This will prevent indefinitely-hanging requests in case some service or middle box is malfunctioning.
Fix vet errors and lint warnings
Add vet to CI check
Only get issuer certificate if it would be used
No need to make a GET request if the OCSP server is not specified in leaf certificate
Fix CI tests
Make tests verbose
* Gets a list of all authoritative nameservers by looking up the NS RRs for the root domain (zone apex)
* Verifies that the expected TXT record exists on all nameservers before sending off the challenge to ACME server
AWS client tools commonly support passing credentials via
`AWS_ACCESS_KEY_ID` + `AWS_SECRET_ACCESS_KEY`, but supporting only this is
insufficient. For example, access key IDs provided by STS require passing in
`AWS_SECURITY_TOKEN` as a third value, and EC2 instances are often provided
dynamic credentials at runtime via the EC2 metadata service.
This changeset makes `lego` attempt to find credentials in the same way that
the `aws` CLI tool attempts to find credentials. The result is even less
auth code than before because `goamz` provides all this with `aws.GetAuth()`.
- InvalidTXTRDATA error when creating TXT record (closes#94)
- Present() should poll and wait until the status of the record change becomes INSYNC (thanks @oov)
Adds a retry/timeout utility function to dns_challenge.go that may be used in other places
* new ChallengeProvider with Present and CleanUp methods
* new Challenge type describing `http-01`, `tls-sni-01`, `dns-01`
* new client.SetChallengeProvider to support custom implementations
