From fdc05d2942ec613a3ea588d69bfc65fbc0dade55 Mon Sep 17 00:00:00 2001
From: Will Glynn <will@willglynn.com>
Date: Thu, 11 Feb 2016 19:47:47 -0600
Subject: [PATCH 1/3] --dns=foo means we specifically intend to fulfill a DNS
 challenge

---
 cli_handlers.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cli_handlers.go b/cli_handlers.go
index 42e3fece..fb7e54bb 100644
--- a/cli_handlers.go
+++ b/cli_handlers.go
@@ -83,6 +83,10 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
 		}
 
 		client.SetChallengeProvider(acme.DNS01, provider)
+
+		// --dns=foo indicates that the user specifically want to do a DNS challenge
+		// infer that the user also wants to exclude all other challenges
+		client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
 	}
 
 	return conf, acc, client

From 030ba6877aed2866a2ca893db75c2b431f57016c Mon Sep 17 00:00:00 2001
From: Will Glynn <will@willglynn.com>
Date: Sat, 13 Feb 2016 18:23:50 -0600
Subject: [PATCH 2/3] Document that --dns=provider specifically selects the DNS
 challenge

---
 README.md | 6 ++++--
 cli.go    | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 00ce417b..317179d6 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ GLOBAL OPTIONS:
    --exclude, -x [--exclude option --exclude option]			Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
    --http 								Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
    --tls 								Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
-   --dns 								Enable the DNS challenge for solving using a provider.
+   --dns 								Solve a DNS challenge using the specified provider.
 									Credentials for providers have to be passed through environment variables.
 									For a more detailed explanation of the parameters, please see the online docs.
 									Valid providers:
@@ -125,9 +125,11 @@ $ lego --email="foo@bar.com" --domains="example.com" renew
 Obtain a certificate using the DNS challenge and AWS Route 53:
 
 ```bash
-$ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" --exclude="http-01" --exclude="tls-sni-01" run
+$ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run
 ```
 
+Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead.
+
 lego defaults to communicating with the production Let's Encrypt ACME server. If you'd like to test something without issuing real certificates, consider using the staging endpoint instead:
 
 ```bash
diff --git a/cli.go b/cli.go
index 3851c455..15c4a2f0 100644
--- a/cli.go
+++ b/cli.go
@@ -112,7 +112,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name: "dns",
-			Usage: "Enable the DNS challenge for solving using a provider." +
+			Usage: "Solve a DNS challenge using the specified provider." +
 				"\n\tCredentials for providers have to be passed through environment variables." +
 				"\n\tFor a more detailed explanation of the parameters, please see the online docs." +
 				"\n\tValid providers:" +

From 3bceed427a63ab1789d7aa87e0d2360bc14da8c6 Mon Sep 17 00:00:00 2001
From: Will Glynn <will@willglynn.com>
Date: Sat, 13 Feb 2016 18:42:47 -0600
Subject: [PATCH 3/3] Make the --dns help message more explicit about disabling
 challenges

---
 README.md | 2 +-
 cli.go    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 317179d6..9d1807aa 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ GLOBAL OPTIONS:
    --exclude, -x [--exclude option --exclude option]			Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
    --http 								Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
    --tls 								Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
-   --dns 								Solve a DNS challenge using the specified provider.
+   --dns 								Solve a DNS challenge using the specified provider. Disables all other solvers.
 									Credentials for providers have to be passed through environment variables.
 									For a more detailed explanation of the parameters, please see the online docs.
 									Valid providers:
diff --git a/cli.go b/cli.go
index 15c4a2f0..ba216d07 100644
--- a/cli.go
+++ b/cli.go
@@ -112,7 +112,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name: "dns",
-			Usage: "Solve a DNS challenge using the specified provider." +
+			Usage: "Solve a DNS challenge using the specified provider. Disables all other challenges." +
 				"\n\tCredentials for providers have to be passed through environment variables." +
 				"\n\tFor a more detailed explanation of the parameters, please see the online docs." +
 				"\n\tValid providers:" +