Update Lego

2019-01-07 18:30:06 +01:00 · 2019-01-07 18:30:06 +01:00 · 9b2423aaba
commit 9b2423aaba
parent fc8c24e987
192 changed files with 11105 additions and 8535 deletions
--- a/vendor/github.com/xenolf/lego/providers/dns/acmedns/acmedns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/acmedns/acmedns.go
@ -7,7 +7,7 @@ import (
 	"fmt"

 	"github.com/cpu/goacmedns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -17,21 +17,19 @@ const (
 	// apiBaseEnvVar is the environment variable name for the ACME-DNS API address
 	// (e.g. https://acmedns.your-domain.com).
 	apiBaseEnvVar = envNamespace + "API_BASE"
-	// storagePathEnvVar is the environment variable name for the ACME-DNS JSON
-	// account data file. A per-domain account will be registered/persisted to
-	// this file and used for TXT updates.
+	// storagePathEnvVar is the environment variable name for the ACME-DNS JSON account data file.
+	// A per-domain account will be registered/persisted to this file and used for TXT updates.
 	storagePathEnvVar = envNamespace + "STORAGE_PATH"
 )

-// acmeDNSClient is an interface describing the goacmedns.Client functions
-// the DNSProvider uses. It makes it easier for tests to shim a mock Client into
-// the DNSProvider.
+// acmeDNSClient is an interface describing the goacmedns.Client functions the DNSProvider uses.
+// It makes it easier for tests to shim a mock Client into the DNSProvider.
 type acmeDNSClient interface {
-	// UpdateTXTRecord updates the provided account's TXT record to the given
-	// value or returns an error.
+	// UpdateTXTRecord updates the provided account's TXT record
+	// to the given value or returns an error.
 	UpdateTXTRecord(goacmedns.Account, string) error
-	// RegisterAccount registers and returns a new account with the given
-	// allowFrom restriction or returns an error.
+	// RegisterAccount registers and returns a new account
+	// with the given allowFrom restriction or returns an error.
 	RegisterAccount([]string) (goacmedns.Account, error)
 }

@ -43,8 +41,7 @@ type DNSProvider struct {
 }

 // NewDNSProvider creates an ACME-DNS provider using file based account storage.
-// Its configuration is loaded from the environment by reading apiBaseEnvVar and
-// storagePathEnvVar.
+// Its configuration is loaded from the environment by reading apiBaseEnvVar and storagePathEnvVar.
 func NewDNSProvider() (*DNSProvider, error) {
 	values, err := env.Get(apiBaseEnvVar, storagePathEnvVar)
 	if err != nil {
@ -56,8 +53,7 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderClient(client, storage)
 }

-// NewDNSProviderClient creates an ACME-DNS DNSProvider with the given
-// acmeDNSClient and goacmedns.Storage.
+// NewDNSProviderClient creates an ACME-DNS DNSProvider with the given acmeDNSClient and goacmedns.Storage.
 func NewDNSProviderClient(client acmeDNSClient, storage goacmedns.Storage) (*DNSProvider, error) {
 	if client == nil {
 		return nil, errors.New("ACME-DNS Client must be not nil")
@ -76,8 +72,7 @@ func NewDNSProviderClient(client acmeDNSClient, storage goacmedns.Storage) (*DNS
 // ErrCNAMERequired is returned by Present when the Domain indicated had no
 // existing ACME-DNS account in the Storage and additional setup is required.
 // The user must create a CNAME in the DNS zone for Domain that aliases FQDN
-// to Target in order to complete setup for the ACME-DNS account that was
-// created.
+// to Target in order to complete setup for the ACME-DNS account that was created.
 type ErrCNAMERequired struct {
 	// The Domain that is being issued for.
 	Domain string
@ -100,18 +95,16 @@ func (e ErrCNAMERequired) Error() string {
 		e.Domain, e.Domain, e.FQDN, e.Target)
 }

-// Present creates a TXT record to fulfill the DNS-01 challenge. If there is an
-// existing account for the domain in the provider's storage then it will be
-// used to set the challenge response TXT record with the ACME-DNS server and
-// issuance will continue. If there is not an account for the given domain
-// present in the DNSProvider storage one will be created and registered with
-// the ACME DNS server and an ErrCNAMERequired error is returned. This will halt
-// issuance and indicate to the user that a one-time manual setup is required
-// for the domain.
+// Present creates a TXT record to fulfill the DNS-01 challenge.
+// If there is an existing account for the domain in the provider's storage
+// then it will be used to set the challenge response TXT record with the ACME-DNS server and issuance will continue.
+// If there is not an account for the given domain present in the DNSProvider storage
+// one will be created and registered with the ACME DNS server and an ErrCNAMERequired error is returned.
+// This will halt issuance and indicate to the user that a one-time manual setup is required for the domain.
 func (d *DNSProvider) Present(domain, _, keyAuth string) error {
 	// Compute the challenge response FQDN and TXT value for the domain based
 	// on the keyAuth.
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	// Check if credentials were previously saved for this domain.
 	account, err := d.storage.Fetch(domain)
@ -132,15 +125,15 @@ func (d *DNSProvider) Present(domain, _, keyAuth string) error {
 // CleanUp removes the record matching the specified parameters. It is not
 // implemented for the ACME-DNS provider.
 func (d *DNSProvider) CleanUp(_, _, _ string) error {
-	// ACME-DNS doesn't support the notion of removing a record. For users of
-	// ACME-DNS it is expected the stale records remain in-place.
+	// ACME-DNS doesn't support the notion of removing a record.
+	// For users of ACME-DNS it is expected the stale records remain in-place.
 	return nil
 }

-// register creates a new ACME-DNS account for the given domain. If account
-// creation works as expected a ErrCNAMERequired error is returned describing
-// the one-time manual CNAME setup required to complete setup of the ACME-DNS
-// hook for the domain. If any other error occurs it is returned as-is.
+// register creates a new ACME-DNS account for the given domain.
+// If account creation works as expected a ErrCNAMERequired error is returned describing
+// the one-time manual CNAME setup required to complete setup of the ACME-DNS hook for the domain.
+// If any other error occurs it is returned as-is.
 func (d *DNSProvider) register(domain, fqdn string) error {
 	// TODO(@cpu): Read CIDR whitelists from the environment
 	newAcct, err := d.client.RegisterAccount(nil)
@ -158,9 +151,9 @@ func (d *DNSProvider) register(domain, fqdn string) error {
 		return err
 	}

-	// Stop issuance by returning an error. The user needs to perform a manual
-	// one-time CNAME setup in their DNS zone to complete the setup of the new
-	// account we created.
+	// Stop issuance by returning an error.
+	// The user needs to perform a manual one-time CNAME setup in their DNS zone
+	// to complete the setup of the new account we created.
 	return ErrCNAMERequired{
 		Domain: domain,
 		FQDN:   fqdn,
--- a/vendor/github.com/xenolf/lego/providers/dns/alidns/alidns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/alidns/alidns.go
@ -1,5 +1,4 @@
-// Package alidns implements a DNS provider for solving the DNS-01 challenge
-// using Alibaba Cloud DNS.
+// Package alidns implements a DNS provider for solving the DNS-01 challenge using Alibaba Cloud DNS.
 package alidns

 import (
@ -12,7 +11,7 @@ import (
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
 	"github.com/aliyun/alibaba-cloud-sdk-go/services/alidns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -33,8 +32,8 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                env.GetOrDefaultInt("ALICLOUD_TTL", 600),
-		PropagationTimeout: env.GetOrDefaultSecond("ALICLOUD_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("ALICLOUD_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("ALICLOUD_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("ALICLOUD_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPTimeout:        env.GetOrDefaultSecond("ALICLOUD_HTTP_TIMEOUT", 10*time.Second),
 	}
 }
@ -61,18 +60,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for alidns.
-// Deprecated
-func NewDNSProviderCredentials(apiKey, secretKey, regionID string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = apiKey
-	config.SecretKey = secretKey
-	config.RegionID = regionID
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for alidns.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -106,7 +93,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	_, zoneName, err := d.getHostedZone(domain)
 	if err != nil {
@ -124,7 +111,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	records, err := d.findTxtRecords(domain, fqdn)
 	if err != nil {
@ -149,19 +136,35 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 func (d *DNSProvider) getHostedZone(domain string) (string, string, error) {
 	request := alidns.CreateDescribeDomainsRequest()
-	zones, err := d.client.DescribeDomains(request)
-	if err != nil {
-		return "", "", fmt.Errorf("API call failed: %v", err)
+
+	var domains []alidns.Domain
+	startPage := 1
+
+	for {
+		request.PageNumber = requests.NewInteger(startPage)
+
+		response, err := d.client.DescribeDomains(request)
+		if err != nil {
+			return "", "", fmt.Errorf("API call failed: %v", err)
+		}
+
+		domains = append(domains, response.Domains.Domain...)
+
+		if response.PageNumber >= response.PageSize {
+			break
+		}
+
+		startPage++
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return "", "", err
 	}

 	var hostedZone alidns.Domain
-	for _, zone := range zones.Domains.Domain {
-		if zone.DomainName == acme.UnFqdn(authZone) {
+	for _, zone := range domains {
+		if zone.DomainName == dns01.UnFqdn(authZone) {
 			hostedZone = zone
 		}
 	}
@ -209,7 +212,7 @@ func (d *DNSProvider) findTxtRecords(domain, fqdn string) ([]alidns.Record, erro
 }

 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/auroradns/auroradns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/auroradns/auroradns.go
@ -8,7 +8,7 @@ import (
 	"time"

 	"github.com/ldez/go-auroradns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -28,8 +28,8 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                env.GetOrDefaultInt("AURORA_TTL", 300),
-		PropagationTimeout: env.GetOrDefaultSecond("AURORA_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("AURORA_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("AURORA_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("AURORA_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 	}
 }

@ -58,18 +58,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for AuroraDNS.
-// Deprecated
-func NewDNSProviderCredentials(baseURL string, userID string, key string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.BaseURL = baseURL
-	config.UserID = userID
-	config.Key = key
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for AuroraDNS.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -103,9 +91,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a record with a secret
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return fmt.Errorf("aurora: could not determine zone for domain: '%s'. %s", domain, err)
 	}
@ -119,7 +107,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 	subdomain := fqdn[0 : len(fqdn)-len(authZone)-1]

-	authZone = acme.UnFqdn(authZone)
+	authZone = dns01.UnFqdn(authZone)

 	zone, err := d.getZoneInformationByName(authZone)
 	if err != nil {
@ -147,7 +135,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes a given record that was generated by Present
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	d.recordIDsMu.Lock()
 	recordID, ok := d.recordIDs[fqdn]
@ -157,12 +145,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("unknown recordID for %q", fqdn)
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return fmt.Errorf("could not determine zone for domain: %q. %v", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = dns01.UnFqdn(authZone)

 	zone, err := d.getZoneInformationByName(authZone)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go
@ -1,5 +1,4 @@
-// Package azure implements a DNS provider for solving the DNS-01
-// challenge using azure DNS.
+// Package azure implements a DNS provider for solving the DNS-01 challenge using azure DNS.
 // Azure doesn't like trailing dots on domain names, most of the acme code does.
 package azure

@ -18,7 +17,7 @@ import (
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/Azure/go-autorest/autorest/azure/auth"
 	"github.com/Azure/go-autorest/autorest/to"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -72,20 +71,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for azure.
-// Deprecated
-func NewDNSProviderCredentials(clientID, clientSecret, subscriptionID, tenantID, resourceGroup string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.ClientID = clientID
-	config.ClientSecret = clientSecret
-	config.TenantID = tenantID
-	config.SubscriptionID = subscriptionID
-	config.ResourceGroup = resourceGroup
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Azure.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -128,8 +113,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	return &DNSProvider{config: config, authorizer: authorizer}, nil
 }

-// Timeout returns the timeout and interval to use when checking for DNS
-// propagation. Adjusting here to cope with spikes in propagation times.
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
@ -137,7 +122,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	ctx := context.Background()
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZoneID(ctx, fqdn)
 	if err != nil {
@ -147,12 +132,38 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	rsc := dns.NewRecordSetsClient(d.config.SubscriptionID)
 	rsc.Authorizer = d.authorizer

-	relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
+	relative := toRelativeRecord(fqdn, dns01.ToFqdn(zone))
+
+	// Get existing record set
+	rset, err := rsc.Get(ctx, d.config.ResourceGroup, zone, relative, dns.TXT)
+	if err != nil {
+		detailedError, ok := err.(autorest.DetailedError)
+		if !ok || detailedError.StatusCode != http.StatusNotFound {
+			return fmt.Errorf("azure: %v", err)
+		}
+	}
+
+	// Construct unique TXT records using map
+	uniqRecords := map[string]struct{}{value: {}}
+	if rset.RecordSetProperties != nil && rset.TxtRecords != nil {
+		for _, txtRecord := range *rset.TxtRecords {
+			// Assume Value doesn't contain multiple strings
+			if txtRecord.Value != nil && len(*txtRecord.Value) > 0 {
+				uniqRecords[(*txtRecord.Value)[0]] = struct{}{}
+			}
+		}
+	}
+
+	var txtRecords []dns.TxtRecord
+	for txt := range uniqRecords {
+		txtRecords = append(txtRecords, dns.TxtRecord{Value: &[]string{txt}})
+	}
+
 	rec := dns.RecordSet{
 		Name: &relative,
 		RecordSetProperties: &dns.RecordSetProperties{
 			TTL:        to.Int64Ptr(int64(d.config.TTL)),
-			TxtRecords: &[]dns.TxtRecord{{Value: &[]string{value}}},
+			TxtRecords: &txtRecords,
 		},
 	}

@ -166,14 +177,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	ctx := context.Background()
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZoneID(ctx, fqdn)
 	if err != nil {
 		return fmt.Errorf("azure: %v", err)
 	}

-	relative := toRelativeRecord(fqdn, acme.ToFqdn(zone))
+	relative := toRelativeRecord(fqdn, dns01.ToFqdn(zone))
 	rsc := dns.NewRecordSetsClient(d.config.SubscriptionID)
 	rsc.Authorizer = d.authorizer

@ -186,7 +197,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 // Checks that azure has a zone for this domain name.
 func (d *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return "", err
 	}
@ -194,7 +205,7 @@ func (d *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string,
 	dc := dns.NewZonesClient(d.config.SubscriptionID)
 	dc.Authorizer = d.authorizer

-	zone, err := dc.Get(ctx, d.config.ResourceGroup, acme.UnFqdn(authZone))
+	zone, err := dc.Get(ctx, d.config.ResourceGroup, dns01.UnFqdn(authZone))
 	if err != nil {
 		return "", err
 	}
@ -205,7 +216,7 @@ func (d *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string,

 // Returns the relative record to the domain
 func toRelativeRecord(domain, zone string) string {
-	return acme.UnFqdn(strings.TrimSuffix(domain, zone))
+	return dns01.UnFqdn(strings.TrimSuffix(domain, zone))
 }

 func getAuthorizer(config *Config) (autorest.Authorizer, error) {
@ -259,5 +270,5 @@ func getMetadata(config *Config, field string) (string, error) {
 		return "", err
 	}

-	return string(respBody[:]), nil
+	return string(respBody), nil
 }
--- a/vendor/github.com/xenolf/lego/providers/dns/bluecat/bluecat.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/bluecat/bluecat.go
@ -1,27 +1,25 @@
-// Package bluecat implements a DNS provider for solving the DNS-01 challenge
-// using a self-hosted Bluecat Address Manager.
+// Package bluecat implements a DNS provider for solving the DNS-01 challenge using a self-hosted Bluecat Address Manager.
 package bluecat

 import (
-	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
-	"regexp"
 	"strconv"
-	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

-const configType = "Configuration"
-const viewType = "View"
-const txtType = "TXTRecord"
-const zoneType = "Zone"
+const (
+	configType = "Configuration"
+	viewType   = "View"
+	zoneType   = "Zone"
+	txtType    = "TXTRecord"
+)

 // Config is used to configure the creation of the DNSProvider
 type Config struct {
@ -39,9 +37,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("BLUECAT_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("BLUECAT_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("BLUECAT_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("BLUECAT_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("BLUECAT_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("BLUECAT_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("BLUECAT_HTTP_TIMEOUT", 30*time.Second),
 		},
@ -58,8 +56,8 @@ type DNSProvider struct {
 // NewDNSProvider returns a DNSProvider instance configured for Bluecat DNS.
 // Credentials must be passed in the environment variables: BLUECAT_SERVER_URL, BLUECAT_USER_NAME and BLUECAT_PASSWORD.
 // BLUECAT_SERVER_URL should have the scheme, hostname, and port (if required) of the authoritative Bluecat BAM server.
-// The REST endpoint will be appended. In addition, the Configuration name
-// and external DNS View Name must be passed in BLUECAT_CONFIG_NAME and BLUECAT_DNS_VIEW
+// The REST endpoint will be appended.
+// In addition, the Configuration name and external DNS View Name must be passed in BLUECAT_CONFIG_NAME and BLUECAT_DNS_VIEW
 func NewDNSProvider() (*DNSProvider, error) {
 	values, err := env.Get("BLUECAT_SERVER_URL", "BLUECAT_USER_NAME", "BLUECAT_PASSWORD", "BLUECAT_CONFIG_NAME", "BLUECAT_DNS_VIEW")
 	if err != nil {
@ -76,24 +74,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Bluecat DNS.
-// Deprecated
-func NewDNSProviderCredentials(baseURL, userName, password, configName, dnsView string, httpClient *http.Client) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.BaseURL = baseURL
-	config.UserName = userName
-	config.Password = password
-	config.ConfigName = configName
-	config.DNSView = dnsView
-
-	if httpClient != nil {
-		config.HTTPClient = httpClient
-	}
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Bluecat DNS.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -111,7 +91,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 // This will *not* create a subzone to contain the TXT record,
 // so make sure the FQDN specified is within an extant zone.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	err := d.login()
 	if err != nil {
@ -162,7 +142,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	err := d.login()
 	if err != nil {
@ -219,223 +199,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-// Send a REST request, using query parameters specified. The Authorization
-// header will be set if we have an active auth token
-func (d *DNSProvider) sendRequest(method, resource string, payload interface{}, queryArgs map[string]string) (*http.Response, error) {
-	url := fmt.Sprintf("%s/Services/REST/v1/%s", d.config.BaseURL, resource)
-
-	body, err := json.Marshal(payload)
-	if err != nil {
-		return nil, fmt.Errorf("bluecat: %v", err)
-	}
-
-	req, err := http.NewRequest(method, url, bytes.NewReader(body))
-	if err != nil {
-		return nil, fmt.Errorf("bluecat: %v", err)
-	}
-	req.Header.Set("Content-Type", "application/json")
-	if len(d.token) > 0 {
-		req.Header.Set("Authorization", d.token)
-	}
-
-	// Add all query parameters
-	q := req.URL.Query()
-	for argName, argVal := range queryArgs {
-		q.Add(argName, argVal)
-	}
-	req.URL.RawQuery = q.Encode()
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("bluecat: %v", err)
-	}
-
-	if resp.StatusCode >= 400 {
-		errBytes, _ := ioutil.ReadAll(resp.Body)
-		errResp := string(errBytes)
-		return nil, fmt.Errorf("bluecat: request failed with HTTP status code %d\n Full message: %s",
-			resp.StatusCode, errResp)
-	}
-
-	return resp, nil
-}
-
-// Starts a new Bluecat API Session. Authenticates using customerName, userName,
-// password and receives a token to be used in for subsequent requests.
-func (d *DNSProvider) login() error {
-	queryArgs := map[string]string{
-		"username": d.config.UserName,
-		"password": d.config.Password,
-	}
-
-	resp, err := d.sendRequest(http.MethodGet, "login", nil, queryArgs)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	authBytes, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return fmt.Errorf("bluecat: %v", err)
-	}
-	authResp := string(authBytes)
-
-	if strings.Contains(authResp, "Authentication Error") {
-		msg := strings.Trim(authResp, "\"")
-		return fmt.Errorf("bluecat: request failed: %s", msg)
-	}
-	// Upon success, API responds with "Session Token-> BAMAuthToken: dQfuRMTUxNjc3MjcyNDg1ODppcGFybXM= <- for User : username"
-	d.token = regexp.MustCompile("BAMAuthToken: [^ ]+").FindString(authResp)
-	return nil
-}
-
-// Destroys Bluecat Session
-func (d *DNSProvider) logout() error {
-	if len(d.token) == 0 {
-		// nothing to do
-		return nil
-	}
-
-	resp, err := d.sendRequest(http.MethodGet, "logout", nil, nil)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != 200 {
-		return fmt.Errorf("bluecat: request failed to delete session with HTTP status code %d", resp.StatusCode)
-	}
-
-	authBytes, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return err
-	}
-	authResp := string(authBytes)
-
-	if !strings.Contains(authResp, "successfully") {
-		msg := strings.Trim(authResp, "\"")
-		return fmt.Errorf("bluecat: request failed to delete session: %s", msg)
-	}
-
-	d.token = ""
-
-	return nil
-}
-
-// Lookup the entity ID of the configuration named in our properties
-func (d *DNSProvider) lookupConfID() (uint, error) {
-	queryArgs := map[string]string{
-		"parentId": strconv.Itoa(0),
-		"name":     d.config.ConfigName,
-		"type":     configType,
-	}
-
-	resp, err := d.sendRequest(http.MethodGet, "getEntityByName", nil, queryArgs)
-	if err != nil {
-		return 0, err
-	}
-	defer resp.Body.Close()
-
-	var conf entityResponse
-	err = json.NewDecoder(resp.Body).Decode(&conf)
-	if err != nil {
-		return 0, fmt.Errorf("bluecat: %v", err)
-	}
-	return conf.ID, nil
-}
-
-// Find the DNS view with the given name within
-func (d *DNSProvider) lookupViewID(viewName string) (uint, error) {
-	confID, err := d.lookupConfID()
-	if err != nil {
-		return 0, err
-	}
-
-	queryArgs := map[string]string{
-		"parentId": strconv.FormatUint(uint64(confID), 10),
-		"name":     viewName,
-		"type":     viewType,
-	}
-
-	resp, err := d.sendRequest(http.MethodGet, "getEntityByName", nil, queryArgs)
-	if err != nil {
-		return 0, err
-	}
-	defer resp.Body.Close()
-
-	var view entityResponse
-	err = json.NewDecoder(resp.Body).Decode(&view)
-	if err != nil {
-		return 0, fmt.Errorf("bluecat: %v", err)
-	}
-
-	return view.ID, nil
-}
-
-// Return the entityId of the parent zone by recursing from the root view
-// Also return the simple name of the host
-func (d *DNSProvider) lookupParentZoneID(viewID uint, fqdn string) (uint, string, error) {
-	parentViewID := viewID
-	name := ""
-
-	if fqdn != "" {
-		zones := strings.Split(strings.Trim(fqdn, "."), ".")
-		last := len(zones) - 1
-		name = zones[0]
-
-		for i := last; i > -1; i-- {
-			zoneID, err := d.getZone(parentViewID, zones[i])
-			if err != nil || zoneID == 0 {
-				return parentViewID, name, err
-			}
-			if i > 0 {
-				name = strings.Join(zones[0:i], ".")
-			}
-			parentViewID = zoneID
-		}
-	}
-
-	return parentViewID, name, nil
-}
-
-// Get the DNS zone with the specified name under the parentId
-func (d *DNSProvider) getZone(parentID uint, name string) (uint, error) {
-	queryArgs := map[string]string{
-		"parentId": strconv.FormatUint(uint64(parentID), 10),
-		"name":     name,
-		"type":     zoneType,
-	}
-
-	resp, err := d.sendRequest(http.MethodGet, "getEntityByName", nil, queryArgs)
-	// Return an empty zone if the named zone doesn't exist
-	if resp != nil && resp.StatusCode == 404 {
-		return 0, fmt.Errorf("bluecat: could not find zone named %s", name)
-	}
-	if err != nil {
-		return 0, err
-	}
-	defer resp.Body.Close()
-
-	var zone entityResponse
-	err = json.NewDecoder(resp.Body).Decode(&zone)
-	if err != nil {
-		return 0, fmt.Errorf("bluecat: %v", err)
-	}
-
-	return zone.ID, nil
-}
-
-// Deploy the DNS config for the specified entity to the authoritative servers
-func (d *DNSProvider) deploy(entityID uint) error {
-	queryArgs := map[string]string{
-		"entityId": strconv.FormatUint(uint64(entityID), 10),
-	}
-
-	resp, err := d.sendRequest(http.MethodPost, "quickDeploy", nil, queryArgs)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	return nil
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/bluecat/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/bluecat/client.go
@ -1,5 +1,16 @@
 package bluecat

+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
 // JSON body for Bluecat entity requests and responses
 type bluecatEntity struct {
 	ID         string `json:"id,omitempty"`
@ -14,3 +25,225 @@ type entityResponse struct {
 	Type       string `json:"type"`
 	Properties string `json:"properties"`
 }
+
+// Starts a new Bluecat API Session. Authenticates using customerName, userName,
+// password and receives a token to be used in for subsequent requests.
+func (d *DNSProvider) login() error {
+	queryArgs := map[string]string{
+		"username": d.config.UserName,
+		"password": d.config.Password,
+	}
+
+	resp, err := d.sendRequest(http.MethodGet, "login", nil, queryArgs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	authBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return fmt.Errorf("bluecat: %v", err)
+	}
+	authResp := string(authBytes)
+
+	if strings.Contains(authResp, "Authentication Error") {
+		msg := strings.Trim(authResp, "\"")
+		return fmt.Errorf("bluecat: request failed: %s", msg)
+	}
+
+	// Upon success, API responds with "Session Token-> BAMAuthToken: dQfuRMTUxNjc3MjcyNDg1ODppcGFybXM= <- for User : username"
+	d.token = regexp.MustCompile("BAMAuthToken: [^ ]+").FindString(authResp)
+	return nil
+}
+
+// Destroys Bluecat Session
+func (d *DNSProvider) logout() error {
+	if len(d.token) == 0 {
+		// nothing to do
+		return nil
+	}
+
+	resp, err := d.sendRequest(http.MethodGet, "logout", nil, nil)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return fmt.Errorf("bluecat: request failed to delete session with HTTP status code %d", resp.StatusCode)
+	}
+
+	authBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	authResp := string(authBytes)
+
+	if !strings.Contains(authResp, "successfully") {
+		msg := strings.Trim(authResp, "\"")
+		return fmt.Errorf("bluecat: request failed to delete session: %s", msg)
+	}
+
+	d.token = ""
+
+	return nil
+}
+
+// Lookup the entity ID of the configuration named in our properties
+func (d *DNSProvider) lookupConfID() (uint, error) {
+	queryArgs := map[string]string{
+		"parentId": strconv.Itoa(0),
+		"name":     d.config.ConfigName,
+		"type":     configType,
+	}
+
+	resp, err := d.sendRequest(http.MethodGet, "getEntityByName", nil, queryArgs)
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+
+	var conf entityResponse
+	err = json.NewDecoder(resp.Body).Decode(&conf)
+	if err != nil {
+		return 0, fmt.Errorf("bluecat: %v", err)
+	}
+	return conf.ID, nil
+}
+
+// Find the DNS view with the given name within
+func (d *DNSProvider) lookupViewID(viewName string) (uint, error) {
+	confID, err := d.lookupConfID()
+	if err != nil {
+		return 0, err
+	}
+
+	queryArgs := map[string]string{
+		"parentId": strconv.FormatUint(uint64(confID), 10),
+		"name":     viewName,
+		"type":     viewType,
+	}
+
+	resp, err := d.sendRequest(http.MethodGet, "getEntityByName", nil, queryArgs)
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+
+	var view entityResponse
+	err = json.NewDecoder(resp.Body).Decode(&view)
+	if err != nil {
+		return 0, fmt.Errorf("bluecat: %v", err)
+	}
+
+	return view.ID, nil
+}
+
+// Return the entityId of the parent zone by recursing from the root view
+// Also return the simple name of the host
+func (d *DNSProvider) lookupParentZoneID(viewID uint, fqdn string) (uint, string, error) {
+	parentViewID := viewID
+	name := ""
+
+	if fqdn != "" {
+		zones := strings.Split(strings.Trim(fqdn, "."), ".")
+		last := len(zones) - 1
+		name = zones[0]
+
+		for i := last; i > -1; i-- {
+			zoneID, err := d.getZone(parentViewID, zones[i])
+			if err != nil || zoneID == 0 {
+				return parentViewID, name, err
+			}
+			if i > 0 {
+				name = strings.Join(zones[0:i], ".")
+			}
+			parentViewID = zoneID
+		}
+	}
+
+	return parentViewID, name, nil
+}
+
+// Get the DNS zone with the specified name under the parentId
+func (d *DNSProvider) getZone(parentID uint, name string) (uint, error) {
+	queryArgs := map[string]string{
+		"parentId": strconv.FormatUint(uint64(parentID), 10),
+		"name":     name,
+		"type":     zoneType,
+	}
+
+	resp, err := d.sendRequest(http.MethodGet, "getEntityByName", nil, queryArgs)
+
+	// Return an empty zone if the named zone doesn't exist
+	if resp != nil && resp.StatusCode == http.StatusNotFound {
+		return 0, fmt.Errorf("bluecat: could not find zone named %s", name)
+	}
+	if err != nil {
+		return 0, err
+	}
+	defer resp.Body.Close()
+
+	var zone entityResponse
+	err = json.NewDecoder(resp.Body).Decode(&zone)
+	if err != nil {
+		return 0, fmt.Errorf("bluecat: %v", err)
+	}
+
+	return zone.ID, nil
+}
+
+// Deploy the DNS config for the specified entity to the authoritative servers
+func (d *DNSProvider) deploy(entityID uint) error {
+	queryArgs := map[string]string{
+		"entityId": strconv.FormatUint(uint64(entityID), 10),
+	}
+
+	resp, err := d.sendRequest(http.MethodPost, "quickDeploy", nil, queryArgs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
+
+// Send a REST request, using query parameters specified. The Authorization
+// header will be set if we have an active auth token
+func (d *DNSProvider) sendRequest(method, resource string, payload interface{}, queryArgs map[string]string) (*http.Response, error) {
+	url := fmt.Sprintf("%s/Services/REST/v1/%s", d.config.BaseURL, resource)
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, fmt.Errorf("bluecat: %v", err)
+	}
+
+	req, err := http.NewRequest(method, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, fmt.Errorf("bluecat: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	if len(d.token) > 0 {
+		req.Header.Set("Authorization", d.token)
+	}
+
+	// Add all query parameters
+	q := req.URL.Query()
+	for argName, argVal := range queryArgs {
+		q.Add(argName, argVal)
+	}
+	req.URL.RawQuery = q.Encode()
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("bluecat: %v", err)
+	}
+
+	if resp.StatusCode >= 400 {
+		errBytes, _ := ioutil.ReadAll(resp.Body)
+		errResp := string(errBytes)
+		return nil, fmt.Errorf("bluecat: request failed with HTTP status code %d\n Full message: %s",
+			resp.StatusCode, errResp)
+	}
+
+	return resp, nil
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/cloudflare/cloudflare.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/cloudflare/cloudflare.go
@ -1,5 +1,4 @@
-// Package cloudflare implements a DNS provider for solving the DNS-01
-// challenge using cloudflare DNS.
+// Package cloudflare implements a DNS provider for solving the DNS-01 challenge using cloudflare DNS.
 package cloudflare

 import (
@ -9,14 +8,11 @@ import (
 	"time"

 	"github.com/cloudflare/cloudflare-go"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 )

-// CloudFlareAPIURL represents the API endpoint to call.
-const CloudFlareAPIURL = "https://api.cloudflare.com/client/v4" // Deprecated
-
 const (
 	minTTL = 120
 )
@ -67,17 +63,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Cloudflare.
-// Deprecated
-func NewDNSProviderCredentials(email, key string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.AuthEmail = email
-	config.AuthKey = key
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Cloudflare.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -93,9 +78,6 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, err
 	}

-	// TODO: must be remove. keep only for compatibility reason.
-	client.BaseURL = CloudFlareAPIURL
-
 	return &DNSProvider{client: client, config: config}, nil
 }

@ -107,21 +89,21 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("cloudflare: %v", err)
 	}

-	zoneID, err := d.client.ZoneIDByName(acme.UnFqdn(authZone))
+	zoneID, err := d.client.ZoneIDByName(dns01.UnFqdn(authZone))
 	if err != nil {
 		return fmt.Errorf("cloudflare: failed to find zone %s: %v", authZone, err)
 	}

 	dnsRecord := cloudflare.DNSRecord{
 		Type:    "TXT",
-		Name:    acme.UnFqdn(fqdn),
+		Name:    dns01.UnFqdn(fqdn),
 		Content: value,
 		TTL:     d.config.TTL,
 	}
@ -142,21 +124,21 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("cloudflare: %v", err)
 	}

-	zoneID, err := d.client.ZoneIDByName(acme.UnFqdn(authZone))
+	zoneID, err := d.client.ZoneIDByName(dns01.UnFqdn(authZone))
 	if err != nil {
 		return fmt.Errorf("cloudflare: failed to find zone %s: %v", authZone, err)
 	}

 	dnsRecord := cloudflare.DNSRecord{
 		Type: "TXT",
-		Name: acme.UnFqdn(fqdn),
+		Name: dns01.UnFqdn(fqdn),
 	}

 	records, err := d.client.DNSRecords(zoneID, dnsRecord)
--- a/vendor/github.com/xenolf/lego/providers/dns/cloudxns/cloudxns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/cloudxns/cloudxns.go
@ -1,5 +1,4 @@
-// Package cloudxns implements a DNS provider for solving the DNS-01 challenge
-// using CloudXNS DNS.
+// Package cloudxns implements a DNS provider for solving the DNS-01 challenge using CloudXNS DNS.
 package cloudxns

 import (
@ -8,8 +7,9 @@ import (
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
+	"github.com/xenolf/lego/providers/dns/cloudxns/internal"
 )

 // Config is used to configure the creation of the DNSProvider
@ -24,21 +24,20 @@ type Config struct {

 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
-	client := acme.HTTPClient
-	client.Timeout = time.Second * time.Duration(env.GetOrDefaultInt("CLOUDXNS_HTTP_TIMEOUT", 30))
-
 	return &Config{
-		PropagationTimeout: env.GetOrDefaultSecond("CLOUDXNS_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("CLOUDXNS_POLLING_INTERVAL", acme.DefaultPollingInterval),
-		TTL:                env.GetOrDefaultInt("CLOUDXNS_TTL", 120),
-		HTTPClient:         &client,
+		PropagationTimeout: env.GetOrDefaultSecond("CLOUDXNS_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("CLOUDXNS_POLLING_INTERVAL", dns01.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("CLOUDXNS_TTL", dns01.DefaultTTL),
+		HTTPClient: &http.Client{
+			Timeout: time.Second * time.Duration(env.GetOrDefaultInt("CLOUDXNS_HTTP_TIMEOUT", 30)),
+		},
 	}
 }

 // DNSProvider is an implementation of the acme.ChallengeProvider interface
 type DNSProvider struct {
 	config *Config
-	client *Client
+	client *internal.Client
 }

 // NewDNSProvider returns a DNSProvider instance configured for CloudXNS.
@ -50,15 +49,9 @@ func NewDNSProvider() (*DNSProvider, error) {
 		return nil, fmt.Errorf("CloudXNS: %v", err)
 	}

-	return NewDNSProviderCredentials(values["CLOUDXNS_API_KEY"], values["CLOUDXNS_SECRET_KEY"])
-}
-
-// NewDNSProviderCredentials uses the supplied credentials to return a
-// DNSProvider instance configured for CloudXNS.
-func NewDNSProviderCredentials(apiKey, secretKey string) (*DNSProvider, error) {
 	config := NewDefaultConfig()
-	config.APIKey = apiKey
-	config.SecretKey = secretKey
+	config.APIKey = values["CLOUDXNS_API_KEY"]
+	config.SecretKey = values["CLOUDXNS_SECRET_KEY"]

 	return NewDNSProviderConfig(config)
 }
@ -69,7 +62,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("CloudXNS: the configuration of the DNS provider is nil")
 	}

-	client, err := NewClient(config.APIKey, config.SecretKey)
+	client, err := internal.NewClient(config.APIKey, config.SecretKey)
 	if err != nil {
 		return nil, err
 	}
@ -81,7 +74,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	info, err := d.client.GetDomainInformation(fqdn)
 	if err != nil {
@ -93,7 +86,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	info, err := d.client.GetDomainInformation(fqdn)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/cloudxns/internal/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/cloudxns/internal/client.go
@ -1,4 +1,4 @@
-package cloudxns
+package internal

 import (
 	"bytes"
@ -12,7 +12,7 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 )

 const defaultBaseURL = "https://www.cloudxns.net/api2/"
@ -70,7 +70,7 @@ type Client struct {

 // GetDomainInformation Get domain name information for a FQDN
 func (c *Client) GetDomainInformation(fqdn string) (*Data, error) {
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return nil, err
 	}
@ -111,7 +111,7 @@ func (c *Client) FindTxtRecord(zoneID, fqdn string) (*TXTRecord, error) {
 	}

 	for _, record := range records {
-		if record.Host == acme.UnFqdn(fqdn) && record.Type == "TXT" {
+		if record.Host == dns01.UnFqdn(fqdn) && record.Type == "TXT" {
 			return &record, nil
 		}
 	}
@ -128,7 +128,7 @@ func (c *Client) AddTxtRecord(info *Data, fqdn, value string, ttl int) error {

 	payload := TXTRecord{
 		ID:     id,
-		Host:   acme.UnFqdn(strings.TrimSuffix(fqdn, info.Domain)),
+		Host:   dns01.UnFqdn(strings.TrimSuffix(fqdn, info.Domain)),
 		Value:  value,
 		Type:   "TXT",
 		LineID: 1,
--- a/vendor/github.com/xenolf/lego/providers/dns/conoha/conoha.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/conoha/conoha.go
@ -1,5 +1,4 @@
-// Package conoha implements a DNS provider for solving the DNS-01 challenge
-// using ConoHa DNS.
+// Package conoha implements a DNS provider for solving the DNS-01 challenge using ConoHa DNS.
 package conoha

 import (
@ -8,8 +7,9 @@ import (
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
+	"github.com/xenolf/lego/providers/dns/conoha/internal"
 )

 // Config is used to configure the creation of the DNSProvider
@ -29,8 +29,8 @@ func NewDefaultConfig() *Config {
 	return &Config{
 		Region:             env.GetOrDefaultString("CONOHA_REGION", "tyo1"),
 		TTL:                env.GetOrDefaultInt("CONOHA_TTL", 60),
-		PropagationTimeout: env.GetOrDefaultSecond("CONOHA_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("CONOHA_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("CONOHA_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("CONOHA_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("CONOHA_HTTP_TIMEOUT", 30*time.Second),
 		},
@ -40,7 +40,7 @@ func NewDefaultConfig() *Config {
 // DNSProvider is an implementation of the acme.ChallengeProvider interface
 type DNSProvider struct {
 	config *Config
-	client *Client
+	client *internal.Client
 }

 // NewDNSProvider returns a DNSProvider instance configured for ConoHa DNS.
@ -69,15 +69,15 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, errors.New("conoha: some credentials information are missing")
 	}

-	auth := Auth{
+	auth := internal.Auth{
 		TenantID: config.TenantID,
-		PasswordCredentials: PasswordCredentials{
+		PasswordCredentials: internal.PasswordCredentials{
 			Username: config.Username,
 			Password: config.Password,
 		},
 	}

-	client, err := NewClient(config.Region, auth, config.HTTPClient)
+	client, err := internal.NewClient(config.Region, auth, config.HTTPClient)
 	if err != nil {
 		return nil, fmt.Errorf("conoha: failed to create client: %v", err)
 	}
@ -87,9 +87,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return err
 	}
@ -99,7 +99,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		return fmt.Errorf("conoha: failed to get domain ID: %v", err)
 	}

-	record := Record{
+	record := internal.Record{
 		Name: fqdn,
 		Type: "TXT",
 		Data: value,
@ -116,9 +116,9 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp clears ConoHa DNS TXT record
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/conoha/internal/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/conoha/internal/client.go
@ -1,4 +1,4 @@
-package conoha
+package internal

 import (
 	"bytes"
--- a/vendor/github.com/xenolf/lego/providers/dns/digitalocean/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/digitalocean/client.go
@ -1,26 +1,132 @@
 package digitalocean

+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/xenolf/lego/challenge/dns01"
+)
+
 const defaultBaseURL = "https://api.digitalocean.com"

-// txtRecordRequest represents the request body to DO's API to make a TXT record
-type txtRecordRequest struct {
-	RecordType string `json:"type"`
-	Name       string `json:"name"`
-	Data       string `json:"data"`
-	TTL        int    `json:"ttl"`
-}
-
 // txtRecordResponse represents a response from DO's API after making a TXT record
 type txtRecordResponse struct {
-	DomainRecord struct {
-		ID   int    `json:"id"`
-		Type string `json:"type"`
-		Name string `json:"name"`
-		Data string `json:"data"`
-	} `json:"domain_record"`
+	DomainRecord record `json:"domain_record"`
 }

-type digitalOceanAPIError struct {
+type record struct {
+	ID   int    `json:"id,omitempty"`
+	Type string `json:"type,omitempty"`
+	Name string `json:"name,omitempty"`
+	Data string `json:"data,omitempty"`
+	TTL  int    `json:"ttl,omitempty"`
+}
+
+type apiError struct {
 	ID      string `json:"id"`
 	Message string `json:"message"`
 }
+
+func (d *DNSProvider) removeTxtRecord(domain string, recordID int) error {
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
+	if err != nil {
+		return fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
+	}
+
+	reqURL := fmt.Sprintf("%s/v2/domains/%s/records/%d", d.config.BaseURL, dns01.UnFqdn(authZone), recordID)
+	req, err := d.newRequest(http.MethodDelete, reqURL, nil)
+	if err != nil {
+		return err
+	}
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return readError(req, resp)
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) addTxtRecord(domain, fqdn, value string) (*txtRecordResponse, error) {
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
+	if err != nil {
+		return nil, fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
+	}
+
+	reqData := record{Type: "TXT", Name: fqdn, Data: value, TTL: d.config.TTL}
+	body, err := json.Marshal(reqData)
+	if err != nil {
+		return nil, err
+	}
+
+	reqURL := fmt.Sprintf("%s/v2/domains/%s/records", d.config.BaseURL, dns01.UnFqdn(authZone))
+	req, err := d.newRequest(http.MethodPost, reqURL, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return nil, readError(req, resp)
+	}
+
+	content, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, errors.New(toUnreadableBodyMessage(req, content))
+	}
+
+	// Everything looks good; but we'll need the ID later to delete the record
+	respData := &txtRecordResponse{}
+	err = json.Unmarshal(content, respData)
+	if err != nil {
+		return nil, fmt.Errorf("%v: %s", err, toUnreadableBodyMessage(req, content))
+	}
+
+	return respData, nil
+}
+
+func (d *DNSProvider) newRequest(method, reqURL string, body io.Reader) (*http.Request, error) {
+	req, err := http.NewRequest(method, reqURL, body)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", d.config.AuthToken))
+
+	return req, nil
+}
+
+func readError(req *http.Request, resp *http.Response) error {
+	content, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return errors.New(toUnreadableBodyMessage(req, content))
+	}
+
+	var errInfo apiError
+	err = json.Unmarshal(content, &errInfo)
+	if err != nil {
+		return fmt.Errorf("apiError unmarshaling error: %v: %s", err, toUnreadableBodyMessage(req, content))
+	}
+
+	return fmt.Errorf("HTTP %d: %s: %s", resp.StatusCode, errInfo.ID, errInfo.Message)
+}
+
+func toUnreadableBodyMessage(req *http.Request, rawBody []byte) string {
+	return fmt.Sprintf("the request %s sent a response with a body which is an invalid format: %q", req.URL, string(rawBody))
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/digitalocean/digitalocean.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/digitalocean/digitalocean.go
@ -1,19 +1,14 @@
-// Package digitalocean implements a DNS provider for solving the DNS-01
-// challenge using digitalocean DNS.
+// Package digitalocean implements a DNS provider for solving the DNS-01 challenge using digitalocean DNS.
 package digitalocean

 import (
-	"bytes"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"net/http"
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -63,16 +58,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Digital Ocean.
-// Deprecated
-func NewDNSProviderCredentials(apiAuthToken string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.AuthToken = apiAuthToken
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Digital Ocean.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -101,7 +86,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	respData, err := d.addTxtRecord(domain, fqdn, value)
 	if err != nil {
@ -117,7 +102,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	// get the record's unique ID from when we created it
 	d.recordIDsMu.Lock()
@ -139,102 +124,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	return nil
 }
-
-func (d *DNSProvider) removeTxtRecord(domain string, recordID int) error {
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
-	if err != nil {
-		return fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
-	}
-
-	reqURL := fmt.Sprintf("%s/v2/domains/%s/records/%d", d.config.BaseURL, acme.UnFqdn(authZone), recordID)
-	req, err := d.newRequest(http.MethodDelete, reqURL, nil)
-	if err != nil {
-		return err
-	}
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 400 {
-		return readError(req, resp)
-	}
-
-	return nil
-}
-
-func (d *DNSProvider) addTxtRecord(domain, fqdn, value string) (*txtRecordResponse, error) {
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
-	if err != nil {
-		return nil, fmt.Errorf("could not determine zone for domain: '%s'. %s", domain, err)
-	}
-
-	reqData := txtRecordRequest{RecordType: "TXT", Name: fqdn, Data: value, TTL: d.config.TTL}
-	body, err := json.Marshal(reqData)
-	if err != nil {
-		return nil, err
-	}
-
-	reqURL := fmt.Sprintf("%s/v2/domains/%s/records", d.config.BaseURL, acme.UnFqdn(authZone))
-	req, err := d.newRequest(http.MethodPost, reqURL, bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 400 {
-		return nil, readError(req, resp)
-	}
-
-	content, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, errors.New(toUnreadableBodyMessage(req, content))
-	}
-
-	// Everything looks good; but we'll need the ID later to delete the record
-	respData := &txtRecordResponse{}
-	err = json.Unmarshal(content, respData)
-	if err != nil {
-		return nil, fmt.Errorf("%v: %s", err, toUnreadableBodyMessage(req, content))
-	}
-
-	return respData, nil
-}
-
-func (d *DNSProvider) newRequest(method, reqURL string, body io.Reader) (*http.Request, error) {
-	req, err := http.NewRequest(method, reqURL, body)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", d.config.AuthToken))
-
-	return req, nil
-}
-
-func readError(req *http.Request, resp *http.Response) error {
-	content, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return errors.New(toUnreadableBodyMessage(req, content))
-	}
-
-	var errInfo digitalOceanAPIError
-	err = json.Unmarshal(content, &errInfo)
-	if err != nil {
-		return fmt.Errorf("digitalOceanAPIError unmarshaling error: %v: %s", err, toUnreadableBodyMessage(req, content))
-	}
-
-	return fmt.Errorf("HTTP %d: %s: %s", resp.StatusCode, errInfo.ID, errInfo.Message)
-}
-
-func toUnreadableBodyMessage(req *http.Request, rawBody []byte) string {
-	return fmt.Sprintf("the request %s sent a response with a body which is an invalid format: %q", req.URL, string(rawBody))
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dns_providers.go
@ -3,7 +3,8 @@ package dns
 import (
 	"fmt"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/providers/dns/acmedns"
 	"github.com/xenolf/lego/providers/dns/alidns"
 	"github.com/xenolf/lego/providers/dns/auroradns"
@ -56,7 +57,7 @@ import (
 )

 // NewDNSChallengeProviderByName Factory for DNS providers
-func NewDNSChallengeProviderByName(name string) (acme.ChallengeProvider, error) {
+func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
 	switch name {
 	case "acme-dns":
 		return acmedns.NewDNSProvider()
@ -119,7 +120,7 @@ func NewDNSChallengeProviderByName(name string) (acme.ChallengeProvider, error)
 	case "linodev4":
 		return linodev4.NewDNSProvider()
 	case "manual":
-		return acme.NewDNSProviderManual()
+		return dns01.NewDNSProviderManual()
 	case "mydnsjp":
 		return mydnsjp.NewDNSProvider()
 	case "namecheap":
--- a/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dnsimple/dnsimple.go
@ -1,8 +1,8 @@
-// Package dnsimple implements a DNS provider for solving the DNS-01 challenge
-// using dnsimple DNS.
+// Package dnsimple implements a DNS provider for solving the DNS-01 challenge using dnsimple DNS.
 package dnsimple

 import (
+	"context"
 	"errors"
 	"fmt"
 	"strconv"
@ -10,8 +10,9 @@ import (
 	"time"

 	"github.com/dnsimple/dnsimple-go/dnsimple"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
+	"golang.org/x/oauth2"
 )

 // Config is used to configure the creation of the DNSProvider
@ -26,9 +27,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("DNSIMPLE_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("DNSIMPLE_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("DNSIMPLE_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("DNSIMPLE_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("DNSIMPLE_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("DNSIMPLE_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 	}
 }

@ -50,17 +51,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for DNSimple.
-// Deprecated
-func NewDNSProviderCredentials(accessToken, baseURL string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.AccessToken = accessToken
-	config.BaseURL = baseURL
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for DNSimple.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -71,8 +61,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, fmt.Errorf("dnsimple: OAuth token is missing")
 	}

-	client := dnsimple.NewClient(dnsimple.NewOauthTokenCredentials(config.AccessToken))
-	client.UserAgent = acme.UserAgent
+	ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: config.AccessToken})
+	client := dnsimple.NewClient(oauth2.NewClient(context.Background(), ts))

 	if config.BaseURL != "" {
 		client.BaseURL = config.BaseURL
@ -83,7 +73,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zoneName, err := d.getHostedZone(domain)
 	if err != nil {
@ -106,7 +96,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	records, err := d.findTxtRecords(domain, fqdn)
 	if err != nil {
@ -136,7 +126,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 }

 func (d *DNSProvider) getHostedZone(domain string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return "", err
 	}
@ -146,7 +136,7 @@ func (d *DNSProvider) getHostedZone(domain string) (string, error) {
 		return "", err
 	}

-	zoneName := acme.UnFqdn(authZone)
+	zoneName := dns01.UnFqdn(authZone)

 	zones, err := d.client.Zones.ListZones(accountID, &dnsimple.ZoneListOptions{NameLike: zoneName})
 	if err != nil {
@ -200,7 +190,7 @@ func newTxtRecord(zoneName, fqdn, value string, ttl int) dnsimple.ZoneRecord {
 }

 func extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/dnsmadeeasy/dnsmadeeasy.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dnsmadeeasy/dnsmadeeasy.go
@ -9,8 +9,9 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
+	"github.com/xenolf/lego/providers/dns/dnsmadeeasy/internal"
 )

 // Config is used to configure the creation of the DNSProvider
@ -28,9 +29,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("DNSMADEEASY_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("DNSMADEEASY_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("DNSMADEEASY_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("DNSMADEEASY_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("DNSMADEEASY_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("DNSMADEEASY_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("DNSMADEEASY_HTTP_TIMEOUT", 10*time.Second),
 			Transport: &http.Transport{
@ -44,7 +45,7 @@ func NewDefaultConfig() *Config {
 // DNSMadeEasy's DNS API to manage TXT records for a domain.
 type DNSProvider struct {
 	config *Config
-	client *Client
+	client *internal.Client
 }

 // NewDNSProvider returns a DNSProvider instance configured for DNSMadeEasy DNS.
@ -64,18 +65,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for DNS Made Easy.
-// Deprecated
-func NewDNSProviderCredentials(baseURL, apiKey, apiSecret string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.BaseURL = baseURL
-	config.APIKey = apiKey
-	config.APISecret = apiSecret
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for DNS Made Easy.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -93,7 +82,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		}
 	}

-	client, err := NewClient(config.APIKey, config.APISecret)
+	client, err := internal.NewClient(config.APIKey, config.APISecret)
 	if err != nil {
 		return nil, fmt.Errorf("dnsmadeeasy: %v", err)
 	}
@ -109,9 +98,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domainName, keyAuth)
+	fqdn, value := dns01.GetRecord(domainName, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("dnsmadeeasy: unable to find zone for %s: %v", fqdn, err)
 	}
@ -124,7 +113,7 @@ func (d *DNSProvider) Present(domainName, token, keyAuth string) error {

 	// create the TXT record
 	name := strings.Replace(fqdn, "."+authZone, "", 1)
-	record := &Record{Type: "TXT", Name: name, Value: value, TTL: d.config.TTL}
+	record := &internal.Record{Type: "TXT", Name: name, Value: value, TTL: d.config.TTL}

 	err = d.client.CreateRecord(domain, record)
 	if err != nil {
@ -135,9 +124,9 @@ func (d *DNSProvider) Present(domainName, token, keyAuth string) error {

 // CleanUp removes the TXT records matching the specified parameters
 func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domainName, keyAuth)
+	fqdn, _ := dns01.GetRecord(domainName, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("dnsmadeeasy: unable to find zone for %s: %v", fqdn, err)
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/dnsmadeeasy/internal/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dnsmadeeasy/internal/client.go
@ -1,4 +1,4 @@
-package dnsmadeeasy
+package internal

 import (
 	"bytes"
--- a/vendor/github.com/xenolf/lego/providers/dns/dnspod/dnspod.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dnspod/dnspod.go
@ -1,5 +1,4 @@
-// Package dnspod implements a DNS provider for solving the DNS-01 challenge
-// using dnspod DNS.
+// Package dnspod implements a DNS provider for solving the DNS-01 challenge using dnspod DNS.
 package dnspod

 import (
@ -11,7 +10,7 @@ import (
 	"time"

 	"github.com/decker502/dnspod-go"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -28,8 +27,8 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                env.GetOrDefaultInt("DNSPOD_TTL", 600),
-		PropagationTimeout: env.GetOrDefaultSecond("DNSPOD_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("DNSPOD_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("DNSPOD_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("DNSPOD_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("DNSPOD_HTTP_TIMEOUT", 0),
 		},
@ -56,16 +55,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for dnspod.
-// Deprecated
-func NewDNSProviderCredentials(key string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.LoginToken = key
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for dnspod.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -86,7 +75,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	zoneID, zoneName, err := d.getHostedZone(domain)
 	if err != nil {
 		return err
@ -103,7 +92,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	records, err := d.findTxtRecords(domain, fqdn)
 	if err != nil {
@ -136,14 +125,14 @@ func (d *DNSProvider) getHostedZone(domain string) (string, string, error) {
 		return "", "", fmt.Errorf("API call failed: %v", err)
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return "", "", err
 	}

 	var hostedZone dnspod.Domain
 	for _, zone := range zones {
-		if zone.Name == acme.UnFqdn(authZone) {
+		if zone.Name == dns01.UnFqdn(authZone) {
 			hostedZone = zone
 		}
 	}
@ -192,7 +181,7 @@ func (d *DNSProvider) findTxtRecords(domain, fqdn string) ([]dnspod.Record, erro
 }

 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/dreamhost/dreamhost.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dreamhost/dreamhost.go
@ -9,7 +9,7 @@ import (
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -72,8 +72,8 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
-	record := acme.UnFqdn(fqdn)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
+	record := dns01.UnFqdn(fqdn)

 	u, err := d.buildQuery(cmdAddRecord, record, value)
 	if err != nil {
@ -89,8 +89,8 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp clears DreamHost TXT record
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
-	record := acme.UnFqdn(fqdn)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
+	record := dns01.UnFqdn(fqdn)

 	u, err := d.buildQuery(cmdRemoveRecord, record, value)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/duckdns/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/duckdns/client.go
@ -0,0 +1,68 @@
+package duckdns
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/miekg/dns"
+	"github.com/xenolf/lego/challenge/dns01"
+)
+
+// updateTxtRecord Update the domains TXT record
+// To update the TXT record we just need to make one simple get request.
+// In DuckDNS you only have one TXT record shared with the domain and all sub domains.
+func (d *DNSProvider) updateTxtRecord(domain, token, txt string, clear bool) error {
+	u, _ := url.Parse("https://www.duckdns.org/update")
+
+	mainDomain := getMainDomain(domain)
+	if len(mainDomain) == 0 {
+		return fmt.Errorf("unable to find the main domain for: %s", domain)
+	}
+
+	query := u.Query()
+	query.Set("domains", mainDomain)
+	query.Set("token", token)
+	query.Set("clear", strconv.FormatBool(clear))
+	query.Set("txt", txt)
+	u.RawQuery = query.Encode()
+
+	response, err := d.config.HTTPClient.Get(u.String())
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	bodyBytes, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return err
+	}
+
+	body := string(bodyBytes)
+	if body != "OK" {
+		return fmt.Errorf("request to change TXT record for DuckDNS returned the following result (%s) this does not match expectation (OK) used url [%s]", body, u)
+	}
+	return nil
+}
+
+// DuckDNS only lets you write to your subdomain
+// so it must be in format subdomain.duckdns.org
+// not in format subsubdomain.subdomain.duckdns.org
+// so strip off everything that is not top 3 levels
+func getMainDomain(domain string) string {
+	domain = dns01.UnFqdn(domain)
+
+	split := dns.Split(domain)
+	if strings.HasSuffix(strings.ToLower(domain), "duckdns.org") {
+		if len(split) < 3 {
+			return ""
+		}
+
+		firstSubDomainIndex := split[len(split)-3]
+		return domain[firstSubDomainIndex:]
+	}
+
+	return domain[split[len(split)-1]:]
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/duckdns/duckdns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/duckdns/duckdns.go
@ -5,15 +5,10 @@ package duckdns
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
-	"net/url"
-	"strconv"
-	"strings"
 	"time"

-	"github.com/miekg/dns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -22,18 +17,19 @@ type Config struct {
 	Token              string
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
+	SequenceInterval   time.Duration
 	HTTPClient         *http.Client
 }

 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
-	client := acme.HTTPClient
-	client.Timeout = env.GetOrDefaultSecond("DUCKDNS_HTTP_TIMEOUT", 30*time.Second)
-
 	return &Config{
-		PropagationTimeout: env.GetOrDefaultSecond("DUCKDNS_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("DUCKDNS_POLLING_INTERVAL", acme.DefaultPollingInterval),
-		HTTPClient:         &client,
+		PropagationTimeout: env.GetOrDefaultSecond("DUCKDNS_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("DUCKDNS_POLLING_INTERVAL", dns01.DefaultPollingInterval),
+		SequenceInterval:   env.GetOrDefaultSecond("DUCKDNS_SEQUENCE_INTERVAL", dns01.DefaultPropagationTimeout),
+		HTTPClient: &http.Client{
+			Timeout: env.GetOrDefaultSecond("DUCKDNS_HTTP_TIMEOUT", 30*time.Second),
+		},
 	}
 }

@ -56,16 +52,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for http://duckdns.org
-// Deprecated
-func NewDNSProviderCredentials(token string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.Token = token
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for DuckDNS.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -81,13 +67,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	_, txtRecord, _ := acme.DNS01Record(domain, keyAuth)
-	return updateTxtRecord(domain, d.config.Token, txtRecord, false)
+	_, txtRecord := dns01.GetRecord(domain, keyAuth)
+	return d.updateTxtRecord(domain, d.config.Token, txtRecord, false)
 }

 // CleanUp clears DuckDNS TXT record
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	return updateTxtRecord(domain, d.config.Token, "", true)
+	return d.updateTxtRecord(domain, d.config.Token, "", true)
 }

 // Timeout returns the timeout and interval to use when checking for DNS propagation.
@ -96,53 +82,8 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }

-// updateTxtRecord Update the domains TXT record
-// To update the TXT record we just need to make one simple get request.
-// In DuckDNS you only have one TXT record shared with the domain and all sub domains.
-func updateTxtRecord(domain, token, txt string, clear bool) error {
-	u, _ := url.Parse("https://www.duckdns.org/update")
-
-	query := u.Query()
-	query.Set("domains", getMainDomain(domain))
-	query.Set("token", token)
-	query.Set("clear", strconv.FormatBool(clear))
-	query.Set("txt", txt)
-	u.RawQuery = query.Encode()
-
-	response, err := acme.HTTPClient.Get(u.String())
-	if err != nil {
-		return err
-	}
-	defer response.Body.Close()
-
-	bodyBytes, err := ioutil.ReadAll(response.Body)
-	if err != nil {
-		return err
-	}
-
-	body := string(bodyBytes)
-	if body != "OK" {
-		return fmt.Errorf("request to change TXT record for DuckDNS returned the following result (%s) this does not match expectation (OK) used url [%s]", body, u)
-	}
-	return nil
-}
-
-// DuckDNS only lets you write to your subdomain
-// so it must be in format subdomain.duckdns.org
-// not in format subsubdomain.subdomain.duckdns.org
-// so strip off everything that is not top 3 levels
-func getMainDomain(domain string) string {
-	domain = acme.UnFqdn(domain)
-
-	split := dns.Split(domain)
-	if strings.HasSuffix(strings.ToLower(domain), "duckdns.org") {
-		if len(split) < 3 {
-			return ""
-		}
-
-		firstSubDomainIndex := split[len(split)-3]
-		return domain[firstSubDomainIndex:]
-	}
-
-	return domain[split[len(split)-1]:]
+// Sequential All DNS challenges for this provider will be resolved sequentially.
+// Returns the interval between each iteration.
+func (d *DNSProvider) Sequential() time.Duration {
+	return d.config.SequenceInterval
 }
--- a/vendor/github.com/xenolf/lego/providers/dns/dyn/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dyn/client.go
@ -1,6 +1,11 @@
 package dyn

-import "encoding/json"
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+)

 const defaultBaseURL = "https://api.dynect.net/REST"

@ -18,7 +23,7 @@ type dynResponse struct {
 	Messages json.RawMessage `json:"msgs"`
 }

-type creds struct {
+type credentials struct {
 	Customer string `json:"customer_name"`
 	User     string `json:"user_name"`
 	Pass     string `json:"password"`
@ -33,3 +38,109 @@ type publish struct {
 	Publish bool   `json:"publish"`
 	Notes   string `json:"notes"`
 }
+
+// Starts a new Dyn API Session. Authenticates using customerName, userName,
+// password and receives a token to be used in for subsequent requests.
+func (d *DNSProvider) login() error {
+	payload := &credentials{Customer: d.config.CustomerName, User: d.config.UserName, Pass: d.config.Password}
+	dynRes, err := d.sendRequest(http.MethodPost, "Session", payload)
+	if err != nil {
+		return err
+	}
+
+	var s session
+	err = json.Unmarshal(dynRes.Data, &s)
+	if err != nil {
+		return err
+	}
+
+	d.token = s.Token
+
+	return nil
+}
+
+// Destroys Dyn Session
+func (d *DNSProvider) logout() error {
+	if len(d.token) == 0 {
+		// nothing to do
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/Session", defaultBaseURL)
+	req, err := http.NewRequest(http.MethodDelete, url, nil)
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Auth-Token", d.token)
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return err
+	}
+	resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("API request failed to delete session with HTTP status code %d", resp.StatusCode)
+	}
+
+	d.token = ""
+
+	return nil
+}
+
+func (d *DNSProvider) publish(zone, notes string) error {
+	pub := &publish{Publish: true, Notes: notes}
+	resource := fmt.Sprintf("Zone/%s/", zone)
+
+	_, err := d.sendRequest(http.MethodPut, resource, pub)
+	return err
+}
+
+func (d *DNSProvider) sendRequest(method, resource string, payload interface{}) (*dynResponse, error) {
+	url := fmt.Sprintf("%s/%s", defaultBaseURL, resource)
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(method, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	if len(d.token) > 0 {
+		req.Header.Set("Auth-Token", d.token)
+	}
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 500 {
+		return nil, fmt.Errorf("API request failed with HTTP status code %d", resp.StatusCode)
+	}
+
+	var dynRes dynResponse
+	err = json.NewDecoder(resp.Body).Decode(&dynRes)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode >= 400 {
+		return nil, fmt.Errorf("API request failed with HTTP status code %d: %s", resp.StatusCode, dynRes.Messages)
+	} else if resp.StatusCode == 307 {
+		// TODO add support for HTTP 307 response and long running jobs
+		return nil, fmt.Errorf("API request returned HTTP 307. This is currently unsupported")
+	}
+
+	if dynRes.Status == "failure" {
+		// TODO add better error handling
+		return nil, fmt.Errorf("API request failed: %s", dynRes.Messages)
+	}
+
+	return &dynRes, nil
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/dyn/dyn.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/dyn/dyn.go
@ -1,17 +1,14 @@
-// Package dyn implements a DNS provider for solving the DNS-01 challenge
-// using Dyn Managed DNS.
+// Package dyn implements a DNS provider for solving the DNS-01 challenge using Dyn Managed DNS.
 package dyn

 import (
-	"bytes"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
 	"strconv"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -29,9 +26,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("DYN_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("DYN_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("DYN_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("DYN_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("DYN_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("DYN_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("DYN_HTTP_TIMEOUT", 10*time.Second),
 		},
@ -62,18 +59,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Dyn DNS.
-// Deprecated
-func NewDNSProviderCredentials(customerName, userName, password string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.CustomerName = customerName
-	config.UserName = userName
-	config.Password = password
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Dyn DNS
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -89,9 +74,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("dyn: %v", err)
 	}
@ -124,9 +109,9 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("dyn: %v", err)
 	}
@ -170,109 +155,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-// Starts a new Dyn API Session. Authenticates using customerName, userName,
-// password and receives a token to be used in for subsequent requests.
-func (d *DNSProvider) login() error {
-	payload := &creds{Customer: d.config.CustomerName, User: d.config.UserName, Pass: d.config.Password}
-	dynRes, err := d.sendRequest(http.MethodPost, "Session", payload)
-	if err != nil {
-		return err
-	}
-
-	var s session
-	err = json.Unmarshal(dynRes.Data, &s)
-	if err != nil {
-		return err
-	}
-
-	d.token = s.Token
-
-	return nil
-}
-
-// Destroys Dyn Session
-func (d *DNSProvider) logout() error {
-	if len(d.token) == 0 {
-		// nothing to do
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/Session", defaultBaseURL)
-	req, err := http.NewRequest(http.MethodDelete, url, nil)
-	if err != nil {
-		return err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Auth-Token", d.token)
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return err
-	}
-	resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("API request failed to delete session with HTTP status code %d", resp.StatusCode)
-	}
-
-	d.token = ""
-
-	return nil
-}
-
-func (d *DNSProvider) publish(zone, notes string) error {
-	pub := &publish{Publish: true, Notes: notes}
-	resource := fmt.Sprintf("Zone/%s/", zone)
-
-	_, err := d.sendRequest(http.MethodPut, resource, pub)
-	return err
-}
-
-func (d *DNSProvider) sendRequest(method, resource string, payload interface{}) (*dynResponse, error) {
-	url := fmt.Sprintf("%s/%s", defaultBaseURL, resource)
-
-	body, err := json.Marshal(payload)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest(method, url, bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	if len(d.token) > 0 {
-		req.Header.Set("Auth-Token", d.token)
-	}
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 500 {
-		return nil, fmt.Errorf("API request failed with HTTP status code %d", resp.StatusCode)
-	}
-
-	var dynRes dynResponse
-	err = json.NewDecoder(resp.Body).Decode(&dynRes)
-	if err != nil {
-		return nil, err
-	}
-
-	if resp.StatusCode >= 400 {
-		return nil, fmt.Errorf("API request failed with HTTP status code %d: %s", resp.StatusCode, dynRes.Messages)
-	} else if resp.StatusCode == 307 {
-		// TODO add support for HTTP 307 response and long running jobs
-		return nil, fmt.Errorf("API request returned HTTP 307. This is currently unsupported")
-	}
-
-	if dynRes.Status == "failure" {
-		// TODO add better error handling
-		return nil, fmt.Errorf("API request failed: %s", dynRes.Messages)
-	}
-
-	return &dynRes, nil
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/exec/doc.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/exec/doc.go
@ -1,42 +0,0 @@
-/*
-Package exec implements a manual DNS provider which runs a program for adding/removing the DNS record.
-
-The file name of the external program is specified in the environment variable `EXEC_PATH`.
-When it is run by lego, three command-line parameters are passed to it:
-The action ("present" or "cleanup"), the fully-qualified domain name, the value for the record and the TTL.
-
-For example, requesting a certificate for the domain 'foo.example.com' can be achieved by calling lego as follows:
-
-	EXEC_PATH=./update-dns.sh \
-		lego --dns exec \
-		--domains foo.example.com \
-		--email invalid@example.com run
-
-It will then call the program './update-dns.sh' with like this:
-
-	./update-dns.sh "present" "_acme-challenge.foo.example.com." "MsijOYZxqyjGnFGwhjrhfg-Xgbl5r68WPda0J9EgqqI" "120"
-
-The program then needs to make sure the record is inserted.
-When it returns an error via a non-zero exit code, lego aborts.
-
-When the record is to be removed again,
-the program is called with the first command-line parameter set to "cleanup" instead of "present".
-
-If you want to use the raw domain, token, and keyAuth values with your program, you can set `EXEC_MODE=RAW`:
-
-	EXEC_MODE=RAW \
-	EXEC_PATH=./update-dns.sh \
-		lego --dns exec \
-		--domains foo.example.com \
-		--email invalid@example.com run
-
-It will then call the program './update-dns.sh' like this:
-
-	./update-dns.sh "present" "foo.example.com." "--" "some-token" "KxAy-J3NwUmg9ZQuM-gP_Mq1nStaYSaP9tYQs5_-YsE.ksT-qywTd8058G-SHHWA3RAN72Pr0yWtPYmmY5UBpQ8"
-
-NOTE:
-The `--` is because the token MAY start with a `-`, and the called program may try and interpret a - as indicating a flag.
-In the case of urfave, which is commonly used,
-you can use the `--` delimiter to specify the start of positional arguments, and handle such a string safely.
-*/
-package exec
--- a/vendor/github.com/xenolf/lego/providers/dns/exec/exec.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/exec/exec.go
@ -1,3 +1,4 @@
+// Package exec implements a DNS provider which runs a program for adding/removing the DNS record.
 package exec

 import (
@ -5,17 +6,27 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"strconv"
+	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 )

 // Config Provider configuration.
 type Config struct {
-	Program string
-	Mode    string
+	Program            string
+	Mode               string
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider
+func NewDefaultConfig() *Config {
+	return &Config{
+		PropagationTimeout: env.GetOrDefaultSecond("EXEC_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("EXEC_POLLING_INTERVAL", dns01.DefaultPollingInterval),
+	}
 }

 // DNSProvider adds and removes the record for the DNS challenge by calling a
@ -32,10 +43,11 @@ func NewDNSProvider() (*DNSProvider, error) {
 		return nil, fmt.Errorf("exec: %v", err)
 	}

-	return NewDNSProviderConfig(&Config{
-		Program: values["EXEC_PATH"],
-		Mode:    os.Getenv("EXEC_MODE"),
-	})
+	config := NewDefaultConfig()
+	config.Program = values["EXEC_PATH"]
+	config.Mode = os.Getenv("EXEC_MODE")
+
+	return NewDNSProviderConfig(config)
 }

 // NewDNSProviderConfig returns a new DNS provider which runs the given configuration
@ -48,25 +60,14 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	return &DNSProvider{config: config}, nil
 }

-// NewDNSProviderProgram returns a new DNS provider which runs the given program
-// for adding and removing the DNS record.
-// Deprecated: use NewDNSProviderConfig instead
-func NewDNSProviderProgram(program string) (*DNSProvider, error) {
-	if len(program) == 0 {
-		return nil, errors.New("the program is undefined")
-	}
-
-	return NewDNSProviderConfig(&Config{Program: program})
-}
-
 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	var args []string
 	if d.config.Mode == "RAW" {
 		args = []string{"present", "--", domain, token, keyAuth}
 	} else {
-		fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
-		args = []string{"present", fqdn, value, strconv.Itoa(ttl)}
+		fqdn, value := dns01.GetRecord(domain, keyAuth)
+		args = []string{"present", fqdn, value}
 	}

 	cmd := exec.Command(d.config.Program, args...)
@ -85,8 +86,8 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	if d.config.Mode == "RAW" {
 		args = []string{"cleanup", "--", domain, token, keyAuth}
 	} else {
-		fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
-		args = []string{"cleanup", fqdn, value, strconv.Itoa(ttl)}
+		fqdn, value := dns01.GetRecord(domain, keyAuth)
+		args = []string{"cleanup", fqdn, value}
 	}

 	cmd := exec.Command(d.config.Program, args...)
@ -98,3 +99,9 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	return err
 }
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/exoscale/exoscale.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/exoscale/exoscale.go
@ -1,5 +1,4 @@
-// Package exoscale implements a DNS provider for solving the DNS-01 challenge
-// using exoscale DNS.
+// Package exoscale implements a DNS provider for solving the DNS-01 challenge using exoscale DNS.
 package exoscale

 import (
@ -9,7 +8,7 @@ import (
 	"time"

 	"github.com/exoscale/egoscale"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -29,9 +28,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("EXOSCALE_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("EXOSCALE_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("EXOSCALE_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("EXOSCALE_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("EXOSCALE_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("EXOSCALE_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("EXOSCALE_HTTP_TIMEOUT", 0),
 		},
@ -60,18 +59,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderClient Uses the supplied parameters
-// to return a DNSProvider instance configured for Exoscale.
-// Deprecated
-func NewDNSProviderClient(key, secret, endpoint string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = key
-	config.APISecret = secret
-	config.Endpoint = endpoint
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Exoscale.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -94,7 +81,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	zone, recordName, err := d.FindZoneAndRecordName(fqdn, domain)
 	if err != nil {
 		return err
@ -137,7 +124,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)
 	zone, recordName, err := d.FindZoneAndRecordName(fqdn, domain)
 	if err != nil {
 		return err
@ -181,12 +168,12 @@ func (d *DNSProvider) FindExistingRecordID(zone, recordName string) (int64, erro

 // FindZoneAndRecordName Extract DNS zone and DNS entry name
 func (d *DNSProvider) FindZoneAndRecordName(fqdn, domain string) (string, string, error) {
-	zone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	zone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return "", "", err
 	}
-	zone = acme.UnFqdn(zone)
-	name := acme.UnFqdn(fqdn)
+	zone = dns01.UnFqdn(zone)
+	name := dns01.UnFqdn(fqdn)
 	name = name[:len(name)-len("."+zone)]

 	return zone, name, nil
--- a/vendor/github.com/xenolf/lego/providers/dns/fastdns/fastdns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/fastdns/fastdns.go
@ -1,3 +1,4 @@
+// Package fastdns implements a DNS provider for solving the DNS-01 challenge using FastDNS.
 package fastdns

 import (
@ -8,7 +9,7 @@ import (

 	configdns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v1"
 	"github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -23,9 +24,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		PropagationTimeout: env.GetOrDefaultSecond("AKAMAI_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("AKAMAI_POLLING_INTERVAL", acme.DefaultPollingInterval),
-		TTL:                env.GetOrDefaultInt("AKAMAI_TTL", 120),
+		PropagationTimeout: env.GetOrDefaultSecond("AKAMAI_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("AKAMAI_POLLING_INTERVAL", dns01.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("AKAMAI_TTL", dns01.DefaultTTL),
 	}
 }

@ -54,22 +55,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderClient uses the supplied parameters
-// to return a DNSProvider instance configured for FastDNS.
-// Deprecated
-func NewDNSProviderClient(host, clientToken, clientSecret, accessToken string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.Config = edgegrid.Config{
-		Host:         host,
-		ClientToken:  clientToken,
-		ClientSecret: clientSecret,
-		AccessToken:  accessToken,
-		MaxBody:      131072,
-	}
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for FastDNS.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -85,7 +70,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fullfil the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	zoneName, recordName, err := d.findZoneAndRecordName(fqdn, domain)
 	if err != nil {
 		return fmt.Errorf("fastdns: %v", err)
@ -121,7 +106,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)
 	zoneName, recordName, err := d.findZoneAndRecordName(fqdn, domain)
 	if err != nil {
 		return fmt.Errorf("fastdns: %v", err)
@ -154,12 +139,12 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 }

 func (d *DNSProvider) findZoneAndRecordName(fqdn, domain string) (string, string, error) {
-	zone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	zone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return "", "", err
 	}
-	zone = acme.UnFqdn(zone)
-	name := acme.UnFqdn(fqdn)
+	zone = dns01.UnFqdn(zone)
+	name := dns01.UnFqdn(fqdn)
 	name = name[:len(name)-len("."+zone)]

 	return zone, name, nil
--- a/vendor/github.com/xenolf/lego/providers/dns/gandi/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/gandi/client.go
@ -1,8 +1,11 @@
 package gandi

 import (
+	"bytes"
 	"encoding/xml"
 	"fmt"
+	"io"
+	"io/ioutil"
 )

 // types for XML-RPC method calls and parameters
@ -90,3 +93,224 @@ type rpcError struct {
 func (e rpcError) Error() string {
 	return fmt.Sprintf("Gandi DNS: RPC Error: (%d) %s", e.faultCode, e.faultString)
 }
+
+// rpcCall makes an XML-RPC call to Gandi's RPC endpoint by
+// marshaling the data given in the call argument to XML and sending
+// that via HTTP Post to Gandi.
+// The response is then unmarshalled into the resp argument.
+func (d *DNSProvider) rpcCall(call *methodCall, resp response) error {
+	// marshal
+	b, err := xml.MarshalIndent(call, "", "  ")
+	if err != nil {
+		return fmt.Errorf("marshal error: %v", err)
+	}
+
+	// post
+	b = append([]byte(`<?xml version="1.0"?>`+"\n"), b...)
+	respBody, err := d.httpPost(d.config.BaseURL, "text/xml", bytes.NewReader(b))
+	if err != nil {
+		return err
+	}
+
+	// unmarshal
+	err = xml.Unmarshal(respBody, resp)
+	if err != nil {
+		return fmt.Errorf("unmarshal error: %v", err)
+	}
+	if resp.faultCode() != 0 {
+		return rpcError{
+			faultCode: resp.faultCode(), faultString: resp.faultString()}
+	}
+	return nil
+}
+
+// functions to perform API actions
+
+func (d *DNSProvider) getZoneID(domain string) (int, error) {
+	resp := &responseStruct{}
+	err := d.rpcCall(&methodCall{
+		MethodName: "domain.info",
+		Params: []param{
+			paramString{Value: d.config.APIKey},
+			paramString{Value: domain},
+		},
+	}, resp)
+	if err != nil {
+		return 0, err
+	}
+
+	var zoneID int
+	for _, member := range resp.StructMembers {
+		if member.Name == "zone_id" {
+			zoneID = member.ValueInt
+		}
+	}
+
+	if zoneID == 0 {
+		return 0, fmt.Errorf("could not determine zone_id for %s", domain)
+	}
+	return zoneID, nil
+}
+
+func (d *DNSProvider) cloneZone(zoneID int, name string) (int, error) {
+	resp := &responseStruct{}
+	err := d.rpcCall(&methodCall{
+		MethodName: "domain.zone.clone",
+		Params: []param{
+			paramString{Value: d.config.APIKey},
+			paramInt{Value: zoneID},
+			paramInt{Value: 0},
+			paramStruct{
+				StructMembers: []structMember{
+					structMemberString{
+						Name:  "name",
+						Value: name,
+					}},
+			},
+		},
+	}, resp)
+	if err != nil {
+		return 0, err
+	}
+
+	var newZoneID int
+	for _, member := range resp.StructMembers {
+		if member.Name == "id" {
+			newZoneID = member.ValueInt
+		}
+	}
+
+	if newZoneID == 0 {
+		return 0, fmt.Errorf("could not determine cloned zone_id")
+	}
+	return newZoneID, nil
+}
+
+func (d *DNSProvider) newZoneVersion(zoneID int) (int, error) {
+	resp := &responseInt{}
+	err := d.rpcCall(&methodCall{
+		MethodName: "domain.zone.version.new",
+		Params: []param{
+			paramString{Value: d.config.APIKey},
+			paramInt{Value: zoneID},
+		},
+	}, resp)
+	if err != nil {
+		return 0, err
+	}
+
+	if resp.Value == 0 {
+		return 0, fmt.Errorf("could not create new zone version")
+	}
+	return resp.Value, nil
+}
+
+func (d *DNSProvider) addTXTRecord(zoneID int, version int, name string, value string, ttl int) error {
+	resp := &responseStruct{}
+	err := d.rpcCall(&methodCall{
+		MethodName: "domain.zone.record.add",
+		Params: []param{
+			paramString{Value: d.config.APIKey},
+			paramInt{Value: zoneID},
+			paramInt{Value: version},
+			paramStruct{
+				StructMembers: []structMember{
+					structMemberString{
+						Name:  "type",
+						Value: "TXT",
+					}, structMemberString{
+						Name:  "name",
+						Value: name,
+					}, structMemberString{
+						Name:  "value",
+						Value: value,
+					}, structMemberInt{
+						Name:  "ttl",
+						Value: ttl,
+					}},
+			},
+		},
+	}, resp)
+	return err
+}
+
+func (d *DNSProvider) setZoneVersion(zoneID int, version int) error {
+	resp := &responseBool{}
+	err := d.rpcCall(&methodCall{
+		MethodName: "domain.zone.version.set",
+		Params: []param{
+			paramString{Value: d.config.APIKey},
+			paramInt{Value: zoneID},
+			paramInt{Value: version},
+		},
+	}, resp)
+	if err != nil {
+		return err
+	}
+
+	if !resp.Value {
+		return fmt.Errorf("could not set zone version")
+	}
+	return nil
+}
+
+func (d *DNSProvider) setZone(domain string, zoneID int) error {
+	resp := &responseStruct{}
+	err := d.rpcCall(&methodCall{
+		MethodName: "domain.zone.set",
+		Params: []param{
+			paramString{Value: d.config.APIKey},
+			paramString{Value: domain},
+			paramInt{Value: zoneID},
+		},
+	}, resp)
+	if err != nil {
+		return err
+	}
+
+	var respZoneID int
+	for _, member := range resp.StructMembers {
+		if member.Name == "zone_id" {
+			respZoneID = member.ValueInt
+		}
+	}
+
+	if respZoneID != zoneID {
+		return fmt.Errorf("could not set new zone_id for %s", domain)
+	}
+	return nil
+}
+
+func (d *DNSProvider) deleteZone(zoneID int) error {
+	resp := &responseBool{}
+	err := d.rpcCall(&methodCall{
+		MethodName: "domain.zone.delete",
+		Params: []param{
+			paramString{Value: d.config.APIKey},
+			paramInt{Value: zoneID},
+		},
+	}, resp)
+	if err != nil {
+		return err
+	}
+
+	if !resp.Value {
+		return fmt.Errorf("could not delete zone_id")
+	}
+	return nil
+}
+
+func (d *DNSProvider) httpPost(url string, bodyType string, body io.Reader) ([]byte, error) {
+	resp, err := d.config.HTTPClient.Post(url, bodyType, body)
+	if err != nil {
+		return nil, fmt.Errorf("HTTP Post Error: %v", err)
+	}
+	defer resp.Body.Close()
+
+	b, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("HTTP Post Error: %v", err)
+	}
+
+	return b, nil
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/gandi/gandi.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/gandi/gandi.go
@ -1,20 +1,15 @@
-// Package gandi implements a DNS provider for solving the DNS-01
-// challenge using Gandi DNS.
+// Package gandi implements a DNS provider for solving the DNS-01 challenge using Gandi DNS.
 package gandi

 import (
-	"bytes"
-	"encoding/xml"
 	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"net/http"
 	"strings"
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -27,10 +22,6 @@ const (
 	minTTL         = 300
 )

-// findZoneByFqdn determines the DNS zone of an fqdn.
-// It is overridden during tests.
-var findZoneByFqdn = acme.FindZoneByFqdn
-
 // Config is used to configure the creation of the DNSProvider
 type Config struct {
 	BaseURL            string
@ -68,6 +59,8 @@ type DNSProvider struct {
 	inProgressAuthZones map[string]struct{}
 	inProgressMu        sync.Mutex
 	config              *Config
+	// findZoneByFqdn determines the DNS zone of an fqdn. It is overridden during tests.
+	findZoneByFqdn func(fqdn string) (string, error)
 }

 // NewDNSProvider returns a DNSProvider instance configured for Gandi.
@ -84,16 +77,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Gandi.
-// Deprecated
-func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = apiKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Gandi.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -112,6 +95,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		config:              config,
 		inProgressFQDNs:     make(map[string]inProgressInfo),
 		inProgressAuthZones: make(map[string]struct{}),
+		findZoneByFqdn:      dns01.FindZoneByFqdn,
 	}, nil
 }

@ -119,14 +103,14 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 // does this by creating and activating a new temporary Gandi DNS
 // zone. This new zone contains the TXT record.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	if d.config.TTL < minTTL {
 		d.config.TTL = minTTL // 300 is gandi minimum value for ttl
 	}

 	// find authZone and Gandi zone_id for fqdn
-	authZone, err := findZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := d.findZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("gandi: findZoneByFqdn failure: %v", err)
 	}
@ -154,7 +138,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 	// perform API actions to create and activate new gandi zone
 	// containing the required TXT record
-	newZoneName := fmt.Sprintf("%s [ACME Challenge %s]", acme.UnFqdn(authZone), time.Now().Format(time.RFC822Z))
+	newZoneName := fmt.Sprintf("%s [ACME Challenge %s]", dns01.UnFqdn(authZone), time.Now().Format(time.RFC822Z))

 	newZoneID, err := d.cloneZone(zoneID, newZoneName)
 	if err != nil {
@ -196,7 +180,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 // parameters. It does this by restoring the old Gandi DNS zone and
 // removing the temporary one created by Present.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	// acquire lock and retrieve zoneID, newZoneID and authZone
 	d.inProgressMu.Lock()
@ -228,224 +212,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-// rpcCall makes an XML-RPC call to Gandi's RPC endpoint by
-// marshaling the data given in the call argument to XML and sending
-// that via HTTP Post to Gandi.
-// The response is then unmarshalled into the resp argument.
-func (d *DNSProvider) rpcCall(call *methodCall, resp response) error {
-	// marshal
-	b, err := xml.MarshalIndent(call, "", "  ")
-	if err != nil {
-		return fmt.Errorf("marshal error: %v", err)
-	}
-
-	// post
-	b = append([]byte(`<?xml version="1.0"?>`+"\n"), b...)
-	respBody, err := d.httpPost(d.config.BaseURL, "text/xml", bytes.NewReader(b))
-	if err != nil {
-		return err
-	}
-
-	// unmarshal
-	err = xml.Unmarshal(respBody, resp)
-	if err != nil {
-		return fmt.Errorf("unmarshal error: %v", err)
-	}
-	if resp.faultCode() != 0 {
-		return rpcError{
-			faultCode: resp.faultCode(), faultString: resp.faultString()}
-	}
-	return nil
-}
-
-// functions to perform API actions
-
-func (d *DNSProvider) getZoneID(domain string) (int, error) {
-	resp := &responseStruct{}
-	err := d.rpcCall(&methodCall{
-		MethodName: "domain.info",
-		Params: []param{
-			paramString{Value: d.config.APIKey},
-			paramString{Value: domain},
-		},
-	}, resp)
-	if err != nil {
-		return 0, err
-	}
-
-	var zoneID int
-	for _, member := range resp.StructMembers {
-		if member.Name == "zone_id" {
-			zoneID = member.ValueInt
-		}
-	}
-
-	if zoneID == 0 {
-		return 0, fmt.Errorf("could not determine zone_id for %s", domain)
-	}
-	return zoneID, nil
-}
-
-func (d *DNSProvider) cloneZone(zoneID int, name string) (int, error) {
-	resp := &responseStruct{}
-	err := d.rpcCall(&methodCall{
-		MethodName: "domain.zone.clone",
-		Params: []param{
-			paramString{Value: d.config.APIKey},
-			paramInt{Value: zoneID},
-			paramInt{Value: 0},
-			paramStruct{
-				StructMembers: []structMember{
-					structMemberString{
-						Name:  "name",
-						Value: name,
-					}},
-			},
-		},
-	}, resp)
-	if err != nil {
-		return 0, err
-	}
-
-	var newZoneID int
-	for _, member := range resp.StructMembers {
-		if member.Name == "id" {
-			newZoneID = member.ValueInt
-		}
-	}
-
-	if newZoneID == 0 {
-		return 0, fmt.Errorf("could not determine cloned zone_id")
-	}
-	return newZoneID, nil
-}
-
-func (d *DNSProvider) newZoneVersion(zoneID int) (int, error) {
-	resp := &responseInt{}
-	err := d.rpcCall(&methodCall{
-		MethodName: "domain.zone.version.new",
-		Params: []param{
-			paramString{Value: d.config.APIKey},
-			paramInt{Value: zoneID},
-		},
-	}, resp)
-	if err != nil {
-		return 0, err
-	}
-
-	if resp.Value == 0 {
-		return 0, fmt.Errorf("could not create new zone version")
-	}
-	return resp.Value, nil
-}
-
-func (d *DNSProvider) addTXTRecord(zoneID int, version int, name string, value string, ttl int) error {
-	resp := &responseStruct{}
-	err := d.rpcCall(&methodCall{
-		MethodName: "domain.zone.record.add",
-		Params: []param{
-			paramString{Value: d.config.APIKey},
-			paramInt{Value: zoneID},
-			paramInt{Value: version},
-			paramStruct{
-				StructMembers: []structMember{
-					structMemberString{
-						Name:  "type",
-						Value: "TXT",
-					}, structMemberString{
-						Name:  "name",
-						Value: name,
-					}, structMemberString{
-						Name:  "value",
-						Value: value,
-					}, structMemberInt{
-						Name:  "ttl",
-						Value: ttl,
-					}},
-			},
-		},
-	}, resp)
-	return err
-}
-
-func (d *DNSProvider) setZoneVersion(zoneID int, version int) error {
-	resp := &responseBool{}
-	err := d.rpcCall(&methodCall{
-		MethodName: "domain.zone.version.set",
-		Params: []param{
-			paramString{Value: d.config.APIKey},
-			paramInt{Value: zoneID},
-			paramInt{Value: version},
-		},
-	}, resp)
-	if err != nil {
-		return err
-	}
-
-	if !resp.Value {
-		return fmt.Errorf("could not set zone version")
-	}
-	return nil
-}
-
-func (d *DNSProvider) setZone(domain string, zoneID int) error {
-	resp := &responseStruct{}
-	err := d.rpcCall(&methodCall{
-		MethodName: "domain.zone.set",
-		Params: []param{
-			paramString{Value: d.config.APIKey},
-			paramString{Value: domain},
-			paramInt{Value: zoneID},
-		},
-	}, resp)
-	if err != nil {
-		return err
-	}
-
-	var respZoneID int
-	for _, member := range resp.StructMembers {
-		if member.Name == "zone_id" {
-			respZoneID = member.ValueInt
-		}
-	}
-
-	if respZoneID != zoneID {
-		return fmt.Errorf("could not set new zone_id for %s", domain)
-	}
-	return nil
-}
-
-func (d *DNSProvider) deleteZone(zoneID int) error {
-	resp := &responseBool{}
-	err := d.rpcCall(&methodCall{
-		MethodName: "domain.zone.delete",
-		Params: []param{
-			paramString{Value: d.config.APIKey},
-			paramInt{Value: zoneID},
-		},
-	}, resp)
-	if err != nil {
-		return err
-	}
-
-	if !resp.Value {
-		return fmt.Errorf("could not delete zone_id")
-	}
-	return nil
-}
-
-func (d *DNSProvider) httpPost(url string, bodyType string, body io.Reader) ([]byte, error) {
-	resp, err := d.config.HTTPClient.Post(url, bodyType, body)
-	if err != nil {
-		return nil, fmt.Errorf("HTTP Post Error: %v", err)
-	}
-	defer resp.Body.Close()
-
-	b, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, fmt.Errorf("HTTP Post Error: %v", err)
-	}
-
-	return b, nil
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/gandiv5/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/gandiv5/client.go
@ -6,6 +6,8 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+
+	"github.com/xenolf/lego/log"
 )

 const apiKeyHeader = "X-Api-Key"
@ -24,6 +26,80 @@ type Record struct {
 	RRSetType   string   `json:"rrset_type,omitempty"`
 }

+func (d *DNSProvider) addTXTRecord(domain string, name string, value string, ttl int) error {
+	// Get exiting values for the TXT records
+	// Needed to create challenges for both wildcard and base name domains
+	txtRecord, err := d.getTXTRecord(domain, name)
+	if err != nil {
+		return err
+	}
+
+	values := []string{value}
+	if len(txtRecord.RRSetValues) > 0 {
+		values = append(values, txtRecord.RRSetValues...)
+	}
+
+	target := fmt.Sprintf("domains/%s/records/%s/TXT", domain, name)
+
+	newRecord := &Record{RRSetTTL: ttl, RRSetValues: values}
+	req, err := d.newRequest(http.MethodPut, target, newRecord)
+	if err != nil {
+		return err
+	}
+
+	message := &apiResponse{}
+	err = d.do(req, message)
+	if err != nil {
+		return fmt.Errorf("unable to create TXT record for domain %s and name %s: %v", domain, name, err)
+	}
+
+	if message != nil && len(message.Message) > 0 {
+		log.Infof("API response: %s", message.Message)
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) getTXTRecord(domain, name string) (*Record, error) {
+	target := fmt.Sprintf("domains/%s/records/%s/TXT", domain, name)
+
+	// Get exiting values for the TXT records
+	// Needed to create challenges for both wildcard and base name domains
+	req, err := d.newRequest(http.MethodGet, target, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	txtRecord := &Record{}
+	err = d.do(req, txtRecord)
+	if err != nil {
+		return nil, fmt.Errorf("unable to get TXT records for domain %s and name %s: %v", domain, name, err)
+	}
+
+	return txtRecord, nil
+}
+
+func (d *DNSProvider) deleteTXTRecord(domain string, name string) error {
+	target := fmt.Sprintf("domains/%s/records/%s/TXT", domain, name)
+
+	req, err := d.newRequest(http.MethodDelete, target, nil)
+	if err != nil {
+		return err
+	}
+
+	message := &apiResponse{}
+	err = d.do(req, message)
+	if err != nil {
+		return fmt.Errorf("unable to delete TXT record for domain %s and name %s: %v", domain, name, err)
+	}
+
+	if message != nil && len(message.Message) > 0 {
+		log.Infof("API response: %s", message.Message)
+	}
+
+	return nil
+}
+
 func (d *DNSProvider) newRequest(method, resource string, body interface{}) (*http.Request, error) {
 	u := fmt.Sprintf("%s/%s", d.config.BaseURL, resource)

--- a/vendor/github.com/xenolf/lego/providers/dns/gandiv5/gandiv5.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/gandiv5/gandiv5.go
@ -1,5 +1,4 @@
-// Package gandiv5 implements a DNS provider for solving the DNS-01
-// challenge using Gandi LiveDNS api.
+// Package gandiv5 implements a DNS provider for solving the DNS-01 challenge using Gandi LiveDNS api.
 package gandiv5

 import (
@ -10,8 +9,7 @@ import (
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
-	"github.com/xenolf/lego/log"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -23,10 +21,6 @@ const (
 	minTTL         = 300
 )

-// findZoneByFqdn determines the DNS zone of an fqdn.
-// It is overridden during tests.
-var findZoneByFqdn = acme.FindZoneByFqdn
-
 // inProgressInfo contains information about an in-progress challenge
 type inProgressInfo struct {
 	fieldName string
@ -62,6 +56,8 @@ type DNSProvider struct {
 	config          *Config
 	inProgressFQDNs map[string]inProgressInfo
 	inProgressMu    sync.Mutex
+	// findZoneByFqdn determines the DNS zone of an fqdn. It is overridden during tests.
+	findZoneByFqdn func(fqdn string) (string, error)
 }

 // NewDNSProvider returns a DNSProvider instance configured for Gandi.
@ -78,16 +74,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Gandi.
-// Deprecated
-func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = apiKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Gandi.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -109,15 +95,16 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	return &DNSProvider{
 		config:          config,
 		inProgressFQDNs: make(map[string]inProgressInfo),
+		findZoneByFqdn:  dns01.FindZoneByFqdn,
 	}, nil
 }

 // Present creates a TXT record using the specified parameters.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	// find authZone
-	authZone, err := findZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := d.findZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("gandiv5: findZoneByFqdn failure: %v", err)
 	}
@ -135,7 +122,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	defer d.inProgressMu.Unlock()

 	// add TXT record into authZone
-	err = d.addTXTRecord(acme.UnFqdn(authZone), name, value, d.config.TTL)
+	err = d.addTXTRecord(dns01.UnFqdn(authZone), name, value, d.config.TTL)
 	if err != nil {
 		return err
 	}
@ -150,7 +137,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	// acquire lock and retrieve authZone
 	d.inProgressMu.Lock()
@ -165,7 +152,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	delete(d.inProgressFQDNs, fqdn)

 	// delete TXT record from authZone
-	err := d.deleteTXTRecord(acme.UnFqdn(authZone), fieldName)
+	err := d.deleteTXTRecord(dns01.UnFqdn(authZone), fieldName)
 	if err != nil {
 		return fmt.Errorf("gandiv5: %v", err)
 	}
@ -178,79 +165,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-// functions to perform API actions
-
-func (d *DNSProvider) addTXTRecord(domain string, name string, value string, ttl int) error {
-	// Get exiting values for the TXT records
-	// Needed to create challenges for both wildcard and base name domains
-	txtRecord, err := d.getTXTRecord(domain, name)
-	if err != nil {
-		return err
-	}
-
-	values := []string{value}
-	if len(txtRecord.RRSetValues) > 0 {
-		values = append(values, txtRecord.RRSetValues...)
-	}
-
-	target := fmt.Sprintf("domains/%s/records/%s/TXT", domain, name)
-
-	newRecord := &Record{RRSetTTL: ttl, RRSetValues: values}
-	req, err := d.newRequest(http.MethodPut, target, newRecord)
-	if err != nil {
-		return err
-	}
-
-	message := &apiResponse{}
-	err = d.do(req, message)
-	if err != nil {
-		return fmt.Errorf("unable to create TXT record for domain %s and name %s: %v", domain, name, err)
-	}
-
-	if message != nil && len(message.Message) > 0 {
-		log.Infof("API response: %s", message.Message)
-	}
-
-	return nil
-}
-
-func (d *DNSProvider) getTXTRecord(domain, name string) (*Record, error) {
-	target := fmt.Sprintf("domains/%s/records/%s/TXT", domain, name)
-
-	// Get exiting values for the TXT records
-	// Needed to create challenges for both wildcard and base name domains
-	req, err := d.newRequest(http.MethodGet, target, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	txtRecord := &Record{}
-	err = d.do(req, txtRecord)
-	if err != nil {
-		return nil, fmt.Errorf("unable to get TXT records for domain %s and name %s: %v", domain, name, err)
-	}
-
-	return txtRecord, nil
-}
-
-func (d *DNSProvider) deleteTXTRecord(domain string, name string) error {
-	target := fmt.Sprintf("domains/%s/records/%s/TXT", domain, name)
-
-	req, err := d.newRequest(http.MethodDelete, target, nil)
-	if err != nil {
-		return err
-	}
-
-	message := &apiResponse{}
-	err = d.do(req, message)
-	if err != nil {
-		return fmt.Errorf("unable to delete TXT record for domain %s and name %s: %v", domain, name, err)
-	}
-
-	if message != nil && len(message.Message) > 0 {
-		log.Infof("API response: %s", message.Message)
-	}
-
-	return nil
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go
@ -1,5 +1,4 @@
-// Package gcloud implements a DNS provider for solving the DNS-01
-// challenge using Google Cloud DNS.
+// Package gcloud implements a DNS provider for solving the DNS-01 challenge using Google Cloud DNS.
 package gcloud

 import (
@ -9,17 +8,26 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"strconv"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
+	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
+	"github.com/xenolf/lego/platform/wait"
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/dns/v1"
+	"google.golang.org/api/googleapi"
+)
+
+const (
+	changeStatusDone = "done"
 )

 // Config is used to configure the creation of the DNSProvider
 type Config struct {
+	Debug              bool
 	Project            string
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
@ -30,7 +38,8 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("GCE_TTL", 120),
+		Debug:              env.GetOrDefaultBool("GCE_DEBUG", false),
+		TTL:                env.GetOrDefaultInt("GCE_TTL", dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond("GCE_PROPAGATION_TIMEOUT", 180*time.Second),
 		PollingInterval:    env.GetOrDefaultSecond("GCE_POLLING_INTERVAL", 5*time.Second),
 	}
@ -124,7 +133,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZone(domain)
 	if err != nil {
@ -132,11 +141,32 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	}

 	// Look for existing records.
-	existing, err := d.findTxtRecords(zone, fqdn)
+	existingRrSet, err := d.findTxtRecords(zone, fqdn)
 	if err != nil {
 		return fmt.Errorf("googlecloud: %v", err)
 	}

+	for _, rrSet := range existingRrSet {
+		var rrd []string
+		for _, rr := range rrSet.Rrdatas {
+			data := mustUnquote(rr)
+			rrd = append(rrd, data)
+
+			if data == value {
+				log.Printf("skip: the record already exists: %s", value)
+				return nil
+			}
+		}
+		rrSet.Rrdatas = rrd
+	}
+
+	// Attempt to delete the existing records before adding the new one.
+	if len(existingRrSet) > 0 {
+		if err = d.applyChanges(zone, &dns.Change{Deletions: existingRrSet}); err != nil {
+			return fmt.Errorf("googlecloud: %v", err)
+		}
+	}
+
 	rec := &dns.ResourceRecordSet{
 		Name:    fqdn,
 		Rrdatas: []string{value},
@ -144,41 +174,74 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		Type:    "TXT",
 	}

-	change := &dns.Change{}
-
-	if len(existing) > 0 {
-		// Attempt to delete the existing records when adding our new one.
-		change.Deletions = existing
-
-		// Append existing TXT record data to the new TXT record data
-		for _, value := range existing {
-			rec.Rrdatas = append(rec.Rrdatas, value.Rrdatas...)
+	// Append existing TXT record data to the new TXT record data
+	for _, rrSet := range existingRrSet {
+		for _, rr := range rrSet.Rrdatas {
+			if rr != value {
+				rec.Rrdatas = append(rec.Rrdatas, rr)
+			}
 		}
 	}

-	change.Additions = []*dns.ResourceRecordSet{rec}
+	change := &dns.Change{
+		Additions: []*dns.ResourceRecordSet{rec},
+	}

-	chg, err := d.client.Changes.Create(d.config.Project, zone, change).Do()
-	if err != nil {
+	if err = d.applyChanges(zone, change); err != nil {
 		return fmt.Errorf("googlecloud: %v", err)
 	}

-	// wait for change to be acknowledged
-	for chg.Status == "pending" {
-		time.Sleep(time.Second)
-
-		chg, err = d.client.Changes.Get(d.config.Project, zone, chg.Id).Do()
-		if err != nil {
-			return fmt.Errorf("googlecloud: %v", err)
-		}
-	}
-
 	return nil
 }

+func (d *DNSProvider) applyChanges(zone string, change *dns.Change) error {
+	if d.config.Debug {
+		data, _ := json.Marshal(change)
+		log.Printf("change (Create): %s", string(data))
+	}
+
+	chg, err := d.client.Changes.Create(d.config.Project, zone, change).Do()
+	if err != nil {
+		if v, ok := err.(*googleapi.Error); ok {
+			if v.Code == http.StatusNotFound {
+				return nil
+			}
+		}
+
+		data, _ := json.Marshal(change)
+		return fmt.Errorf("failed to perform changes [zone %s, change %s]: %v", zone, string(data), err)
+	}
+
+	if chg.Status == changeStatusDone {
+		return nil
+	}
+
+	chgID := chg.Id
+
+	// wait for change to be acknowledged
+	return wait.For("apply change", 30*time.Second, 3*time.Second, func() (bool, error) {
+		if d.config.Debug {
+			data, _ := json.Marshal(change)
+			log.Printf("change (Get): %s", string(data))
+		}
+
+		chg, err = d.client.Changes.Get(d.config.Project, zone, chgID).Do()
+		if err != nil {
+			data, _ := json.Marshal(change)
+			return false, fmt.Errorf("failed to get changes [zone %s, change %s]: %v", zone, string(data), err)
+		}
+
+		if chg.Status == changeStatusDone {
+			return true, nil
+		}
+
+		return false, fmt.Errorf("status: %s", chg.Status)
+	})
+}
+
 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZone(domain)
 	if err != nil {
@ -209,7 +272,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // getHostedZone returns the managed-zone
 func (d *DNSProvider) getHostedZone(domain string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return "", err
 	}
@ -237,3 +300,11 @@ func (d *DNSProvider) findTxtRecords(zone, fqdn string) ([]*dns.ResourceRecordSe

 	return recs.Rrsets, nil
 }
+
+func mustUnquote(raw string) string {
+	clean, err := strconv.Unquote(raw)
+	if err != nil {
+		return raw
+	}
+	return clean
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/glesys/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/glesys/client.go
@ -1,5 +1,14 @@
 package glesys

+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/xenolf/lego/log"
+)
+
 // types for JSON method calls, parameters, and responses

 type addRecordRequest struct {
@ -22,3 +31,61 @@ type responseStruct struct {
 		Record deleteRecordRequest `json:"record"`
 	} `json:"response"`
 }
+
+func (d *DNSProvider) addTXTRecord(fqdn string, domain string, name string, value string, ttl int) (int, error) {
+	response, err := d.sendRequest(http.MethodPost, "addrecord", addRecordRequest{
+		DomainName: domain,
+		Host:       name,
+		Type:       "TXT",
+		Data:       value,
+		TTL:        ttl,
+	})
+
+	if response != nil && response.Response.Status.Code == http.StatusOK {
+		log.Infof("[%s]: Successfully created record id %d", fqdn, response.Response.Record.RecordID)
+		return response.Response.Record.RecordID, nil
+	}
+	return 0, err
+}
+
+func (d *DNSProvider) deleteTXTRecord(fqdn string, recordid int) error {
+	response, err := d.sendRequest(http.MethodPost, "deleterecord", deleteRecordRequest{
+		RecordID: recordid,
+	})
+	if response != nil && response.Response.Status.Code == 200 {
+		log.Infof("[%s]: Successfully deleted record id %d", fqdn, recordid)
+	}
+	return err
+}
+
+func (d *DNSProvider) sendRequest(method string, resource string, payload interface{}) (*responseStruct, error) {
+	url := fmt.Sprintf("%s/%s", defaultBaseURL, resource)
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(method, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.SetBasicAuth(d.config.APIUser, d.config.APIKey)
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return nil, fmt.Errorf("request failed with HTTP status code %d", resp.StatusCode)
+	}
+
+	var response responseStruct
+	err = json.NewDecoder(resp.Body).Decode(&response)
+
+	return &response, err
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/glesys/glesys.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/glesys/glesys.go
@ -1,10 +1,7 @@
-// Package glesys implements a DNS provider for solving the DNS-01
-// challenge using GleSYS api.
+// Package glesys implements a DNS provider for solving the DNS-01 challenge using GleSYS api.
 package glesys

 import (
-	"bytes"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
@ -12,8 +9,7 @@ import (
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
-	"github.com/xenolf/lego/log"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -72,17 +68,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for GleSYS.
-// Deprecated
-func NewDNSProviderCredentials(apiUser string, apiKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIUser = apiUser
-	config.APIKey = apiKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for GleSYS.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -105,10 +90,10 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	// find authZone
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("glesys: findZoneByFqdn failure: %v", err)
 	}
@ -126,7 +111,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	defer d.inProgressMu.Unlock()

 	// add TXT record into authZone
-	recordID, err := d.addTXTRecord(domain, acme.UnFqdn(authZone), name, value, d.config.TTL)
+	recordID, err := d.addTXTRecord(domain, dns01.UnFqdn(authZone), name, value, d.config.TTL)
 	if err != nil {
 		return err
 	}
@ -138,7 +123,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	// acquire lock and retrieve authZone
 	d.inProgressMu.Lock()
@ -161,63 +146,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-func (d *DNSProvider) sendRequest(method string, resource string, payload interface{}) (*responseStruct, error) {
-	url := fmt.Sprintf("%s/%s", defaultBaseURL, resource)
-
-	body, err := json.Marshal(payload)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest(method, url, bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("Content-Type", "application/json")
-	req.SetBasicAuth(d.config.APIUser, d.config.APIKey)
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 400 {
-		return nil, fmt.Errorf("request failed with HTTP status code %d", resp.StatusCode)
-	}
-
-	var response responseStruct
-	err = json.NewDecoder(resp.Body).Decode(&response)
-
-	return &response, err
-}
-
-// functions to perform API actions
-
-func (d *DNSProvider) addTXTRecord(fqdn string, domain string, name string, value string, ttl int) (int, error) {
-	response, err := d.sendRequest(http.MethodPost, "addrecord", addRecordRequest{
-		DomainName: domain,
-		Host:       name,
-		Type:       "TXT",
-		Data:       value,
-		TTL:        ttl,
-	})
-
-	if response != nil && response.Response.Status.Code == http.StatusOK {
-		log.Infof("[%s]: Successfully created record id %d", fqdn, response.Response.Record.RecordID)
-		return response.Response.Record.RecordID, nil
-	}
-	return 0, err
-}
-
-func (d *DNSProvider) deleteTXTRecord(fqdn string, recordid int) error {
-	response, err := d.sendRequest(http.MethodPost, "deleterecord", deleteRecordRequest{
-		RecordID: recordid,
-	})
-	if response != nil && response.Response.Status.Code == 200 {
-		log.Infof("[%s]: Successfully deleted record id %d", fqdn, recordid)
-	}
-	return err
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/godaddy/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/godaddy/client.go
@ -0,0 +1,53 @@
+package godaddy
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
+// DNSRecord a DNS record
+type DNSRecord struct {
+	Type     string `json:"type"`
+	Name     string `json:"name"`
+	Data     string `json:"data"`
+	Priority int    `json:"priority,omitempty"`
+	TTL      int    `json:"ttl,omitempty"`
+}
+
+func (d *DNSProvider) updateRecords(records []DNSRecord, domainZone string, recordName string) error {
+	body, err := json.Marshal(records)
+	if err != nil {
+		return err
+	}
+
+	var resp *http.Response
+	resp, err = d.makeRequest(http.MethodPut, fmt.Sprintf("/v1/domains/%s/records/TXT/%s", domainZone, recordName), bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		bodyBytes, _ := ioutil.ReadAll(resp.Body)
+		return fmt.Errorf("could not create record %v; Status: %v; Body: %s", string(body), resp.StatusCode, string(bodyBytes))
+	}
+	return nil
+}
+
+func (d *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Response, error) {
+	req, err := http.NewRequest(method, fmt.Sprintf("%s%s", defaultBaseURL, uri), body)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", fmt.Sprintf("sso-key %s:%s", d.config.APIKey, d.config.APISecret))
+
+	return d.config.HTTPClient.Do(req)
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/godaddy/godaddy.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/godaddy/godaddy.go
@ -2,17 +2,13 @@
 package godaddy

 import (
-	"bytes"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -28,6 +24,7 @@ type Config struct {
 	APISecret          string
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
+	SequenceInterval   time.Duration
 	TTL                int
 	HTTPClient         *http.Client
 }
@ -38,6 +35,7 @@ func NewDefaultConfig() *Config {
 		TTL:                env.GetOrDefaultInt("GODADDY_TTL", minTTL),
 		PropagationTimeout: env.GetOrDefaultSecond("GODADDY_PROPAGATION_TIMEOUT", 120*time.Second),
 		PollingInterval:    env.GetOrDefaultSecond("GODADDY_POLLING_INTERVAL", 2*time.Second),
+		SequenceInterval:   env.GetOrDefaultSecond("GODADDY_SEQUENCE_INTERVAL", dns01.DefaultPropagationTimeout),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("GODADDY_HTTP_TIMEOUT", 30*time.Second),
 		},
@ -65,17 +63,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for godaddy.
-// Deprecated
-func NewDNSProviderCredentials(apiKey, apiSecret string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = apiKey
-	config.APISecret = apiSecret
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for godaddy.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -99,17 +86,9 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }

-func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
-	if idx := strings.Index(name, "."+domain); idx != -1 {
-		return name[:idx]
-	}
-	return name
-}
-
 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	domainZone, err := d.getZone(fqdn)
 	if err != nil {
 		return err
@ -128,30 +107,9 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	return d.updateRecords(rec, domainZone, recordName)
 }

-func (d *DNSProvider) updateRecords(records []DNSRecord, domainZone string, recordName string) error {
-	body, err := json.Marshal(records)
-	if err != nil {
-		return err
-	}
-
-	var resp *http.Response
-	resp, err = d.makeRequest(http.MethodPut, fmt.Sprintf("/v1/domains/%s/records/TXT/%s", domainZone, recordName), bytes.NewReader(body))
-	if err != nil {
-		return err
-	}
-
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		bodyBytes, _ := ioutil.ReadAll(resp.Body)
-		return fmt.Errorf("could not create record %v; Status: %v; Body: %s", string(body), resp.StatusCode, string(bodyBytes))
-	}
-	return nil
-}
-
 // CleanUp sets null value in the TXT DNS record as GoDaddy has no proper DELETE record method
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)
 	domainZone, err := d.getZone(fqdn)
 	if err != nil {
 		return err
@ -169,33 +127,25 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	return d.updateRecords(rec, domainZone, recordName)
 }

+// Sequential All DNS challenges for this provider will be resolved sequentially.
+// Returns the interval between each iteration.
+func (d *DNSProvider) Sequential() time.Duration {
+	return d.config.SequenceInterval
+}
+
+func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
+	name := dns01.UnFqdn(fqdn)
+	if idx := strings.Index(name, "."+domain); idx != -1 {
+		return name[:idx]
+	}
+	return name
+}
+
 func (d *DNSProvider) getZone(fqdn string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return "", err
 	}

-	return acme.UnFqdn(authZone), nil
-}
-
-func (d *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Response, error) {
-	req, err := http.NewRequest(method, fmt.Sprintf("%s%s", defaultBaseURL, uri), body)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", fmt.Sprintf("sso-key %s:%s", d.config.APIKey, d.config.APISecret))
-
-	return d.config.HTTPClient.Do(req)
-}
-
-// DNSRecord a DNS record
-type DNSRecord struct {
-	Type     string `json:"type"`
-	Name     string `json:"name"`
-	Data     string `json:"data"`
-	Priority int    `json:"priority,omitempty"`
-	TTL      int    `json:"ttl,omitempty"`
+	return dns01.UnFqdn(authZone), nil
 }
--- a/vendor/github.com/xenolf/lego/providers/dns/hostingde/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/hostingde/client.go
@ -1,5 +1,16 @@
 package hostingde

+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+const defaultBaseURL = "https://secure.hosting.de/api/dns/v1/json"
+
 // RecordsAddRequest represents a DNS record to add
 type RecordsAddRequest struct {
 	Name    string `json:"name"`
@ -89,3 +100,44 @@ type ZoneUpdateRequest struct {
 	RecordsToAdd       []RecordsAddRequest    `json:"recordsToAdd"`
 	RecordsToDelete    []RecordsDeleteRequest `json:"recordsToDelete"`
 }
+
+func (d *DNSProvider) updateZone(updateRequest ZoneUpdateRequest) (*ZoneUpdateResponse, error) {
+	body, err := json.Marshal(updateRequest)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, defaultBaseURL+"/zoneUpdate", bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("error querying API: %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	content, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, errors.New(toUnreadableBodyMessage(req, content))
+	}
+
+	// Everything looks good; but we'll need the ID later to delete the record
+	updateResponse := &ZoneUpdateResponse{}
+	err = json.Unmarshal(content, updateResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%v: %s", err, toUnreadableBodyMessage(req, content))
+	}
+
+	if updateResponse.Status != "success" && updateResponse.Status != "pending" {
+		return updateResponse, errors.New(toUnreadableBodyMessage(req, content))
+	}
+
+	return updateResponse, nil
+}
+
+func toUnreadableBodyMessage(req *http.Request, rawBody []byte) string {
+	return fmt.Sprintf("the request %s sent a response with a body which is an invalid format: %q", req.URL, string(rawBody))
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/hostingde/hostingde.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/hostingde/hostingde.go
@ -1,23 +1,17 @@
-// Package hostingde implements a DNS provider for solving the DNS-01
-// challenge using hosting.de.
+// Package hostingde implements a DNS provider for solving the DNS-01 challenge using hosting.de.
 package hostingde

 import (
-	"bytes"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"sync"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

-const defaultBaseURL = "https://secure.hosting.de/api/dns/v1/json"
-
 // Config is used to configure the creation of the DNSProvider
 type Config struct {
 	APIKey             string
@ -31,7 +25,7 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("HOSTINGDE_TTL", 120),
+		TTL:                env.GetOrDefaultInt("HOSTINGDE_TTL", dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond("HOSTINGDE_PROPAGATION_TIMEOUT", 2*time.Minute),
 		PollingInterval:    env.GetOrDefaultSecond("HOSTINGDE_POLLING_INTERVAL", 2*time.Second),
 		HTTPClient: &http.Client{
@ -91,11 +85,11 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	rec := []RecordsAddRequest{{
 		Type:    "TXT",
-		Name:    acme.UnFqdn(fqdn),
+		Name:    dns01.UnFqdn(fqdn),
 		Content: value,
 		TTL:     d.config.TTL,
 	}}
@ -114,7 +108,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	}

 	for _, record := range resp.Response.Records {
-		if record.Name == acme.UnFqdn(fqdn) && record.Content == fmt.Sprintf(`"%s"`, value) {
+		if record.Name == dns01.UnFqdn(fqdn) && record.Content == fmt.Sprintf(`"%s"`, value) {
 			d.recordIDsMu.Lock()
 			d.recordIDs[fqdn] = record.ID
 			d.recordIDsMu.Unlock()
@ -130,7 +124,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	// get the record's unique ID from when we created it
 	d.recordIDsMu.Lock()
@ -142,7 +136,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 	rec := []RecordsDeleteRequest{{
 		Type:    "TXT",
-		Name:    acme.UnFqdn(fqdn),
+		Name:    dns01.UnFqdn(fqdn),
 		Content: value,
 		ID:      recordID,
 	}}
@ -166,44 +160,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	}
 	return nil
 }
-
-func (d *DNSProvider) updateZone(updateRequest ZoneUpdateRequest) (*ZoneUpdateResponse, error) {
-	body, err := json.Marshal(updateRequest)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest(http.MethodPost, defaultBaseURL+"/zoneUpdate", bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("error querying API: %v", err)
-	}
-
-	defer resp.Body.Close()
-
-	content, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, errors.New(toUnreadableBodyMessage(req, content))
-	}
-
-	// Everything looks good; but we'll need the ID later to delete the record
-	updateResponse := &ZoneUpdateResponse{}
-	err = json.Unmarshal(content, updateResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%v: %s", err, toUnreadableBodyMessage(req, content))
-	}
-
-	if updateResponse.Status != "success" && updateResponse.Status != "pending" {
-		return updateResponse, errors.New(toUnreadableBodyMessage(req, content))
-	}
-
-	return updateResponse, nil
-}
-
-func toUnreadableBodyMessage(req *http.Request, rawBody []byte) string {
-	return fmt.Sprintf("the request %s sent a response with a body which is an invalid format: %q", req.URL, string(rawBody))
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/httpreq/httpreq.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/httpreq/httpreq.go
@ -12,7 +12,7 @@ import (
 	"os"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -41,8 +41,8 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		PropagationTimeout: env.GetOrDefaultSecond("HTTPREQ_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("HTTPREQ_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("HTTPREQ_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("HTTPREQ_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("HTTPREQ_HTTP_TIMEOUT", 30*time.Second),
 		},
@ -109,7 +109,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		return nil
 	}

-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	msg := &message{
 		FQDN:  fqdn,
 		Value: value,
@ -138,7 +138,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return nil
 	}

-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	msg := &message{
 		FQDN:  fqdn,
 		Value: value,
--- a/vendor/github.com/xenolf/lego/providers/dns/iij/iij.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/iij/iij.go
@ -9,7 +9,7 @@ import (

 	"github.com/iij/doapi"
 	"github.com/iij/doapi/protocol"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -73,7 +73,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	_, value, _ := acme.DNS01Record(domain, keyAuth)
+	_, value := dns01.GetRecord(domain, keyAuth)

 	err := d.addTxtRecord(domain, value)
 	if err != nil {
@ -84,7 +84,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	_, value, _ := acme.DNS01Record(domain, keyAuth)
+	_, value := dns01.GetRecord(domain, keyAuth)

 	err := d.deleteTxtRecord(domain, value)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/inwx/inwx.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/inwx/inwx.go
@ -7,7 +7,7 @@ import (
 	"time"

 	"github.com/smueller18/goinwx"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 )
@ -25,8 +25,8 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		PropagationTimeout: env.GetOrDefaultSecond("INWX_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("INWX_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("INWX_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("INWX_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		TTL:                env.GetOrDefaultInt("INWX_TTL", 300),
 		Sandbox:            env.GetOrDefaultBool("INWX_SANDBOX", false),
 	}
@ -75,9 +75,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("inwx: %v", err)
 	}
@ -95,8 +95,8 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	}()

 	var request = &goinwx.NameserverRecordRequest{
-		Domain:  acme.UnFqdn(authZone),
-		Name:    acme.UnFqdn(fqdn),
+		Domain:  dns01.UnFqdn(authZone),
+		Name:    dns01.UnFqdn(fqdn),
 		Type:    "TXT",
 		Content: value,
 		Ttl:     d.config.TTL,
@ -104,9 +104,9 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 	_, err = d.client.Nameservers.CreateRecord(request)
 	if err != nil {
-		switch err.(type) {
+		switch er := err.(type) {
 		case *goinwx.ErrorResponse:
-			if err.(*goinwx.ErrorResponse).Message == "Object exists" {
+			if er.Message == "Object exists" {
 				return nil
 			}
 			return fmt.Errorf("inwx: %v", err)
@ -120,9 +120,9 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("inwx: %v", err)
 	}
@ -140,8 +140,8 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 	}()

 	response, err := d.client.Nameservers.Info(&goinwx.NameserverInfoRequest{
-		Domain: acme.UnFqdn(authZone),
-		Name:   acme.UnFqdn(fqdn),
+		Domain: dns01.UnFqdn(authZone),
+		Name:   dns01.UnFqdn(fqdn),
 		Type:   "TXT",
 	})
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/lightsail/lightsail.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/lightsail/lightsail.go
@ -1,5 +1,4 @@
-// Package lightsail implements a DNS provider for solving the DNS-01 challenge
-// using AWS Lightsail DNS.
+// Package lightsail implements a DNS provider for solving the DNS-01 challenge using AWS Lightsail DNS.
 package lightsail

 import (
@ -13,7 +12,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/lightsail"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -54,8 +53,8 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		DNSZone:            env.GetOrFile("DNS_ZONE"),
-		PropagationTimeout: env.GetOrDefaultSecond("LIGHTSAIL_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("LIGHTSAIL_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("LIGHTSAIL_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("LIGHTSAIL_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		Region:             env.GetOrDefaultString("LIGHTSAIL_REGION", "us-east-1"),
 	}
 }
@ -105,7 +104,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	err := d.newTxtRecord(fqdn, `"`+value+`"`)
 	if err != nil {
@ -116,7 +115,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	params := &lightsail.DeleteDomainEntryInput{
 		DomainName: aws.String(d.config.DNSZone),
--- a/vendor/github.com/xenolf/lego/providers/dns/linode/linode.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/linode/linode.go
@ -1,5 +1,4 @@
-// Package linode implements a DNS provider for solving the DNS-01 challenge
-// using Linode DNS.
+// Package linode implements a DNS provider for solving the DNS-01 challenge using Linode DNS.
 package linode

 import (
@ -9,7 +8,7 @@ import (
 	"time"

 	"github.com/timewasted/linode/dns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -59,16 +58,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Linode.
-// Deprecated
-func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = apiKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Linode.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -108,13 +97,13 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record using the specified parameters.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	zone, err := d.getHostedZoneInfo(fqdn)
 	if err != nil {
 		return err
 	}

-	if _, err = d.client.CreateDomainResourceTXT(zone.domainID, acme.UnFqdn(fqdn), value, d.config.TTL); err != nil {
+	if _, err = d.client.CreateDomainResourceTXT(zone.domainID, dns01.UnFqdn(fqdn), value, d.config.TTL); err != nil {
 		return err
 	}

@ -123,7 +112,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	zone, err := d.getHostedZoneInfo(fqdn)
 	if err != nil {
 		return err
@ -155,7 +144,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 func (d *DNSProvider) getHostedZoneInfo(fqdn string) (*hostedZoneInfo, error) {
 	// Lookup the zone that handles the specified FQDN.
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return nil, err
 	}
@ -163,7 +152,7 @@ func (d *DNSProvider) getHostedZoneInfo(fqdn string) (*hostedZoneInfo, error) {
 	resourceName := strings.TrimSuffix(fqdn, "."+authZone)

 	// Query the authority zone.
-	domain, err := d.client.GetDomain(acme.UnFqdn(authZone))
+	domain, err := d.client.GetDomain(dns01.UnFqdn(authZone))
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/linodev4/linodev4.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/linodev4/linodev4.go
@ -1,5 +1,4 @@
-// Package linodev4 implements a DNS provider for solving the DNS-01 challenge
-// using Linode DNS and Linode's APIv4
+// Package linodev4 implements a DNS provider for solving the DNS-01 challenge using Linode DNS and Linode's APIv4
 package linodev4

 import (
@ -12,7 +11,7 @@ import (
 	"time"

 	"github.com/linode/linodego"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 	"golang.org/x/oauth2"
 )
@ -115,14 +114,14 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record using the specified parameters.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	zone, err := d.getHostedZoneInfo(fqdn)
 	if err != nil {
 		return err
 	}

 	createOpts := linodego.DomainRecordCreateOptions{
-		Name:   acme.UnFqdn(fqdn),
+		Name:   dns01.UnFqdn(fqdn),
 		Target: value,
 		TTLSec: d.config.TTL,
 		Type:   linodego.RecordTypeTXT,
@ -134,7 +133,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZoneInfo(fqdn)
 	if err != nil {
@ -163,13 +162,13 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 func (d *DNSProvider) getHostedZoneInfo(fqdn string) (*hostedZoneInfo, error) {
 	// Lookup the zone that handles the specified FQDN.
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return nil, err
 	}

 	// Query the authority zone.
-	data, err := json.Marshal(map[string]string{"domain": acme.UnFqdn(authZone)})
+	data, err := json.Marshal(map[string]string{"domain": dns01.UnFqdn(authZone)})
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/mydnsjp/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/mydnsjp/client.go
@ -0,0 +1,52 @@
+package mydnsjp
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+func (d *DNSProvider) doRequest(domain, value string, cmd string) error {
+	req, err := d.buildRequest(domain, value, cmd)
+	if err != nil {
+		return err
+	}
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("error querying API: %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		var content []byte
+		content, err = ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return err
+		}
+
+		return fmt.Errorf("request %s failed [status code %d]: %s", req.URL, resp.StatusCode, string(content))
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) buildRequest(domain, value string, cmd string) (*http.Request, error) {
+	params := url.Values{}
+	params.Set("CERTBOT_DOMAIN", domain)
+	params.Set("CERTBOT_VALIDATION", value)
+	params.Set("EDIT_CMD", cmd)
+
+	req, err := http.NewRequest(http.MethodPost, defaultBaseURL, strings.NewReader(params.Encode()))
+	if err != nil {
+		return nil, fmt.Errorf("invalid request: %v", err)
+	}
+
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.SetBasicAuth(d.config.MasterID, d.config.Password)
+
+	return req, nil
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/mydnsjp/mydnsjp.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/mydnsjp/mydnsjp.go
@ -1,17 +1,13 @@
-// Package mydnsjp implements a DNS provider for solving the DNS-01
-// challenge using MyDNS.jp.
+// Package mydnsjp implements a DNS provider for solving the DNS-01 challenge using MyDNS.jp.
 package mydnsjp

 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
-	"net/url"
-	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -78,7 +74,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	_, value, _ := acme.DNS01Record(domain, keyAuth)
+	_, value := dns01.GetRecord(domain, keyAuth)
 	err := d.doRequest(domain, value, "REGIST")
 	if err != nil {
 		return fmt.Errorf("mydnsjp: %v", err)
@ -88,53 +84,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	_, value, _ := acme.DNS01Record(domain, keyAuth)
+	_, value := dns01.GetRecord(domain, keyAuth)
 	err := d.doRequest(domain, value, "DELETE")
 	if err != nil {
 		return fmt.Errorf("mydnsjp: %v", err)
 	}
 	return nil
 }
-
-func (d *DNSProvider) doRequest(domain, value string, cmd string) error {
-	req, err := d.buildRequest(domain, value, cmd)
-	if err != nil {
-		return err
-	}
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("error querying API: %v", err)
-	}
-
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 400 {
-		var content []byte
-		content, err = ioutil.ReadAll(resp.Body)
-		if err != nil {
-			return err
-		}
-
-		return fmt.Errorf("request %s failed [status code %d]: %s", req.URL, resp.StatusCode, string(content))
-	}
-
-	return nil
-}
-
-func (d *DNSProvider) buildRequest(domain, value string, cmd string) (*http.Request, error) {
-	params := url.Values{}
-	params.Set("CERTBOT_DOMAIN", domain)
-	params.Set("CERTBOT_VALIDATION", value)
-	params.Set("EDIT_CMD", cmd)
-
-	req, err := http.NewRequest(http.MethodPost, defaultBaseURL, strings.NewReader(params.Encode()))
-	if err != nil {
-		return nil, fmt.Errorf("invalid request: %v", err)
-	}
-
-	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	req.SetBasicAuth(d.config.MasterID, d.config.Password)
-
-	return req, nil
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/namecheap/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/namecheap/client.go
@ -20,8 +20,8 @@ type Record struct {
 	TTL     string `xml:",attr"`
 }

-// apierror describes an error record in a namecheap API response.
-type apierror struct {
+// apiError describes an error record in a namecheap API response.
+type apiError struct {
 	Number      int    `xml:",attr"`
 	Description string `xml:",innerxml"`
 }
@ -29,7 +29,7 @@ type apierror struct {
 type setHostsResponse struct {
 	XMLName xml.Name   `xml:"ApiResponse"`
 	Status  string     `xml:"Status,attr"`
-	Errors  []apierror `xml:"Errors>Error"`
+	Errors  []apiError `xml:"Errors>Error"`
 	Result  struct {
 		IsSuccess string `xml:",attr"`
 	} `xml:"CommandResponse>DomainDNSSetHostsResult"`
@ -38,13 +38,13 @@ type setHostsResponse struct {
 type getHostsResponse struct {
 	XMLName xml.Name   `xml:"ApiResponse"`
 	Status  string     `xml:"Status,attr"`
-	Errors  []apierror `xml:"Errors>Error"`
+	Errors  []apiError `xml:"Errors>Error"`
 	Hosts   []Record   `xml:"CommandResponse>DomainDNSGetHostsResult>host"`
 }

 type getTldsResponse struct {
 	XMLName xml.Name   `xml:"ApiResponse"`
-	Errors  []apierror `xml:"Errors>Error"`
+	Errors  []apiError `xml:"Errors>Error"`
 	Result  []struct {
 		Name string `xml:",attr"`
 	} `xml:"CommandResponse>Tlds>Tld"`
--- a/vendor/github.com/xenolf/lego/providers/dns/namecheap/namecheap.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/namecheap/namecheap.go
@ -1,5 +1,4 @@
-// Package namecheap implements a DNS provider for solving the DNS-01
-// challenge using namecheap DNS.
+// Package namecheap implements a DNS provider for solving the DNS-01 challenge using namecheap DNS.
 package namecheap

 import (
@ -11,7 +10,7 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 )
@ -64,7 +63,7 @@ func NewDefaultConfig() *Config {
 	return &Config{
 		BaseURL:            defaultBaseURL,
 		Debug:              env.GetOrDefaultBool("NAMECHEAP_DEBUG", false),
-		TTL:                env.GetOrDefaultInt("NAMECHEAP_TTL", 120),
+		TTL:                env.GetOrDefaultInt("NAMECHEAP_TTL", dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond("NAMECHEAP_PROPAGATION_TIMEOUT", 60*time.Minute),
 		PollingInterval:    env.GetOrDefaultSecond("NAMECHEAP_POLLING_INTERVAL", 15*time.Second),
 		HTTPClient: &http.Client{
@ -95,17 +94,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for namecheap.
-// Deprecated
-func NewDNSProviderCredentials(apiUser, apiKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIUser = apiUser
-	config.APIKey = apiKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for namecheap.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -233,7 +221,7 @@ func getClientIP(client *http.Client, debug bool) (addr string, err error) {
 // newChallenge builds a challenge record from a domain name, a challenge
 // authentication key, and a map of available TLDs.
 func newChallenge(domain, keyAuth string, tlds map[string]string) (*challenge, error) {
-	domain = acme.UnFqdn(domain)
+	domain = dns01.UnFqdn(domain)
 	parts := strings.Split(domain, ".")

 	// Find the longest matching TLD.
@ -256,7 +244,7 @@ func newChallenge(domain, keyAuth string, tlds map[string]string) (*challenge, e
 		host = strings.Join(parts[:longest-1], ".")
 	}

-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	return &challenge{
 		domain:   domain,
--- a/vendor/github.com/xenolf/lego/providers/dns/namedotcom/namedotcom.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/namedotcom/namedotcom.go
@ -1,5 +1,4 @@
-// Package namedotcom implements a DNS provider for solving the DNS-01 challenge
-// using Name.com's DNS service.
+// Package namedotcom implements a DNS provider for solving the DNS-01 challenge using Name.com's DNS service.
 package namedotcom

 import (
@ -10,7 +9,7 @@ import (
 	"time"

 	"github.com/namedotcom/go/namecom"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -32,8 +31,8 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                env.GetOrDefaultInt("NAMECOM_TTL", minTTL),
-		PropagationTimeout: env.GetOrDefaultSecond("NAMECOM_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("NAMECOM_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("NAMECOM_PROPAGATION_TIMEOUT", 15*time.Minute),
+		PollingInterval:    env.GetOrDefaultSecond("NAMECOM_POLLING_INTERVAL", 20*time.Second),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("NAMECOM_HTTP_TIMEOUT", 10*time.Second),
 		},
@ -63,18 +62,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for namedotcom.
-// Deprecated
-func NewDNSProviderCredentials(username, apiToken, server string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.Username = username
-	config.APIToken = apiToken
-	config.Server = server
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for namedotcom.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -105,7 +92,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	request := &namecom.Record{
 		DomainName: domain,
@ -125,7 +112,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	records, err := d.getRecords(domain)
 	if err != nil {
@ -175,7 +162,7 @@ func (d *DNSProvider) getRecords(domain string) ([]*namecom.Record, error) {
 }

 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/netcup/internal/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/netcup/internal/client.go
@ -1,4 +1,4 @@
-package netcup
+package internal

 import (
 	"bytes"
@ -7,8 +7,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"time"
-
-	"github.com/xenolf/lego/acme"
 )

 // defaultBaseURL for reaching the jSON-based API-Endpoint of netcup
@ -246,7 +244,6 @@ func (c *Client) doRequest(payload interface{}, responseData interface{}) error

 	req.Close = true
 	req.Header.Set("content-type", "application/json")
-	req.Header.Set("User-Agent", acme.UserAgent)

 	resp, err := c.HTTPClient.Do(req)
 	if err != nil {
@ -316,3 +313,15 @@ func decodeResponseMsg(resp *http.Response) (*ResponseMsg, error) {

 	return &respMsg, nil
 }
+
+// GetDNSRecordIdx searches a given array of DNSRecords for a given DNSRecord
+// equivalence is determined by Destination and RecortType attributes
+// returns index of given DNSRecord in given array of DNSRecords
+func GetDNSRecordIdx(records []DNSRecord, record DNSRecord) (int, error) {
+	for index, element := range records {
+		if record.Destination == element.Destination && record.RecordType == element.RecordType {
+			return index, nil
+		}
+	}
+	return -1, fmt.Errorf("no DNS Record found")
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/netcup/netcup.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/netcup/netcup.go
@ -8,7 +8,9 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/providers/dns/netcup/internal"
+
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 )
@ -27,7 +29,7 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("NETCUP_TTL", 120),
+		TTL:                env.GetOrDefaultInt("NETCUP_TTL", dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond("NETCUP_PROPAGATION_TIMEOUT", 120*time.Second),
 		PollingInterval:    env.GetOrDefaultSecond("NETCUP_POLLING_INTERVAL", 5*time.Second),
 		HTTPClient: &http.Client{
@ -38,7 +40,7 @@ func NewDefaultConfig() *Config {

 // DNSProvider is an implementation of the acme.ChallengeProvider interface
 type DNSProvider struct {
-	client *Client
+	client *internal.Client
 	config *Config
 }

@ -59,25 +61,13 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for netcup.
-// Deprecated
-func NewDNSProviderCredentials(customer, key, password string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.Customer = customer
-	config.Key = key
-	config.Password = password
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for netcup.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
 		return nil, errors.New("netcup: the configuration of the DNS provider is nil")
 	}

-	client, err := NewClient(config.Customer, config.Key, config.Password)
+	client, err := internal.NewClient(config.Customer, config.Key, config.Password)
 	if err != nil {
 		return nil, fmt.Errorf("netcup: %v", err)
 	}
@ -89,9 +79,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domainName, keyAuth)
+	fqdn, value := dns01.GetRecord(domainName, keyAuth)

-	zone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	zone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("netcup: failed to find DNSZone, %v", err)
 	}
@ -109,9 +99,14 @@ func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
 	}()

 	hostname := strings.Replace(fqdn, "."+zone, "", 1)
-	record := createTxtRecord(hostname, value, d.config.TTL)
+	record := internal.DNSRecord{
+		Hostname:    hostname,
+		RecordType:  "TXT",
+		Destination: value,
+		TTL:         d.config.TTL,
+	}

-	zone = acme.UnFqdn(zone)
+	zone = dns01.UnFqdn(zone)

 	records, err := d.client.GetDNSRecords(zone, sessionID)
 	if err != nil {
@ -131,9 +126,9 @@ func (d *DNSProvider) Present(domainName, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domainName, keyAuth)
+	fqdn, value := dns01.GetRecord(domainName, keyAuth)

-	zone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	zone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("netcup: failed to find DNSZone, %v", err)
 	}
@ -152,23 +147,27 @@ func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {

 	hostname := strings.Replace(fqdn, "."+zone, "", 1)

-	zone = acme.UnFqdn(zone)
+	zone = dns01.UnFqdn(zone)

 	records, err := d.client.GetDNSRecords(zone, sessionID)
 	if err != nil {
 		return fmt.Errorf("netcup: %v", err)
 	}

-	record := createTxtRecord(hostname, value, 0)
+	record := internal.DNSRecord{
+		Hostname:    hostname,
+		RecordType:  "TXT",
+		Destination: value,
+	}

-	idx, err := getDNSRecordIdx(records, record)
+	idx, err := internal.GetDNSRecordIdx(records, record)
 	if err != nil {
 		return fmt.Errorf("netcup: %v", err)
 	}

 	records[idx].DeleteRecord = true

-	err = d.client.UpdateDNSRecord(sessionID, zone, []DNSRecord{records[idx]})
+	err = d.client.UpdateDNSRecord(sessionID, zone, []internal.DNSRecord{records[idx]})
 	if err != nil {
 		return fmt.Errorf("netcup: %v", err)
 	}
@ -181,29 +180,3 @@ func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-// getDNSRecordIdx searches a given array of DNSRecords for a given DNSRecord
-// equivalence is determined by Destination and RecortType attributes
-// returns index of given DNSRecord in given array of DNSRecords
-func getDNSRecordIdx(records []DNSRecord, record DNSRecord) (int, error) {
-	for index, element := range records {
-		if record.Destination == element.Destination && record.RecordType == element.RecordType {
-			return index, nil
-		}
-	}
-	return -1, fmt.Errorf("no DNS Record found")
-}
-
-// createTxtRecord uses the supplied values to return a DNSRecord of type TXT for the dns-01 challenge
-func createTxtRecord(hostname, value string, ttl int) DNSRecord {
-	return DNSRecord{
-		ID:           0,
-		Hostname:     hostname,
-		RecordType:   "TXT",
-		Priority:     "",
-		Destination:  value,
-		DeleteRecord: false,
-		State:        "",
-		TTL:          ttl,
-	}
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/nifcloud/internal/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/nifcloud/internal/client.go
@ -1,6 +1,4 @@
-// Package nifcloud implements a DNS provider for solving the DNS-01 challenge
-// using NIFCLOUD DNS.
-package nifcloud
+package internal

 import (
 	"bytes"
@ -17,7 +15,8 @@ import (
 const (
 	defaultBaseURL = "https://dns.api.cloud.nifty.com"
 	apiVersion     = "2012-12-12N2013-12-16"
-	xmlNs          = "https://route53.amazonaws.com/doc/2012-12-12/"
+	// XMLNs XML NS of Route53
+	XMLNs = "https://route53.amazonaws.com/doc/2012-12-12/"
 )

 // ChangeResourceRecordSetsRequest is a complex type that contains change information for the resource record set.
--- a/vendor/github.com/xenolf/lego/providers/dns/nifcloud/nifcloud.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/nifcloud/nifcloud.go
@ -1,5 +1,4 @@
-// Package nifcloud implements a DNS provider for solving the DNS-01 challenge
-// using NIFCLOUD DNS.
+// Package nifcloud implements a DNS provider for solving the DNS-01 challenge using NIFCLOUD DNS.
 package nifcloud

 import (
@ -8,8 +7,11 @@ import (
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/providers/dns/nifcloud/internal"
+
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
+	"github.com/xenolf/lego/platform/wait"
 )

 // Config is used to configure the creation of the DNSProvider
@ -26,9 +28,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("NIFCLOUD_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("NIFCLOUD_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("NIFCLOUD_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("NIFCLOUD_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("NIFCLOUD_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("NIFCLOUD_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("NIFCLOUD_HTTP_TIMEOUT", 30*time.Second),
 		},
@ -37,7 +39,7 @@ func NewDefaultConfig() *Config {

 // DNSProvider implements the acme.ChallengeProvider interface
 type DNSProvider struct {
-	client *Client
+	client *internal.Client
 	config *Config
 }

@ -58,26 +60,13 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for NIFCLOUD.
-// Deprecated
-func NewDNSProviderCredentials(httpClient *http.Client, endpoint, accessKey, secretKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.HTTPClient = httpClient
-	config.BaseURL = endpoint
-	config.AccessKey = accessKey
-	config.SecretKey = secretKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for NIFCLOUD.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
 		return nil, errors.New("nifcloud: the configuration of the DNS provider is nil")
 	}

-	client, err := NewClient(config.AccessKey, config.SecretKey)
+	client, err := internal.NewClient(config.AccessKey, config.SecretKey)
 	if err != nil {
 		return nil, fmt.Errorf("nifcloud: %v", err)
 	}
@ -95,7 +84,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	err := d.changeRecord("CREATE", fqdn, value, domain, d.config.TTL)
 	if err != nil {
@ -106,7 +95,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	err := d.changeRecord("DELETE", fqdn, value, domain, d.config.TTL)
 	if err != nil {
@ -122,22 +111,22 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 }

 func (d *DNSProvider) changeRecord(action, fqdn, value, domain string, ttl int) error {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)

-	reqParams := ChangeResourceRecordSetsRequest{
-		XMLNs: xmlNs,
-		ChangeBatch: ChangeBatch{
+	reqParams := internal.ChangeResourceRecordSetsRequest{
+		XMLNs: internal.XMLNs,
+		ChangeBatch: internal.ChangeBatch{
 			Comment: "Managed by Lego",
-			Changes: Changes{
-				Change: []Change{
+			Changes: internal.Changes{
+				Change: []internal.Change{
 					{
 						Action: action,
-						ResourceRecordSet: ResourceRecordSet{
+						ResourceRecordSet: internal.ResourceRecordSet{
 							Name: name,
 							Type: "TXT",
 							TTL:  ttl,
-							ResourceRecords: ResourceRecords{
-								ResourceRecord: []ResourceRecord{
+							ResourceRecords: internal.ResourceRecords{
+								ResourceRecord: []internal.ResourceRecord{
 									{
 										Value: value,
 									},
@ -157,7 +146,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value, domain string, ttl int)

 	statusID := resp.ChangeInfo.ID

-	return acme.WaitFor(120*time.Second, 4*time.Second, func() (bool, error) {
+	return wait.For("nifcloud", 120*time.Second, 4*time.Second, func() (bool, error) {
 		resp, err := d.client.GetChange(statusID)
 		if err != nil {
 			return false, fmt.Errorf("failed to query NIFCLOUD DNS change status: %v", err)
--- a/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/ns1/ns1.go
@ -1,5 +1,4 @@
-// Package ns1 implements a DNS provider for solving the DNS-01 challenge
-// using NS1 DNS.
+// Package ns1 implements a DNS provider for solving the DNS-01 challenge using NS1 DNS.
 package ns1

 import (
@ -9,7 +8,7 @@ import (
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 	"gopkg.in/ns1/ns1-go.v2/rest"
@ -28,9 +27,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("NS1_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("NS1_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("NS1_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("NS1_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("NS1_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("NS1_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("NS1_HTTP_TIMEOUT", 10*time.Second),
 		},
@ -57,16 +56,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for NS1.
-// Deprecated
-func NewDNSProviderCredentials(key string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = key
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for NS1.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -84,20 +73,20 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZone(fqdn)
 	if err != nil {
 		return fmt.Errorf("ns1: %v", err)
 	}

-	record, _, err := d.client.Records.Get(zone.Zone, acme.UnFqdn(fqdn), "TXT")
+	record, _, err := d.client.Records.Get(zone.Zone, dns01.UnFqdn(fqdn), "TXT")

 	// Create a new record
 	if err == rest.ErrRecordMissing || record == nil {
 		log.Infof("Create a new record for [zone: %s, fqdn: %s, domain: %s]", zone.Zone, fqdn)

-		record = dns.NewRecord(zone.Zone, acme.UnFqdn(fqdn), "TXT")
+		record = dns.NewRecord(zone.Zone, dns01.UnFqdn(fqdn), "TXT")
 		record.TTL = d.config.TTL
 		record.Answers = []*dns.Answer{{Rdata: []string{value}}}

@ -128,14 +117,14 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZone(fqdn)
 	if err != nil {
 		return fmt.Errorf("ns1: %v", err)
 	}

-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	_, err = d.client.Records.Delete(zone.Zone, name, "TXT")
 	if err != nil {
 		return fmt.Errorf("ns1: failed to delete record [zone: %q, domain: %q]: %v", zone.Zone, name, err)
@ -164,7 +153,7 @@ func (d *DNSProvider) getHostedZone(fqdn string) (*dns.Zone, error) {
 }

 func getAuthZone(fqdn string) (string, error) {
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return "", err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/otc/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/otc/client.go
@ -1,5 +1,14 @@
 package otc

+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
 type recordset struct {
 	Name        string   `json:"name"`
 	Description string   `json:"description"`
@ -41,14 +50,20 @@ type loginResponse struct {
 }

 type endpointResponse struct {
-	Token struct {
-		Catalog []struct {
-			Type      string `json:"type"`
-			Endpoints []struct {
-				URL string `json:"url"`
-			} `json:"endpoints"`
-		} `json:"catalog"`
-	} `json:"token"`
+	Token token `json:"token"`
+}
+
+type token struct {
+	Catalog []catalog `json:"catalog"`
+}
+
+type catalog struct {
+	Type      string     `json:"type"`
+	Endpoints []endpoint `json:"endpoints"`
+}
+
+type endpoint struct {
+	URL string `json:"url"`
 }

 type zoneItem struct {
@ -66,3 +81,183 @@ type recordSet struct {
 type recordSetsResponse struct {
 	RecordSets []recordSet `json:"recordsets"`
 }
+
+// Starts a new OTC API Session. Authenticates using userName, password
+// and receives a token to be used in for subsequent requests.
+func (d *DNSProvider) login() error {
+	return d.loginRequest()
+}
+
+func (d *DNSProvider) loginRequest() error {
+	userResp := userResponse{
+		Name:     d.config.UserName,
+		Password: d.config.Password,
+		Domain: nameResponse{
+			Name: d.config.DomainName,
+		},
+	}
+
+	loginResp := loginResponse{
+		Auth: authResponse{
+			Identity: identityResponse{
+				Methods: []string{"password"},
+				Password: passwordResponse{
+					User: userResp,
+				},
+			},
+			Scope: scopeResponse{
+				Project: nameResponse{
+					Name: d.config.ProjectName,
+				},
+			},
+		},
+	}
+
+	body, err := json.Marshal(loginResp)
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, d.config.IdentityEndpoint, bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+
+	client := &http.Client{Timeout: d.config.HTTPClient.Timeout}
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return fmt.Errorf("OTC API request failed with HTTP status code %d", resp.StatusCode)
+	}
+
+	d.token = resp.Header.Get("X-Subject-Token")
+
+	if d.token == "" {
+		return fmt.Errorf("unable to get auth token")
+	}
+
+	var endpointResp endpointResponse
+
+	err = json.NewDecoder(resp.Body).Decode(&endpointResp)
+	if err != nil {
+		return err
+	}
+
+	var endpoints []endpoint
+	for _, v := range endpointResp.Token.Catalog {
+		if v.Type == "dns" {
+			endpoints = append(endpoints, v.Endpoints...)
+		}
+	}
+
+	if len(endpoints) > 0 {
+		d.baseURL = fmt.Sprintf("%s/v2", endpoints[0].URL)
+	} else {
+		return fmt.Errorf("unable to get dns endpoint")
+	}
+
+	return nil
+}
+
+func (d *DNSProvider) getZoneID(zone string) (string, error) {
+	resource := fmt.Sprintf("zones?name=%s", zone)
+	resp, err := d.sendRequest(http.MethodGet, resource, nil)
+	if err != nil {
+		return "", err
+	}
+
+	var zonesRes zonesResponse
+	err = json.NewDecoder(resp).Decode(&zonesRes)
+	if err != nil {
+		return "", err
+	}
+
+	if len(zonesRes.Zones) < 1 {
+		return "", fmt.Errorf("zone %s not found", zone)
+	}
+
+	if len(zonesRes.Zones) > 1 {
+		return "", fmt.Errorf("to many zones found")
+	}
+
+	if zonesRes.Zones[0].ID == "" {
+		return "", fmt.Errorf("id not found")
+	}
+
+	return zonesRes.Zones[0].ID, nil
+}
+
+func (d *DNSProvider) getRecordSetID(zoneID string, fqdn string) (string, error) {
+	resource := fmt.Sprintf("zones/%s/recordsets?type=TXT&name=%s", zoneID, fqdn)
+	resp, err := d.sendRequest(http.MethodGet, resource, nil)
+	if err != nil {
+		return "", err
+	}
+
+	var recordSetsRes recordSetsResponse
+	err = json.NewDecoder(resp).Decode(&recordSetsRes)
+	if err != nil {
+		return "", err
+	}
+
+	if len(recordSetsRes.RecordSets) < 1 {
+		return "", fmt.Errorf("record not found")
+	}
+
+	if len(recordSetsRes.RecordSets) > 1 {
+		return "", fmt.Errorf("to many records found")
+	}
+
+	if recordSetsRes.RecordSets[0].ID == "" {
+		return "", fmt.Errorf("id not found")
+	}
+
+	return recordSetsRes.RecordSets[0].ID, nil
+}
+
+func (d *DNSProvider) deleteRecordSet(zoneID, recordID string) error {
+	resource := fmt.Sprintf("zones/%s/recordsets/%s", zoneID, recordID)
+
+	_, err := d.sendRequest(http.MethodDelete, resource, nil)
+	return err
+}
+
+func (d *DNSProvider) sendRequest(method, resource string, payload interface{}) (io.Reader, error) {
+	url := fmt.Sprintf("%s/%s", d.baseURL, resource)
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(method, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	if len(d.token) > 0 {
+		req.Header.Set("X-Auth-Token", d.token)
+	}
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 400 {
+		return nil, fmt.Errorf("OTC API request %s failed with HTTP status code %d", url, resp.StatusCode)
+	}
+
+	body1, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return bytes.NewReader(body1), nil
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/otc/otc.go
@ -1,19 +1,14 @@
-// Package otc implements a DNS provider for solving the DNS-01 challenge
-// using Open Telekom Cloud Managed DNS.
+// Package otc implements a DNS provider for solving the DNS-01 challenge using Open Telekom Cloud Managed DNS.
 package otc

 import (
-	"bytes"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -39,8 +34,8 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		IdentityEndpoint:   env.GetOrDefaultString("OTC_IDENTITY_ENDPOINT", defaultIdentityEndpoint),
-		PropagationTimeout: env.GetOrDefaultSecond("OTC_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("OTC_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("OTC_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("OTC_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		TTL:                env.GetOrDefaultInt("OTC_TTL", minTTL),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("OTC_HTTP_TIMEOUT", 10*time.Second),
@ -89,20 +84,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for OTC DNS.
-// Deprecated
-func NewDNSProviderCredentials(domainName, userName, password, projectName, identityEndpoint string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.IdentityEndpoint = identityEndpoint
-	config.DomainName = domainName
-	config.UserName = userName
-	config.Password = password
-	config.ProjectName = projectName
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for OTC DNS.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -126,9 +107,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("otc: %v", err)
 	}
@ -162,9 +143,9 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return fmt.Errorf("otc: %v", err)
 	}
@ -196,184 +177,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-// sendRequest send request
-func (d *DNSProvider) sendRequest(method, resource string, payload interface{}) (io.Reader, error) {
-	url := fmt.Sprintf("%s/%s", d.baseURL, resource)
-
-	body, err := json.Marshal(payload)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest(method, url, bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Set("Content-Type", "application/json")
-	if len(d.token) > 0 {
-		req.Header.Set("X-Auth-Token", d.token)
-	}
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 400 {
-		return nil, fmt.Errorf("OTC API request %s failed with HTTP status code %d", url, resp.StatusCode)
-	}
-
-	body1, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	return bytes.NewReader(body1), nil
-}
-
-func (d *DNSProvider) loginRequest() error {
-	userResp := userResponse{
-		Name:     d.config.UserName,
-		Password: d.config.Password,
-		Domain: nameResponse{
-			Name: d.config.DomainName,
-		},
-	}
-
-	loginResp := loginResponse{
-		Auth: authResponse{
-			Identity: identityResponse{
-				Methods: []string{"password"},
-				Password: passwordResponse{
-					User: userResp,
-				},
-			},
-			Scope: scopeResponse{
-				Project: nameResponse{
-					Name: d.config.ProjectName,
-				},
-			},
-		},
-	}
-
-	body, err := json.Marshal(loginResp)
-	if err != nil {
-		return err
-	}
-
-	req, err := http.NewRequest(http.MethodPost, d.config.IdentityEndpoint, bytes.NewReader(body))
-	if err != nil {
-		return err
-	}
-	req.Header.Set("Content-Type", "application/json")
-
-	client := &http.Client{Timeout: d.config.HTTPClient.Timeout}
-	resp, err := client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode >= 400 {
-		return fmt.Errorf("OTC API request failed with HTTP status code %d", resp.StatusCode)
-	}
-
-	d.token = resp.Header.Get("X-Subject-Token")
-
-	if d.token == "" {
-		return fmt.Errorf("unable to get auth token")
-	}
-
-	var endpointResp endpointResponse
-
-	err = json.NewDecoder(resp.Body).Decode(&endpointResp)
-	if err != nil {
-		return err
-	}
-
-	for _, v := range endpointResp.Token.Catalog {
-		if v.Type == "dns" {
-			for _, endpoint := range v.Endpoints {
-				d.baseURL = fmt.Sprintf("%s/v2", endpoint.URL)
-				continue
-			}
-		}
-	}
-
-	if d.baseURL == "" {
-		return fmt.Errorf("unable to get dns endpoint")
-	}
-
-	return nil
-}
-
-// Starts a new OTC API Session. Authenticates using userName, password
-// and receives a token to be used in for subsequent requests.
-func (d *DNSProvider) login() error {
-	return d.loginRequest()
-}
-
-func (d *DNSProvider) getZoneID(zone string) (string, error) {
-	resource := fmt.Sprintf("zones?name=%s", zone)
-	resp, err := d.sendRequest(http.MethodGet, resource, nil)
-	if err != nil {
-		return "", err
-	}
-
-	var zonesRes zonesResponse
-	err = json.NewDecoder(resp).Decode(&zonesRes)
-	if err != nil {
-		return "", err
-	}
-
-	if len(zonesRes.Zones) < 1 {
-		return "", fmt.Errorf("zone %s not found", zone)
-	}
-
-	if len(zonesRes.Zones) > 1 {
-		return "", fmt.Errorf("to many zones found")
-	}
-
-	if zonesRes.Zones[0].ID == "" {
-		return "", fmt.Errorf("id not found")
-	}
-
-	return zonesRes.Zones[0].ID, nil
-}
-
-func (d *DNSProvider) getRecordSetID(zoneID string, fqdn string) (string, error) {
-	resource := fmt.Sprintf("zones/%s/recordsets?type=TXT&name=%s", zoneID, fqdn)
-	resp, err := d.sendRequest(http.MethodGet, resource, nil)
-	if err != nil {
-		return "", err
-	}
-
-	var recordSetsRes recordSetsResponse
-	err = json.NewDecoder(resp).Decode(&recordSetsRes)
-	if err != nil {
-		return "", err
-	}
-
-	if len(recordSetsRes.RecordSets) < 1 {
-		return "", fmt.Errorf("record not found")
-	}
-
-	if len(recordSetsRes.RecordSets) > 1 {
-		return "", fmt.Errorf("to many records found")
-	}
-
-	if recordSetsRes.RecordSets[0].ID == "" {
-		return "", fmt.Errorf("id not found")
-	}
-
-	return recordSetsRes.RecordSets[0].ID, nil
-}
-
-func (d *DNSProvider) deleteRecordSet(zoneID, recordID string) error {
-	resource := fmt.Sprintf("zones/%s/recordsets/%s", zoneID, recordID)
-
-	_, err := d.sendRequest(http.MethodDelete, resource, nil)
-	return err
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/ovh/ovh.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/ovh/ovh.go
@ -1,5 +1,4 @@
-// Package ovh implements a DNS provider for solving the DNS-01
-// challenge using OVH DNS.
+// Package ovh implements a DNS provider for solving the DNS-01 challenge using OVH DNS.
 package ovh

 import (
@ -11,13 +10,23 @@ import (
 	"time"

 	"github.com/ovh/go-ovh/ovh"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

 // OVH API reference:       https://eu.api.ovh.com/
 // Create a Token:					https://eu.api.ovh.com/createToken/

+// Record a DNS record
+type Record struct {
+	ID        int    `json:"id,omitempty"`
+	FieldType string `json:"fieldType,omitempty"`
+	SubDomain string `json:"subDomain,omitempty"`
+	Target    string `json:"target,omitempty"`
+	TTL       int    `json:"ttl,omitempty"`
+	Zone      string `json:"zone,omitempty"`
+}
+
 // Config is used to configure the creation of the DNSProvider
 type Config struct {
 	APIEndpoint        string
@ -33,9 +42,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("OVH_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("OVH_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("OVH_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("OVH_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("OVH_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("OVH_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("OVH_HTTP_TIMEOUT", ovh.DefaultTimeout),
 		},
@ -72,19 +81,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for OVH.
-// Deprecated
-func NewDNSProviderCredentials(apiEndpoint, applicationKey, applicationSecret, consumerKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIEndpoint = apiEndpoint
-	config.ApplicationKey = applicationKey
-	config.ApplicationSecret = applicationSecret
-	config.ConsumerKey = consumerKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for OVH.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -116,32 +112,32 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	// Parse domain name
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return fmt.Errorf("ovh: could not determine zone for domain: '%s'. %s", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = dns01.UnFqdn(authZone)
 	subDomain := d.extractRecordName(fqdn, authZone)

 	reqURL := fmt.Sprintf("/domain/zone/%s/record", authZone)
-	reqData := txtRecordRequest{FieldType: "TXT", SubDomain: subDomain, Target: value, TTL: d.config.TTL}
-	var respData txtRecordResponse
+	reqData := Record{FieldType: "TXT", SubDomain: subDomain, Target: value, TTL: d.config.TTL}

 	// Create TXT record
+	var respData Record
 	err = d.client.Post(reqURL, reqData, &respData)
 	if err != nil {
-		return fmt.Errorf("ovh: error when call api to add record: %v", err)
+		return fmt.Errorf("ovh: error when call api to add record (%s): %v", reqURL, err)
 	}

 	// Apply the change
 	reqURL = fmt.Sprintf("/domain/zone/%s/refresh", authZone)
 	err = d.client.Post(reqURL, nil, nil)
 	if err != nil {
-		return fmt.Errorf("ovh: error when call api to refresh zone: %v", err)
+		return fmt.Errorf("ovh: error when call api to refresh zone (%s): %v", reqURL, err)
 	}

 	d.recordIDsMu.Lock()
@ -153,7 +149,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	// get the record's unique ID from when we created it
 	d.recordIDsMu.Lock()
@ -163,18 +159,18 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("ovh: unknown record ID for '%s'", fqdn)
 	}

-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return fmt.Errorf("ovh: could not determine zone for domain: '%s'. %s", domain, err)
 	}

-	authZone = acme.UnFqdn(authZone)
+	authZone = dns01.UnFqdn(authZone)

 	reqURL := fmt.Sprintf("/domain/zone/%s/record/%d", authZone, recordID)

 	err = d.client.Delete(reqURL, nil)
 	if err != nil {
-		return fmt.Errorf("ovh: error when call OVH api to delete challenge record: %v", err)
+		return fmt.Errorf("ovh: error when call OVH api to delete challenge record (%s): %v", reqURL, err)
 	}

 	// Delete record ID from map
@ -192,27 +188,9 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 }

 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
 	return name
 }
-
-// txtRecordRequest represents the request body to DO's API to make a TXT record
-type txtRecordRequest struct {
-	FieldType string `json:"fieldType"`
-	SubDomain string `json:"subDomain"`
-	Target    string `json:"target"`
-	TTL       int    `json:"ttl"`
-}
-
-// txtRecordResponse represents a response from DO's API after making a TXT record
-type txtRecordResponse struct {
-	ID        int    `json:"id"`
-	FieldType string `json:"fieldType"`
-	SubDomain string `json:"subDomain"`
-	Target    string `json:"target"`
-	TTL       int    `json:"ttl"`
-	Zone      string `json:"zone"`
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/pdns/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/pdns/client.go
@ -0,0 +1,220 @@
+package pdns
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/xenolf/lego/challenge/dns01"
+)
+
+type Record struct {
+	Content  string `json:"content"`
+	Disabled bool   `json:"disabled"`
+
+	// pre-v1 API
+	Name string `json:"name"`
+	Type string `json:"type"`
+	TTL  int    `json:"ttl,omitempty"`
+}
+
+type hostedZone struct {
+	ID     string  `json:"id"`
+	Name   string  `json:"name"`
+	URL    string  `json:"url"`
+	RRSets []rrSet `json:"rrsets"`
+
+	// pre-v1 API
+	Records []Record `json:"records"`
+}
+
+type rrSet struct {
+	Name       string   `json:"name"`
+	Type       string   `json:"type"`
+	Kind       string   `json:"kind"`
+	ChangeType string   `json:"changetype"`
+	Records    []Record `json:"records"`
+	TTL        int      `json:"ttl,omitempty"`
+}
+
+type rrSets struct {
+	RRSets []rrSet `json:"rrsets"`
+}
+
+type apiError struct {
+	ShortMsg string `json:"error"`
+}
+
+func (a apiError) Error() string {
+	return a.ShortMsg
+}
+
+type apiVersion struct {
+	URL     string `json:"url"`
+	Version int    `json:"version"`
+}
+
+func (d *DNSProvider) getHostedZone(fqdn string) (*hostedZone, error) {
+	var zone hostedZone
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
+	if err != nil {
+		return nil, err
+	}
+
+	u := "/servers/localhost/zones"
+	result, err := d.sendRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var zones []hostedZone
+	err = json.Unmarshal(result, &zones)
+	if err != nil {
+		return nil, err
+	}
+
+	u = ""
+	for _, zone := range zones {
+		if dns01.UnFqdn(zone.Name) == dns01.UnFqdn(authZone) {
+			u = zone.URL
+			break
+		}
+	}
+
+	result, err = d.sendRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(result, &zone)
+	if err != nil {
+		return nil, err
+	}
+
+	// convert pre-v1 API result
+	if len(zone.Records) > 0 {
+		zone.RRSets = []rrSet{}
+		for _, record := range zone.Records {
+			set := rrSet{
+				Name:    record.Name,
+				Type:    record.Type,
+				Records: []Record{record},
+			}
+			zone.RRSets = append(zone.RRSets, set)
+		}
+	}
+
+	return &zone, nil
+}
+
+func (d *DNSProvider) findTxtRecord(fqdn string) (*rrSet, error) {
+	zone, err := d.getHostedZone(fqdn)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = d.sendRequest(http.MethodGet, zone.URL, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, set := range zone.RRSets {
+		if (set.Name == dns01.UnFqdn(fqdn) || set.Name == fqdn) && set.Type == "TXT" {
+			return &set, nil
+		}
+	}
+
+	return nil, fmt.Errorf("no existing record found for %s", fqdn)
+}
+
+func (d *DNSProvider) getAPIVersion() (int, error) {
+	result, err := d.sendRequest(http.MethodGet, "/api", nil)
+	if err != nil {
+		return 0, err
+	}
+
+	var versions []apiVersion
+	err = json.Unmarshal(result, &versions)
+	if err != nil {
+		return 0, err
+	}
+
+	latestVersion := 0
+	for _, v := range versions {
+		if v.Version > latestVersion {
+			latestVersion = v.Version
+		}
+	}
+
+	return latestVersion, err
+}
+
+func (d *DNSProvider) sendRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
+	req, err := d.makeRequest(method, uri, body)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("error talking to PDNS API -> %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusUnprocessableEntity && (resp.StatusCode < 200 || resp.StatusCode >= 300) {
+		return nil, fmt.Errorf("unexpected HTTP status code %d when fetching '%s'", resp.StatusCode, req.URL)
+	}
+
+	var msg json.RawMessage
+	err = json.NewDecoder(resp.Body).Decode(&msg)
+	if err != nil {
+		if err == io.EOF {
+			// empty body
+			return nil, nil
+		}
+		// other error
+		return nil, err
+	}
+
+	// check for PowerDNS error message
+	if len(msg) > 0 && msg[0] == '{' {
+		var errInfo apiError
+		err = json.Unmarshal(msg, &errInfo)
+		if err != nil {
+			return nil, err
+		}
+		if errInfo.ShortMsg != "" {
+			return nil, fmt.Errorf("error talking to PDNS API -> %v", errInfo)
+		}
+	}
+	return msg, nil
+}
+
+func (d *DNSProvider) makeRequest(method, uri string, body io.Reader) (*http.Request, error) {
+	var path = ""
+	if d.config.Host.Path != "/" {
+		path = d.config.Host.Path
+	}
+
+	if !strings.HasPrefix(uri, "/") {
+		uri = "/" + uri
+	}
+
+	if d.apiVersion > 0 && !strings.HasPrefix(uri, "/api/v") {
+		uri = "/api/v" + strconv.Itoa(d.apiVersion) + uri
+	}
+
+	u := d.config.Host.Scheme + "://" + d.config.Host.Host + path + uri
+	req, err := http.NewRequest(method, u, body)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("X-API-Key", d.config.APIKey)
+
+	return req, nil
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/pdns/pdns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/pdns/pdns.go
@ -1,5 +1,4 @@
-// Package pdns implements a DNS provider for solving the DNS-01
-// challenge using PowerDNS nameserver.
+// Package pdns implements a DNS provider for solving the DNS-01 challenge using PowerDNS nameserver.
 package pdns

 import (
@ -7,14 +6,11 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"net/http"
 	"net/url"
-	"strconv"
-	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 )
@ -32,7 +28,7 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("PDNS_TTL", 120),
+		TTL:                env.GetOrDefaultInt("PDNS_TTL", dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond("PDNS_PROPAGATION_TIMEOUT", 120*time.Second),
 		PollingInterval:    env.GetOrDefaultSecond("PDNS_POLLING_INTERVAL", 2*time.Second),
 		HTTPClient: &http.Client{
@ -68,17 +64,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for pdns.
-// Deprecated
-func NewDNSProviderCredentials(host *url.URL, key string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.Host = host
-	config.APIKey = key
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for pdns.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -112,7 +97,8 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
+
 	zone, err := d.getHostedZone(fqdn)
 	if err != nil {
 		return fmt.Errorf("pdns: %v", err)
@ -122,10 +108,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 	// pre-v1 API wants non-fqdn
 	if d.apiVersion == 0 {
-		name = acme.UnFqdn(fqdn)
+		name = dns01.UnFqdn(fqdn)
 	}

-	rec := pdnsRecord{
+	rec := Record{
 		Content:  "\"" + value + "\"",
 		Disabled: false,

@ -143,7 +129,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 				Type:       "TXT",
 				Kind:       "Master",
 				TTL:        d.config.TTL,
-				Records:    []pdnsRecord{rec},
+				Records:    []Record{rec},
 			},
 		},
 	}
@ -153,7 +139,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		return fmt.Errorf("pdns: %v", err)
 	}

-	_, err = d.makeRequest(http.MethodPatch, zone.URL, bytes.NewReader(body))
+	_, err = d.sendRequest(http.MethodPatch, zone.URL, bytes.NewReader(body))
 	if err != nil {
 		return fmt.Errorf("pdns: %v", err)
 	}
@ -162,7 +148,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZone(fqdn)
 	if err != nil {
@ -188,203 +174,9 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("pdns: %v", err)
 	}

-	_, err = d.makeRequest(http.MethodPatch, zone.URL, bytes.NewReader(body))
+	_, err = d.sendRequest(http.MethodPatch, zone.URL, bytes.NewReader(body))
 	if err != nil {
 		return fmt.Errorf("pdns: %v", err)
 	}
 	return nil
 }
-
-func (d *DNSProvider) getHostedZone(fqdn string) (*hostedZone, error) {
-	var zone hostedZone
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
-	if err != nil {
-		return nil, err
-	}
-
-	u := "/servers/localhost/zones"
-	result, err := d.makeRequest(http.MethodGet, u, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var zones []hostedZone
-	err = json.Unmarshal(result, &zones)
-	if err != nil {
-		return nil, err
-	}
-
-	u = ""
-	for _, zone := range zones {
-		if acme.UnFqdn(zone.Name) == acme.UnFqdn(authZone) {
-			u = zone.URL
-		}
-	}
-
-	result, err = d.makeRequest(http.MethodGet, u, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(result, &zone)
-	if err != nil {
-		return nil, err
-	}
-
-	// convert pre-v1 API result
-	if len(zone.Records) > 0 {
-		zone.RRSets = []rrSet{}
-		for _, record := range zone.Records {
-			set := rrSet{
-				Name:    record.Name,
-				Type:    record.Type,
-				Records: []pdnsRecord{record},
-			}
-			zone.RRSets = append(zone.RRSets, set)
-		}
-	}
-
-	return &zone, nil
-}
-
-func (d *DNSProvider) findTxtRecord(fqdn string) (*rrSet, error) {
-	zone, err := d.getHostedZone(fqdn)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = d.makeRequest(http.MethodGet, zone.URL, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, set := range zone.RRSets {
-		if (set.Name == acme.UnFqdn(fqdn) || set.Name == fqdn) && set.Type == "TXT" {
-			return &set, nil
-		}
-	}
-
-	return nil, fmt.Errorf("no existing record found for %s", fqdn)
-}
-
-func (d *DNSProvider) getAPIVersion() (int, error) {
-	type APIVersion struct {
-		URL     string `json:"url"`
-		Version int    `json:"version"`
-	}
-
-	result, err := d.makeRequest(http.MethodGet, "/api", nil)
-	if err != nil {
-		return 0, err
-	}
-
-	var versions []APIVersion
-	err = json.Unmarshal(result, &versions)
-	if err != nil {
-		return 0, err
-	}
-
-	latestVersion := 0
-	for _, v := range versions {
-		if v.Version > latestVersion {
-			latestVersion = v.Version
-		}
-	}
-
-	return latestVersion, err
-}
-
-func (d *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
-	type APIError struct {
-		Error string `json:"error"`
-	}
-
-	var path = ""
-	if d.config.Host.Path != "/" {
-		path = d.config.Host.Path
-	}
-
-	if !strings.HasPrefix(uri, "/") {
-		uri = "/" + uri
-	}
-
-	if d.apiVersion > 0 && !strings.HasPrefix(uri, "/api/v") {
-		uri = "/api/v" + strconv.Itoa(d.apiVersion) + uri
-	}
-
-	u := d.config.Host.Scheme + "://" + d.config.Host.Host + path + uri
-	req, err := http.NewRequest(method, u, body)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("X-API-Key", d.config.APIKey)
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("error talking to PDNS API -> %v", err)
-	}
-
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusUnprocessableEntity && (resp.StatusCode < 200 || resp.StatusCode >= 300) {
-		return nil, fmt.Errorf("unexpected HTTP status code %d when fetching '%s'", resp.StatusCode, u)
-	}
-
-	var msg json.RawMessage
-	err = json.NewDecoder(resp.Body).Decode(&msg)
-	switch {
-	case err == io.EOF:
-		// empty body
-		return nil, nil
-	case err != nil:
-		// other error
-		return nil, err
-	}
-
-	// check for PowerDNS error message
-	if len(msg) > 0 && msg[0] == '{' {
-		var apiError APIError
-		err = json.Unmarshal(msg, &apiError)
-		if err != nil {
-			return nil, err
-		}
-		if apiError.Error != "" {
-			return nil, fmt.Errorf("error talking to PDNS API -> %v", apiError.Error)
-		}
-	}
-	return msg, nil
-}
-
-type pdnsRecord struct {
-	Content  string `json:"content"`
-	Disabled bool   `json:"disabled"`
-
-	// pre-v1 API
-	Name string `json:"name"`
-	Type string `json:"type"`
-	TTL  int    `json:"ttl,omitempty"`
-}
-
-type hostedZone struct {
-	ID     string  `json:"id"`
-	Name   string  `json:"name"`
-	URL    string  `json:"url"`
-	RRSets []rrSet `json:"rrsets"`
-
-	// pre-v1 API
-	Records []pdnsRecord `json:"records"`
-}
-
-type rrSet struct {
-	Name       string       `json:"name"`
-	Type       string       `json:"type"`
-	Kind       string       `json:"kind"`
-	ChangeType string       `json:"changetype"`
-	Records    []pdnsRecord `json:"records"`
-	TTL        int          `json:"ttl,omitempty"`
-}
-
-type rrSets struct {
-	RRSets []rrSet `json:"rrsets"`
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/rackspace/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/rackspace/client.go
@ -1,5 +1,15 @@
 package rackspace

+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/xenolf/lego/challenge/dns01"
+)
+
 // APIKeyCredentials API credential
 type APIKeyCredentials struct {
 	Username string `json:"username"`
@ -69,3 +79,127 @@ type Record struct {
 	TTL  int    `json:"ttl,omitempty"`
 	ID   string `json:"id,omitempty"`
 }
+
+// getHostedZoneID performs a lookup to get the DNS zone which needs
+// modifying for a given FQDN
+func (d *DNSProvider) getHostedZoneID(fqdn string) (int, error) {
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
+	if err != nil {
+		return 0, err
+	}
+
+	result, err := d.makeRequest(http.MethodGet, fmt.Sprintf("/domains?name=%s", dns01.UnFqdn(authZone)), nil)
+	if err != nil {
+		return 0, err
+	}
+
+	var zoneSearchResponse ZoneSearchResponse
+	err = json.Unmarshal(result, &zoneSearchResponse)
+	if err != nil {
+		return 0, err
+	}
+
+	// If nothing was returned, or for whatever reason more than 1 was returned (the search uses exact match, so should not occur)
+	if zoneSearchResponse.TotalEntries != 1 {
+		return 0, fmt.Errorf("found %d zones for %s in Rackspace for domain %s", zoneSearchResponse.TotalEntries, authZone, fqdn)
+	}
+
+	return zoneSearchResponse.HostedZones[0].ID, nil
+}
+
+// findTxtRecord searches a DNS zone for a TXT record with a specific name
+func (d *DNSProvider) findTxtRecord(fqdn string, zoneID int) (*Record, error) {
+	result, err := d.makeRequest(http.MethodGet, fmt.Sprintf("/domains/%d/records?type=TXT&name=%s", zoneID, dns01.UnFqdn(fqdn)), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var records Records
+	err = json.Unmarshal(result, &records)
+	if err != nil {
+		return nil, err
+	}
+
+	switch len(records.Record) {
+	case 1:
+	case 0:
+		return nil, fmt.Errorf("no TXT record found for %s", fqdn)
+	default:
+		return nil, fmt.Errorf("more than 1 TXT record found for %s", fqdn)
+	}
+
+	return &records.Record[0], nil
+}
+
+// makeRequest is a wrapper function used for making DNS API requests
+func (d *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
+	url := d.cloudDNSEndpoint + uri
+
+	req, err := http.NewRequest(method, url, body)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("X-Auth-Token", d.token)
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := d.config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("error querying DNS API: %v", err)
+	}
+
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusAccepted {
+		return nil, fmt.Errorf("request failed for %s %s. Response code: %d", method, url, resp.StatusCode)
+	}
+
+	var r json.RawMessage
+	err = json.NewDecoder(resp.Body).Decode(&r)
+	if err != nil {
+		return nil, fmt.Errorf("JSON decode failed for %s %s. Response code: %d", method, url, resp.StatusCode)
+	}
+
+	return r, nil
+}
+
+func login(config *Config) (*Identity, error) {
+	authData := AuthData{
+		Auth: Auth{
+			APIKeyCredentials: APIKeyCredentials{
+				Username: config.APIUser,
+				APIKey:   config.APIKey,
+			},
+		},
+	}
+
+	body, err := json.Marshal(authData)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, config.BaseURL, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := config.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("error querying Identity API: %v", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("authentication failed: response code: %d", resp.StatusCode)
+	}
+
+	var identity Identity
+	err = json.NewDecoder(resp.Body).Decode(&identity)
+	if err != nil {
+		return nil, err
+	}
+
+	return &identity, nil
+}
--- a/vendor/github.com/xenolf/lego/providers/dns/rackspace/rackspace.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/rackspace/rackspace.go
@ -1,5 +1,4 @@
-// Package rackspace implements a DNS provider for solving the DNS-01
-// challenge using rackspace DNS.
+// Package rackspace implements a DNS provider for solving the DNS-01 challenge using rackspace DNS.
 package rackspace

 import (
@ -7,11 +6,10 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -34,8 +32,8 @@ func NewDefaultConfig() *Config {
 	return &Config{
 		BaseURL:            defaultBaseURL,
 		TTL:                env.GetOrDefaultInt("RACKSPACE_TTL", 300),
-		PropagationTimeout: env.GetOrDefaultSecond("RACKSPACE_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("RACKSPACE_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("RACKSPACE_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("RACKSPACE_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("RACKSPACE_HTTP_TIMEOUT", 30*time.Second),
 		},
@ -66,18 +64,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Rackspace.
-// It authenticates against the API, also grabbing the DNS Endpoint.
-// Deprecated
-func NewDNSProviderCredentials(user, key string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIUser = user
-	config.APIKey = key
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Rackspace.
 // It authenticates against the API, also grabbing the DNS Endpoint.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
@ -117,7 +103,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zoneID, err := d.getHostedZoneID(fqdn)
 	if err != nil {
@ -126,7 +112,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 	rec := Records{
 		Record: []Record{{
-			Name: acme.UnFqdn(fqdn),
+			Name: dns01.UnFqdn(fqdn),
 			Type: "TXT",
 			Data: value,
 			TTL:  d.config.TTL,
@ -147,7 +133,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	zoneID, err := d.getHostedZoneID(fqdn)
 	if err != nil {
@ -171,127 +157,3 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 	return d.config.PropagationTimeout, d.config.PollingInterval
 }
-
-// getHostedZoneID performs a lookup to get the DNS zone which needs
-// modifying for a given FQDN
-func (d *DNSProvider) getHostedZoneID(fqdn string) (int, error) {
-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
-	if err != nil {
-		return 0, err
-	}
-
-	result, err := d.makeRequest(http.MethodGet, fmt.Sprintf("/domains?name=%s", acme.UnFqdn(authZone)), nil)
-	if err != nil {
-		return 0, err
-	}
-
-	var zoneSearchResponse ZoneSearchResponse
-	err = json.Unmarshal(result, &zoneSearchResponse)
-	if err != nil {
-		return 0, err
-	}
-
-	// If nothing was returned, or for whatever reason more than 1 was returned (the search uses exact match, so should not occur)
-	if zoneSearchResponse.TotalEntries != 1 {
-		return 0, fmt.Errorf("found %d zones for %s in Rackspace for domain %s", zoneSearchResponse.TotalEntries, authZone, fqdn)
-	}
-
-	return zoneSearchResponse.HostedZones[0].ID, nil
-}
-
-// findTxtRecord searches a DNS zone for a TXT record with a specific name
-func (d *DNSProvider) findTxtRecord(fqdn string, zoneID int) (*Record, error) {
-	result, err := d.makeRequest(http.MethodGet, fmt.Sprintf("/domains/%d/records?type=TXT&name=%s", zoneID, acme.UnFqdn(fqdn)), nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var records Records
-	err = json.Unmarshal(result, &records)
-	if err != nil {
-		return nil, err
-	}
-
-	switch len(records.Record) {
-	case 1:
-	case 0:
-		return nil, fmt.Errorf("no TXT record found for %s", fqdn)
-	default:
-		return nil, fmt.Errorf("more than 1 TXT record found for %s", fqdn)
-	}
-
-	return &records.Record[0], nil
-}
-
-// makeRequest is a wrapper function used for making DNS API requests
-func (d *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) {
-	url := d.cloudDNSEndpoint + uri
-
-	req, err := http.NewRequest(method, url, body)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("X-Auth-Token", d.token)
-	req.Header.Set("Content-Type", "application/json")
-
-	resp, err := d.config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("error querying DNS API: %v", err)
-	}
-
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusAccepted {
-		return nil, fmt.Errorf("request failed for %s %s. Response code: %d", method, url, resp.StatusCode)
-	}
-
-	var r json.RawMessage
-	err = json.NewDecoder(resp.Body).Decode(&r)
-	if err != nil {
-		return nil, fmt.Errorf("JSON decode failed for %s %s. Response code: %d", method, url, resp.StatusCode)
-	}
-
-	return r, nil
-}
-
-func login(config *Config) (*Identity, error) {
-	authData := AuthData{
-		Auth: Auth{
-			APIKeyCredentials: APIKeyCredentials{
-				Username: config.APIUser,
-				APIKey:   config.APIKey,
-			},
-		},
-	}
-
-	body, err := json.Marshal(authData)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest(http.MethodPost, config.BaseURL, bytes.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("Content-Type", "application/json")
-
-	resp, err := config.HTTPClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("error querying Identity API: %v", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("authentication failed: response code: %d", resp.StatusCode)
-	}
-
-	var identity Identity
-	err = json.NewDecoder(resp.Body).Decode(&identity)
-	if err != nil {
-		return nil, err
-	}
-
-	return &identity, nil
-}
--- a/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go
@ -1,5 +1,4 @@
-// Package rfc2136 implements a DNS provider for solving the DNS-01 challenge
-// using the rfc2136 dynamic update.
+// Package rfc2136 implements a DNS provider for solving the DNS-01 challenge using the rfc2136 dynamic update.
 package rfc2136

 import (
@ -10,12 +9,10 @@ import (
 	"time"

 	"github.com/miekg/dns"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

-const defaultTimeout = 60 * time.Second
-
 // Config is used to configure the creation of the DNSProvider
 type Config struct {
 	Nameserver         string
@ -31,7 +28,7 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		TSIGAlgorithm: env.GetOrDefaultString("RFC2136_TSIG_ALGORITHM", dns.HmacMD5),
-		TTL:           env.GetOrDefaultInt("RFC2136_TTL", 120),
+		TTL:           env.GetOrDefaultInt("RFC2136_TTL", dns01.DefaultTTL),
 		PropagationTimeout: env.GetOrDefaultSecond("RFC2136_PROPAGATION_TIMEOUT",
 			env.GetOrDefaultSecond("RFC2136_TIMEOUT", 60*time.Second)),
 		PollingInterval: env.GetOrDefaultSecond("RFC2136_POLLING_INTERVAL", 2*time.Second),
@ -67,34 +64,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for rfc2136 dynamic update.
-// To disable TSIG authentication, leave the TSIG parameters as empty strings.
-// nameserver must be a network address in the form "host" or "host:port".
-// Deprecated
-func NewDNSProviderCredentials(nameserver, tsigAlgorithm, tsigKey, tsigSecret, rawTimeout string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.Nameserver = nameserver
-	config.TSIGAlgorithm = tsigAlgorithm
-	config.TSIGKey = tsigKey
-	config.TSIGSecret = tsigSecret
-
-	timeout := defaultTimeout
-	if rawTimeout != "" {
-		t, err := time.ParseDuration(rawTimeout)
-		if err != nil {
-			return nil, err
-		} else if t < 0 {
-			return nil, fmt.Errorf("rfc2136: invalid/negative RFC2136_TIMEOUT: %v", rawTimeout)
-		} else {
-			timeout = t
-		}
-	}
-	config.PropagationTimeout = timeout
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for rfc2136.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -135,7 +104,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	err := d.changeRecord("INSERT", fqdn, value, d.config.TTL)
 	if err != nil {
@ -146,7 +115,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	err := d.changeRecord("REMOVE", fqdn, value, d.config.TTL)
 	if err != nil {
@ -157,7 +126,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {

 func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
 	// Find the zone for the given fqdn
-	zone, err := acme.FindZoneByFqdn(fqdn, []string{d.config.Nameserver})
+	zone, err := dns01.FindZoneByFqdnCustom(fqdn, []string{d.config.Nameserver})
 	if err != nil {
 		return err
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/route53/route53.go
@ -1,5 +1,4 @@
-// Package route53 implements a DNS provider for solving the DNS-01 challenge
-// using AWS Route 53 DNS.
+// Package route53 implements a DNS provider for solving the DNS-01 challenge using AWS Route 53 DNS.
 package route53

 import (
@ -14,8 +13,9 @@ import (
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/route53"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
+	"github.com/xenolf/lego/platform/wait"
 )

 // Config is used to configure the creation of the DNSProvider
@ -107,7 +107,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record using the specified parameters
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	hostedZoneID, err := d.getHostedZoneID(fqdn)
 	if err != nil {
@ -148,7 +148,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	hostedZoneID, err := d.getHostedZoneID(fqdn)
 	if err != nil {
@ -197,7 +197,7 @@ func (d *DNSProvider) changeRecord(action, hostedZoneID string, recordSet *route

 	changeID := resp.ChangeInfo.Id

-	return acme.WaitFor(d.config.PropagationTimeout, d.config.PollingInterval, func() (bool, error) {
+	return wait.For("route53", d.config.PropagationTimeout, d.config.PollingInterval, func() (bool, error) {
 		reqParams := &route53.GetChangeInput{Id: changeID}

 		resp, err := d.client.GetChange(reqParams)
@ -244,14 +244,14 @@ func (d *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
 		return d.config.HostedZoneID, nil
 	}

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return "", err
 	}

 	// .DNSName should not have a trailing dot
 	reqParams := &route53.ListHostedZonesByNameInput{
-		DNSName: aws.String(acme.UnFqdn(authZone)),
+		DNSName: aws.String(dns01.UnFqdn(authZone)),
 	}
 	resp, err := d.client.ListHostedZonesByName(reqParams)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/sakuracloud/sakuracloud.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/sakuracloud/sakuracloud.go
@ -1,5 +1,4 @@
-// Package sakuracloud implements a DNS provider for solving the DNS-01 challenge
-// using sakuracloud DNS.
+// Package sakuracloud implements a DNS provider for solving the DNS-01 challenge using SakuraCloud DNS.
 package sakuracloud

 import (
@ -11,7 +10,7 @@ import (

 	"github.com/sacloud/libsacloud/api"
 	"github.com/sacloud/libsacloud/sacloud"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -27,9 +26,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("SAKURACLOUD_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("SAKURACLOUD_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("SAKURACLOUD_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("SAKURACLOUD_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("SAKURACLOUD_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("SAKURACLOUD_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 	}
 }

@ -39,7 +38,7 @@ type DNSProvider struct {
 	client *api.Client
 }

-// NewDNSProvider returns a DNSProvider instance configured for sakuracloud.
+// NewDNSProvider returns a DNSProvider instance configured for SakuraCloud.
 // Credentials must be passed in the environment variables: SAKURACLOUD_ACCESS_TOKEN & SAKURACLOUD_ACCESS_TOKEN_SECRET
 func NewDNSProvider() (*DNSProvider, error) {
 	values, err := env.Get("SAKURACLOUD_ACCESS_TOKEN", "SAKURACLOUD_ACCESS_TOKEN_SECRET")
@ -54,18 +53,7 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for sakuracloud.
-// Deprecated
-func NewDNSProviderCredentials(token, secret string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.Token = token
-	config.Secret = secret
-
-	return NewDNSProviderConfig(config)
-}
-
-// NewDNSProviderConfig return a DNSProvider instance configured for GleSYS.
+// NewDNSProviderConfig return a DNSProvider instance configured for SakuraCloud.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
 		return nil, errors.New("sakuracloud: the configuration of the DNS provider is nil")
@ -80,14 +68,13 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	}

 	client := api.NewClient(config.Token, config.Secret, "tk1a")
-	client.UserAgent = acme.UserAgent

 	return &DNSProvider{client: client, config: config}, nil
 }

 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZone(domain)
 	if err != nil {
@ -107,7 +94,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	zone, err := d.getHostedZone(domain)
 	if err != nil {
@ -144,12 +131,12 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 }

 func (d *DNSProvider) getHostedZone(domain string) (*sacloud.DNS, error) {
-	authZone, err := acme.FindZoneByFqdn(acme.ToFqdn(domain), acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(dns01.ToFqdn(domain))
 	if err != nil {
 		return nil, err
 	}

-	zoneName := acme.UnFqdn(authZone)
+	zoneName := dns01.UnFqdn(authZone)

 	res, err := d.client.GetDNSAPI().WithNameLike(zoneName).Find()
 	if err != nil {
@ -181,7 +168,7 @@ func (d *DNSProvider) findTxtRecords(fqdn string, zone *sacloud.DNS) ([]sacloud.
 }

 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}
--- a/vendor/github.com/xenolf/lego/providers/dns/selectel/internal/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/selectel/internal/client.go
@ -1,4 +1,4 @@
-package vscale
+package internal

 import (
 	"bytes"
--- a/vendor/github.com/xenolf/lego/providers/dns/selectel/selectel.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/selectel/selectel.go
@ -9,8 +9,9 @@ import (
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
+	"github.com/xenolf/lego/providers/dns/selectel/internal"
 )

 const (
@ -54,7 +55,7 @@ func NewDefaultConfig() *Config {
 // DNSProvider is an implementation of the acme.ChallengeProvider interface.
 type DNSProvider struct {
 	config *Config
-	client *Client
+	client *internal.Client
 }

 // NewDNSProvider returns a DNSProvider instance configured for Selectel Domains API.
@ -85,10 +86,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, fmt.Errorf("selectel: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
 	}

-	client := NewClient(ClientOpts{
+	client := internal.NewClient(internal.ClientOpts{
 		BaseURL:    config.BaseURL,
 		Token:      config.Token,
-		UserAgent:  acme.UserAgent,
 		HTTPClient: config.HTTPClient,
 	})

@ -103,14 +103,14 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill DNS-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	domainObj, err := d.client.GetDomainByName(domain)
 	if err != nil {
 		return fmt.Errorf("selectel: %v", err)
 	}

-	txtRecord := Record{
+	txtRecord := internal.Record{
 		Type:    "TXT",
 		TTL:     d.config.TTL,
 		Name:    fqdn,
@ -126,7 +126,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes a TXT record used for DNS-01 challenge.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	domainObj, err := d.client.GetDomainByName(domain)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/stackpath/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/stackpath/client.go
@ -8,7 +8,7 @@ import (
 	"net/http"
 	"path"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"golang.org/x/net/publicsuffix"
 )

@ -49,7 +49,7 @@ func (e *ErrorResponse) Error() string {

 // https://developer.stackpath.com/en/api/dns/#operation/GetZones
 func (d *DNSProvider) getZones(domain string) (*Zone, error) {
-	domain = acme.UnFqdn(domain)
+	domain = dns01.UnFqdn(domain)
 	tld, err := publicsuffix.EffectiveTLDPlusOne(domain)
 	if err != nil {
 		return nil, err
--- a/vendor/github.com/xenolf/lego/providers/dns/stackpath/stackpath.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/stackpath/stackpath.go
@ -6,13 +6,13 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"log"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
+	"github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/platform/config/env"
 	"golang.org/x/oauth2/clientcredentials"
 )
@ -36,8 +36,8 @@ type Config struct {
 func NewDefaultConfig() *Config {
 	return &Config{
 		TTL:                env.GetOrDefaultInt("STACKPATH_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("STACKPATH_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("STACKPATH_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		PropagationTimeout: env.GetOrDefaultSecond("STACKPATH_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("STACKPATH_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 	}
 }

@ -105,7 +105,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 		return fmt.Errorf("stackpath: %v", err)
 	}

-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)
 	parts := strings.Split(fqdn, ".")

 	record := Record{
@ -125,7 +125,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 		return fmt.Errorf("stackpath: %v", err)
 	}

-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)
 	parts := strings.Split(fqdn, ".")

 	records, err := d.getZoneRecords(parts[0], zone)
--- a/vendor/github.com/xenolf/lego/providers/dns/transip/transip.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/transip/transip.go
@ -9,7 +9,7 @@ import (

 	"github.com/transip/gotransip"
 	transipdomain "github.com/transip/gotransip/domain"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -78,17 +78,17 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return err
 	}

-	domainName := acme.UnFqdn(authZone)
+	domainName := dns01.UnFqdn(authZone)

 	// get the subDomain
-	subDomain := strings.TrimSuffix(acme.UnFqdn(fqdn), "."+domainName)
+	subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName)

 	// get all DNS entries
 	info, err := transipdomain.GetInfo(d.client, domainName)
@ -114,17 +114,17 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

-	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
 		return err
 	}

-	domainName := acme.UnFqdn(authZone)
+	domainName := dns01.UnFqdn(authZone)

 	// get the subDomain
-	subDomain := strings.TrimSuffix(acme.UnFqdn(fqdn), "."+domainName)
+	subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName)

 	// get all DNS entries
 	info, err := transipdomain.GetInfo(d.client, domainName)
--- a/vendor/github.com/xenolf/lego/providers/dns/vegadns/vegadns.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/vegadns/vegadns.go
@ -1,5 +1,4 @@
-// Package vegadns implements a DNS provider for solving the DNS-01
-// challenge using VegaDNS.
+// Package vegadns implements a DNS provider for solving the DNS-01 challenge using VegaDNS.
 package vegadns

 import (
@ -9,7 +8,7 @@ import (
 	"time"

 	vegaClient "github.com/OpenDNS/vegadns2client"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -55,18 +54,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for VegaDNS.
-// Deprecated
-func NewDNSProviderCredentials(vegaDNSURL string, key string, secret string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.BaseURL = vegaDNSURL
-	config.APIKey = key
-	config.APISecret = secret
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for VegaDNS.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -88,7 +75,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill the dns-01 challenge
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	_, domainID, err := d.client.GetAuthZone(fqdn)
 	if err != nil {
@ -104,7 +91,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	_, domainID, err := d.client.GetAuthZone(fqdn)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/vscale/internal/client.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/vscale/internal/client.go
@ -1,4 +1,4 @@
-package selectel
+package internal

 import (
 	"bytes"
--- a/vendor/github.com/xenolf/lego/providers/dns/vscale/vscale.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/vscale/vscale.go
@ -1,4 +1,4 @@
-// Package selectel implements a DNS provider for solving the DNS-01 challenge using Vscale Domains API.
+// Package vscale implements a DNS provider for solving the DNS-01 challenge using Vscale Domains API.
 // Vscale Domain API reference: https://developers.vscale.io/documentation/api/v1/#api-Domains
 // Token: https://vscale.io/panel/settings/tokens/
 package vscale
@ -9,7 +9,9 @@ import (
 	"net/http"
 	"time"

-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
+	"github.com/xenolf/lego/providers/dns/vscale/internal"
+
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -54,7 +56,7 @@ func NewDefaultConfig() *Config {
 // DNSProvider is an implementation of the acme.ChallengeProvider interface.
 type DNSProvider struct {
 	config *Config
-	client *Client
+	client *internal.Client
 }

 // NewDNSProvider returns a DNSProvider instance configured for Vscale Domains API.
@ -85,10 +87,9 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		return nil, fmt.Errorf("vscale: invalid TTL, TTL (%d) must be greater than %d", config.TTL, minTTL)
 	}

-	client := NewClient(ClientOpts{
+	client := internal.NewClient(internal.ClientOpts{
 		BaseURL:    config.BaseURL,
 		Token:      config.Token,
-		UserAgent:  acme.UserAgent,
 		HTTPClient: config.HTTPClient,
 	})

@ -103,14 +104,14 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {

 // Present creates a TXT record to fulfill DNS-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	domainObj, err := d.client.GetDomainByName(domain)
 	if err != nil {
 		return fmt.Errorf("vscale: %v", err)
 	}

-	txtRecord := Record{
+	txtRecord := internal.Record{
 		Type:    "TXT",
 		TTL:     d.config.TTL,
 		Name:    fqdn,
@ -126,7 +127,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes a TXT record used for DNS-01 challenge.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	domainObj, err := d.client.GetDomainByName(domain)
 	if err != nil {
--- a/vendor/github.com/xenolf/lego/providers/dns/vultr/vultr.go
+++ b/vendor/github.com/xenolf/lego/providers/dns/vultr/vultr.go
@ -1,5 +1,4 @@
-// Package vultr implements a DNS provider for solving the DNS-01 challenge using
-// the vultr DNS.
+// Package vultr implements a DNS provider for solving the DNS-01 challenge using the vultr DNS.
 // See https://www.vultr.com/api/#dns
 package vultr

@ -12,7 +11,7 @@ import (
 	"time"

 	vultr "github.com/JamesClonk/vultr/lib"
-	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/challenge/dns01"
 	"github.com/xenolf/lego/platform/config/env"
 )

@ -28,9 +27,9 @@ type Config struct {
 // NewDefaultConfig returns a default configuration for the DNSProvider
 func NewDefaultConfig() *Config {
 	return &Config{
-		TTL:                env.GetOrDefaultInt("VULTR_TTL", 120),
-		PropagationTimeout: env.GetOrDefaultSecond("VULTR_PROPAGATION_TIMEOUT", acme.DefaultPropagationTimeout),
-		PollingInterval:    env.GetOrDefaultSecond("VULTR_POLLING_INTERVAL", acme.DefaultPollingInterval),
+		TTL:                env.GetOrDefaultInt("VULTR_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("VULTR_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("VULTR_POLLING_INTERVAL", dns01.DefaultPollingInterval),
 		HTTPClient: &http.Client{
 			Timeout: env.GetOrDefaultSecond("VULTR_HTTP_TIMEOUT", 0),
 			// from Vultr Client
@ -61,16 +60,6 @@ func NewDNSProvider() (*DNSProvider, error) {
 	return NewDNSProviderConfig(config)
 }

-// NewDNSProviderCredentials uses the supplied credentials
-// to return a DNSProvider instance configured for Vultr.
-// Deprecated
-func NewDNSProviderCredentials(apiKey string) (*DNSProvider, error) {
-	config := NewDefaultConfig()
-	config.APIKey = apiKey
-
-	return NewDNSProviderConfig(config)
-}
-
 // NewDNSProviderConfig return a DNSProvider instance configured for Vultr.
 func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	if config == nil {
@ -83,7 +72,6 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 	options := &vultr.Options{
 		HTTPClient: config.HTTPClient,
-		UserAgent:  acme.UserAgent,
 	}
 	client := vultr.NewClient(config.APIKey, options)

@ -92,7 +80,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {

 // Present creates a TXT record to fulfill the DNS-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
-	fqdn, value, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, value := dns01.GetRecord(domain, keyAuth)

 	zoneDomain, err := d.getHostedZone(domain)
 	if err != nil {
@ -111,7 +99,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {

 // CleanUp removes the TXT record matching the specified parameters.
 func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
-	fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
+	fqdn, _ := dns01.GetRecord(domain, keyAuth)

 	zoneDomain, records, err := d.findTxtRecords(domain, fqdn)
 	if err != nil {
@ -183,7 +171,7 @@ func (d *DNSProvider) findTxtRecords(domain, fqdn string) (string, []vultr.DNSRe
 }

 func (d *DNSProvider) extractRecordName(fqdn, domain string) string {
-	name := acme.UnFqdn(fqdn)
+	name := dns01.UnFqdn(fqdn)
 	if idx := strings.Index(name, "."+domain); idx != -1 {
 		return name[:idx]
 	}