NS1: use the authoritative zone and not the domain name (#463)

providers/dns/ns1/ns1.go

@@ -5,6 +5,7 @@ package ns1
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/xenolf/lego/acme"
@@ -75,7 +76,12 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 }
 
 func (d *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) {
-	zone, _, err := d.client.Zones.Get(domain)
+	authZone, err := getAuthZone(domain)
+	if err != nil {
+		return nil, err
+	}
+
+	zone, _, err := d.client.Zones.Get(authZone)
 	if err != nil {
 		return nil, err
 	}
@@ -83,6 +89,19 @@ func (d *DNSProvider) getHostedZone(domain string) (*dns.Zone, error) {
 	return zone, nil
 }
 
+func getAuthZone(fqdn string) (string, error) {
+	authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
+	if err != nil {
+		return "", err
+	}
+
+	if strings.HasSuffix(authZone, ".") {
+		authZone = authZone[:len(authZone)-len(".")]
+	}
+
+	return authZone, err
+}
+
 func (d *DNSProvider) newTxtRecord(zone *dns.Zone, fqdn, value string, ttl int) *dns.Record {
 	name := acme.UnFqdn(fqdn)