vendor: Update certmagic and lego

vendor/github.com/mholt/certmagic/certmagic.go

@@ -476,6 +476,14 @@ var (
 	// certificates
 	KeyType = certcrypto.RSA2048
 
+	// The maximum amount of time to allow for
+	// obtaining a certificate. If empty, the
+	// default from the underlying lego lib is
+	// used. If set, it must not be too low so
+	// as to cancel orders too early, running
+	// the risk of rate limiting.
+	CertObtainTimeout time.Duration
+
 	// The state needed to operate on-demand TLS
 	OnDemand *OnDemandConfig
 

vendor/github.com/mholt/certmagic/client.go

@@ -59,10 +59,14 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) {
 		return nil, err
 	}
 
-	// ensure key type is set
-	keyType := KeyType
-	if cfg.KeyType != "" {
-		keyType = cfg.KeyType
+	// ensure key type and timeout are set
+	keyType := cfg.KeyType
+	if keyType == "" {
+		keyType = KeyType
+	}
+	certObtainTimeout := cfg.CertObtainTimeout
+	if certObtainTimeout == 0 {
+		certObtainTimeout = CertObtainTimeout
 	}
 
 	// ensure CA URL (directory endpoint) is set
@@ -93,9 +97,12 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) {
 		// the client facilitates our communication with the CA server
 		legoCfg := lego.NewConfig(&leUser)
 		legoCfg.CADirURL = caURL
-		legoCfg.KeyType = keyType
 		legoCfg.UserAgent = buildUAString()
 		legoCfg.HTTPClient.Timeout = HTTPTimeout
+		legoCfg.Certificate = lego.CertificateConfig{
+			KeyType: keyType,
+			Timeout: certObtainTimeout,
+		}
 		client, err = lego.NewClient(legoCfg)
 		if err != nil {
 			cfg.acmeClientsMu.Unlock()
@@ -189,19 +196,16 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) {
 		})
 
 		// disable any challenges that should not be used
-		var disabledChallenges []challenge.Type
 		if cfg.DisableHTTPChallenge {
-			disabledChallenges = append(disabledChallenges, challenge.HTTP01)
+			c.acmeClient.Challenge.Remove(challenge.HTTP01)
 		}
 		if cfg.DisableTLSALPNChallenge {
-			disabledChallenges = append(disabledChallenges, challenge.TLSALPN01)
-		}
-		if len(disabledChallenges) > 0 {
-			c.acmeClient.Challenge.Exclude(disabledChallenges)
+			c.acmeClient.Challenge.Remove(challenge.TLSALPN01)
 		}
 	} else {
 		// Otherwise, use DNS challenge exclusively
-		c.acmeClient.Challenge.Exclude([]challenge.Type{challenge.HTTP01, challenge.TLSALPN01})
+		c.acmeClient.Challenge.Remove(challenge.HTTP01)
+		c.acmeClient.Challenge.Remove(challenge.TLSALPN01)
 		c.acmeClient.Challenge.SetDNS01Provider(cfg.DNSProvider)
 	}
 

vendor/github.com/mholt/certmagic/config.go

@@ -93,6 +93,14 @@ type Config struct {
 	// certificates
 	KeyType certcrypto.KeyType
 
+	// The maximum amount of time to allow for
+	// obtaining a certificate. If empty, the
+	// default from the underlying lego lib is
+	// used. If set, it must not be too low so
+	// as to cancel orders too early, running
+	// the risk of rate limiting.
+	CertObtainTimeout time.Duration
+
 	// The state needed to operate on-demand TLS
 	OnDemand *OnDemandConfig
 
@@ -196,6 +204,9 @@ func NewWithCache(certCache *Cache, cfg Config) *Config {
 	if cfg.KeyType == "" {
 		cfg.KeyType = KeyType
 	}
+	if cfg.CertObtainTimeout == 0 {
+		cfg.CertObtainTimeout = CertObtainTimeout
+	}
 	if cfg.OnDemand == nil {
 		cfg.OnDemand = OnDemand
 	}

vendor/github.com/mholt/certmagic/filestorage.go

@@ -179,7 +179,7 @@ func (fs *FileStorage) String() string {
 }
 
 func (fs *FileStorage) lockFilename(key string) string {
-	return filepath.Join(fs.lockDir(), StorageKeys.safe(key)+".lock")
+	return filepath.Join(fs.lockDir(), StorageKeys.Safe(key)+".lock")
 }
 
 func (fs *FileStorage) lockDir() string {

vendor/github.com/mholt/certmagic/solvers.go

@@ -140,7 +140,7 @@ func (dhs distributedSolver) challengeTokensPrefix() string {
 // challengeTokensKey returns the key to use to store and access
 // challenge info for domain.
 func (dhs distributedSolver) challengeTokensKey(domain string) string {
-	return filepath.Join(dhs.challengeTokensPrefix(), StorageKeys.safe(domain)+".json")
+	return filepath.Join(dhs.challengeTokensPrefix(), StorageKeys.Safe(domain)+".json")
 }
 
 type challengeInfo struct {

vendor/github.com/mholt/certmagic/storage.go

@@ -84,12 +84,9 @@ type Locker interface {
 	Lock(key string) error
 
 	// Unlock releases the lock for key. This method must ONLY be
-	// called after a successful call to TryLock where no Waiter was
-	// returned, and only after the operation requiring the lock is
-	// finished, even if it errored or timed out. It is INCORRECT to
-	// call Unlock if any non-nil value was returned from a call to
-	// TryLock or if Unlock was not called at all. Unlock should also
-	// clean up any unused resources allocated during TryLock.
+	// called after a successful call to Lock, and only after the
+	// critical section is finished, even if it errored or timed
+	// out. Unlock cleans up any resources allocated during Lock.
 	Unlock(key string) error
 }
 
@@ -133,28 +130,28 @@ func (keys KeyBuilder) CAPrefix(ca string) string {
 	if err != nil {
 		caURL = &url.URL{Host: ca}
 	}
-	return path.Join(prefixACME, keys.safe(caURL.Host))
+	return path.Join(prefixACME, keys.Safe(caURL.Host))
 }
 
 // SitePrefix returns a key prefix for items associated with
 // the site using the given CA URL.
 func (keys KeyBuilder) SitePrefix(ca, domain string) string {
-	return path.Join(keys.CAPrefix(ca), "sites", keys.safe(domain))
+	return path.Join(keys.CAPrefix(ca), "sites", keys.Safe(domain))
 }
 
 // SiteCert returns the path to the certificate file for domain.
 func (keys KeyBuilder) SiteCert(ca, domain string) string {
-	return path.Join(keys.SitePrefix(ca, domain), keys.safe(domain)+".crt")
+	return path.Join(keys.SitePrefix(ca, domain), keys.Safe(domain)+".crt")
 }
 
 // SitePrivateKey returns the path to domain's private key file.
 func (keys KeyBuilder) SitePrivateKey(ca, domain string) string {
-	return path.Join(keys.SitePrefix(ca, domain), keys.safe(domain)+".key")
+	return path.Join(keys.SitePrefix(ca, domain), keys.Safe(domain)+".key")
 }
 
 // SiteMeta returns the path to the domain's asset metadata file.
 func (keys KeyBuilder) SiteMeta(ca, domain string) string {
-	return path.Join(keys.SitePrefix(ca, domain), keys.safe(domain)+".json")
+	return path.Join(keys.SitePrefix(ca, domain), keys.Safe(domain)+".json")
 }
 
 // UsersPrefix returns a key prefix for items related to
@@ -169,7 +166,7 @@ func (keys KeyBuilder) UserPrefix(ca, email string) string {
 	if email == "" {
 		email = emptyEmail
 	}
-	return path.Join(keys.UsersPrefix(ca), keys.safe(email))
+	return path.Join(keys.UsersPrefix(ca), keys.Safe(email))
 }
 
 // UserReg gets the path to the registration file for the user
@@ -190,7 +187,7 @@ func (keys KeyBuilder) UserPrivateKey(ca, email string) string {
 func (keys KeyBuilder) OCSPStaple(cert *Certificate, pemBundle []byte) string {
 	var ocspFileName string
 	if len(cert.Names) > 0 {
-		firstName := keys.safe(cert.Names[0])
+		firstName := keys.Safe(cert.Names[0])
 		ocspFileName = firstName + "-"
 	}
 	ocspFileName += fastHash(pemBundle)
@@ -208,7 +205,7 @@ func (keys KeyBuilder) safeUserKey(ca, email, defaultFilename, extension string)
 	if filename == "" {
 		filename = defaultFilename
 	}
-	filename = keys.safe(filename)
+	filename = keys.Safe(filename)
 	return path.Join(keys.UserPrefix(ca, email), filename+extension)
 }
 
@@ -224,9 +221,9 @@ func (keys KeyBuilder) emailUsername(email string) string {
 	return email[:at]
 }
 
-// safe standardizes and sanitizes str for use as
+// Safe standardizes and sanitizes str for use as
 // a storage key. This method is idempotent.
-func (keys KeyBuilder) safe(str string) string {
+func (keys KeyBuilder) Safe(str string) string {
 	str = strings.ToLower(str)
 	str = strings.TrimSpace(str)
 

vendor/github.com/xenolf/lego/acme/api/api.go

@@ -44,7 +44,7 @@ func New(httpClient *http.Client, userAgent string, caDirURL, kid string, privat
 
 	jws := secure.NewJWS(privateKey, kid, nonceManager)
 
-	c := &Core{doer: doer, nonceManager: nonceManager, jws: jws, directory: dir}
+	c := &Core{doer: doer, nonceManager: nonceManager, jws: jws, directory: dir, HTTPClient: httpClient}
 
 	c.common.core = c
 	c.Accounts = (*AccountService)(&c.common)

vendor/github.com/xenolf/lego/acme/api/internal/secure/jws.go

@@ -10,7 +10,7 @@ import (
 	"fmt"
 
 	"github.com/xenolf/lego/acme/api/internal/nonces"
-	"gopkg.in/square/go-jose.v2"
+	jose "gopkg.in/square/go-jose.v2"
 )
 
 // JWS Represents a JWS.

vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go

@@ -5,7 +5,7 @@ package sender
 
 const (
 	// ourUserAgent is the User-Agent of this underlying library package.
-	ourUserAgent = "xenolf-acme/1.2.1"
+	ourUserAgent = "xenolf-acme/2.0.1"
 
 	// ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package.
 	// values: detach|release

vendor/github.com/xenolf/lego/certificate/certificates.go

@@ -17,6 +17,7 @@ import (
 	"github.com/xenolf/lego/certcrypto"
 	"github.com/xenolf/lego/challenge"
 	"github.com/xenolf/lego/log"
+	"github.com/xenolf/lego/platform/wait"
 	"golang.org/x/crypto/ocsp"
 	"golang.org/x/net/idna"
 )
@@ -60,17 +61,24 @@ type resolver interface {
 	Solve(authorizations []acme.Authorization) error
 }
 
-type Certifier struct {
-	core     *api.Core
-	keyType  certcrypto.KeyType
-	resolver resolver
+type CertifierOptions struct {
+	KeyType certcrypto.KeyType
+	Timeout time.Duration
 }
 
-func NewCertifier(core *api.Core, keyType certcrypto.KeyType, resolver resolver) *Certifier {
+// Certifier A service to obtain/renew/revoke certificates.
+type Certifier struct {
+	core     *api.Core
+	resolver resolver
+	options  CertifierOptions
+}
+
+// NewCertifier creates a Certifier.
+func NewCertifier(core *api.Core, resolver resolver, options CertifierOptions) *Certifier {
 	return &Certifier{
 		core:     core,
-		keyType:  keyType,
 		resolver: resolver,
+		options:  options,
 	}
 }
 
@@ -191,7 +199,7 @@ func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*Res
 func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bundle bool, privateKey crypto.PrivateKey, mustStaple bool) (*Resource, error) {
 	if privateKey == nil {
 		var err error
-		privateKey, err = certcrypto.GeneratePrivateKey(c.keyType)
+		privateKey, err = certcrypto.GeneratePrivateKey(c.options.KeyType)
 		if err != nil {
 			return nil, err
 		}
@@ -237,9 +245,9 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
 
 	if respOrder.Status == acme.StatusValid {
 		// if the certificate is available right away, short cut!
-		ok, err := c.checkResponse(respOrder, certRes, bundle)
-		if err != nil {
-			return nil, err
+		ok, errR := c.checkResponse(respOrder, certRes, bundle)
+		if errR != nil {
+			return nil, errR
 		}
 
 		if ok {
@@ -247,34 +255,26 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
 		}
 	}
 
-	return c.waitForCertificate(certRes, order.Location, bundle)
-}
-
-func (c *Certifier) waitForCertificate(certRes *Resource, orderURL string, bundle bool) (*Resource, error) {
-	stopTimer := time.NewTimer(30 * time.Second)
-	defer stopTimer.Stop()
-	retryTick := time.NewTicker(500 * time.Millisecond)
-	defer retryTick.Stop()
-
-	for {
-		select {
-		case <-stopTimer.C:
-			return nil, errors.New("certificate polling timed out")
-		case <-retryTick.C:
-			order, err := c.core.Orders.Get(orderURL)
-			if err != nil {
-				return nil, err
-			}
-
-			done, err := c.checkResponse(order, certRes, bundle)
-			if err != nil {
-				return nil, err
-			}
-			if done {
-				return certRes, nil
-			}
-		}
+	timeout := c.options.Timeout
+	if c.options.Timeout <= 0 {
+		timeout = 30 * time.Second
 	}
+
+	err = wait.For("certificate", timeout, timeout/60, func() (bool, error) {
+		ord, errW := c.core.Orders.Get(order.Location)
+		if errW != nil {
+			return false, errW
+		}
+
+		done, errW := c.checkResponse(ord, certRes, bundle)
+		if errW != nil {
+			return false, errW
+		}
+
+		return done, nil
+	})
+
+	return certRes, err
 }
 
 // checkResponse checks to see if the certificate is ready and a link is contained in the response.

vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go

@@ -123,7 +123,7 @@ func (c *Challenge) Solve(authz acme.Authorization) error {
 
 	log.Infof("[%s] acme: Checking DNS record propagation using %+v", domain, recursiveNameservers)
 
-	err = wait.For(timeout, interval, func() (bool, error) {
+	err = wait.For("propagation", timeout, interval, func() (bool, error) {
 		stop, errP := c.preCheck.call(fqdn, value)
 		if !stop || errP != nil {
 			log.Infof("[%s] acme: Waiting for DNS record propagation.", domain)
@@ -140,6 +140,8 @@ func (c *Challenge) Solve(authz acme.Authorization) error {
 
 // CleanUp cleans the challenge.
 func (c *Challenge) CleanUp(authz acme.Authorization) error {
+	log.Infof("[%s] acme: Cleaning DNS-01 challenge", challenge.GetTargetedDomain(authz))
+
 	chlng, err := challenge.FindChallenge(challenge.DNS01, authz)
 	if err != nil {
 		return err

vendor/github.com/xenolf/lego/challenge/dns01/precheck.go

@@ -91,10 +91,14 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
 			return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 		}
 
+		var records []string
+
 		var found bool
 		for _, rr := range r.Answer {
 			if txt, ok := rr.(*dns.TXT); ok {
-				if strings.Join(txt.Txt, "") == value {
+				record := strings.Join(txt.Txt, "")
+				records = append(records, record)
+				if record == value {
 					found = true
 					break
 				}
@@ -102,7 +106,7 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
 		}
 
 		if !found {
-			return false, fmt.Errorf("NS %s did not return the expected TXT record [fqdn: %s]", ns, fqdn)
+			return false, fmt.Errorf("NS %s did not return the expected TXT record [fqdn: %s, value: %s]: %s", ns, fqdn, value, strings.Join(records, " ,"))
 		}
 	}
 

vendor/github.com/xenolf/lego/challenge/resolver/prober.go

@@ -110,7 +110,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
 		// Solve challenge
 		err := authSolver.solver.Solve(authSolver.authz)
 		if err != nil {
-			failures[authSolver.authz.Identifier.Value] = err
+			failures[domain] = err
 			cleanUp(authSolver.solver, authSolver.authz)
 			continue
 		}
@@ -149,14 +149,15 @@ func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
 	// Finally solve all challenges for real
 	for _, authSolver := range authSolvers {
 		authz := authSolver.authz
-		if failures[authz.Identifier.Value] != nil {
+		domain := challenge.GetTargetedDomain(authz)
+		if failures[domain] != nil {
 			// already failed in previous loop
 			continue
 		}
 
 		err := authSolver.solver.Solve(authz)
 		if err != nil {
-			failures[authz.Identifier.Value] = err
+			failures[domain] = err
 		}
 	}
 }

vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go

@@ -3,7 +3,6 @@ package resolver
 import (
 	"errors"
 	"fmt"
-	"net"
 	"sort"
 	"strconv"
 	"time"
@@ -21,7 +20,7 @@ type byType []acme.Challenge
 
 func (a byType) Len() int           { return len(a) }
 func (a byType) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a byType) Less(i, j int) bool { return a[i].Type < a[j].Type }
+func (a byType) Less(i, j int) bool { return a[i].Type > a[j].Type }
 
 type SolverManager struct {
 	core    *api.Core
@@ -29,55 +28,12 @@ type SolverManager struct {
 }
 
 func NewSolversManager(core *api.Core) *SolverManager {
-	solvers := map[challenge.Type]solver{
-		challenge.HTTP01:    http01.NewChallenge(core, validate, &http01.ProviderServer{}),
-		challenge.TLSALPN01: tlsalpn01.NewChallenge(core, validate, &tlsalpn01.ProviderServer{}),
-	}
-
 	return &SolverManager{
-		solvers: solvers,
+		solvers: map[challenge.Type]solver{},
 		core:    core,
 	}
 }
 
-// SetHTTP01Address specifies a custom interface:port to be used for HTTP based challenges.
-// If this option is not used, the default port 80 and all interfaces will be used.
-// To only specify a port and no interface use the ":port" notation.
-//
-// NOTE: This REPLACES any custom HTTP provider previously set by calling
-// c.SetProvider with the default HTTP challenge provider.
-func (c *SolverManager) SetHTTP01Address(iface string) error {
-	host, port, err := net.SplitHostPort(iface)
-	if err != nil {
-		return err
-	}
-
-	if chlng, ok := c.solvers[challenge.HTTP01]; ok {
-		chlng.(*http01.Challenge).SetProvider(http01.NewProviderServer(host, port))
-	}
-
-	return nil
-}
-
-// SetTLSALPN01Address specifies a custom interface:port to be used for TLS based challenges.
-// If this option is not used, the default port 443 and all interfaces will be used.
-// To only specify a port and no interface use the ":port" notation.
-//
-// NOTE: This REPLACES any custom TLS-ALPN provider previously set by calling
-// c.SetProvider with the default TLS-ALPN challenge provider.
-func (c *SolverManager) SetTLSALPN01Address(iface string) error {
-	host, port, err := net.SplitHostPort(iface)
-	if err != nil {
-		return err
-	}
-
-	if chlng, ok := c.solvers[challenge.TLSALPN01]; ok {
-		chlng.(*tlsalpn01.Challenge).SetProvider(tlsalpn01.NewProviderServer(host, port))
-	}
-
-	return nil
-}
-
 // SetHTTP01Provider specifies a custom provider p that can solve the given HTTP-01 challenge.
 func (c *SolverManager) SetHTTP01Provider(p challenge.Provider) error {
 	c.solvers[challenge.HTTP01] = http01.NewChallenge(c.core, validate, p)
@@ -96,18 +52,15 @@ func (c *SolverManager) SetDNS01Provider(p challenge.Provider, opts ...dns01.Cha
 	return nil
 }
 
-// Exclude explicitly removes challenges from the pool for solving.
-func (c *SolverManager) Exclude(challenges []challenge.Type) {
-	// Loop through all challenges and delete the requested one if found.
-	for _, chlg := range challenges {
-		delete(c.solvers, chlg)
-	}
+// Remove Remove a challenge type from the available solvers.
+func (c *SolverManager) Remove(chlgType challenge.Type) {
+	delete(c.solvers, chlgType)
 }
 
 // Checks all challenges from the server in order and returns the first matching solver.
 func (c *SolverManager) chooseSolver(authz acme.Authorization) solver {
 	// Allow to have a deterministic challenge order
-	sort.Sort(sort.Reverse(byType(authz.Challenges)))
+	sort.Sort(byType(authz.Challenges))
 
 	domain := challenge.GetTargetedDomain(authz)
 	for _, chlg := range authz.Challenges {

vendor/github.com/xenolf/lego/lego/client.go

@@ -53,9 +53,10 @@ func NewClient(config *Config) (*Client, error) {
 	solversManager := resolver.NewSolversManager(core)
 
 	prober := resolver.NewProber(solversManager)
+	certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout})
 
 	return &Client{
-		Certificate:  certificate.NewCertifier(core, config.KeyType, prober),
+		Certificate:  certifier,
 		Challenge:    solversManager,
 		Registration: registration.NewRegistrar(core, config.User),
 		core:         core,

vendor/github.com/xenolf/lego/lego/client_config.go

@@ -35,22 +35,30 @@ const (
 )
 
 type Config struct {
-	CADirURL   string
-	User       registration.User
-	KeyType    certcrypto.KeyType
-	UserAgent  string
-	HTTPClient *http.Client
+	CADirURL    string
+	User        registration.User
+	UserAgent   string
+	HTTPClient  *http.Client
+	Certificate CertificateConfig
 }
 
 func NewConfig(user registration.User) *Config {
 	return &Config{
 		CADirURL:   LEDirectoryProduction,
 		User:       user,
-		KeyType:    certcrypto.RSA2048,
 		HTTPClient: createDefaultHTTPClient(),
+		Certificate: CertificateConfig{
+			KeyType: certcrypto.RSA2048,
+			Timeout: 30 * time.Second,
+		},
 	}
 }
 
+type CertificateConfig struct {
+	KeyType certcrypto.KeyType
+	Timeout time.Duration
+}
+
 // createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value
 // and potentially a custom *x509.CertPool
 // based on the caCertificatesEnvVar environment variable (see the `initCertPool` function)

vendor/github.com/xenolf/lego/platform/wait/wait.go

@@ -8,8 +8,8 @@ import (
 )
 
 // For polls the given function 'f', once every 'interval', up to 'timeout'.
-func For(timeout, interval time.Duration, f func() (bool, error)) error {
-	log.Infof("Wait [timeout: %s, interval: %s]", timeout, interval)
+func For(msg string, timeout, interval time.Duration, f func() (bool, error)) error {
+	log.Infof("Wait for %s [timeout: %s, interval: %s]", msg, timeout, interval)
 
 	var lastErr string
 	timeUp := time.After(timeout)

vendor/manifest

@@ -138,7 +138,7 @@
 			"importpath": "github.com/mholt/certmagic",
 			"repository": "https://github.com/mholt/certmagic",
 			"vcs": "git",
-			"revision": "a3b276a1b44e1c2c3dcab752729976ea04f4839b",
+			"revision": "707b20497ed70e559300ae4e91c6fd7db973fffc",
 			"branch": "master",
 			"notests": true
 		},
@@ -178,7 +178,7 @@
 			"importpath": "github.com/xenolf/lego/acme",
 			"repository": "https://github.com/xenolf/lego",
 			"vcs": "git",
-			"revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4",
+			"revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c",
 			"branch": "master",
 			"path": "acme",
 			"notests": true
@@ -187,7 +187,7 @@
 			"importpath": "github.com/xenolf/lego/certcrypto",
 			"repository": "https://github.com/xenolf/lego",
 			"vcs": "git",
-			"revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4",
+			"revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c",
 			"branch": "master",
 			"path": "certcrypto",
 			"notests": true
@@ -196,7 +196,7 @@
 			"importpath": "github.com/xenolf/lego/certificate",
 			"repository": "https://github.com/xenolf/lego",
 			"vcs": "git",
-			"revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4",
+			"revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c",
 			"branch": "master",
 			"path": "certificate",
 			"notests": true
@@ -205,7 +205,7 @@
 			"importpath": "github.com/xenolf/lego/challenge",
 			"repository": "https://github.com/xenolf/lego",
 			"vcs": "git",
-			"revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4",
+			"revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c",
 			"branch": "master",
 			"path": "/challenge",
 			"notests": true
@@ -214,7 +214,7 @@
 			"importpath": "github.com/xenolf/lego/lego",
 			"repository": "https://github.com/xenolf/lego",
 			"vcs": "git",
-			"revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4",
+			"revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c",
 			"branch": "master",
 			"path": "/lego",
 			"notests": true
@@ -232,7 +232,7 @@
 			"importpath": "github.com/xenolf/lego/platform/wait",
 			"repository": "https://github.com/xenolf/lego",
 			"vcs": "git",
-			"revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4",
+			"revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c",
 			"branch": "master",
 			"path": "platform/wait",
 			"notests": true
@@ -241,7 +241,7 @@
 			"importpath": "github.com/xenolf/lego/registration",
 			"repository": "https://github.com/xenolf/lego",
 			"vcs": "git",
-			"revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4",
+			"revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c",
 			"branch": "master",
 			"path": "registration",
 			"notests": true