone(parentViewId, zones[i])
+			if err != nil || zoneId == 0 {
+				return parentViewId, name, err
+			}
+			if i > 0 {
+				name = strings.Join(zones[0:i], ".")
+			}
+			parentViewId = zoneId
+		}
+	}
+
+	return parentViewId, name, nil
+}
+
+// Get the DNS zone with the specified name under the parentId
+func (d *DNSProvider) getZone(parentId uint, name string) (uint, error) {
+
+	queryArgs := map[string]string{
+		"parentId": strconv.FormatUint(uint64(parentId), 10),
+		"name":     name,
+		"type":     zoneType,
+	}
+
+	resp, err := d.sendRequest("GET", "getEntityByName", nil, queryArgs)
+	// Return an empty zone if the named zone doesn't exist
+	if resp != nil && resp.StatusCode == 404 {
+		return 0, fmt.Errorf("Bluecat API could not find zone named %s", name)
+	}
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+
+	var zone entityResponse
+	err = json.NewDecoder(resp.Body).Decode(&zone)
+	if err != nil {
+		return 0, err
+	}
+
+	return zone.Id, nil
+}
+
+// Present creates a TXT record using the specified parameters
+// This will *not* create a subzone to contain the TXT record,
+// so make sure the FQDN specified is within an extant zone.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
+
+	err := d.login()
+	if err != nil {
+		return err
+	}
+
+	viewId, err := d.lookupViewId(d.dnsView)
+	if err != nil {
+		return err
+	}
+
+	parentZoneId, name, err := d.lookupParentZoneId(viewId, fqdn)
+
+	queryArgs := map[string]string{
+		"parentId": strconv.FormatUint(uint64(parentZoneId), 10),
+	}
+
+	body := bluecatEntity{
+		Name:       name,
+		Type:       "TXTRecord",
+		Properties: fmt.Sprintf("ttl=%d|absoluteName=%s|txt=%s|", ttl, fqdn, value),
+	}
+
+	resp, err := d.sendRequest("POST", "addEntity", body, queryArgs)
+
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	addTxtBytes, _ := ioutil.ReadAll(resp.Body)
+	addTxtResp := string(addTxtBytes)
+	// addEntity responds only with body text containing the ID of the created record
+	_, err = strconv.ParseUint(addTxtResp, 10, 64)
+	if err != nil {
+		return fmt.Errorf("Bluecat API addEntity request failed: %s", addTxtResp)
+	}
+
+	err = d.deploy(uint(parentZoneId))
+	if err != nil {
+		return err
+	}
+
+	err = d.logout()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Deploy the DNS config for the specified entity to the authoritative servers
+func (d *DNSProvider) deploy(entityId uint) error {
+	queryArgs := map[string]string{
+		"entityId": strconv.FormatUint(uint64(entityId), 10),
+	}
+
+	resp, err := d.sendRequest("POST", "quickDeploy", nil, queryArgs)
+
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
+
+	err := d.login()
+	if err != nil {
+		return err
+	}
+
+	viewId, err := d.lookupViewId(d.dnsView)
+	if err != nil {
+		return err
+	}
+
+	parentId, name, err := d.lookupParentZoneId(viewId, fqdn)
+	if err != nil {
+		return err
+	}
+
+	queryArgs := map[string]string{
+		"parentId": strconv.FormatUint(uint64(parentId), 10),
+		"name":     name,
+		"type":     txtType,
+	}
+
+	resp, err := d.sendRequest("GET", "getEntityByName", nil, queryArgs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	var txtRec entityResponse
+	err = json.NewDecoder(resp.Body).Decode(&txtRec)
+	if err != nil {
+		return err
+	}
+	queryArgs = map[string]string{
+		"objectId": strconv.FormatUint(uint64(txtRec.Id), 10),
+	}
+
+	resp, err = d.sendRequest("DELETE", "delete", nil, queryArgs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	err = d.deploy(parentId)
+	if err != nil {
+		return err
+	}
+
+	err = d.logout()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+//JSON body for Bluecat entity requests and responses
+type bluecatEntity struct {
+	ID         string `json:"id,omitempty"`
+	Name       string `json:"name"`
+	Type       string `json:"type"`
+	Properties string `json:"properties"`
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/cloudflare/cloudflare.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/cloudflare/cloudflare.go
@ -11,14 +11,14 @@ import (
 	"os"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 // CloudFlareAPIURL represents the API endpoint to call.
 // TODO: Unexport?
 const CloudFlareAPIURL = "https://api.cloudflare.com/client/v4"

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 type DNSProvider struct {
 	authEmail string
 	authKey   string
@ -54,7 +54,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfil the dns-01 challenge
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	zoneID, err := c.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
@ -62,7 +62,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 	rec := cloudFlareRecord{
 		Type:    "TXT",
-		Name:    acme.UnFqdn(fqdn),
+		Name:    acmev2.UnFqdn(fqdn),
 		Content: value,
 		TTL:     120,
 	}
@ -82,7 +82,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	record, err := c.findTxtRecord(fqdn)
 	if err != nil {
@ -104,12 +104,12 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 		Name string `json:"name"`
 	}

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", err
 	}

-	result, err := c.makeRequest("GET", "/zones?name="+acme.UnFqdn(authZone), nil)
+	result, err := c.makeRequest("GET", "/zones?name="+acmev2.UnFqdn(authZone), nil)
 	if err != nil {
 		return "", err
 	}
@ -135,7 +135,7 @@ func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {

 	result, err := c.makeRequest(
 		"GET",
-		fmt.Sprintf("/zones/%s/dns_records?per_page=1000&type=TXT&name=%s", zoneID, acme.UnFqdn(fqdn)),
+		fmt.Sprintf("/zones/%s/dns_records?per_page=1000&type=TXT&name=%s", zoneID, acmev2.UnFqdn(fqdn)),
 		nil,
 	)
 	if err != nil {
@ -149,7 +149,7 @@ func (c *DNSProvider) findTxtRecord(fqdn string) (*cloudFlareRecord, error) {
 	}

 	for _, rec := range records {
-		if rec.Name == acme.UnFqdn(fqdn) {
+		if rec.Name == acmev2.UnFqdn(fqdn) {
 			return &rec, nil
 		}
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/cloudxns/cloudxns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/cloudxns/cloudxns.go
@ -13,12 +13,12 @@ import (
 	"strconv"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 const cloudXNSBaseURL = "https://www.cloudxns.net/api2/"

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 type DNSProvider struct {
 	apiKey    string
 	secretKey string
@ -48,7 +48,7 @@ func NewDNSProviderCredentials(apiKey, secretKey string) (*DNSProvider, error) {

 // Present creates a TXT record to fulfil the dns-01 challenge.
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	zoneID, err := c.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
@ -59,7 +59,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
 	zoneID, err := c.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
@ -79,7 +79,7 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 		Domain string `json:"domain"`
 	}

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", err
 	}
@ -117,7 +117,7 @@ func (c *DNSProvider) findTxtRecord(zoneID, fqdn string) (string, error) {
 	}

 	for _, record := range records {
-		if record.Host == acme.UnFqdn(fqdn) && record.Type == "TXT" {
+		if record.Host == acmev2.UnFqdn(fqdn) && record.Type == "TXT" {
 			return record.RecordID, nil
 		}
 	}
@ -133,7 +133,7 @@ func (c *DNSProvider) addTxtRecord(zoneID, fqdn, value string, ttl int) error {

 	payload := cloudXNSRecord{
 		ID:     id,
-		Host:   acme.UnFqdn(fqdn),
+		Host:   acmev2.UnFqdn(fqdn),
 		Value:  value,
 		Type:   "TXT",
 		LineID: 1,
@ -183,7 +183,7 @@ func (c *DNSProvider) makeRequest(method, uri string, body []byte) (json.RawMess
 	req.Header.Set("API-HMAC", c.hmac(url, requestDate, string(body)))
 	req.Header.Set("API-FORMAT", "json")

-	resp, err := acme.HTTPClient.Do(req)
+	resp, err := acmev2.HTTPClient.Do(req)
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/digitalocean/digitalocean.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/digitalocean/digitalocean.go
@ -11,10 +11,10 @@ import (
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 // that uses DigitalOcean's REST API to manage TXT records for a domain.
 type DNSProvider struct {
 	apiAuthToken string
@ -49,6 +49,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		RecordType string `json:"type"`
 		Name       string `json:"name"`
 		Data       string `json:"data"`
+		TTL        int    `json:"ttl"`
 	}

 	// txtRecordResponse represents a response from DO's API after making a TXT record
@ -61,17 +62,17 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		} `json:"domain_record"`
 	}

-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = acmev2.UnFqdn(authZone)

 	reqURL := fmt.Sprintf("%s/v2/domains/%s/records", digitalOceanBaseURL, authZone)
-	reqData := txtRecordRequest{RecordType: "TXT", Name: fqdn, Data: value}
+	reqData := txtRecordRequest{RecordType: "TXT", Name: fqdn, Data: value, TTL: 60}
 	body, err := json.Marshal(reqData)
 	if err != nil {
 		return err
@ -112,7 +113,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	// get the record's unique ID from when we created it
 	d.recordIDsMu.Lock()
@ -122,12 +123,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("unknown record ID for '%s'", fqdn)
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = acmev2.UnFqdn(authZone)

 	reqURL := fmt.Sprintf("%s/v2/domains/%s/records/%d", digitalOceanBaseURL, authZone, recordID)
 	req, err := http.NewRequest("DELETE", reqURL, nil)
@ -164,3 +165,9 @@ type digitalOceanAPIError struct {
 }

 var digitalOceanBaseURL = "https://api.digitalocean.com"
+
+// Timeout returns the timeout and interval to use when checking for DNS
+// propagation. Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return 90 * time.Second, 5 * time.Second
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go
@ -4,23 +4,30 @@ package dns
 import (
 	"fmt"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 	"github.com/xenolf/lego/providers/dns/auroradns"
 	"github.com/xenolf/lego/providers/dns/azure"
+	"github.com/xenolf/lego/providers/dns/bluecat"
 	"github.com/xenolf/lego/providers/dns/cloudflare"
 	"github.com/xenolf/lego/providers/dns/cloudxns"
 	"github.com/xenolf/lego/providers/dns/digitalocean"
 	"github.com/xenolf/lego/providers/dns/dnsimple"
 	"github.com/xenolf/lego/providers/dns/dnsmadeeasy"
 	"github.com/xenolf/lego/providers/dns/dnspod"
+	"github.com/xenolf/lego/providers/dns/duckdns"
 	"github.com/xenolf/lego/providers/dns/dyn"
+	"github.com/xenolf/lego/providers/dns/exec"
 	"github.com/xenolf/lego/providers/dns/exoscale"
+	"github.com/xenolf/lego/providers/dns/fastdns"
 	"github.com/xenolf/lego/providers/dns/gandi"
 	"github.com/xenolf/lego/providers/dns/gandiv5"
-	"github.com/xenolf/lego/providers/dns/googlecloud"
+	"github.com/xenolf/lego/providers/dns/glesys"
 	"github.com/xenolf/lego/providers/dns/godaddy"
+	"github.com/xenolf/lego/providers/dns/googlecloud"
+	"github.com/xenolf/lego/providers/dns/lightsail"
 	"github.com/xenolf/lego/providers/dns/linode"
 	"github.com/xenolf/lego/providers/dns/namecheap"
+	"github.com/xenolf/lego/providers/dns/namedotcom"
 	"github.com/xenolf/lego/providers/dns/ns1"
 	"github.com/xenolf/lego/providers/dns/otc"
 	"github.com/xenolf/lego/providers/dns/ovh"
@ -31,14 +38,16 @@ import (
 	"github.com/xenolf/lego/providers/dns/vultr"
 )

-func NewDNSChallengeProviderByName(name string) (acme.ChallengeProvider, error) {
+func NewDNSChallengeProviderByName(name string) (acmev2.ChallengeProvider, error) {
 	var err error
-	var provider acme.ChallengeProvider
+	var provider acmev2.ChallengeProvider
 	switch name {
 	case "azure":
 		provider, err = azure.NewDNSProvider()
 	case "auroradns":
 		provider, err = auroradns.NewDNSProvider()
+	case "bluecat":
+		provider, err = bluecat.NewDNSProvider()
 	case "cloudflare":
 		provider, err = cloudflare.NewDNSProvider()
 	case "cloudxns":
@ -51,24 +60,34 @@ func NewDNSChallengeProviderByName(name string) (acme.ChallengeProvider, error)
 		provider, err = dnsmadeeasy.NewDNSProvider()
 	case "dnspod":
 		provider, err = dnspod.NewDNSProvider()
+	case "duckdns":
+		provider, err = duckdns.NewDNSProvider()
 	case "dyn":
 		provider, err = dyn.NewDNSProvider()
+	case "fastdns":
+		provider, err = fastdns.NewDNSProvider()
 	case "exoscale":
 		provider, err = exoscale.NewDNSProvider()
 	case "gandi":
 		provider, err = gandi.NewDNSProvider()
 	case "gandiv5":
 		provider, err = gandiv5.NewDNSProvider()
+	case "glesys":
+		provider, err = glesys.NewDNSProvider()
 	case "gcloud":
 		provider, err = googlecloud.NewDNSProvider()
 	case "godaddy":
 		provider, err = godaddy.NewDNSProvider()
+	case "lightsail":
+		provider, err = lightsail.NewDNSProvider()
 	case "linode":
 		provider, err = linode.NewDNSProvider()
 	case "manual":
-		provider, err = acme.NewDNSProviderManual()
+		provider, err = acmev2.NewDNSProviderManual()
 	case "namecheap":
 		provider, err = namecheap.NewDNSProvider()
+	case "namedotcom":
+		provider, err = namedotcom.NewDNSProvider()
 	case "rackspace":
 		provider, err = rackspace.NewDNSProvider()
 	case "route53":
@ -85,6 +104,8 @@ func NewDNSChallengeProviderByName(name string) (acme.ChallengeProvider, error)
 		provider, err = ns1.NewDNSProvider()
 	case "otc":
 		provider, err = otc.NewDNSProvider()
+	case "exec":
+		provider, err = exec.NewDNSProvider()
 	default:
 		err = fmt.Errorf("Unrecognised DNS provider: %s", name)
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go
@ -9,10 +9,10 @@ import (
 	"strings"

 	"github.com/dnsimple/dnsimple-go/dnsimple"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface.
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface.
 type DNSProvider struct {
 	client *dnsimple.Client
 }
@ -47,7 +47,7 @@ func NewDNSProviderCredentials(accessToken, baseUrl string) (*DNSProvider, error

 // Present creates a TXT record to fulfil the dns-01 challenge.
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)

 	zoneName, err := c.getHostedZone(domain)

@ -71,7 +71,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	records, err := c.findTxtRecords(domain, fqdn)
 	if err != nil {
@ -94,7 +94,7 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 }

 func (c *DNSProvider) getHostedZone(domain string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", err
 	}
@ -104,7 +104,7 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) {
 		return "", err
 	}

-	zoneName := acme.UnFqdn(authZone)
+	zoneName := acmev2.UnFqdn(authZone)

 	zones, err := c.client.Zones.ListZones(accountID, &dnsimple.ZoneListOptions{NameLike: zoneName})
 	if err != nil {
@ -159,7 +159,7 @@ func (c *DNSProvider) newTxtRecord(zoneName, fqdn, value string, ttl int) *dnsim
 }

 func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := acmev2.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/dnsmadeeasy/dnsmadeeasy.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dnsmadeeasy/dnsmadeeasy.go
@ -14,10 +14,10 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that uses
 // DNSMadeEasy's DNS API to manage TXT records for a domain.
 type DNSProvider struct {
 	baseURL   string
@ -77,9 +77,9 @@ func NewDNSProviderCredentials(baseURL, apiKey, apiSecret string) (*DNSProvider,

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domainName, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domainName, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return err
 	}
@ -104,9 +104,9 @@ func (d *DNSProvider) Present(domainName, token, keyAuth string) error {

 // CleanUp removes the TXT records matching the specified parameters
 func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domainName, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domainName, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/dnspod/dnspod.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dnspod/dnspod.go
@ -8,10 +8,10 @@ import (
 	"strings"

 	"github.com/decker502/dnspod-go"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface.
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface.
 type DNSProvider struct {
 	client *dnspod.Client
 }
@ -38,7 +38,7 @@ func NewDNSProviderCredentials(key string) (*DNSProvider, error) {

 // Present creates a TXT record to fulfil the dns-01 challenge.
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	zoneID, zoneName, err := c.getHostedZone(domain)
 	if err != nil {
 		return err
@ -55,7 +55,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	records, err := c.findTxtRecords(domain, fqdn)
 	if err != nil {
@ -82,14 +82,14 @@ func (c *DNSProvider) getHostedZone(domain string) (string, string, error) {
 		return "", "", fmt.Errorf("dnspod API call failed: %v", err)
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", "", err
 	}

 	var hostedZone dnspod.Domain
 	for _, zone := range zones {
-		if zone.Name == acme.UnFqdn(authZone) {
+		if zone.Name == acmev2.UnFqdn(authZone) {
 			hostedZone = zone
 		}
 	}
@ -138,7 +138,7 @@ func (c *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnspod.Record, erro
 }

 func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := acmev2.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/duckdns/duckdns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/duckdns/duckdns.go
@ -0,0 +1,82 @@
+// Adds lego support for http://duckdns.org .
+//
+// See http://www.duckdns.org/spec.jsp for more info on updating TXT records.
+package duckdns
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/xenolf/lego/acmev2"
+)
+
+// DNSProvider adds and removes the record for the DNS challenge
+type DNSProvider struct {
+	// The duckdns api token
+	token string
+}
+
+// NewDNSProvider returns a new DNS provider using
+// environment variable DUCKDNS_TOKEN for adding and removing the DNS record.
+func NewDNSProvider() (*DNSProvider, error) {
+	duckdnsToken := os.Getenv("DUCKDNS_TOKEN")
+
+	return NewDNSProviderCredentials(duckdnsToken)
+}
+
+// NewDNSProviderCredentials uses the supplied credentials to return a
+// DNSProvider instance configured for http://duckdns.org .
+func NewDNSProviderCredentials(duckdnsToken string) (*DNSProvider, error) {
+	if duckdnsToken == "" {
+		return nil, errors.New("environment variable DUCKDNS_TOKEN not set")
+	}
+
+	return &DNSProvider{token: duckdnsToken}, nil
+}
+
+// makeDuckdnsURL creates a url to clear the set or unset the TXT record.
+// txt == "" will clear the TXT record.
+func makeDuckdnsURL(domain, token, txt string) string {
+	requestBase := fmt.Sprintf("https://www.duckdns.org/update?domains=%s&token=%s", domain, token)
+	if txt == "" {
+		return requestBase + "&clear=true"
+	}
+	return requestBase + "&txt=" + txt
+}
+
+func issueDuckdnsRequest(url string) error {
+	response, err := acmev2.HTTPClient.Get(url)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	bodyBytes, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return err
+	}
+	body := string(bodyBytes)
+	if body != "OK" {
+		return fmt.Errorf("Request to change TXT record for duckdns returned the following result (%s) this does not match expectation (OK) used url [%s]", body, url)
+	}
+	return nil
+}
+
+// Present creates a TXT record to fulfil the dns-01 challenge.
+// In duckdns you only have one TXT record shared with
+// the domain and all sub domains.
+//
+// To update the TXT record we just need to make one simple get request.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	_, txtRecord, _ := acmev2.DNS01Record(domain, keyAuth)
+	url := makeDuckdnsURL(domain, d.token, txtRecord)
+	return issueDuckdnsRequest(url)
+}
+
+// CleanUp clears duckdns TXT record
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	url := makeDuckdnsURL(domain, d.token, "")
+	return issueDuckdnsRequest(url)
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/dyn/dyn.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dyn/dyn.go
@ -11,7 +11,7 @@ import (
 	"strconv"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 var dynBaseURL = "https://api.dynect.net/REST"
@ -30,7 +30,7 @@ type dynResponse struct {
 	Messages json.RawMessage `json:"msgs"`
 }

-// DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that uses
 // Dyn's Managed DNS API to manage TXT records for a domain.
 type DNSProvider struct {
 	customerName string
@ -87,11 +87,8 @@ func (d *DNSProvider) sendRequest(method, resource string, payload interface{})
 	}
 	defer resp.Body.Close()

-	if resp.StatusCode >= 400 {
+	if resp.StatusCode >= 500 {
 		return nil, fmt.Errorf("Dyn API request failed with HTTP status code %d", resp.StatusCode)
-	} else if resp.StatusCode == 307 {
-		// TODO add support for HTTP 307 response and long running jobs
-		return nil, fmt.Errorf("Dyn API request returned HTTP 307. This is currently unsupported")
 	}

 	var dynRes dynResponse
@ -100,6 +97,13 @@ func (d *DNSProvider) sendRequest(method, resource string, payload interface{})
 		return nil, err
 	}

+	if resp.StatusCode >= 400 {
+		return nil, fmt.Errorf("Dyn API request failed with HTTP status code %d: %s", resp.StatusCode, dynRes.Messages)
+	} else if resp.StatusCode == 307 {
+		// TODO add support for HTTP 307 response and long running jobs
+		return nil, fmt.Errorf("Dyn API request returned HTTP 307. This is currently unsupported")
+	}
+
 	if dynRes.Status == "failure" {
 		// TODO add better error handling
 		return nil, fmt.Errorf("Dyn API request failed: %s", dynRes.Messages)
@ -172,9 +176,9 @@ func (d *DNSProvider) logout() error {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return err
 	}
@ -228,9 +232,9 @@ func (d *DNSProvider) publish(zone, notes string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/exec/exec.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/exec/exec.go
@ -0,0 +1,72 @@
+// Package exec implements a manual DNS provider which runs a program for
+// adding/removing the DNS record.
+//
+// The file name of the external program is specified in the environment
+// variable EXEC_PATH. When it is run by lego, three command-line parameters
+// are passed to it: The action ("present" or "cleanup"), the fully-qualified domain
+// name, the value for the record and the TTL.
+//
+// For example, requesting a certificate for the domain 'foo.example.com' can
+// be achieved by calling lego as follows:
+//
+//  EXEC_PATH=./update-dns.sh \
+//    lego --dns exec \
+//    --domains foo.example.com \
+//    --email invalid@example.com run
+//
+// It will then call the program './update-dns.sh' with like this:
+//
+//  ./update-dns.sh "present" "_acme-challenge.foo.example.com." "MsijOYZxqyjGnFGwhjrhfg-Xgbl5r68WPda0J9EgqqI" "120"
+//
+// The program then needs to make sure the record is inserted. When it returns
+// an error via a non-zero exit code, lego aborts.
+//
+// When the record is to be removed again, the program is called with the first
+// command-line parameter set to "cleanup" instead of "present".
+package exec
+
+import (
+	"errors"
+	"os"
+	"os/exec"
+	"strconv"
+
+	"github.com/xenolf/lego/acmev2"
+)
+
+// DNSProvider adds and removes the record for the DNS challenge by calling a
+// program with command-line parameters.
+type DNSProvider struct {
+	program string
+}
+
+// NewDNSProvider returns a new DNS provider which runs the program in the
+// environment variable EXEC_PATH for adding and removing the DNS record.
+func NewDNSProvider() (*DNSProvider, error) {
+	s := os.Getenv("EXEC_PATH")
+	if s == "" {
+		return nil, errors.New("environment variable EXEC_PATH not set")
+	}
+
+	return &DNSProvider{program: s}, nil
+}
+
+// Present creates a TXT record to fulfil the dns-01 challenge.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
+	cmd := exec.Command(d.program, "present", fqdn, value, strconv.Itoa(ttl))
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	return cmd.Run()
+}
+
+// CleanUp removes the TXT record matching the specified parameters
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
+	cmd := exec.Command(d.program, "cleanup", fqdn, value, strconv.Itoa(ttl))
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	return cmd.Run()
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/exoscale/exoscale.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/exoscale/exoscale.go
@ -8,10 +8,10 @@ import (
 	"os"

 	"github.com/exoscale/egoscale"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface.
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface.
 type DNSProvider struct {
 	client *egoscale.Client
 }
@ -42,7 +42,7 @@ func NewDNSProviderClient(key, secret, endpoint string) (*DNSProvider, error) {

 // Present creates a TXT record to fulfil the dns-01 challenge.
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	zone, recordName, err := c.FindZoneAndRecordName(fqdn, domain)
 	if err != nil {
 		return err
@ -78,7 +78,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the record matching the specified parameters.
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
 	zone, recordName, err := c.FindZoneAndRecordName(fqdn, domain)
 	if err != nil {
 		return err
@ -116,12 +116,12 @@ func (c *DNSProvider) FindExistingRecordId(zone, recordName string) (int64, erro

 // Extract DNS zone and DNS entry name
 func (c *DNSProvider) FindZoneAndRecordName(fqdn, domain string) (string, string, error) {
-	zone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	zone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", "", err
 	}
-	zone = acme.UnFqdn(zone)
-	name := acme.UnFqdn(fqdn)
+	zone = acmev2.UnFqdn(zone)
+	name := acmev2.UnFqdn(fqdn)
 	name = name[:len(name)-len("."+zone)]

 	return zone, name, nil
--- a/vendor/github.com/xenolf/lego/providers/dns/fastdns/fastdns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/fastdns/fastdns.go
@ -0,0 +1,139 @@
+package fastdns
+
+import (
+	"fmt"
+	"os"
+	"reflect"
+
+	configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v1"
+	"github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid"
+	"github.com/xenolf/lego/acmev2"
+)
+
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface.
+type DNSProvider struct {
+	config edgegrid.Config
+}
+
+// NewDNSProvider uses the supplied environment variables to return a DNSProvider instance:
+// AKAMAI_HOST, AKAMAI_CLIENT_TOKEN, AKAMAI_CLIENT_SECRET, AKAMAI_ACCESS_TOKEN
+func NewDNSProvider() (*DNSProvider, error) {
+	host := os.Getenv("AKAMAI_HOST")
+	clientToken := os.Getenv("AKAMAI_CLIENT_TOKEN")
+	clientSecret := os.Getenv("AKAMAI_CLIENT_SECRET")
+	accessToken := os.Getenv("AKAMAI_ACCESS_TOKEN")
+
+	return NewDNSProviderClient(host, clientToken, clientSecret, accessToken)
+}
+
+// NewDNSProviderClient uses the supplied parameters to return a DNSProvider instance
+// configured for FastDNS.
+func NewDNSProviderClient(host, clientToken, clientSecret, accessToken string) (*DNSProvider, error) {
+	if clientToken == "" || clientSecret == "" || accessToken == "" || host == "" {
+		return nil, fmt.Errorf("Akamai FastDNS credentials missing")
+	}
+	config := edgegrid.Config{
+		Host:         host,
+		ClientToken:  clientToken,
+		ClientSecret: clientSecret,
+		AccessToken:  accessToken,
+		MaxBody:      131072,
+	}
+
+	return &DNSProvider{
+		config: config,
+	}, nil
+}
+
+// Present creates a TXT record to fullfil the dns-01 challenge.
+func (c *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
+	zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain)
+	if err != nil {
+		return err
+	}
+
+	configdns.Init(c.config)
+
+	zone, err := configdns.GetZone(zoneName)
+	if err != nil {
+		return err
+	}
+
+	record := configdns.NewTxtRecord()
+	record.SetField("name", recordName)
+	record.SetField("ttl", ttl)
+	record.SetField("target", value)
+	record.SetField("active", true)
+
+	existingRecord := c.findExistingRecord(zone, recordName)
+
+	if existingRecord != nil {
+		if reflect.DeepEqual(existingRecord.ToMap(), record.ToMap()) {
+			return nil
+		}
+		zone.RemoveRecord(existingRecord)
+		return c.createRecord(zone, record)
+	}
+
+	return c.createRecord(zone, record)
+}
+
+// CleanUp removes the record matching the specified parameters.
+func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
+	zoneName, recordName, err := c.findZoneAndRecordName(fqdn, domain)
+	if err != nil {
+		return err
+	}
+
+	configdns.Init(c.config)
+
+	zone, err := configdns.GetZone(zoneName)
+	if err != nil {
+		return err
+	}
+
+	existingRecord := c.findExistingRecord(zone, recordName)
+
+	if existingRecord != nil {
+		err := zone.RemoveRecord(existingRecord)
+		if err != nil {
+			return err
+		}
+		return zone.Save()
+	}
+
+	return nil
+}
+
+func (c *DNSProvider) findZoneAndRecordName(fqdn, domain string) (string, string, error) {
+	zone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
+	if err != nil {
+		return "", "", err
+	}
+	zone = acmev2.UnFqdn(zone)
+	name := acmev2.UnFqdn(fqdn)
+	name = name[:len(name)-len("."+zone)]
+
+	return zone, name, nil
+}
+
+func (c *DNSProvider) findExistingRecord(zone *configdns.Zone, recordName string) *configdns.TxtRecord {
+	for _, r := range zone.Zone.Txt {
+		if r.Name == recordName {
+			return r
+		}
+	}
+
+	return nil
+}
+
+func (c *DNSProvider) createRecord(zone *configdns.Zone, record *configdns.TxtRecord) error {
+	err := zone.AddRecord(record)
+	if err != nil {
+		return err
+	}
+
+	return zone.Save()
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/gandi/gandi.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/gandi/gandi.go
@ -14,7 +14,7 @@ import (
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 // Gandi API reference:       http://doc.rpc.gandi.net/index.html
@ -26,7 +26,7 @@ var (
 	endpoint = "https://rpc.gandi.net/xmlrpc/"
 	// findZoneByFqdn determines the DNS zone of an fqdn. It is overridden
 	// during tests.
-	findZoneByFqdn = acme.FindZoneByFqdn
+	findZoneByFqdn = acmev2.FindZoneByFqdn
 )

 // inProgressInfo contains information about an in-progress challenge
@ -37,7 +37,7 @@ type inProgressInfo struct {
 }

 // DNSProvider is an implementation of the
-// acme.ChallengeProviderTimeout interface that uses Gandi's XML-RPC
+// acmev2.ChallengeProviderTimeout interface that uses Gandi's XML-RPC
 // API to manage TXT records for a domain.
 type DNSProvider struct {
 	apiKey              string
@ -70,12 +70,12 @@ func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
 // does this by creating and activating a new temporary Gandi DNS
 // zone. This new zone contains the TXT record.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	if ttl < 300 {
 		ttl = 300 // 300 is gandi minimum value for ttl
 	}
 	// find authZone and Gandi zone_id for fqdn
-	authZone, err := findZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := findZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Gandi DNS: findZoneByFqdn failure: %v", err)
 	}
@ -103,7 +103,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	// containing the required TXT record
 	newZoneName := fmt.Sprintf(
 		"%s [ACME Challenge %s]",
-		acme.UnFqdn(authZone), time.Now().Format(time.RFC822Z))
+		acmev2.UnFqdn(authZone), time.Now().Format(time.RFC822Z))
 	newZoneID, err := d.cloneZone(zoneID, newZoneName)
 	if err != nil {
 		return err
@ -138,7 +138,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 // parameters. It does this by restoring the old Gandi DNS zone and
 // removing the temporary one created by Present.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
 	// acquire lock and retrieve zoneID, newZoneID and authZone
 	d.inProgressMu.Lock()
 	defer d.inProgressMu.Unlock()
--- a/vendor/github.com/xenolf/lego/providers/dns/gandiv5/gandiv5.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/gandiv5/gandiv5.go
@ -12,7 +12,7 @@ import (
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 // Gandi API reference:       http://doc.livedns.gandi.net/
@ -23,7 +23,7 @@ var (
 	endpoint = "https://dns.api.gandi.net/api/v5"
 	// findZoneByFqdn determines the DNS zone of an fqdn. It is overridden
 	// during tests.
-	findZoneByFqdn = acme.FindZoneByFqdn
+	findZoneByFqdn = acmev2.FindZoneByFqdn
 )

 // inProgressInfo contains information about an in-progress challenge
@ -33,7 +33,7 @@ type inProgressInfo struct {
 }

 // DNSProvider is an implementation of the
-// acme.ChallengeProviderTimeout interface that uses Gandi's LiveDNS
+// acmev2.ChallengeProviderTimeout interface that uses Gandi's LiveDNS
 // API to manage TXT records for a domain.
 type DNSProvider struct {
 	apiKey          string
@ -62,12 +62,12 @@ func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	if ttl < 300 {
 		ttl = 300 // 300 is gandi minimum value for ttl
 	}
 	// find authZone
-	authZone, err := findZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := findZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Gandi DNS: findZoneByFqdn failure: %v", err)
 	}
@ -83,7 +83,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	d.inProgressMu.Lock()
 	defer d.inProgressMu.Unlock()
 	// add TXT record into authZone
-	err = d.addTXTRecord(acme.UnFqdn(authZone), name, value, ttl)
+	err = d.addTXTRecord(acmev2.UnFqdn(authZone), name, value, ttl)
 	if err != nil {
 		return err
 	}
@ -97,7 +97,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
 	// acquire lock and retrieve authZone
 	d.inProgressMu.Lock()
 	defer d.inProgressMu.Unlock()
@ -109,7 +109,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	authZone := d.inProgressFQDNs[fqdn].authZone
 	delete(d.inProgressFQDNs, fqdn)
 	// delete TXT record from authZone
-	err := d.deleteTXTRecord(acme.UnFqdn(authZone), fieldName)
+	err := d.deleteTXTRecord(acmev2.UnFqdn(authZone), fieldName)
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/glesys/glesys.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/glesys/glesys.go
@ -0,0 +1,211 @@
+// Package glesys implements a DNS provider for solving the DNS-01
+// challenge using GleSYS api.
+package glesys
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/xenolf/lego/acmev2"
+)
+
+// GleSYS API reference: https://github.com/GleSYS/API/wiki/API-Documentation
+
+// domainAPI is the GleSYS API endpoint used by Present and CleanUp.
+const domainAPI = "https://api.glesys.com/domain"
+
+var (
+	// Logger is used to log API communication results;
+	// if nil, the default log.Logger is used.
+	Logger *log.Logger
+)
+
+// logf writes a log entry. It uses Logger if not
+// nil, otherwise it uses the default log.Logger.
+func logf(format string, args ...interface{}) {
+	if Logger != nil {
+		Logger.Printf(format, args...)
+	} else {
+		log.Printf(format, args...)
+	}
+}
+
+// DNSProvider is an implementation of the
+// acmev2.ChallengeProviderTimeout interface that uses GleSYS
+// API to manage TXT records for a domain.
+type DNSProvider struct {
+	apiUser       string
+	apiKey        string
+	activeRecords map[string]int
+	inProgressMu  sync.Mutex
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for GleSYS.
+// Credentials must be passed in the environment variables: GLESYS_API_USER
+// and GLESYS_API_KEY.
+func NewDNSProvider() (*DNSProvider, error) {
+	apiUser := os.Getenv("GLESYS_API_USER")
+	apiKey := os.Getenv("GLESYS_API_KEY")
+	return NewDNSProviderCredentials(apiUser, apiKey)
+}
+
+// NewDNSProviderCredentials uses the supplied credentials to return a
+// DNSProvider instance configured for GleSYS.
+func NewDNSProviderCredentials(apiUser string, apiKey string) (*DNSProvider, error) {
+	if apiUser == "" || apiKey == "" {
+		return nil, fmt.Errorf("GleSYS DNS: Incomplete credentials provided")
+	}
+	return &DNSProvider{
+		apiUser:       apiUser,
+		apiKey:        apiKey,
+		activeRecords: make(map[string]int),
+	}, nil
+}
+
+// Present creates a TXT record using the specified parameters.
+func (d *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
+	if ttl < 60 {
+		ttl = 60 // 60 is GleSYS minimum value for ttl
+	}
+	// find authZone
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
+	if err != nil {
+		return fmt.Errorf("GleSYS DNS: findZoneByFqdn failure: %v", err)
+	}
+	// determine name of TXT record
+	if !strings.HasSuffix(
+		strings.ToLower(fqdn), strings.ToLower("."+authZone)) {
+		return fmt.Errorf(
+			"GleSYS DNS: unexpected authZone %s for fqdn %s", authZone, fqdn)
+	}
+	name := fqdn[:len(fqdn)-len("."+authZone)]
+	// acquire lock and check there is not a challenge already in
+	// progress for this value of authZone
+	d.inProgressMu.Lock()
+	defer d.inProgressMu.Unlock()
+	// add TXT record into authZone
+	recordId, err := d.addTXTRecord(domain, acmev2.UnFqdn(authZone), name, value, ttl)
+	if err != nil {
+		return err
+	}
+	// save data necessary for CleanUp
+	d.activeRecords[fqdn] = recordId
+	return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
+	// acquire lock and retrieve authZone
+	d.inProgressMu.Lock()
+	defer d.inProgressMu.Unlock()
+	if _, ok := d.activeRecords[fqdn]; !ok {
+		// if there is no cleanup information then just return
+		return nil
+	}
+	recordId := d.activeRecords[fqdn]
+	delete(d.activeRecords, fqdn)
+	// delete TXT record from authZone
+	err := d.deleteTXTRecord(domain, recordId)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Timeout returns the values (20*time.Minute, 20*time.Second) which
+// are used by the acme package as timeout and check interval values
+// when checking for DNS record propagation with GleSYS.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return 20 * time.Minute, 20 * time.Second
+}
+
+// types for JSON method calls, parameters, and responses
+
+type addRecordRequest struct {
+	Domainname string `json:"domainname"`
+	Host       string `json:"host"`
+	Type       string `json:"type"`
+	Data       string `json:"data"`
+	Ttl        int    `json:"ttl,omitempty"`
+}
+
+type deleteRecordRequest struct {
+	Recordid int `json:"recordid"`
+}
+
+type responseStruct struct {
+	Response struct {
+		Status struct {
+			Code int `json:"code"`
+		} `json:"status"`
+		Record deleteRecordRequest `json:"record"`
+	} `json:"response"`
+}
+
+// POSTing/Marshalling/Unmarshalling
+
+func (d *DNSProvider) sendRequest(method string, resource string, payload interface{}) (*responseStruct, error) {
+	url := fmt.Sprintf("%s/%s", domainAPI, resource)
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest(method, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.SetBasicAuth(d.apiUser, d.apiKey)
+
+	client := &http.Client{Timeout: time.Duration(10 * time.Second)}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return nil, fmt.Errorf("GleSYS DNS: request failed with HTTP status code %d", resp.StatusCode)
+	}
+	var response responseStruct
+	err = json.NewDecoder(resp.Body).Decode(&response)
+
+	return &response, err
+}
+
+// functions to perform API actions
+
+func (d *DNSProvider) addTXTRecord(fqdn string, domain string, name string, value string, ttl int) (int, error) {
+	response, err := d.sendRequest("POST", "addrecord", addRecordRequest{
+		Domainname: domain,
+		Host:       name,
+		Type:       "TXT",
+		Data:       value,
+		Ttl:        ttl,
+	})
+	if response != nil && response.Response.Status.Code == 200 {
+		logf("[INFO][%s] GleSYS DNS: Successfully created recordid %d", fqdn, response.Response.Record.Recordid)
+		return response.Response.Record.Recordid, nil
+	}
+	return 0, err
+}
+
+func (d *DNSProvider) deleteTXTRecord(fqdn string, recordid int) error {
+	response, err := d.sendRequest("POST", "deleterecord", deleteRecordRequest{
+		Recordid: recordid,
+	})
+	if response != nil && response.Response.Status.Code == 200 {
+		logf("[INFO][%s] GleSYS DNS: Successfully deleted recordid %d", fqdn, recordid)
+	}
+	return err
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/godaddy/godaddy.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/godaddy/godaddy.go
@ -10,15 +10,16 @@ import (

 	"bytes"
 	"encoding/json"
-	"github.com/xenolf/lego/acme"
 	"io/ioutil"
 	"strings"
+
+	"github.com/xenolf/lego/acmev2"
 )

 // GoDaddyAPIURL represents the API endpoint to call.
 const apiURL = "https://api.godaddy.com"

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 type DNSProvider struct {
 	apiKey    string
 	apiSecret string
@ -50,7 +51,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {
 }

 func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := acmev2.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
@ -59,7 +60,7 @@ func (c *DNSProvider) extractRecordName(fqdn, domain string) string {

 // Present creates a TXT record to fulfil the dns-01 challenge
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	domainZone, err := c.getZone(fqdn)
 	if err != nil {
 		return err
@ -105,7 +106,7 @@ func (c *DNSProvider) updateRecords(records []DNSRecord, domainZone string, reco

 // CleanUp sets null value in the TXT DNS record as GoDaddy has no proper DELETE record method
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
 	domainZone, err := c.getZone(fqdn)
 	if err != nil {
 		return err
@ -124,12 +125,12 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 }

 func (c *DNSProvider) getZone(fqdn string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", err
 	}

-	return acme.UnFqdn(authZone), nil
+	return acmev2.UnFqdn(authZone), nil
 }

 func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Response, error) {
--- a/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/googlecloud/googlecloud.go
@ -8,7 +8,7 @@ import (
 	"os"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"

 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
@ -88,7 +88,7 @@ func NewDNSProviderServiceAccount(project string, saFile string) (*DNSProvider,

 // Present creates a TXT record to fulfil the dns-01 challenge.
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)

 	zone, err := c.getHostedZone(domain)
 	if err != nil {
@ -135,7 +135,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	zone, err := c.getHostedZone(domain)
 	if err != nil {
@ -167,7 +167,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // getHostedZone returns the managed-zone
 func (c *DNSProvider) getHostedZone(domain string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/lightsail/lightsail.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/lightsail/lightsail.go
@ -0,0 +1,107 @@
+// Package lightsail implements a DNS provider for solving the DNS-01 challenge
+// using AWS Lightsail DNS.
+package lightsail
+
+import (
+	"math/rand"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/client"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/lightsail"
+	"github.com/xenolf/lego/acmev2"
+)
+
+const (
+	maxRetries = 5
+)
+
+// DNSProvider implements the acmev2.ChallengeProvider interface
+type DNSProvider struct {
+	client *lightsail.Lightsail
+}
+
+// customRetryer implements the client.Retryer interface by composing the
+// DefaultRetryer. It controls the logic for retrying recoverable request
+// errors (e.g. when rate limits are exceeded).
+type customRetryer struct {
+	client.DefaultRetryer
+}
+
+// RetryRules overwrites the DefaultRetryer's method.
+// It uses a basic exponential backoff algorithm that returns an initial
+// delay of ~400ms with an upper limit of ~30 seconds which should prevent
+// causing a high number of consecutive throttling errors.
+// For reference: Route 53 enforces an account-wide(!) 5req/s query limit.
+func (d customRetryer) RetryRules(r *request.Request) time.Duration {
+	retryCount := r.RetryCount
+	if retryCount > 7 {
+		retryCount = 7
+	}
+
+	delay := (1 << uint(retryCount)) * (rand.Intn(50) + 200)
+	return time.Duration(delay) * time.Millisecond
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for the AWS
+// Lightsail service.
+//
+// AWS Credentials are automatically detected in the following locations
+// and prioritized in the following order:
+// 1. Environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,
+//     [AWS_SESSION_TOKEN], [DNS_ZONE]
+// 2. Shared credentials file (defaults to ~/.aws/credentials)
+// 3. Amazon EC2 IAM role
+//
+// public hosted zone via the FQDN.
+//
+// See also: https://github.com/aws/aws-sdk-go/wiki/configuring-sdk
+func NewDNSProvider() (*DNSProvider, error) {
+	r := customRetryer{}
+	r.NumMaxRetries = maxRetries
+	config := request.WithRetryer(aws.NewConfig(), r)
+	client := lightsail.New(session.New(config))
+
+	return &DNSProvider{
+		client: client,
+	}, nil
+}
+
+// Present creates a TXT record using the specified parameters
+func (r *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
+	value = `"` + value + `"`
+	err := r.newTxtRecord(domain, fqdn, value)
+	return err
+}
+
+// CleanUp removes the TXT record matching the specified parameters
+func (r *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
+	value = `"` + value + `"`
+	params := &lightsail.DeleteDomainEntryInput{
+		DomainName: aws.String(domain),
+		DomainEntry: &lightsail.DomainEntry{
+			Name:   aws.String(fqdn),
+			Type:   aws.String("TXT"),
+			Target: aws.String(value),
+		},
+	}
+	_, err := r.client.DeleteDomainEntry(params)
+	return err
+}
+
+func (r *DNSProvider) newTxtRecord(domain string, fqdn string, value string) error {
+	params := &lightsail.CreateDomainEntryInput{
+		DomainName: aws.String(domain),
+		DomainEntry: &lightsail.DomainEntry{
+			Name:   aws.String(fqdn),
+			Target: aws.String(value),
+			Type:   aws.String("TXT"),
+		},
+	}
+	_, err := r.client.CreateDomainEntry(params)
+	return err
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/linode/linode.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/linode/linode.go
@ -9,7 +9,7 @@ import (
 	"time"

 	"github.com/timewasted/linode/dns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 const (
@ -23,7 +23,7 @@ type hostedZoneInfo struct {
 	resourceName string
 }

-// DNSProvider implements the acme.ChallengeProvider interface.
+// DNSProvider implements the acmev2.ChallengeProvider interface.
 type DNSProvider struct {
 	linode *dns.DNS
 }
@ -66,13 +66,13 @@ func (p *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record using the specified parameters.
 func (p *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	zone, err := p.getHostedZoneInfo(fqdn)
 	if err != nil {
 		return err
 	}

-	if _, err = p.linode.CreateDomainResourceTXT(zone.domainId, acme.UnFqdn(fqdn), value, 60); err != nil {
+	if _, err = p.linode.CreateDomainResourceTXT(zone.domainId, acmev2.UnFqdn(fqdn), value, 60); err != nil {
 		return err
 	}

@ -81,7 +81,7 @@ func (p *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (p *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	zone, err := p.getHostedZoneInfo(fqdn)
 	if err != nil {
 		return err
@ -112,14 +112,14 @@ func (p *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 func (p *DNSProvider) getHostedZoneInfo(fqdn string) (*hostedZoneInfo, error) {
 	// Lookup the zone that handles the specified FQDN.
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return nil, err
 	}
 	resourceName := strings.TrimSuffix(fqdn, "."+authZone)

 	// Query the authority zone.
-	domain, err := p.linode.GetDomain(acme.UnFqdn(authZone))
+	domain, err := p.linode.GetDomain(acmev2.UnFqdn(authZone))
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/namecheap/namecheap.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/namecheap/namecheap.go
@ -12,7 +12,7 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 // Notes about namecheap's tool API:
@ -132,7 +132,7 @@ type challenge struct {
 // newChallenge builds a challenge record from a domain name, a challenge
 // authentication key, and a map of available TLDs.
 func newChallenge(domain, keyAuth string, tlds map[string]string) (*challenge, error) {
-	domain = acme.UnFqdn(domain)
+	domain = acmev2.UnFqdn(domain)
 	parts := strings.Split(domain, ".")

 	// Find the longest matching TLD.
@ -155,7 +155,7 @@ func newChallenge(domain, keyAuth string, tlds map[string]string) (*challenge, e
 		host = strings.Join(parts[:longest-1], ".")
 	}

-	key, keyValue, _ := acme.DNS01Record(domain, keyAuth)
+	key, keyValue, _ := acmev2.DNS01Record(domain, keyAuth)

 	return &challenge{
 		domain:   domain,
--- a/vendor/github.com/xenolf/lego/providers/dns/namedotcom/namedotcom.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/namedotcom/namedotcom.go
@ -0,0 +1,124 @@
+// Package namedotcom implements a DNS provider for solving the DNS-01 challenge
+// using Name.com's DNS service.
+package namedotcom
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/namedotcom/go/namecom"
+	"github.com/xenolf/lego/acmev2"
+)
+
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface.
+type DNSProvider struct {
+	client *namecom.NameCom
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for namedotcom.
+// Credentials must be passed in the environment variables: NAMECOM_USERNAME and NAMECOM_API_TOKEN
+func NewDNSProvider() (*DNSProvider, error) {
+	username := os.Getenv("NAMECOM_USERNAME")
+	apiToken := os.Getenv("NAMECOM_API_TOKEN")
+	server := os.Getenv("NAMECOM_SERVER")
+
+	return NewDNSProviderCredentials(username, apiToken, server)
+}
+
+// NewDNSProviderCredentials uses the supplied credentials to return a
+// DNSProvider instance configured for namedotcom.
+func NewDNSProviderCredentials(username, apiToken, server string) (*DNSProvider, error) {
+	if username == "" {
+		return nil, fmt.Errorf("Name.com Username is required")
+	}
+	if apiToken == "" {
+		return nil, fmt.Errorf("Name.com API token is required")
+	}
+
+	client := namecom.New(username, apiToken)
+
+	if server != "" {
+		client.Server = server
+	}
+
+	return &DNSProvider{client: client}, nil
+}
+
+// Present creates a TXT record to fulfil the dns-01 challenge.
+func (c *DNSProvider) Present(domain, token, keyAuth string) error {
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
+
+	request := &namecom.Record{
+		DomainName: domain,
+		Host:       c.extractRecordName(fqdn, domain),
+		Type:       "TXT",
+		TTL:        uint32(ttl),
+		Answer:     value,
+	}
+
+	_, err := c.client.CreateRecord(request)
+	if err != nil {
+		return fmt.Errorf("namedotcom API call failed: %v", err)
+	}
+
+	return nil
+}
+
+// CleanUp removes the TXT record matching the specified parameters.
+func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
+
+	records, err := c.getRecords(domain)
+	if err != nil {
+		return err
+	}
+
+	for _, rec := range records {
+		if rec.Fqdn == fqdn && rec.Type == "TXT" {
+			request := &namecom.DeleteRecordRequest{
+				DomainName: domain,
+				ID:         rec.ID,
+			}
+			_, err := c.client.DeleteRecord(request)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func (c *DNSProvider) getRecords(domain string) ([]*namecom.Record, error) {
+	var (
+		err      error
+		records  []*namecom.Record
+		response *namecom.ListRecordsResponse
+	)
+
+	request := &namecom.ListRecordsRequest{
+		DomainName: domain,
+		Page:       1,
+	}
+
+	for request.Page > 0 {
+		response, err = c.client.ListRecords(request)
+		if err != nil {
+			return nil, err
+		}
+
+		records = append(records, response.Records...)
+		request.Page = response.NextPage
+	}
+
+	return records, nil
+}
+
+func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
+	name := acmev2.UnFqdn(fqdn)
+	if idx := strings.Index(name, "."+domain); idx != -1 {
+		return name[:idx]
+	}
+	return name
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go
@ -8,12 +8,12 @@ import (
 	"os"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 	"gopkg.in/ns1/ns1-go.v2/rest"
 	"gopkg.in/ns1/ns1-go.v2/rest/model/dns"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface.
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface.
 type DNSProvider struct {
 	client *rest.Client
 }
@ -43,7 +43,7 @@ func NewDNSProviderCredentials(key string) (*DNSProvider, error) {

 // Present creates a TXT record to fulfil the dns-01 challenge.
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)

 	zone, err := c.getHostedZone(domain)
 	if err != nil {
@ -61,14 +61,14 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	zone, err := c.getHostedZone(domain)
 	if err != nil {
 		return err
 	}

-	name := acme.UnFqdn(fqdn)
+	name := acmev2.UnFqdn(fqdn)
 	_, err = c.client.Records.Delete(zone.Zone, name, "TXT")
 	return err
 }
@ -83,7 +83,7 @@ func (c *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) {
 }

 func (c *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record {
-	name := acme.UnFqdn(fqdn)
+	name := acmev2.UnFqdn(fqdn)

 	return &dns.Record{
 		Type:   "TXT",
--- a/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go
@ -12,10 +12,10 @@ import (
 	"os"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that uses
 // OTC's Managed DNS API to manage TXT records for a domain.
 type DNSProvider struct {
 	identityEndpoint string
@ -313,13 +313,13 @@ func (d *DNSProvider) deleteRecordSet(zoneID, recordID string) error {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)

 	if ttl < 300 {
 		ttl = 300 // 300 is otc minimum value for ttl
 	}

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return err
 	}
@ -362,9 +362,9 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/ovh/ovh.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/ovh/ovh.go
@ -9,13 +9,13 @@ import (
 	"sync"

 	"github.com/ovh/go-ovh/ovh"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 // OVH API reference:       https://eu.api.ovh.com/
 // Create a Token:					https://eu.api.ovh.com/createToken/

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 // that uses OVH's REST API to manage TXT records for a domain.
 type DNSProvider struct {
 	client      *ovh.Client
@ -78,15 +78,15 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		Zone      string `json:"zone"`
 	}

-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)

 	// Parse domain name
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = acmev2.UnFqdn(authZone)
 	subDomain := d.extractRecordName(fqdn, authZone)

 	reqURL := fmt.Sprintf("/domain/zone/%s/record", authZone)
@ -117,7 +117,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	// get the record's unique ID from when we created it
 	d.recordIDsMu.Lock()
@ -127,12 +127,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("unknown record ID for '%s'", fqdn)
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(acmev2.ToFqdn(domain), acmev2.RecursiveNameservers)
 	if err != nil {
 		return fmt.Errorf("Could not determine zone for domain: '%s'. %s", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = acmev2.UnFqdn(authZone)

 	reqURL := fmt.Sprintf("/domain/zone/%s/record/%d", authZone, recordID)

@ -151,7 +151,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 }

 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := acmev2.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/pdns/pdns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/pdns/pdns.go
@ -14,10 +14,10 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 type DNSProvider struct {
 	apiKey     string
 	host       *url.URL
@ -65,7 +65,7 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfil the dns-01 challenge
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	zone, err := c.getHostedZone(fqdn)
 	if err != nil {
 		return err
@ -75,7 +75,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 	// pre-v1 API wants non-fqdn
 	if c.apiVersion == 0 {
-		name = acme.UnFqdn(fqdn)
+		name = acmev2.UnFqdn(fqdn)
 	}

 	rec := pdnsRecord{
@ -117,7 +117,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	zone, err := c.getHostedZone(fqdn)
 	if err != nil {
@ -153,7 +153,7 @@ func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 func (c *DNSProvider) getHostedZone(fqdn string) (*hostedZone, error) {
 	var zone hostedZone
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return nil, err
 	}
@ -172,7 +172,7 @@ func (c *DNSProvider) getHostedZone(fqdn string) (*hostedZone, error) {

 	url = ""
 	for _, zone := range zones {
-		if acme.UnFqdn(zone.Name) == acme.UnFqdn(authZone) {
+		if acmev2.UnFqdn(zone.Name) == acmev2.UnFqdn(authZone) {
 			url = zone.URL
 		}
 	}
@ -215,7 +215,7 @@ func (c *DNSProvider) findTxtRecord(fqdn string) (*rrSet, error) {
 	}

 	for _, set := range zone.RRSets {
-		if (set.Name == acme.UnFqdn(fqdn) || set.Name == fqdn) && set.Type == "TXT" {
+		if (set.Name == acmev2.UnFqdn(fqdn) || set.Name == fqdn) && set.Type == "TXT" {
 			return &set, nil
 		}
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/rackspace/rackspace.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/rackspace/rackspace.go
@ -11,13 +11,13 @@ import (
 	"os"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 // rackspaceAPIURL represents the Identity API endpoint to call
 var rackspaceAPIURL = "https://identity.api.rackspacecloud.com/v2.0/tokens"

-// DNSProvider is an implementation of the acme.ChallengeProvider interface
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface
 // used to store the reusable token and DNS API endpoint
 type DNSProvider struct {
 	token            string
@ -126,7 +126,7 @@ func NewDNSProviderCredentials(user, key string) (*DNSProvider, error) {

 // Present creates a TXT record to fulfil the dns-01 challenge
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	zoneID, err := c.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
@ -134,7 +134,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 	rec := RackspaceRecords{
 		RackspaceRecord: []RackspaceRecord{{
-			Name: acme.UnFqdn(fqdn),
+			Name: acmev2.UnFqdn(fqdn),
 			Type: "TXT",
 			Data: value,
 			TTL:  300,
@ -156,7 +156,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)
 	zoneID, err := c.getHostedZoneID(fqdn)
 	if err != nil {
 		return err
@ -187,12 +187,12 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (int, error) {
 		} `json:"domains"`
 	}

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return 0, err
 	}

-	result, err := c.makeRequest("GET", fmt.Sprintf("/domains?name=%s", acme.UnFqdn(authZone)), nil)
+	result, err := c.makeRequest("GET", fmt.Sprintf("/domains?name=%s", acmev2.UnFqdn(authZone)), nil)
 	if err != nil {
 		return 0, err
 	}
@ -213,7 +213,7 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (int, error) {

 // findTxtRecord searches a DNS zone for a TXT record with a specific name
 func (c *DNSProvider) findTxtRecord(fqdn string, zoneID int) (*RackspaceRecord, error) {
-	result, err := c.makeRequest("GET", fmt.Sprintf("/domains/%d/records?type=TXT&name=%s", zoneID, acme.UnFqdn(fqdn)), nil)
+	result, err := c.makeRequest("GET", fmt.Sprintf("/domains/%d/records?type=TXT&name=%s", zoneID, acmev2.UnFqdn(fqdn)), nil)
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go
@ -10,10 +10,10 @@ import (
 	"time"

 	"github.com/miekg/dns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface that
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface that
 // uses dynamic DNS updates (RFC 2136) to create TXT records on a nameserver.
 type DNSProvider struct {
 	nameserver    string
@ -27,7 +27,7 @@ type DNSProvider struct {
 // dynamic update. Configured with environment variables:
 // RFC2136_NAMESERVER: Network address in the form "host" or "host:port".
 // RFC2136_TSIG_ALGORITHM: Defaults to hmac-md5.sig-alg.reg.int. (HMAC-MD5).
-// See https://github.com/miekg/dns/blob/master/tsig.go for supported values. 
+// See https://github.com/miekg/dns/blob/master/tsig.go for supported values.
 // RFC2136_TSIG_KEY: Name of the secret key as defined in DNS server configuration.
 // RFC2136_TSIG_SECRET: Secret key payload.
 // RFC2136_TIMEOUT: DNS propagation timeout in time.ParseDuration format. (60s)
@ -88,24 +88,24 @@ func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret, t

 // Returns the timeout configured with RFC2136_TIMEOUT, or 60s.
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
-    return d.timeout, 2 * time.Second
+	return d.timeout, 2 * time.Second
 }

 // Present creates a TXT record using the specified parameters
 func (r *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	return r.changeRecord("INSERT", fqdn, value, ttl)
 }

 // CleanUp removes the TXT record matching the specified parameters
 func (r *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)
 	return r.changeRecord("REMOVE", fqdn, value, ttl)
 }

 func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
 	// Find the zone for the given fqdn
-	zone, err := acme.FindZoneByFqdn(fqdn, []string{r.nameserver})
+	zone, err := acmev2.FindZoneByFqdn(fqdn, []string{r.nameserver})
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go
@ -14,7 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/route53"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

 const (
@ -22,7 +22,7 @@ const (
 	route53TTL = 10
 )

-// DNSProvider implements the acme.ChallengeProvider interface
+// DNSProvider implements the acmev2.ChallengeProvider interface
 type DNSProvider struct {
 	client       *route53.Route53
 	hostedZoneID string
@ -80,14 +80,14 @@ func NewDNSProvider() (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters
 func (r *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	value = `"` + value + `"`
 	return r.changeRecord("UPSERT", fqdn, value, route53TTL)
 }

 // CleanUp removes the TXT record matching the specified parameters
 func (r *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, _ := acmev2.DNS01Record(domain, keyAuth)
 	value = `"` + value + `"`
 	return r.changeRecord("DELETE", fqdn, value, route53TTL)
 }
@ -119,7 +119,7 @@ func (r *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {

 	statusID := resp.ChangeInfo.Id

-	return acme.WaitFor(120*time.Second, 4*time.Second, func() (bool, error) {
+	return acmev2.WaitFor(120*time.Second, 4*time.Second, func() (bool, error) {
 		reqParams := &route53.GetChangeInput{
 			Id: statusID,
 		}
@ -139,14 +139,14 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 		return r.hostedZoneID, nil
 	}

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := acmev2.FindZoneByFqdn(fqdn, acmev2.RecursiveNameservers)
 	if err != nil {
 		return "", err
 	}

 	// .DNSName should not have a trailing dot
 	reqParams := &route53.ListHostedZonesByNameInput{
-		DNSName: aws.String(acme.UnFqdn(authZone)),
+		DNSName: aws.String(acmev2.UnFqdn(authZone)),
 	}
 	resp, err := r.client.ListHostedZonesByName(reqParams)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/vultr/vultr.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/vultr/vultr.go
@ -9,10 +9,10 @@ import (
 	"strings"

 	vultr "github.com/JamesClonk/vultr/lib"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/acmev2"
 )

-// DNSProvider is an implementation of the acme.ChallengeProvider interface.
+// DNSProvider is an implementation of the acmev2.ChallengeProvider interface.
 type DNSProvider struct {
 	client *vultr.Client
 }
@ -40,7 +40,7 @@ func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {

 // Present creates a TXT record to fulfil the DNS-01 challenge.
 func (c *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
+	fqdn, value, ttl := acmev2.DNS01Record(domain, keyAuth)

 	zoneDomain, err := c.getHostedZone(domain)
 	if err != nil {
@ -59,7 +59,7 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _, _ := acmev2.DNS01Record(domain, keyAuth)

 	zoneDomain, records, err := c.findTxtRecords(domain, fqdn)
 	if err != nil {
@ -119,7 +119,7 @@ func (c *DNSProvider) findTxtRecords(domain, fqdn string) (string, []vultr.DNSRe
 }

 func (c *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := acmev2.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}