From 771679fe3df672ef4c05efcd4b88c40c44d4b1e2 Mon Sep 17 00:00:00 2001
From: Steve Coursen <smcoursen@gmail.com>
Date: Sat, 14 Jul 2018 06:31:57 -0400
Subject: [PATCH] NS1: use the authoritative zone and not the domain name
 (#463)

---
 providers/dns/ns1/ns1.go | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/providers/dns/ns1/ns1.go b/providers/dns/ns1/ns1.go
index d37da4cd..148747bd 100644
--- a/providers/dns/ns1/ns1.go
+++ b/providers/dns/ns1/ns1.go
@@ -5,6 +5,7 @@ package ns1
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/xenolf/lego/acme"
@@ -75,7 +76,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 }
 
 func (d *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) {
-	zone, _, err := d.client.Zones.Get(domain)
+	authZone, err := getAuthZone(domain)
+	if err != nil {
+		return nil, err
+	}
+
+	zone, _, err := d.client.Zones.Get(authZone)
 	if err != nil {
 		return nil, err
 	}
@@ -83,6 +89,19 @@ func (d *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) {
 	return zone, nil
 }
 
+func getAuthZone(fqdn string) (string, error) {
+	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	if err != nil {
+		return "", err
+	}
+
+	if strings.HasSuffix(authZone, ".") {
+		authZone = authZone[:len(authZone)-len(".")]
+	}
+
+	return authZone, err
+}
+
 func (d *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record {
 	name := acme.UnFqdn(fqdn)