From e15be6091de8b85a58124f0cfb5900e7237d62e7 Mon Sep 17 00:00:00 2001
From: "Simon J.K. Pedersen" <mail@sjkp.dk>
Date: Thu, 3 Oct 2019 23:31:16 +0200
Subject: [PATCH 1/4] WIP letsencrypt v2 api

---
 LetsEncrypt-SiteExtension/Web.config          |   4 +
 .../CertificateManager.cs                     |   2 +-
 .../LetsEncrypt.Azure.Core.csproj             |  10 ++
 .../Services/ACMEService.cs                   |   7 +-
 .../Services/AcmeServiceV2.cs                 | 134 +++++++++++++++++
 .../BaseDnsAuthorizationChallengeProvider.cs  |  13 +-
 .../BaseHttpAuthorizationChallengeProvider.cs | 139 +++++++++++++-----
 ...obStorageAuthorizationChallengeProvider.cs |  13 +-
 .../IAuthorizationChallengeProvider.cs        |   9 +-
 ...ileSystemAuthorizationChallengeProvider.cs |  11 +-
 ...ileSystemAuthorizationChallengeProvider.cs |  25 +---
 .../packages.config                           |   3 +
 LetsEncrypt.SiteExtension.Test/App.config     |   4 +
 .../BlobStorageAuthorizationChallengeTest.cs  |  22 +--
 .../CertificateManagerTest.cs                 |  24 +++
 15 files changed, 334 insertions(+), 86 deletions(-)
 create mode 100644 LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs

diff --git a/LetsEncrypt-SiteExtension/Web.config b/LetsEncrypt-SiteExtension/Web.config
index 05f10f5..09dd77e 100644
--- a/LetsEncrypt-SiteExtension/Web.config
+++ b/LetsEncrypt-SiteExtension/Web.config
@@ -133,6 +133,10 @@
         <assemblyIdentity name="System.Xml.ReaderWriter" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.codedom>
diff --git a/LetsEncrypt.SiteExtension.Core/CertificateManager.cs b/LetsEncrypt.SiteExtension.Core/CertificateManager.cs
index cee4c53..7ec58ae 100644
--- a/LetsEncrypt.SiteExtension.Core/CertificateManager.cs
+++ b/LetsEncrypt.SiteExtension.Core/CertificateManager.cs
@@ -226,7 +226,7 @@ internal CertificateInstallModel RequestAndInstallInternal(IAcmeConfig config)
 
         internal async Task<CertificateInstallModel> RequestInternalAsync(IAcmeConfig config)
         {
-            var service = new AcmeService(config, this.challengeProvider);
+            var service = new AcmeServiceV2(config, this.challengeProvider);
 
             var cert = await service.RequestCertificate();
             var model = new CertificateInstallModel()
diff --git a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
index 464f7cd..820844b 100644
--- a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
+++ b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
@@ -69,6 +69,12 @@
     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="BouncyCastle.Crypto, Version=1.8.1.0, Culture=neutral, PublicKeyToken=0e99375e54769942, processorArchitecture=MSIL">
+      <HintPath>..\packages\Portable.BouncyCastle.1.8.1.4\lib\net40\BouncyCastle.Crypto.dll</HintPath>
+    </Reference>
+    <Reference Include="Certes, Version=2.3.3.0, Culture=neutral, PublicKeyToken=308b9c08e7effcb1, processorArchitecture=MSIL">
+      <HintPath>..\packages\Certes.2.3.3\lib\net45\Certes.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Azure.KeyVault.Core, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Azure.KeyVault.Core.3.0.1\lib\net452\Microsoft.Azure.KeyVault.Core.dll</HintPath>
     </Reference>
@@ -164,6 +170,9 @@
     <Reference Include="System.Security.Cryptography.X509Certificates, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Security.Cryptography.X509Certificates.4.3.2\lib\net46\System.Security.Cryptography.X509Certificates.dll</HintPath>
     </Reference>
+    <Reference Include="System.ValueTuple, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.ValueTuple.4.4.0\lib\netstandard1.0\System.ValueTuple.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web" />
     <Reference Include="System.Xml.Linq" />
     <Reference Include="System.Data.DataSetExtensions" />
@@ -192,6 +201,7 @@
     <Compile Include="Models\KuduModels.cs" />
     <Compile Include="Models\SettingEntry.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Services\AcmeServiceV2.cs" />
     <Compile Include="Services\PathProvider.cs" />
     <Compile Include="Services\AcmeService.cs" />
     <Compile Include="Services\AppServiceCerticiateCertificateService.cs" />
diff --git a/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs b/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
index 74d8c13..11f25f2 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
@@ -41,10 +41,11 @@ public async Task<CertificateInfo> RequestCertificate()
             using (var client = Register(signer))
             {
                 IdnMapping idn = new IdnMapping();
-                var auth = await this.authorizeChallengeProvider.Authorize(client, config.Hostnames.Select(s => idn.GetAscii(s)).ToList());
+                authorizeChallengeProvider.RegisterClient(client);
+                var auth = await this.authorizeChallengeProvider.Authorize( config.Hostnames.Select(s => idn.GetAscii(s)).ToList());
 
                 //GetCertificate
-                if (auth.Status == "valid")
+                if (auth == "valid")
                 {
                     var pfxFilename = GetCertificate(client);
 
@@ -63,7 +64,7 @@ public async Task<CertificateInfo> RequestCertificate()
                     };
                 }
 
-                throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + auth.Status);
+                throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + auth);
             }
         }
 
diff --git a/LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs b/LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs
new file mode 100644
index 0000000..b3be25f
--- /dev/null
+++ b/LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs
@@ -0,0 +1,134 @@
+using Certes;
+using Certes.Acme;
+using LetsEncrypt.Azure.Core.Models;
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading.Tasks;
+using System.Web.Hosting;
+
+namespace LetsEncrypt.Azure.Core.Services
+{
+    public class AcmeServiceV2
+    {
+        private readonly Uri acmeenvironment;
+        private readonly string configPath;
+        private readonly IAcmeConfig config;
+        private readonly IAuthorizationChallengeProvider authorizeChallengeProvider;
+
+        public AcmeServiceV2(IAcmeConfig config, IAuthorizationChallengeProvider authorizeChallengeProvider)
+        {
+            if (string.IsNullOrEmpty(config.BaseUri))
+            {
+                this.acmeenvironment = (config.UseProduction ? WellKnownServers.LetsEncryptV2 : WellKnownServers.LetsEncryptStagingV2);
+            }
+            else
+            {
+                this.acmeenvironment = new Uri(config.BaseUri);
+            }
+            
+            this.configPath = ConfigPath(this.acmeenvironment.AbsoluteUri);
+            this.config = config;
+            this.authorizeChallengeProvider = authorizeChallengeProvider;
+        }
+
+        public async Task<CertificateInfo> RequestCertificate()
+        {
+            var context = await GetOrCreateAcmeContext(this.acmeenvironment, config.RegistrationEmail);
+
+            IdnMapping idn = new IdnMapping();
+            var domains = config.Hostnames.Select(s => idn.GetAscii(s)).ToList();
+            var order = await context.NewOrder(domains);
+
+            authorizeChallengeProvider.RegisterClient(order);
+
+            
+
+            var response = await authorizeChallengeProvider.Authorize(domains);
+
+            if (response == "valid")
+            {
+
+                var privateKey = KeyFactory.NewKey(KeyAlgorithm.RS256);
+                var cert = await order.Generate(new Certes.CsrInfo
+                {
+                    CountryName = "",
+                    State = "",
+                    Locality = "",
+                    Organization = "",
+                    OrganizationUnit = "",
+                    CommonName = config.Host,
+                }, privateKey);
+
+                var certPem = cert.ToPem();
+
+                var pfxBuilder = cert.ToPfx(privateKey);
+                var pfx = pfxBuilder.Build(config.Host, config.PFXPassword);
+
+
+                return new CertificateInfo()
+                    {
+                        Certificate = new X509Certificate2(pfx, config.PFXPassword, X509KeyStorageFlags.DefaultKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable),
+                        Name = $"{config.Host} {DateTime.Now}",
+                        Password = config.PFXPassword,
+                        PfxCertificate = pfx
+                    };
+
+            }
+            throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + response);
+        }
+
+        private async Task<AcmeContext> GetOrCreateAcmeContext(Uri acmeDirectoryUri, string email)
+        {
+            if (!Directory.Exists(configPath))
+            {
+                Directory.CreateDirectory(configPath);
+            }
+
+            AcmeContext acme = null;
+            string filename = $"account{email}--{acmeDirectoryUri.Host}";
+            var filePath = Path.Combine(configPath, filename);
+            if (!File.Exists(filePath) || string.IsNullOrEmpty(File.ReadAllText(filePath)))             
+            {
+                
+                acme = new AcmeContext(acmeDirectoryUri);
+                var account = acme.NewAccount(email, true);
+
+                // Save the account key for later use
+                var pemKey = acme.AccountKey.ToPem();
+                File.WriteAllText(filePath, pemKey);
+                await Task.Delay(10000); //Wait a little before using the new account.
+                acme = new AcmeContext(acmeDirectoryUri, acme.AccountKey, new AcmeHttpClient(acmeDirectoryUri, new HttpClient()));
+            }
+            else 
+            {
+                var secret = File.ReadAllText(filePath);
+                var accountKey = KeyFactory.FromPem(secret);
+                acme = new AcmeContext(acmeDirectoryUri, accountKey, new AcmeHttpClient(acmeDirectoryUri, new HttpClient()));
+            }
+
+            return acme;
+        }
+
+        static string CleanFileName(string fileName) => Path.GetInvalidFileNameChars().Aggregate(fileName, (current, c) => current.Replace(c.ToString(), string.Empty));
+
+        private static string ConfigPath(string baseUri)
+        {
+            if (Util.IsAzure)
+            {
+                return Path.Combine(Environment.ExpandEnvironmentVariables("%HOME%"), "siteextensions", "letsencrypt", "config", CleanFileName(baseUri));
+            }
+            else
+            {
+                var folder = HostingEnvironment.MapPath("~/App_Data") ?? Path.Combine(Directory.GetCurrentDirectory(), "App_Data");
+
+                return Path.Combine(folder, "siteextensions", "letsencrypt", "config", CleanFileName(baseUri));
+            }
+        }
+    }
+}
diff --git a/LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs
index 2103e62..8772125 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs
@@ -16,7 +16,9 @@ namespace LetsEncrypt.Azure.Core.Services
 {
     public abstract class BaseDnsAuthorizationChallengeProvider : IAuthorizationChallengeProvider
     {
-        public async Task<AuthorizationState> Authorize(AcmeClient client, List<string> allDnsIdentifiers)
+        private AcmeClient client;
+
+        public async Task<string> Authorize(List<string> allDnsIdentifiers)
         {
             List<AuthorizationState> authStatus = new List<AuthorizationState>();
 
@@ -74,14 +76,19 @@ public async Task<AuthorizationState> Authorize(AcmeClient client, List<string>
             {
                 if (authState.Status != "valid")
                 {
-                    return authState;
+                    return authState.Status;
                 }
             }
-            return new AuthorizationState { Status = "valid" };
+            return "valid";
         }
 
         public abstract Task CleanupChallenge(DnsChallenge httpChallenge);
 
         public abstract Task PersistsChallenge(DnsChallenge httpChallenge);
+
+        public void RegisterClient(object client)
+        {
+            this.client = client as AcmeClient; 
+        }        
     }
 }
diff --git a/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs
index 659d242..1539b04 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs
@@ -1,5 +1,8 @@
 using ACMESharp;
 using ACMESharp.ACME;
+using Certes;
+using Certes.Acme;
+using Certes.Acme.Resource;
 using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
@@ -33,6 +36,8 @@ public abstract class BaseHttpAuthorizationChallengeProvider : IAuthorizationCha
     </authorization>
   </system.web>
 </configuration>";
+        private ACMESharp.AcmeClient client;
+        private IOrderContext order;
 
         public virtual Task EnsureDirectory() {
             return Task.CompletedTask;
@@ -43,11 +48,72 @@ public virtual Task EnsureWebConfig()
             return Task.CompletedTask;
         }
 
-        public abstract Task PersistsChallengeFile(HttpChallenge challenge);
+        public abstract Task PersistsChallengeFile(string path, string context);
 
-        public abstract Task CleanupChallengeFile(HttpChallenge challenge);
+        public abstract Task CleanupChallengeFile(string path);
 
-        public async Task<AuthorizationState> Authorize(AcmeClient client, List<string> allDnsIdentifiers)
+        public void RegisterClient(object client)
+        {
+            if (client is ACMESharp.AcmeClient)
+                this.client = client as ACMESharp.AcmeClient;
+            else if (client as IOrderContext != null)
+                this.order = client as IOrderContext;
+            else
+                throw new InvalidProgramException($"Unable to determine type of AcmeClient {client.GetType()}");
+        }
+
+        public async Task<string> Authorize(List<string> allDnsIdentifiers)
+        {
+            if (client != null)
+            {
+                return await this.AuthorizeOld(allDnsIdentifiers);
+            }
+            if (order != null)
+            {
+                return await this.AuthorizeNew(allDnsIdentifiers);
+            }
+
+            throw new Exception("order and client are both null");
+        }
+
+        private async Task<string> AuthorizeNew(List<string> allDnsIdentifiers)
+        {
+            await EnsureDirectory();
+            await EnsureWebConfig();
+
+            var auths = await order.Authorizations();
+            foreach (var auth in auths)
+            {                
+
+                var authz = await auth.Http();
+                var tokenRelativeUri = $".well-known/acme-challenge/{authz.Token}";
+                await PersistsChallengeFile(tokenRelativeUri, authz.KeyAuthz);
+                var challengeUri = new Uri($"http://{allDnsIdentifiers.First()}/{tokenRelativeUri}");
+                var retry = await ValidateChallengeFile(challengeUri);
+                if (retry == 0)
+                    throw new Exception($"Unable to validate presence of http challenge at {challengeUri} ensure that it is browsable");
+
+                var response = await authz.Validate(); 
+                retry = 10;
+                while ((response.Status == ChallengeStatus.Pending || response.Status == ChallengeStatus.Processing) && retry-- > 0)
+                {
+                    Trace.TraceInformation($"Dns challenge response status {response.Status} more info at {response.Url.ToString()} retrying in 5 sec");
+                    await Task.Delay(5000);
+                    response = await authz.Resource();
+                }
+
+                Console.WriteLine($" Authorization Result: {response.Status}");
+                Trace.TraceInformation("Auth Result {0}", response.Status);
+
+                if (response.Status != ChallengeStatus.Valid)
+                {
+                    return response.Status.ToString();
+                }
+            }
+            return "valid";
+        }
+
+        public async Task<string> AuthorizeOld(List<string> allDnsIdentifiers)
         {
             List<AuthorizationState> authStatus = new List<AuthorizationState>();
 
@@ -63,34 +129,11 @@ public async Task<AuthorizationState> Authorize(AcmeClient client, List<string>
                 var challenge = client.DecodeChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
                 var httpChallenge = challenge.Challenge as HttpChallenge;
 
-                await PersistsChallengeFile(httpChallenge);
-
-                var answerUri = new Uri(httpChallenge.FileUrl);
-                Console.WriteLine($" Answer should now be browsable at {answerUri}");
-                Trace.TraceInformation("Answer should now be browsable at {0}", answerUri);
-
+                await PersistsChallengeFile(httpChallenge.FilePath, httpChallenge.FileContent);
                 try
                 {
-                    var retry = 10;
-                    var handler = new WebRequestHandler();
-                    handler.ServerCertificateValidationCallback = (sender, cert, chain, sslPolicyErrors) => true;
-
-                    var httpclient = new HttpClient(handler);
-                    while (true)
-                    {
-
-                        //Allow self-signed certs otherwise staging wont work
-
-
-                        await Task.Delay(1000);
-                        var x = await httpclient.GetAsync(answerUri);
-                        Trace.TraceInformation("Checking status {0}", x.StatusCode);
-                        if (x.StatusCode == HttpStatusCode.OK)
-                            break;
-                        if (retry-- == 0)
-                            break;
-                        Trace.TraceInformation("Retrying {0}", retry);
-                    }
+                    var answerUri = new Uri(httpChallenge.FileUrl);
+                    int retry = await ValidateChallengeFile(answerUri);
                     Console.WriteLine(" Submitting answer");
                     Trace.TraceInformation("Submitting answer");
                     authzState.Challenges = new AuthorizeChallenge[] { challenge };
@@ -103,7 +146,7 @@ public async Task<AuthorizationState> Authorize(AcmeClient client, List<string>
                         retry++;
                         Console.WriteLine(" Refreshing authorization attempt " + retry);
                         Trace.TraceInformation("Refreshing authorization attempt " + retry);
-                        await Task.Delay(2000*retry);  // this has to be here to give ACME server a chance to think
+                        await Task.Delay(2000 * retry);  // this has to be here to give ACME server a chance to think
                         var newAuthzState = client.RefreshIdentifierAuthorization(authzState);
                         if (newAuthzState.Status != "pending")
                             authzState = newAuthzState;
@@ -128,7 +171,7 @@ public async Task<AuthorizationState> Authorize(AcmeClient client, List<string>
                     {
                         Console.WriteLine(" Deleting answer");
                         Trace.TraceInformation("Deleting answer");
-                        await CleanupChallengeFile(httpChallenge);
+                        await CleanupChallengeFile(httpChallenge.FilePath);
                     }
                 }
             }
@@ -136,10 +179,40 @@ public async Task<AuthorizationState> Authorize(AcmeClient client, List<string>
             {
                 if (authState.Status != "valid")
                 {
-                    return authState;
+                    return authState.Status;
                 }
             }
-            return new AuthorizationState { Status = "valid" };
+            return "valid";
+        }
+
+        private static async Task<int> ValidateChallengeFile(Uri answerUri)
+        {
+            Console.WriteLine($" Answer should now be browsable at {answerUri}");
+            Trace.TraceInformation("Answer should now be browsable at {0}", answerUri);
+
+
+            var retry = 10;
+            var handler = new WebRequestHandler();
+            handler.ServerCertificateValidationCallback = (sender, cert, chain, sslPolicyErrors) => true;
+
+            var httpclient = new HttpClient(handler);
+            while (true)
+            {
+
+                //Allow self-signed certs otherwise staging wont work
+
+
+                await Task.Delay(1000);
+                var x = await httpclient.GetAsync(answerUri);
+                Trace.TraceInformation("Checking status {0}", x.StatusCode);
+                if (x.StatusCode == HttpStatusCode.OK)
+                    break;
+                if (retry-- == 0)
+                    break;
+                Trace.TraceInformation("Retrying {0}", retry);
+            }
+
+            return retry;
         }
     }
 }
diff --git a/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs
index ceb5934..97fb397 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs
@@ -20,22 +20,22 @@ public BlobStorageAuthorizationChallengeProvider(string storageConnectionString,
             this.containerName = string.IsNullOrEmpty(container) ? "letsencrypt-siteextension" : container;            
         }
    
-        public override async Task CleanupChallengeFile(HttpChallenge challenge)
+        public override async Task CleanupChallengeFile(string filePath)
         {
-            var blob = await GetBlob(challenge);
+            var blob = await GetBlob(filePath);
             await blob.DeleteIfExistsAsync();
         }
 
-        public override async Task PersistsChallengeFile(HttpChallenge challenge)
+        public override async Task PersistsChallengeFile(string filePath, string fileContent)
         {
-            CloudBlockBlob blob = await GetBlob(challenge);
+            CloudBlockBlob blob = await GetBlob(filePath);
             blob.Properties.ContentType = "text/plain";
             
-            await blob.UploadTextAsync(challenge.FileContent);
+            await blob.UploadTextAsync(fileContent);
             await blob.SetPropertiesAsync();
         }
 
-        private async Task<CloudBlockBlob> GetBlob(HttpChallenge challenge)
+        private async Task<CloudBlockBlob> GetBlob(string filePath)
         {
             var client = storageAccount.CreateCloudBlobClient();
             var container = client.GetContainerReference(containerName);
@@ -48,7 +48,6 @@ await container.SetPermissionsAsync(new BlobContainerPermissions()
                 });
             }
             // We need to strip off any leading '/' in the path
-            var filePath = challenge.FilePath;
             if (filePath.StartsWith("/", StringComparison.OrdinalIgnoreCase))
                 filePath = filePath.Substring(1);
             var blob = container.GetBlockBlobReference(filePath);
diff --git a/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs
index 1d5b60c..7b08079 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs
@@ -1,4 +1,5 @@
 using ACMESharp;
+using Certes;
 using LetsEncrypt.Azure.Core.Models;
 using System;
 using System.Collections.Generic;
@@ -10,6 +11,12 @@ namespace LetsEncrypt.Azure.Core.Services
 {
     public interface IAuthorizationChallengeProvider
     {
-        Task<AuthorizationState> Authorize(AcmeClient client, List<string> dnsIdentifiers);
+        /// <summary>
+        /// Returns the authorization status from lets encrypt. 
+        /// </summary>
+        /// <param name="dnsIdentifiers"></param>
+        /// <returns></returns>
+        Task<string> Authorize(List<string> dnsIdentifiers);
+        void RegisterClient(object client);
     }
 }
diff --git a/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs
index 033399b..cd4ada7 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs
@@ -27,7 +27,7 @@ public KuduFileSystemAuthorizationChallengeProvider(IAzureWebAppEnvironment azur
             this.pathProvider = new PathProvider(azureEnvironment);
         }
 
-        public override Task CleanupChallengeFile(HttpChallenge challenge)
+        public override Task CleanupChallengeFile(string filePath)
         {
             return Task.CompletedTask;
         }
@@ -43,10 +43,10 @@ public override async Task EnsureWebConfig()
             await WriteFile(dir + "/web.config", webConfig);
         }
 
-        public override async Task PersistsChallengeFile(HttpChallenge challenge)
+        public override async Task PersistsChallengeFile(string filePath, string fileContent)
         {
-            var answerPath = await GetAnswerPath(challenge);
-            await WriteFile(answerPath, challenge.FileContent);
+            var answerPath = await GetAnswerPath(filePath);
+            await WriteFile(answerPath, fileContent);
         }
 
         private async Task WriteFile(string answerPath, string content)
@@ -60,11 +60,10 @@ private async Task WriteFile(string answerPath, string content)
             }
         }
 
-        private async Task<string> GetAnswerPath(HttpChallenge httpChallenge)
+        private async Task<string> GetAnswerPath(string filePath)
         {
             var root = await this.pathProvider.WebRootPath(true);
             // We need to strip off any leading '/' in the path
-            var filePath = httpChallenge.FilePath;
             if (filePath.StartsWith("/", StringComparison.OrdinalIgnoreCase))
                 filePath = filePath.Substring(1);
             var answerPath = root + "/" +filePath;
diff --git a/LetsEncrypt.SiteExtension.Core/Services/LocalFileSystemAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/LocalFileSystemAuthorizationChallengeProvider.cs
index 216c74c..ef98f2d 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/LocalFileSystemAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/LocalFileSystemAuthorizationChallengeProvider.cs
@@ -1,17 +1,7 @@
-using ACMESharp;
-using ACMESharp.ACME;
-using LetsEncrypt.Azure.Core.Models;
-using Newtonsoft.Json;
+using LetsEncrypt.Azure.Core.Models;
 using System;
-using System.Collections.Generic;
-using System.Configuration;
 using System.Diagnostics;
 using System.IO;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Text;
-using System.Threading;
 using System.Threading.Tasks;
 
 namespace LetsEncrypt.Azure.Core.Services
@@ -59,30 +49,29 @@ public override async Task EnsureWebConfig()
             }
         }
 
-        public override async Task PersistsChallengeFile(HttpChallenge httpChallenge)
+        public override async Task PersistsChallengeFile(string filePath, string fileContent)
         {
-            string answerPath = await GetAnswerPath(httpChallenge);
+            string answerPath = await GetAnswerPath(filePath);
 
             Console.WriteLine($" Writing challenge answer to {answerPath}");
             Trace.TraceInformation("Writing challenge answer to {0}", answerPath);
 
-            File.WriteAllText(answerPath, httpChallenge.FileContent);
+            File.WriteAllText(answerPath, fileContent);
         }
 
-        private async Task<string> GetAnswerPath(HttpChallenge httpChallenge)
+        private async Task<string> GetAnswerPath(string filePath)
         {
             var rootDir = await this.pathProvider.WebRootPath(false);
             // We need to strip off any leading '/' in the path
-            var filePath = httpChallenge.FilePath;
             if (filePath.StartsWith("/", StringComparison.OrdinalIgnoreCase))
                 filePath = filePath.Substring(1);
             var answerPath = Environment.ExpandEnvironmentVariables(Path.Combine(rootDir, filePath));
             return answerPath;
         }
 
-        public override async Task CleanupChallengeFile(HttpChallenge challenge)
+        public override async Task CleanupChallengeFile(string filePath)
         {
-            File.Delete(await GetAnswerPath(challenge));
+            File.Delete(await GetAnswerPath(filePath));
         }
     }
 }
diff --git a/LetsEncrypt.SiteExtension.Core/packages.config b/LetsEncrypt.SiteExtension.Core/packages.config
index 8e63676..440d0c5 100644
--- a/LetsEncrypt.SiteExtension.Core/packages.config
+++ b/LetsEncrypt.SiteExtension.Core/packages.config
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
+  <package id="Certes" version="2.3.3" targetFramework="net46" />
   <package id="Microsoft.AspNet.WebApi.Client" version="5.2.7" targetFramework="net46" />
   <package id="Microsoft.Azure.KeyVault.Core" version="3.0.1" targetFramework="net46" />
   <package id="Microsoft.Azure.Management.Dns" version="3.0.1" targetFramework="net46" />
@@ -14,6 +15,7 @@
   <package id="NETStandard.Library" version="2.0.3" targetFramework="net46" />
   <package id="Newtonsoft.Json" version="12.0.1" targetFramework="net46" />
   <package id="Polly" version="6.1.2" targetFramework="net46" />
+  <package id="Portable.BouncyCastle" version="1.8.1.4" targetFramework="net46" />
   <package id="System.AppContext" version="4.3.0" targetFramework="net46" />
   <package id="System.Collections" version="4.3.0" targetFramework="net46" />
   <package id="System.Collections.Concurrent" version="4.3.0" targetFramework="net46" />
@@ -55,6 +57,7 @@
   <package id="System.Threading" version="4.3.0" targetFramework="net46" />
   <package id="System.Threading.Tasks" version="4.3.0" targetFramework="net46" />
   <package id="System.Threading.Timer" version="4.3.0" targetFramework="net46" />
+  <package id="System.ValueTuple" version="4.4.0" targetFramework="net46" />
   <package id="System.Xml.ReaderWriter" version="4.3.1" targetFramework="net46" />
   <package id="System.Xml.XDocument" version="4.3.0" targetFramework="net46" />
 </packages>
\ No newline at end of file
diff --git a/LetsEncrypt.SiteExtension.Test/App.config b/LetsEncrypt.SiteExtension.Test/App.config
index 642ed8d..2dff46b 100644
--- a/LetsEncrypt.SiteExtension.Test/App.config
+++ b/LetsEncrypt.SiteExtension.Test/App.config
@@ -70,6 +70,10 @@
         <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <startup>
diff --git a/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs b/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs
index 99e6fa9..f74ae48 100644
--- a/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs
+++ b/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs
@@ -14,18 +14,16 @@ namespace LetsEncrypt.SiteExtension.Test
     [TestClass]
     public class BlobStorageAuthorizationChallengeTest
     {
+        const string FileContent = "test";
+        const string FilePath = "/.well-known/acme-challenge/aBAasda234";
         [TestMethod]
         public async Task TestPersistDelete()
         {
             var testObj = new BlobStorageAuthorizationChallengeProvider(ConfigurationManager.AppSettings[AppSettingsAuthConfig.authorizationChallengeBlobStorageAccount]);
 
-            ACMESharp.ACME.HttpChallenge challenge = new ACMESharp.ACME.HttpChallenge("http", new HttpChallengeAnswer())
-            {
-                FileContent = "test",
-                FilePath = "/.well-known/acme-challenge/aBAasda234"
-            };
-            await testObj.PersistsChallengeFile(challenge);
-            await testObj.CleanupChallengeFile(challenge);
+            
+            await testObj.PersistsChallengeFile(FilePath, FileContent);
+            await testObj.CleanupChallengeFile(FilePath);
         }
 
         [TestMethod]
@@ -33,13 +31,9 @@ public async Task TestWebPersistDelete()
         {
             var testObj = new BlobStorageAuthorizationChallengeProvider(ConfigurationManager.AppSettings[AppSettingsAuthConfig.authorizationChallengeBlobStorageAccount], "$web");
 
-            ACMESharp.ACME.HttpChallenge challenge = new ACMESharp.ACME.HttpChallenge("http", new HttpChallengeAnswer())
-            {
-                FileContent = "test",
-                FilePath = "/.well-known/acme-challenge/aBAasda234"
-            };
-            await testObj.PersistsChallengeFile(challenge);
-            await testObj.CleanupChallengeFile(challenge);
+            
+            await testObj.PersistsChallengeFile(FilePath,FileContent);
+            await testObj.CleanupChallengeFile(FilePath);
         }
     }
 }
diff --git a/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs b/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs
index f05af36..4be9b08 100644
--- a/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs
+++ b/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs
@@ -57,6 +57,30 @@ public async Task RenewCertificateDnsChallengeTest()
             Assert.AreNotEqual(0, result.Count());
         }
 
+        [TestCategory("Integration")]
+        [TestMethod]
+        public async Task AddCertificateHttpChallengeTest()
+        {
+            var config = new AppSettingsAuthConfig();
+
+
+            var dnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "letsencrypt");
+            var mgr = new CertificateManager(config, new AcmeConfig()
+            {
+                Host = "letsencrypt.sjkp.dk",
+                PFXPassword = "Simon123",
+                RegistrationEmail = "mail@sjkp.dk",
+                RSAKeyLength = 2048
+            }, new WebAppCertificateService(config, new CertificateServiceSettings()
+            {
+                UseIPBasedSSL = config.UseIPBasedSSL
+            }), new KuduFileSystemAuthorizationChallengeProvider(config, new AuthorizationChallengeProviderConfig()));
+            var result = await mgr.AddCertificate();
+
+            Assert.IsNotNull(result);
+            ValidateCertificate(new[] { result }, "https://letsencrypt.sjkp.dk");
+        }
+
         [TestCategory("Integration")]
         [TestMethod]
         public async Task AddCertificateDnsChallengeTest()

From f910a1dea5016d0d18c63e1235a98b2105bf9966 Mon Sep 17 00:00:00 2001
From: "Simon J.K. Pedersen" <mail@sjkp.dk>
Date: Sun, 6 Oct 2019 09:46:39 +0200
Subject: [PATCH 2/4] Clean up of all dns related functionality. Removal of
 ACMESharp.

---
 LetsEncrypt-SiteExtension.sln                 |  32 --
 .../Controllers/Api/CertificateController.cs  |  64 ----
 .../Controllers/HomeController.cs             |   7 +-
 .../CertificateManager.cs                     |  31 +-
 .../LetsEncrypt.Azure.Core.csproj             |  18 +-
 .../Services/ACMEService.cs                   | 358 ++++--------------
 .../Services/AcmeServiceV2.cs                 | 134 -------
 .../AzureDnsAuthorizationChallengeProvider.cs |  82 ----
 .../BaseDnsAuthorizationChallengeProvider.cs  |  94 -----
 .../BaseHttpAuthorizationChallengeProvider.cs | 111 +-----
 ...obStorageAuthorizationChallengeProvider.cs |   4 -
 .../IAuthorizationChallengeProvider.cs        |  11 +-
 ...ileSystemAuthorizationChallengeProvider.cs |   6 -
 ...reDnsAuthorizationChallengeProviderTest.cs |  47 ---
 .../BlobStorageAuthorizationChallengeTest.cs  |   7 +-
 .../CertificateManagerTest.cs                 |  61 +--
 .../LetsEncrypt.SiteExtension.Test.csproj     |   9 -
 17 files changed, 89 insertions(+), 987 deletions(-)
 delete mode 100644 LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs
 delete mode 100644 LetsEncrypt.SiteExtension.Core/Services/AzureDnsAuthorizationChallengeProvider.cs
 delete mode 100644 LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs
 delete mode 100644 LetsEncrypt.SiteExtension.Test/AzureDnsAuthorizationChallengeProviderTest.cs

diff --git a/LetsEncrypt-SiteExtension.sln b/LetsEncrypt-SiteExtension.sln
index e5deb4e..54b897d 100644
--- a/LetsEncrypt-SiteExtension.sln
+++ b/LetsEncrypt-SiteExtension.sln
@@ -30,10 +30,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "ACMESharp", "ACMESharp", "{E4B09348-2E98-4A58-8D5A-B55231D6A2E3}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ACMESharp", "ACMESharp\ACMESharp\ACMESharp\ACMESharp.csproj", "{D551234B-0A8D-4DEE-8178-A81998DF0EDB}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ACMESharp.PKI.Providers.BouncyCastle", "ACMESharp\ACMESharp\ACMESharp.PKI.Providers.BouncyCastle\ACMESharp.PKI.Providers.BouncyCastle.csproj", "{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -104,38 +100,10 @@ Global
 		{284F0226-F481-4C10-A408-4146FDBB71CC}.Release|x64.Build.0 = Release|x64
 		{284F0226-F481-4C10-A408-4146FDBB71CC}.Release|x86.ActiveCfg = Release|x86
 		{284F0226-F481-4C10-A408-4146FDBB71CC}.Release|x86.Build.0 = Release|x86
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x64.Build.0 = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Debug|x86.Build.0 = Debug|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x64.ActiveCfg = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x64.Build.0 = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x86.ActiveCfg = Release|Any CPU
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB}.Release|x86.Build.0 = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x64.Build.0 = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Debug|x86.Build.0 = Debug|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|Any CPU.Build.0 = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x64.ActiveCfg = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x64.Build.0 = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x86.ActiveCfg = Release|Any CPU
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
-	GlobalSection(NestedProjects) = preSolution
-		{D551234B-0A8D-4DEE-8178-A81998DF0EDB} = {E4B09348-2E98-4A58-8D5A-B55231D6A2E3}
-		{473BFF7D-C7F0-471D-B7A3-19AD9ADFDBA9} = {E4B09348-2E98-4A58-8D5A-B55231D6A2E3}
-	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {CE278D6B-F8FA-4F40-A67B-A8367F40FCA4}
 	EndGlobalSection
diff --git a/LetsEncrypt-SiteExtension/Controllers/Api/CertificateController.cs b/LetsEncrypt-SiteExtension/Controllers/Api/CertificateController.cs
index 0da8d02..1eb05d7 100644
--- a/LetsEncrypt-SiteExtension/Controllers/Api/CertificateController.cs
+++ b/LetsEncrypt-SiteExtension/Controllers/Api/CertificateController.cs
@@ -83,69 +83,5 @@ public async Task<IHttpActionResult> GenerateAndInstallBlob(HttpKuduInstallModel
 
             return Ok(await mgr.AddCertificate());
         }
-
-        /// <summary>
-        /// Requests a Let's Encrypt certificate using the DNS challenge, using Azure DNS. 
-        /// </summary>
-        /// <param name="model"></param>
-        /// <param name="apiversion"></param>
-        /// <returns></returns>
-        [HttpPost]
-        [Route("api/certificates/challengeprovider/dns/azure")]
-        [ResponseType(typeof(CertificateInstallModel))]
-        public async Task<IHttpActionResult> Generate(DnsAzureModel model, [FromUri(Name = "api-version")]string apiversion = null)
-        {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest(ModelState);
-            }
-
-            var res = await CertificateManager.RequestDnsChallengeCertificate(model.AzureDnsEnvironment, model.AcmeConfig);
-
-            return Ok(res);
-        }
-
-        /// <summary>
-        /// Requests a Let's Encrypt certificate using the DNS challenge, using Azure DNS. 
-        /// </summary>
-        /// <param name="model"></param>
-        /// <param name="apiversion"></param>
-        /// <returns></returns>
-        [HttpPost]
-        [Route("api/certificates/challengeprovider/dns-v2/azure")]
-        [ResponseType(typeof(CertificateInstallModel))]
-        public async Task<IHttpActionResult> Generate_v2(DnsAzureModel model, [FromUri(Name = "api-version")]string apiversion = null)
-        {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest(ModelState);
-            }
-
-            var res = await CertificateManager.RequestDnsChallengeCertificate(model.AzureDnsEnvironment, model.AcmeConfig);
-
-            return Ok(res);
-        }
-
-        /// <summary>
-        /// Requests a Let's Encrypt certificate using the DNS challenge, using Azure DNS. The 
-        /// certificate is installed to the web app. 
-        /// </summary>
-        /// <param name="model"></param>
-        /// <param name="apiversion"></param>
-        /// <returns></returns>
-        [HttpPost]
-        [Route("api/certificates/challengeprovider/dns/azure/certificateinstall/azurewebapp")]
-        [ResponseType(typeof(CertificateInstallModel))]
-        public async Task<IHttpActionResult> GenerateAndInstall(DnsAzureInstallModel model, [FromUri(Name = "api-version")]string apiversion = null)
-        {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest(ModelState);
-            }
-
-            var mgr = CertificateManager.CreateAzureDnsWebAppCertificateManager(model.AzureWebAppEnvironment, model.AcmeConfig, model.CertificateSettings, model);
-
-            return Ok(await mgr.AddCertificate());
-        }
     }
 }
\ No newline at end of file
diff --git a/LetsEncrypt-SiteExtension/Controllers/HomeController.cs b/LetsEncrypt-SiteExtension/Controllers/HomeController.cs
index 38be016..70097e8 100644
--- a/LetsEncrypt-SiteExtension/Controllers/HomeController.cs
+++ b/LetsEncrypt-SiteExtension/Controllers/HomeController.cs
@@ -230,11 +230,10 @@ public async Task<ActionResult> Install(RequestAndInstallModel model)
                     Name = "email",
                     Value = model.Email
                 });
-                var baseUri = model.UseStaging == false ? "https://acme-v01.api.letsencrypt.org/" : "https://acme-staging.api.letsencrypt.org/";
                 s.Add(new SettingEntry()
                 {
-                    Name = "baseUri",
-                    Value = baseUri
+                    Name = "useStaging",
+                    Value = model.UseStaging.ToString()
                 });
                 SettingsStore.Instance.Save(s);
                 var settings = new AppSettingsAuthConfig();
@@ -242,7 +241,7 @@ public async Task<ActionResult> Install(RequestAndInstallModel model)
                 {                    
                     RegistrationEmail = model.Email,
                     Host = model.Hostnames.First(),                    
-                    BaseUri = baseUri,                    
+                    UseProduction = !model.UseStaging,                    
                     AlternateNames = model.Hostnames.Skip(1).ToList(),
                     PFXPassword = settings.PFXPassword,
                     RSAKeyLength = settings.RSAKeyLength,    
diff --git a/LetsEncrypt.SiteExtension.Core/CertificateManager.cs b/LetsEncrypt.SiteExtension.Core/CertificateManager.cs
index 7ec58ae..b236924 100644
--- a/LetsEncrypt.SiteExtension.Core/CertificateManager.cs
+++ b/LetsEncrypt.SiteExtension.Core/CertificateManager.cs
@@ -93,32 +93,6 @@ public static CertificateManager CreateKuduWebAppCertificateManager(IAzureWebApp
             return new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new KuduFileSystemAuthorizationChallengeProvider(settings, authProviderConfig));
         }
 
-        /// <summary>
-        /// Returns a <see cref="CertificateManager"/> configured to use DNS Challenge, placing the challenge record in Azure DNS,
-        /// and assigning the obtained certificate directly to the web app service. 
-        /// </summary>
-        /// <param name="settings"></param>
-        /// <param name="acmeConfig"></param>
-        /// <param name="certSettings"></param>
-        /// <param name="dnsEnvironment"></param>
-        /// <returns></returns>
-        public static CertificateManager CreateAzureDnsWebAppCertificateManager(IAzureWebAppEnvironment settings, IAcmeConfig acmeConfig, IWebAppCertificateSettings certSettings, IAzureDnsEnvironment dnsEnvironment)
-        {
-            return new CertificateManager(settings, acmeConfig, new WebAppCertificateService(settings, certSettings), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment));
-        }
-
-        /// <summary>
-        /// Request a certificate from lets encrypt using the DNS challenge, placing the challenge record in Azure DNS. 
-        /// The certifiacte is not assigned, but just returned. 
-        /// </summary>
-        /// <param name="azureDnsEnvironment"></param>
-        /// <param name="acmeConfig"></param>
-        /// <returns></returns>
-        public static async Task<CertificateInstallModel> RequestDnsChallengeCertificate(IAzureDnsEnvironment azureDnsEnvironment, IAcmeConfig acmeConfig)
-        {
-            return await new CertificateManager(null, acmeConfig, null, new AzureDnsAuthorizationChallengeProvider(azureDnsEnvironment)).RequestInternalAsync(acmeConfig);
-        }
-
 
         /// <summary>
         /// Used for automatic installation of letsencrypt certificate 
@@ -186,7 +160,8 @@ public async Task<List<CertificateInstallModel>> RenewCertificate(bool skipInsta
 
                         RegistrationEmail = this.acmeConfig.RegistrationEmail ?? ss.FirstOrDefault(s => s.Name == "email").Value,
                         Host = sslStates.First().Name,
-                        BaseUri = this.acmeConfig.BaseUri ?? ss.FirstOrDefault(s => s.Name == "baseUri").Value,
+                        BaseUri = this.acmeConfig.BaseUri,
+                        UseProduction = !bool.Parse(ss.FirstOrDefault(s => s.Name == "useStaging")?.Value ?? false.ToString()),
                         AlternateNames = sslStates.Skip(1).Select(s => s.Name).ToList(),
                         PFXPassword = this.acmeConfig.PFXPassword,
                         RSAKeyLength = this.acmeConfig.RSAKeyLength
@@ -226,7 +201,7 @@ internal CertificateInstallModel RequestAndInstallInternal(IAcmeConfig config)
 
         internal async Task<CertificateInstallModel> RequestInternalAsync(IAcmeConfig config)
         {
-            var service = new AcmeServiceV2(config, this.challengeProvider);
+            var service = new AcmeService(config, this.challengeProvider);
 
             var cert = await service.RequestCertificate();
             var model = new CertificateInstallModel()
diff --git a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
index 820844b..c6d5877 100644
--- a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
+++ b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
@@ -69,9 +69,6 @@
     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="BouncyCastle.Crypto, Version=1.8.1.0, Culture=neutral, PublicKeyToken=0e99375e54769942, processorArchitecture=MSIL">
-      <HintPath>..\packages\Portable.BouncyCastle.1.8.1.4\lib\net40\BouncyCastle.Crypto.dll</HintPath>
-    </Reference>
     <Reference Include="Certes, Version=2.3.3.0, Culture=neutral, PublicKeyToken=308b9c08e7effcb1, processorArchitecture=MSIL">
       <HintPath>..\packages\Certes.2.3.3\lib\net45\Certes.dll</HintPath>
     </Reference>
@@ -201,12 +198,9 @@
     <Compile Include="Models\KuduModels.cs" />
     <Compile Include="Models\SettingEntry.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Services\AcmeServiceV2.cs" />
-    <Compile Include="Services\PathProvider.cs" />
     <Compile Include="Services\AcmeService.cs" />
+    <Compile Include="Services\PathProvider.cs" />
     <Compile Include="Services\AppServiceCerticiateCertificateService.cs" />
-    <Compile Include="Services\AzureDnsAuthorizationChallengeProvider.cs" />
-    <Compile Include="Services\BaseDnsAuthorizationChallengeProvider.cs" />
     <Compile Include="Services\BaseHttpAuthorizationChallengeProvider.cs" />
     <Compile Include="Services\BlobStorageAuthorizationChallengeProvider.cs" />
     <Compile Include="Services\WebAppCertificateService.cs" />
@@ -232,16 +226,6 @@
       <SubType>Designer</SubType>
     </None>
   </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\ACMESharp\ACMESharp\ACMESharp.PKI.Providers.BouncyCastle\ACMESharp.PKI.Providers.BouncyCastle.csproj">
-      <Project>{473bff7d-c7f0-471d-b7a3-19ad9adfdba9}</Project>
-      <Name>ACMESharp.PKI.Providers.BouncyCastle</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\ACMESharp\ACMESharp\ACMESharp\ACMESharp.csproj">
-      <Project>{d551234b-0a8d-4dee-8178-a81998df0edb}</Project>
-      <Name>ACMESharp</Name>
-    </ProjectReference>
-  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
diff --git a/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs b/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
index 11f25f2..b0c5920 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
@@ -1,18 +1,12 @@
-using ACMESharp;
-using ACMESharp.HTTP;
-using ACMESharp.JOSE;
-using ACMESharp.PKI;
-using ACMESharp.PKI.Providers;
-using ACMESharp.PKI.RSA;
+using Certes;
+using Certes.Acme;
 using LetsEncrypt.Azure.Core.Models;
-using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.Globalization;
 using System.IO;
 using System.Linq;
-using System.Net;
+using System.Net.Http;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
@@ -20,324 +14,108 @@
 
 namespace LetsEncrypt.Azure.Core.Services
 {
-
     public class AcmeService
     {
+        private readonly Uri acmeenvironment;
         private readonly string configPath;
-        private string baseURI;
         private readonly IAcmeConfig config;
         private readonly IAuthorizationChallengeProvider authorizeChallengeProvider;
 
         public AcmeService(IAcmeConfig config, IAuthorizationChallengeProvider authorizeChallengeProvider)
         {
-            this.baseURI = config.BaseUri ?? (config.UseProduction ? "https://acme-v01.api.letsencrypt.org/" : "https://acme-staging.api.letsencrypt.org/");
-            this.configPath = ConfigPath(this.baseURI);
-            this.config = config;
-            this.authorizeChallengeProvider = authorizeChallengeProvider;
-        }
-
-        public async Task<CertificateInfo> RequestCertificate()
-        {   using (var signer = new RS256Signer())
-            using (var client = Register(signer))
-            {
-                IdnMapping idn = new IdnMapping();
-                authorizeChallengeProvider.RegisterClient(client);
-                var auth = await this.authorizeChallengeProvider.Authorize( config.Hostnames.Select(s => idn.GetAscii(s)).ToList());
-
-                //GetCertificate
-                if (auth == "valid")
-                {
-                    var pfxFilename = GetCertificate(client);
-
-                    X509Certificate2 certificate;
-                    certificate = new X509Certificate2(pfxFilename, config.PFXPassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
-                    certificate.FriendlyName = $"{config.Host} {DateTime.Now}";
-
-                    var bytes = File.ReadAllBytes(pfxFilename);                   
-
-                    return new CertificateInfo()
-                    {
-                        Certificate = certificate,
-                        PfxCertificate = bytes,
-                        Name = pfxFilename,
-                        Password = config.PFXPassword
-                    };
-                }
-
-                throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + auth);
-            }
-        }
-
-        public AcmeClient Register(RS256Signer signer)
-        {
-            if (!Directory.Exists(configPath))
-            {
-                Directory.CreateDirectory(configPath);
-            }
-            var email = config.RegistrationEmail;
-            try
-            {
-
-                signer.Init();
-
-                var signerPath = Path.Combine(configPath, "Signer");
-                if (File.Exists(signerPath))
-                {
-                    Trace.TraceInformation($"Loading Signer from {signerPath}");
-                    using (var signerStream = File.OpenRead(signerPath))
-                        signer.Load(signerStream);
-                }
-
-                var client = new AcmeClient(new Uri(this.baseURI), new AcmeServerDirectory(), signer);
-
-                client.Init();
-                Trace.TraceInformation("\nGetting AcmeServerDirectory");
-                client.GetDirectory(true);
-
-                var registrationPath = Path.Combine(configPath, "Registration");
-                if (File.Exists(registrationPath))
-                {
-                    Trace.TraceInformation($"Loading Registration from {registrationPath}");
-                    using (var registrationStream = File.OpenRead(registrationPath))
-                        client.Registration = AcmeRegistration.Load(registrationStream);
-                }
-                else
-                {
-
-
-                    var contacts = new string[] { };
-                    if (!String.IsNullOrEmpty(email))
-                    {
-                        email = "mailto:" + email;
-                        contacts = new string[] { email };
-                    }
-
-                    Trace.TraceInformation("Calling Register");
-                    var registration = client.Register(contacts);
-
-
-                    Trace.TraceInformation("Updating Registration");
-                    client.UpdateRegistration(true, true);
-
-                    Trace.TraceInformation("Saving Registration");
-                    using (var registrationStream = File.OpenWrite(registrationPath))
-                        client.Registration.Save(registrationStream);
-
-                    Trace.TraceInformation("Saving Signer");
-                    using (var signerStream = File.OpenWrite(signerPath))
-                        signer.Save(signerStream);
-                }
-                return client;
-
-
-            }
-            catch (Exception e)
+            if (string.IsNullOrEmpty(config.BaseUri))
             {
-                var acmeWebException = e as AcmeClient.AcmeWebException;
-                if (acmeWebException != null)
-                {
-                    Trace.TraceError(acmeWebException.Message);
-                    Trace.TraceError("ACME Server Returned:");
-                    Trace.TraceError(acmeWebException.Response.ContentAsString);
-                }
-                else
-                {
-                    Trace.TraceError(e.ToString());
-                }
-                throw;
+                this.acmeenvironment = (config.UseProduction ? WellKnownServers.LetsEncryptV2 : WellKnownServers.LetsEncryptStagingV2);
             }
-        }
-
-
-        public string GetCertificate(AcmeClient client)
-        {
-            IdnMapping idn = new IdnMapping();
-            var dnsIdentifier = idn.GetAscii(config.Host);
-            CertificateProvider.RegisterProvider<BouncyCastleProvider>(BouncyCastleProvider.PROVIDER_NAME);
-            var cp = CertificateProvider.GetProvider(BouncyCastleProvider.PROVIDER_NAME);
-            var rsaPkp = new RsaPrivateKeyParams();
-            try
-            {
-                if (config.RSAKeyLength >= 1024)
-                {
-                    rsaPkp.NumBits = config.RSAKeyLength;
-                    Trace.TraceInformation("RSAKeyBits: {0}", config.RSAKeyLength);
-                }
-                else
-                {
-                    Trace.TraceWarning("RSA Key Bits less than 1024 is not secure. Letting ACMESharp default key bits. http://openssl.org/docs/manmaster/crypto/RSA_generate_key_ex.html");
-                }
-            }
-            catch (Exception ex)
+            else
             {
-                Trace.TraceWarning("Unable to set RSA Key Bits, Letting ACMESharp default key bits, Error: {0}", ex);
-                Console.WriteLine($"Unable to set RSA Key Bits, Letting ACMESharp default key bits, Error: {ex.Message.ToString()}");
+                this.acmeenvironment = new Uri(config.BaseUri);
             }
 
-            var rsaKeys = cp.GeneratePrivateKey(rsaPkp);
-            var csrDetails = new CsrDetails
-            {
-                CommonName = dnsIdentifier,
-            };
-            if (config.AlternateNames != null)
+            if (string.Equals(this.acmeenvironment.Host, "acme-v01.api.letsencrypt.org", StringComparison.InvariantCultureIgnoreCase) 
+                || string.Equals(this.acmeenvironment.Host, "acme-staging.api.letsencrypt.org", StringComparison.InvariantCultureIgnoreCase))
             {
-                if (config.AlternateNames.Count > 0)
-                {
-                    csrDetails.AlternativeNames = config.AlternateNames.Select(s => idn.GetAscii(s));
-                }
+                throw new ArgumentException($"Please use let's encrypt version 2 API, baseUri was set to {this.acmeenvironment}");
             }
-            var csrParams = new CsrParams
-            {
-                Details = csrDetails,
-            };
-            var csr = cp.GenerateCsr(csrParams, rsaKeys, Crt.MessageDigest.SHA256);
 
-            byte[] derRaw;
-            using (var bs = new MemoryStream())
-            {
-                cp.ExportCsr(csr, EncodingFormat.DER, bs);
-                derRaw = bs.ToArray();
-            }
-            var derB64u = JwsHelper.Base64UrlEncode(derRaw);
 
-            Console.WriteLine($"\nRequesting Certificate");
-            Trace.TraceInformation("Requesting Certificate");
-            CertificateRequest certRequ = client.RequestCertificate(derB64u);
+            this.configPath = ConfigPath(this.acmeenvironment.AbsoluteUri);
+            this.config = config;
+            this.authorizeChallengeProvider = authorizeChallengeProvider;
+        }
 
-            Trace.TraceInformation("certRequ {0}", JsonConvert.SerializeObject(certRequ));
+        public async Task<CertificateInfo> RequestCertificate()
+        {
+            var context = await GetOrCreateAcmeContext(this.acmeenvironment, config.RegistrationEmail);
 
-            Console.WriteLine($" Request Status: {certRequ.StatusCode}");
-            Trace.TraceInformation("Request Status: {0}", certRequ.StatusCode);
+            IdnMapping idn = new IdnMapping();
+            var domains = config.Hostnames.Select(s => idn.GetAscii(s)).ToList();
+            var order = await context.NewOrder(domains);
+            
+            var response = await authorizeChallengeProvider.Authorize(order, domains);
 
-            if (certRequ.StatusCode == System.Net.HttpStatusCode.Created)
+            if (response == "valid")
             {
-                var keyGenFile = Path.Combine(this.configPath, $"{dnsIdentifier}-gen-key.json");
-                var keyPemFile = Path.Combine(configPath, $"{dnsIdentifier}-key.pem");
-                var csrGenFile = Path.Combine(configPath, $"{dnsIdentifier}-gen-csr.json");
-                var csrPemFile = Path.Combine(configPath, $"{dnsIdentifier}-csr.pem");
-                var crtDerFile = Path.Combine(configPath, $"{dnsIdentifier}-crt.der");
-                var crtPemFile = Path.Combine(configPath, $"{dnsIdentifier}-crt.pem");
-                string crtPfxFile = null;
 
-                crtPfxFile = Path.Combine(configPath, $"{dnsIdentifier}-all.pfx");
-
-
-
-                using (var fs = new FileStream(keyGenFile, FileMode.Create))
-                    cp.SavePrivateKey(rsaKeys, fs);
-                using (var fs = new FileStream(keyPemFile, FileMode.Create))
-                    cp.ExportPrivateKey(rsaKeys, EncodingFormat.PEM, fs);
-                using (var fs = new FileStream(csrGenFile, FileMode.Create))
-                    cp.SaveCsr(csr, fs);
-                using (var fs = new FileStream(csrPemFile, FileMode.Create))
-                    cp.ExportCsr(csr, EncodingFormat.PEM, fs);
-
-                Console.WriteLine($" Saving Certificate to {crtDerFile}");
-                Trace.TraceInformation("Saving Certificate to {0}", crtDerFile);
-                using (var file = File.Create(crtDerFile))
-                    certRequ.SaveCertificate(file);
-
-                Crt crt;
-                using (FileStream source = new FileStream(crtDerFile, FileMode.Open),
-                        target = new FileStream(crtPemFile, FileMode.Create))
+                var privateKey = KeyFactory.NewKey(KeyAlgorithm.RS256);
+                var cert = await order.Generate(new Certes.CsrInfo
                 {
-                    crt = cp.ImportCertificate(EncodingFormat.DER, source);
-                    cp.ExportCertificate(crt, EncodingFormat.PEM, target);
-                }
-
-                // To generate a PKCS#12 (.PFX) file, we need the issuer's public certificate
-                var isuPemFile = GetIssuerCertificate(certRequ, cp);
+                    CountryName = "",
+                    State = "",
+                    Locality = "",
+                    Organization = "",
+                    OrganizationUnit = "",
+                    CommonName = config.Host,
+                }, privateKey);
 
+                var certPem = cert.ToPem();
 
+                var pfxBuilder = cert.ToPfx(privateKey);
+                var pfx = pfxBuilder.Build(config.Host, config.PFXPassword);
 
 
-                Console.WriteLine($" Saving Certificate to {crtPfxFile}");
-                Trace.TraceInformation("Saving Certificate to {0}", crtPfxFile);
-                using (FileStream source = new FileStream(isuPemFile, FileMode.Open),
-                        target = new FileStream(crtPfxFile, FileMode.Create))
-                {
-                    try
-                    {
-                        var isuCrt = cp.ImportCertificate(EncodingFormat.PEM, source);
-                        cp.ExportArchive(rsaKeys, new[] { crt, isuCrt }, ArchiveFormat.PKCS12, target, config.PFXPassword);
-                    }
-                    catch (Exception ex)
+                return new CertificateInfo()
                     {
-                        Trace.TraceError("Error exporting archive {0}", ex);
-                        Console.ForegroundColor = ConsoleColor.Red;
-                        Console.WriteLine($"Error exporting archive: {ex.Message.ToString()}");
-                        Console.ResetColor();
-                    }
-                }
-
-
-                cp.Dispose();
+                        Certificate = new X509Certificate2(pfx, config.PFXPassword, X509KeyStorageFlags.DefaultKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable),
+                        Name = $"{config.Host} {DateTime.Now}",
+                        Password = config.PFXPassword,
+                        PfxCertificate = pfx
+                    };
 
-                return crtPfxFile;
-            }
-            if ((int)certRequ.StatusCode == 429)
-            {
-                Trace.TraceError("Unable to request certificate, too many certificate requests to Let's Encrypt certificate servers for the domain within the last 7 days. Please try again later. (If you are testing, please use the staging enviroment where you can request unlimited number of certificates. During the beta period only 5 certificate requests per domain per week are allowed to the production environment.)");
-                throw new Exception("Unable to request certificate, too many certificate requests to Let's Encrypt certificate servers for the domain within the last 7 days. Please try again later. (If you are testing, please use the staging enviroment where you can request unlimited number of certificates. During the beta period only 5 certificate requests per domain per week are allowed to the production environment.)");
             }
-
-            Trace.TraceError("Request status = {0}", certRequ.StatusCode);
-            throw new Exception($"Request status = {certRequ.StatusCode}");
-
-
+            throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + response);
         }
 
-        public string GetIssuerCertificate(CertificateRequest certificate, CertificateProvider cp)
+        private async Task<AcmeContext> GetOrCreateAcmeContext(Uri acmeDirectoryUri, string email)
         {
-            var linksEnum = certificate.Links;
-            if (linksEnum != null)
+            if (!Directory.Exists(configPath))
             {
-                var links = new LinkCollection(linksEnum);
-                var upLink = links.GetFirstOrDefault("up");
-                if (upLink != null)
-                {
-                    var tmp = Path.GetTempFileName();
-                    try
-                    {
-                        using (var web = new WebClient())
-                        {
-                            var uri = new Uri(new Uri(this.baseURI), upLink.Uri);
-                            web.DownloadFile(uri, tmp);
-                        }
-
-                        var cacert = new X509Certificate2(tmp);
-                        var sernum = cacert.GetSerialNumberString();
-                        var tprint = cacert.Thumbprint;
-                        var sigalg = cacert.SignatureAlgorithm?.FriendlyName;
-                        var sigval = cacert.GetCertHashString();
-
-                        var cacertDerFile = Path.Combine(configPath, $"ca-{sernum}-crt.der");
-                        var cacertPemFile = Path.Combine(configPath, $"ca-{sernum}-crt.pem");
-
-                        if (!File.Exists(cacertDerFile))
-                            File.Copy(tmp, cacertDerFile, true);
-
-                        Console.WriteLine($" Saving Issuer Certificate to {cacertPemFile}");
-                        Trace.TraceInformation("Saving Issuer Certificate to {0}", cacertPemFile);
-                        if (!File.Exists(cacertPemFile))
-                            using (FileStream source = new FileStream(cacertDerFile, FileMode.Open),
-                                    target = new FileStream(cacertPemFile, FileMode.Create))
-                            {
-                                var caCrt = cp.ImportCertificate(EncodingFormat.DER, source);
-                                cp.ExportCertificate(caCrt, EncodingFormat.PEM, target);
-                            }
+                Directory.CreateDirectory(configPath);
+            }
 
-                        return cacertPemFile;
-                    }
-                    finally
-                    {
-                        if (File.Exists(tmp))
-                            File.Delete(tmp);
-                    }
-                }
+            AcmeContext acme = null;
+            string filename = $"account{email}--{acmeDirectoryUri.Host}";
+            var filePath = Path.Combine(configPath, filename);
+            if (!File.Exists(filePath) || string.IsNullOrEmpty(File.ReadAllText(filePath)))             
+            {
+                
+                acme = new AcmeContext(acmeDirectoryUri);
+                var account = acme.NewAccount(email, true);
+
+                // Save the account key for later use
+                var pemKey = acme.AccountKey.ToPem();
+                File.WriteAllText(filePath, pemKey);
+                await Task.Delay(10000); //Wait a little before using the new account.
+                acme = new AcmeContext(acmeDirectoryUri, acme.AccountKey, new AcmeHttpClient(acmeDirectoryUri, new HttpClient()));
+            }
+            else 
+            {
+                var secret = File.ReadAllText(filePath);
+                var accountKey = KeyFactory.FromPem(secret);
+                acme = new AcmeContext(acmeDirectoryUri, accountKey, new AcmeHttpClient(acmeDirectoryUri, new HttpClient()));
             }
 
-            return null;
+            return acme;
         }
 
         static string CleanFileName(string fileName) => Path.GetInvalidFileNameChars().Aggregate(fileName, (current, c) => current.Replace(c.ToString(), string.Empty));
diff --git a/LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs b/LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs
deleted file mode 100644
index b3be25f..0000000
--- a/LetsEncrypt.SiteExtension.Core/Services/AcmeServiceV2.cs
+++ /dev/null
@@ -1,134 +0,0 @@
-using Certes;
-using Certes.Acme;
-using LetsEncrypt.Azure.Core.Models;
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.IO;
-using System.Linq;
-using System.Net.Http;
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
-using System.Threading.Tasks;
-using System.Web.Hosting;
-
-namespace LetsEncrypt.Azure.Core.Services
-{
-    public class AcmeServiceV2
-    {
-        private readonly Uri acmeenvironment;
-        private readonly string configPath;
-        private readonly IAcmeConfig config;
-        private readonly IAuthorizationChallengeProvider authorizeChallengeProvider;
-
-        public AcmeServiceV2(IAcmeConfig config, IAuthorizationChallengeProvider authorizeChallengeProvider)
-        {
-            if (string.IsNullOrEmpty(config.BaseUri))
-            {
-                this.acmeenvironment = (config.UseProduction ? WellKnownServers.LetsEncryptV2 : WellKnownServers.LetsEncryptStagingV2);
-            }
-            else
-            {
-                this.acmeenvironment = new Uri(config.BaseUri);
-            }
-            
-            this.configPath = ConfigPath(this.acmeenvironment.AbsoluteUri);
-            this.config = config;
-            this.authorizeChallengeProvider = authorizeChallengeProvider;
-        }
-
-        public async Task<CertificateInfo> RequestCertificate()
-        {
-            var context = await GetOrCreateAcmeContext(this.acmeenvironment, config.RegistrationEmail);
-
-            IdnMapping idn = new IdnMapping();
-            var domains = config.Hostnames.Select(s => idn.GetAscii(s)).ToList();
-            var order = await context.NewOrder(domains);
-
-            authorizeChallengeProvider.RegisterClient(order);
-
-            
-
-            var response = await authorizeChallengeProvider.Authorize(domains);
-
-            if (response == "valid")
-            {
-
-                var privateKey = KeyFactory.NewKey(KeyAlgorithm.RS256);
-                var cert = await order.Generate(new Certes.CsrInfo
-                {
-                    CountryName = "",
-                    State = "",
-                    Locality = "",
-                    Organization = "",
-                    OrganizationUnit = "",
-                    CommonName = config.Host,
-                }, privateKey);
-
-                var certPem = cert.ToPem();
-
-                var pfxBuilder = cert.ToPfx(privateKey);
-                var pfx = pfxBuilder.Build(config.Host, config.PFXPassword);
-
-
-                return new CertificateInfo()
-                    {
-                        Certificate = new X509Certificate2(pfx, config.PFXPassword, X509KeyStorageFlags.DefaultKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable),
-                        Name = $"{config.Host} {DateTime.Now}",
-                        Password = config.PFXPassword,
-                        PfxCertificate = pfx
-                    };
-
-            }
-            throw new Exception("Unable to complete challenge with Lets Encrypt servers error was: " + response);
-        }
-
-        private async Task<AcmeContext> GetOrCreateAcmeContext(Uri acmeDirectoryUri, string email)
-        {
-            if (!Directory.Exists(configPath))
-            {
-                Directory.CreateDirectory(configPath);
-            }
-
-            AcmeContext acme = null;
-            string filename = $"account{email}--{acmeDirectoryUri.Host}";
-            var filePath = Path.Combine(configPath, filename);
-            if (!File.Exists(filePath) || string.IsNullOrEmpty(File.ReadAllText(filePath)))             
-            {
-                
-                acme = new AcmeContext(acmeDirectoryUri);
-                var account = acme.NewAccount(email, true);
-
-                // Save the account key for later use
-                var pemKey = acme.AccountKey.ToPem();
-                File.WriteAllText(filePath, pemKey);
-                await Task.Delay(10000); //Wait a little before using the new account.
-                acme = new AcmeContext(acmeDirectoryUri, acme.AccountKey, new AcmeHttpClient(acmeDirectoryUri, new HttpClient()));
-            }
-            else 
-            {
-                var secret = File.ReadAllText(filePath);
-                var accountKey = KeyFactory.FromPem(secret);
-                acme = new AcmeContext(acmeDirectoryUri, accountKey, new AcmeHttpClient(acmeDirectoryUri, new HttpClient()));
-            }
-
-            return acme;
-        }
-
-        static string CleanFileName(string fileName) => Path.GetInvalidFileNameChars().Aggregate(fileName, (current, c) => current.Replace(c.ToString(), string.Empty));
-
-        private static string ConfigPath(string baseUri)
-        {
-            if (Util.IsAzure)
-            {
-                return Path.Combine(Environment.ExpandEnvironmentVariables("%HOME%"), "siteextensions", "letsencrypt", "config", CleanFileName(baseUri));
-            }
-            else
-            {
-                var folder = HostingEnvironment.MapPath("~/App_Data") ?? Path.Combine(Directory.GetCurrentDirectory(), "App_Data");
-
-                return Path.Combine(folder, "siteextensions", "letsencrypt", "config", CleanFileName(baseUri));
-            }
-        }
-    }
-}
diff --git a/LetsEncrypt.SiteExtension.Core/Services/AzureDnsAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/AzureDnsAuthorizationChallengeProvider.cs
deleted file mode 100644
index 139a7d2..0000000
--- a/LetsEncrypt.SiteExtension.Core/Services/AzureDnsAuthorizationChallengeProvider.cs
+++ /dev/null
@@ -1,82 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-using ACMESharp.ACME;
-using LetsEncrypt.Azure.Core.Models;
-using Microsoft.Azure.Management.Dns;
-using Microsoft.Azure.Management.Dns.Models;
-using Microsoft.Rest.Azure;
-
-namespace LetsEncrypt.Azure.Core.Services
-{
-    public class AzureDnsAuthorizationChallengeProvider : BaseDnsAuthorizationChallengeProvider
-    {
-        private IAzureDnsEnvironment environment;
-
-        public AzureDnsAuthorizationChallengeProvider(IAzureDnsEnvironment azureDnsSettings) 
-        {            
-            this.environment = azureDnsSettings;
-        }
-
-        public override async Task CleanupChallenge(DnsChallenge dnsChallenge)
-        {
-            var existingRecords = await SafeGetExistingRecords(dnsChallenge);
-            var dnsClient = await ArmHelper.GetDnsManagementClient(this.environment);
-            await dnsClient.RecordSets.DeleteAsync(this.environment.ResourceGroupName, this.environment.ZoneName, GetRelativeRecordSetName(dnsChallenge), RecordType.TXT);
-        }
-
-        public override async Task PersistsChallenge(DnsChallenge dnsChallenge)
-        {
-            List<TxtRecord> records = new List<TxtRecord>()
-            {
-                new TxtRecord() { Value = new[] { dnsChallenge.RecordValue } }
-            };
-            var dnsClient = await ArmHelper.GetDnsManagementClient(this.environment);
-            if ((await dnsClient.RecordSets.ListByTypeAsync(environment.ResourceGroupName, environment.ZoneName, RecordType.TXT)).Any())
-            {
-                var existingRecords = await SafeGetExistingRecords(dnsChallenge);
-                if (existingRecords != null)
-                {
-                    if (existingRecords.TxtRecords.Any(s => s.Value.Contains(dnsChallenge.RecordValue)))
-                    {
-                        records = existingRecords.TxtRecords.ToList();
-                    }
-                    else
-                    {
-                        records.AddRange(existingRecords.TxtRecords);
-                    }
-                }
-            }
-            await dnsClient.RecordSets.CreateOrUpdateAsync(this.environment.ResourceGroupName, this.environment.ZoneName, GetRelativeRecordSetName(dnsChallenge), RecordType.TXT, new RecordSet()
-            {
-                TxtRecords = records,
-                TTL = 60
-            });
-        }
-
-        private string GetRelativeRecordSetName(DnsChallenge dnsChallenge)
-        {
-            return dnsChallenge.RecordName.Replace($".{this.environment.ZoneName}", "");
-        }
-
-        private async Task<RecordSet> SafeGetExistingRecords(DnsChallenge dnsChallenge)
-        {
-            try
-            {
-                var dnsClient = await ArmHelper.GetDnsManagementClient(this.environment);
-                return await dnsClient.RecordSets.GetAsync(environment.ResourceGroupName, environment.ZoneName, GetRelativeRecordSetName(dnsChallenge), RecordType.TXT);
-
-            }
-            catch (CloudException cex)
-            {
-                if (!cex.Message.StartsWith("The resource record '_acme-challenge"))
-                {
-                    throw;
-                }
-            }
-            return null;
-        }
-    }
-}
diff --git a/LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs
deleted file mode 100644
index 8772125..0000000
--- a/LetsEncrypt.SiteExtension.Core/Services/BaseDnsAuthorizationChallengeProvider.cs
+++ /dev/null
@@ -1,94 +0,0 @@
-using ACMESharp;
-using ACMESharp.ACME;
-using LetsEncrypt.Azure.Core.Models;
-using Newtonsoft.Json;
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Text;
-using System.Threading;
-using System.Threading.Tasks;
-
-namespace LetsEncrypt.Azure.Core.Services
-{
-    public abstract class BaseDnsAuthorizationChallengeProvider : IAuthorizationChallengeProvider
-    {
-        private AcmeClient client;
-
-        public async Task<string> Authorize(List<string> allDnsIdentifiers)
-        {
-            List<AuthorizationState> authStatus = new List<AuthorizationState>();
-
-            foreach (var dnsIdentifier in allDnsIdentifiers)
-            {
-                Trace.TraceInformation("Authorizing Identifier {0} Using Challenge Type {1}", dnsIdentifier, AcmeProtocol.CHALLENGE_TYPE_DNS);
-                var authzState = client.AuthorizeIdentifier(dnsIdentifier);                
-                var challenge = client.DecodeChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_DNS);
-                var dnsChallenge = challenge.Challenge as DnsChallenge;
-
-                await PersistsChallenge(dnsChallenge);
-                
-                Trace.TraceInformation($" DNS Answer should now be available as {dnsChallenge.RecordName} with value {dnsChallenge.RecordValue}");
-
-                try
-                {
-                    var retry = 10;
-                    Trace.TraceInformation("Submitting answer");
-                    authzState.Challenges = new AuthorizeChallenge[] { challenge };
-                    client.SubmitChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_DNS, true);
-
-                    // have to loop to wait for server to stop being pending. 
-                    retry = 0;
-                    while (authzState.Status == "pending" && retry < 6)
-                    {
-                        retry++;
-                        Trace.TraceInformation("Refreshing authorization attempt " + retry);
-                        await Task.Delay(2000*retry);  // this has to be here to give ACME server a chance to think
-                        var newAuthzState = client.RefreshIdentifierAuthorization(authzState);
-                        if (newAuthzState.Status != "pending")
-                            authzState = newAuthzState;
-                    }
-
-                    Trace.TraceInformation("Auth Result {0}", authzState.Status);
-                    if (authzState.Status == "invalid" || authzState.Status == "pending")
-                    {
-                        Trace.TraceError("Authorization Failed {0}", authzState.Status);
-                        Trace.TraceInformation("Full Error Details {0}", JsonConvert.SerializeObject(authzState));
-                        Trace.TraceError("Unable to find TXT record {0}", dnsChallenge.RecordValue);
-                        throw new Exception($"The Lets Encrypt ACME server was probably unable to find TXT record with value {dnsChallenge.RecordValue} view error report from Lets Encrypt at {authzState.Uri} for more information");
-                    }
-                    authStatus.Add(authzState);
-                }
-                finally
-                {
-                    if (authzState.Status == "valid")
-                    {
-                        Console.WriteLine(" Deleting answer");
-                        Trace.TraceInformation("Deleting answer");
-                        await CleanupChallenge(dnsChallenge);
-                    }
-                }
-            }
-            foreach (var authState in authStatus)
-            {
-                if (authState.Status != "valid")
-                {
-                    return authState.Status;
-                }
-            }
-            return "valid";
-        }
-
-        public abstract Task CleanupChallenge(DnsChallenge httpChallenge);
-
-        public abstract Task PersistsChallenge(DnsChallenge httpChallenge);
-
-        public void RegisterClient(object client)
-        {
-            this.client = client as AcmeClient; 
-        }        
-    }
-}
diff --git a/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs
index 1539b04..65f31d3 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/BaseHttpAuthorizationChallengeProvider.cs
@@ -1,17 +1,12 @@
-using ACMESharp;
-using ACMESharp.ACME;
-using Certes;
+using Certes;
 using Certes.Acme;
 using Certes.Acme.Resource;
-using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
-using System.Text;
-using System.Threading;
 using System.Threading.Tasks;
 
 namespace LetsEncrypt.Azure.Core.Services
@@ -36,9 +31,7 @@ public abstract class BaseHttpAuthorizationChallengeProvider : IAuthorizationCha
     </authorization>
   </system.web>
 </configuration>";
-        private ACMESharp.AcmeClient client;
-        private IOrderContext order;
-
+        
         public virtual Task EnsureDirectory() {
             return Task.CompletedTask;
         }
@@ -52,43 +45,21 @@ public virtual Task EnsureWebConfig()
 
         public abstract Task CleanupChallengeFile(string path);
 
-        public void RegisterClient(object client)
-        {
-            if (client is ACMESharp.AcmeClient)
-                this.client = client as ACMESharp.AcmeClient;
-            else if (client as IOrderContext != null)
-                this.order = client as IOrderContext;
-            else
-                throw new InvalidProgramException($"Unable to determine type of AcmeClient {client.GetType()}");
-        }
-
-        public async Task<string> Authorize(List<string> allDnsIdentifiers)
-        {
-            if (client != null)
-            {
-                return await this.AuthorizeOld(allDnsIdentifiers);
-            }
-            if (order != null)
-            {
-                return await this.AuthorizeNew(allDnsIdentifiers);
-            }
-
-            throw new Exception("order and client are both null");
-        }
 
-        private async Task<string> AuthorizeNew(List<string> allDnsIdentifiers)
+        public async Task<string> Authorize(IOrderContext order, List<string> allDnsIdentifiers)
         {
             await EnsureDirectory();
             await EnsureWebConfig();
 
             var auths = await order.Authorizations();
+            var i = 0;
             foreach (var auth in auths)
             {                
 
                 var authz = await auth.Http();
                 var tokenRelativeUri = $".well-known/acme-challenge/{authz.Token}";
                 await PersistsChallengeFile(tokenRelativeUri, authz.KeyAuthz);
-                var challengeUri = new Uri($"http://{allDnsIdentifiers.First()}/{tokenRelativeUri}");
+                var challengeUri = new Uri($"http://{allDnsIdentifiers.ElementAt(i)}/{tokenRelativeUri}");
                 var retry = await ValidateChallengeFile(challengeUri);
                 if (retry == 0)
                     throw new Exception($"Unable to validate presence of http challenge at {challengeUri} ensure that it is browsable");
@@ -109,81 +80,11 @@ private async Task<string> AuthorizeNew(List<string> allDnsIdentifiers)
                 {
                     return response.Status.ToString();
                 }
+                i++;
             }
             return "valid";
         }
 
-        public async Task<string> AuthorizeOld(List<string> allDnsIdentifiers)
-        {
-            List<AuthorizationState> authStatus = new List<AuthorizationState>();
-
-            await EnsureDirectory();
-            await EnsureWebConfig();
-
-            foreach (var dnsIdentifier in allDnsIdentifiers)
-            {
-                //var dnsIdentifier = target.Host;                
-                Console.WriteLine($"\nAuthorizing Identifier {dnsIdentifier} Using Challenge Type {AcmeProtocol.CHALLENGE_TYPE_HTTP}");
-                Trace.TraceInformation("Authorizing Identifier {0} Using Challenge Type {1}", dnsIdentifier, AcmeProtocol.CHALLENGE_TYPE_HTTP);
-                var authzState = client.AuthorizeIdentifier(dnsIdentifier);                
-                var challenge = client.DecodeChallenge(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP);
-                var httpChallenge = challenge.Challenge as HttpChallenge;
-
-                await PersistsChallengeFile(httpChallenge.FilePath, httpChallenge.FileContent);
-                try
-                {
-                    var answerUri = new Uri(httpChallenge.FileUrl);
-                    int retry = await ValidateChallengeFile(answerUri);
-                    Console.WriteLine(" Submitting answer");
-                    Trace.TraceInformation("Submitting answer");
-                    authzState.Challenges = new AuthorizeChallenge[] { challenge };
-                    client.SubmitChallengeAnswer(authzState, AcmeProtocol.CHALLENGE_TYPE_HTTP, true);
-
-                    // have to loop to wait for server to stop being pending. 
-                    retry = 0;
-                    while (authzState.Status == "pending" && retry < 6)
-                    {
-                        retry++;
-                        Console.WriteLine(" Refreshing authorization attempt " + retry);
-                        Trace.TraceInformation("Refreshing authorization attempt " + retry);
-                        await Task.Delay(2000 * retry);  // this has to be here to give ACME server a chance to think
-                        var newAuthzState = client.RefreshIdentifierAuthorization(authzState);
-                        if (newAuthzState.Status != "pending")
-                            authzState = newAuthzState;
-                    }
-
-                    Console.WriteLine($" Authorization Result: {authzState.Status}");
-                    Trace.TraceInformation("Auth Result {0}", authzState.Status);
-                    if (authzState.Status == "invalid" || authzState.Status == "pending")
-                    {
-                        Trace.TraceError("Authorization Failed {0}", authzState.Status);
-                        Trace.TraceInformation("Full Error Details {0}", JsonConvert.SerializeObject(authzState));
-                        Console.WriteLine($"The ACME server was probably unable to reach {answerUri}");
-                        Trace.TraceError("Unable to reach {0}", answerUri);
-                        Console.WriteLine("\nCheck in a browser to see if the answer file is being served correctly.");
-                        throw new Exception($"The Lets Encrypt ACME server was probably unable to reach {answerUri} view error report from Lets Encrypt at {authzState.Uri} for more information");
-                    }
-                    authStatus.Add(authzState);
-                }
-                finally
-                {
-                    if (authzState.Status == "valid")
-                    {
-                        Console.WriteLine(" Deleting answer");
-                        Trace.TraceInformation("Deleting answer");
-                        await CleanupChallengeFile(httpChallenge.FilePath);
-                    }
-                }
-            }
-            foreach (var authState in authStatus)
-            {
-                if (authState.Status != "valid")
-                {
-                    return authState.Status;
-                }
-            }
-            return "valid";
-        }
 
         private static async Task<int> ValidateChallengeFile(Uri answerUri)
         {
diff --git a/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs
index 97fb397..18cf909 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/BlobStorageAuthorizationChallengeProvider.cs
@@ -1,9 +1,5 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 using System.Threading.Tasks;
-using ACMESharp.ACME;
 using Microsoft.WindowsAzure.Storage;
 using Microsoft.WindowsAzure.Storage.Blob;
 
diff --git a/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs
index 7b08079..e3f8426 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/IAuthorizationChallengeProvider.cs
@@ -1,10 +1,4 @@
-using ACMESharp;
-using Certes;
-using LetsEncrypt.Azure.Core.Models;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 
 namespace LetsEncrypt.Azure.Core.Services
@@ -16,7 +10,6 @@ public interface IAuthorizationChallengeProvider
         /// </summary>
         /// <param name="dnsIdentifiers"></param>
         /// <returns></returns>
-        Task<string> Authorize(List<string> dnsIdentifiers);
-        void RegisterClient(object client);
+        Task<string> Authorize(Certes.Acme.IOrderContext context, List<string> dnsIdentifiers);    
     }
 }
diff --git a/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs b/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs
index cd4ada7..47dcd45 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/KuduFileSystemAuthorizationChallengeProvider.cs
@@ -1,11 +1,5 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 using System.Threading.Tasks;
-using ACMESharp;
-using ACMESharp.ACME;
-using System.Configuration;
 using System.IO;
 using LetsEncrypt.Azure.Core.Models;
 using System.Diagnostics;
diff --git a/LetsEncrypt.SiteExtension.Test/AzureDnsAuthorizationChallengeProviderTest.cs b/LetsEncrypt.SiteExtension.Test/AzureDnsAuthorizationChallengeProviderTest.cs
deleted file mode 100644
index cf018cc..0000000
--- a/LetsEncrypt.SiteExtension.Test/AzureDnsAuthorizationChallengeProviderTest.cs
+++ /dev/null
@@ -1,47 +0,0 @@
-using ACMESharp.ACME;
-using LetsEncrypt.Azure.Core.Models;
-using LetsEncrypt.Azure.Core.Services;
-using Microsoft.VisualStudio.TestTools.UnitTesting;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
-namespace LetsEncrypt.SiteExtension.Test
-{
-    [TestClass]
-    public class AzureDnsAuthorizationChallengeProviderTest
-    {
-        [TestMethod]
-        public async Task AddChallenge()
-        {
-            var config = new AppSettingsAuthConfig();
-
-
-            var provider = new AzureDnsAuthorizationChallengeProvider(new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "@"));
-            await provider.PersistsChallenge(new DnsChallenge("dns01", new DnsChallengeAnswer())
-            {
-                RecordValue = "Test 1"
-            });
-        }
-
-
-        [TestMethod]
-        public async Task RemoveChallenge()
-        {
-            var config = new AppSettingsAuthConfig();
-
-
-            var provider = new AzureDnsAuthorizationChallengeProvider(new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "@"));
-            await provider.PersistsChallenge(new DnsChallenge("dns01", new DnsChallengeAnswer())
-            {
-                RecordValue = "Test 1"
-            });
-
-            await provider.CleanupChallenge(new DnsChallenge("dns01", new DnsChallengeAnswer()) {
-                RecordValue = "Test 1"
-            });
-        }
-    }
-}
diff --git a/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs b/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs
index f74ae48..88b291f 100644
--- a/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs
+++ b/LetsEncrypt.SiteExtension.Test/BlobStorageAuthorizationChallengeTest.cs
@@ -1,12 +1,7 @@
-using ACMESharp.ACME;
-using LetsEncrypt.Azure.Core.Models;
+using LetsEncrypt.Azure.Core.Models;
 using LetsEncrypt.Azure.Core.Services;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using System;
-using System.Collections.Generic;
 using System.Configuration;
-using System.Linq;
-using System.Text;
 using System.Threading.Tasks;
 
 namespace LetsEncrypt.SiteExtension.Test
diff --git a/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs b/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs
index 4be9b08..34dabda 100644
--- a/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs
+++ b/LetsEncrypt.SiteExtension.Test/CertificateManagerTest.cs
@@ -42,20 +42,6 @@ public async Task RenewCertificateConstructorTest()
             ValidateCertificate(result, "https://letsencrypt.sjkp.dk");
         }
 
-        [TestCategory("Integration")]
-        [TestMethod]
-        public async Task RenewCertificateDnsChallengeTest()
-        {
-            var config = new AppSettingsAuthConfig();
-            var dnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "@");
-            var mgr = new CertificateManager(config, config, new WebAppCertificateService(config, new CertificateServiceSettings()
-            {
-                UseIPBasedSSL = config.UseIPBasedSSL
-            }), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment));
-            var result = await mgr.RenewCertificate(renewXNumberOfDaysBeforeExpiration: 200);
-
-            Assert.AreNotEqual(0, result.Count());
-        }
 
         [TestCategory("Integration")]
         [TestMethod]
@@ -63,11 +49,14 @@ public async Task AddCertificateHttpChallengeTest()
         {
             var config = new AppSettingsAuthConfig();
 
-
-            var dnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "letsencrypt");
+           
             var mgr = new CertificateManager(config, new AcmeConfig()
             {
                 Host = "letsencrypt.sjkp.dk",
+                AlternateNames = new List<string>()
+                {
+                    "letsencrypt2.sjkp.dk"
+                },
                 PFXPassword = "Simon123",
                 RegistrationEmail = "mail@sjkp.dk",
                 RSAKeyLength = 2048
@@ -81,46 +70,6 @@ public async Task AddCertificateHttpChallengeTest()
             ValidateCertificate(new[] { result }, "https://letsencrypt.sjkp.dk");
         }
 
-        [TestCategory("Integration")]
-        [TestMethod]
-        public async Task AddCertificateDnsChallengeTest()
-        {
-            var config = new AppSettingsAuthConfig();
-
-            var dnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "letsencrypt");
-            var mgr = new CertificateManager(config, new AcmeConfig()
-            {
-                Host = "letsencrypt.ai4bots.com",
-                PFXPassword = "Simon123",
-                RegistrationEmail = "mail@sjkp.dk",
-                RSAKeyLength = 2048                
-            }, new WebAppCertificateService(config, new CertificateServiceSettings()
-            {
-                UseIPBasedSSL = config.UseIPBasedSSL
-            }), new AzureDnsAuthorizationChallengeProvider(dnsEnvironment));
-            var result = await mgr.AddCertificate();
-
-            Assert.IsNotNull(result);
-            ValidateCertificate(new[] { result }, "https://letsencrypt.ai4bots.com");
-        }
-
-        [TestCategory("Integration")]
-        [TestMethod]
-        public async Task RequestCertificateDnsChallengeTest()
-        {
-            var config = new AppSettingsAuthConfig();
-            var dnsEnvironment = new AzureDnsEnvironment(config.Tenant, new Guid("14fe4c66-c75a-4323-881b-ea53c1d86a9d"), config.ClientId, config.ClientSecret, "dns", "ai4bots.com", "@");
-
-            var res = await CertificateManager.RequestDnsChallengeCertificate(dnsEnvironment, new AcmeConfig()
-            {
-                Host = "ai4bots.com",
-                PFXPassword = "Simon123",
-                RegistrationEmail = "mail@sjkp.dk",
-                RSAKeyLength = 2048
-            });
-
-            Assert.IsTrue(res.CertificateInfo.Certificate.Subject.Contains("ai4bots.com"));
-        }
 
         [DeploymentItem("certArray.json")]
         [DeploymentItem("certArrayWithValue.json")]
diff --git a/LetsEncrypt.SiteExtension.Test/LetsEncrypt.SiteExtension.Test.csproj b/LetsEncrypt.SiteExtension.Test/LetsEncrypt.SiteExtension.Test.csproj
index df9af6b..29a3f87 100644
--- a/LetsEncrypt.SiteExtension.Test/LetsEncrypt.SiteExtension.Test.csproj
+++ b/LetsEncrypt.SiteExtension.Test/LetsEncrypt.SiteExtension.Test.csproj
@@ -150,7 +150,6 @@
     </Otherwise>
   </Choose>
   <ItemGroup>
-    <Compile Include="AzureDnsAuthorizationChallengeProviderTest.cs" />
     <Compile Include="BlobStorageAuthorizationChallengeTest.cs" />
     <Compile Include="CertificateControllerTest.cs" />
     <Compile Include="CleanupCertificates.cs" />
@@ -186,14 +185,6 @@
     <None Include="packages.config" />
   </ItemGroup>
   <ItemGroup>
-    <ProjectReference Include="..\ACMESharp\ACMESharp\ACMESharp.PKI.Providers.BouncyCastle\ACMESharp.PKI.Providers.BouncyCastle.csproj">
-      <Project>{473bff7d-c7f0-471d-b7a3-19ad9adfdba9}</Project>
-      <Name>ACMESharp.PKI.Providers.BouncyCastle</Name>
-    </ProjectReference>
-    <ProjectReference Include="..\ACMESharp\ACMESharp\ACMESharp\ACMESharp.csproj">
-      <Project>{D551234B-0A8D-4DEE-8178-A81998DF0EDB}</Project>
-      <Name>ACMESharp</Name>
-    </ProjectReference>
     <ProjectReference Include="..\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.csproj">
       <Project>{87f0ff62-16c3-43ce-b154-1b9bc28ded67}</Project>
       <Name>LetsEncrypt.SiteExtension</Name>

From 10d2052cb82a607facfef573e3099a6b049324aa Mon Sep 17 00:00:00 2001
From: "Simon J.K. Pedersen" <mail@sjkp.dk>
Date: Mon, 7 Oct 2019 00:04:46 +0200
Subject: [PATCH 3/4] updated nuspecs.

---
 .../LetsEncrypt.Azure.Core.nuspec                          | 7 +------
 LetsEncrypt.WebAppOnly.nuspec                              | 2 +-
 LetsEncrypt.nuspec                                         | 2 +-
 3 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec
index e5ef7e5..1338e73 100644
--- a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec
+++ b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec
@@ -3,7 +3,7 @@
   <metadata>
     <id>letsencrypt.azure.core</id>
     <title>Azure Let's Encrypt</title>
-    <version>0.9.6</version>
+    <version>1.0.0</version>
     <authors>SJKP</authors>
     <licenseUrl>http://opensource.org/licenses/Apache-2.0</licenseUrl>
     <projectUrl>https://github.com/sjkp/letsencrypt-siteextension</projectUrl>
@@ -16,11 +16,6 @@
       <dependency id="Microsoft.Azure.Management.Websites" version="2.0.1" />
       <dependency id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.14.0"></dependency>
       <dependency id="Newtonsoft.Json" version="12.0.1" />
-      <dependency id="BouncyCastle" version="1.8.1" />
     </dependencies>
   </metadata>
-  <files>
-    <file src="..\ACMESharp\ACMESharp\ACMESharp\bin\Release\ACMESharp.dll" target="lib\net46"></file>
-    <file src="..\ACMESharp\ACMESharp\ACMESharp.PKI.Providers.BouncyCastle\bin\Release\ACMESharp.PKI.Providers.BouncyCastle.dll" target="lib\net46"></file>
-  </files>
 </package>
diff --git a/LetsEncrypt.WebAppOnly.nuspec b/LetsEncrypt.WebAppOnly.nuspec
index c045bc3..f2bb227 100644
--- a/LetsEncrypt.WebAppOnly.nuspec
+++ b/LetsEncrypt.WebAppOnly.nuspec
@@ -3,7 +3,7 @@
   <metadata>
     <id>letsencrypt.webapponly</id>
     <title>Azure Let's Encrypt (No Web Jobs)</title>
-    <version>0.9.6</version>
+    <version>1.0.0</version>
     <authors>SJKP</authors>
     <licenseUrl>http://opensource.org/licenses/Apache-2.0</licenseUrl>
     <projectUrl>https://github.com/sjkp/letsencrypt-siteextension</projectUrl>
diff --git a/LetsEncrypt.nuspec b/LetsEncrypt.nuspec
index e2390ce..bc2ffc8 100644
--- a/LetsEncrypt.nuspec
+++ b/LetsEncrypt.nuspec
@@ -3,7 +3,7 @@
   <metadata>
     <id>letsencrypt</id>
     <title>Azure Let's Encrypt</title>
-    <version>0.9.6</version>
+    <version>1.0.0</version>
     <authors>SJKP</authors>
     <licenseUrl>http://opensource.org/licenses/Apache-2.0</licenseUrl>
     <projectUrl>https://github.com/sjkp/letsencrypt-siteextension</projectUrl>

From 3940868c18215bada6fb62cb189669125257a07a Mon Sep 17 00:00:00 2001
From: "Simon J.K. Pedersen" <mail@sjkp.dk>
Date: Mon, 7 Oct 2019 21:44:25 +0200
Subject: [PATCH 4/4] ensure bouncycastle is available. Always set password on
 pfx.

---
 LetsEncrypt-SiteExtension/Web.config                     | 4 ++++
 .../LetsEncrypt.Azure.Core.csproj                        | 3 +++
 .../LetsEncrypt.Azure.Core.nuspec                        | 3 ++-
 LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs   | 9 +++++----
 LetsEncrypt.SiteExtension.Core/app.config                | 4 ++++
 LetsEncrypt.SiteExtension.Core/packages.config           | 2 +-
 LetsEncrypt.SiteExtension.Test/App.config                | 4 ++++
 LetsEncrypt.SiteExtension.WebJob/App.config              | 4 ++++
 LetsEncrypt.WebAppOnly.nuspec                            | 2 +-
 LetsEncrypt.nuspec                                       | 2 +-
 10 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/LetsEncrypt-SiteExtension/Web.config b/LetsEncrypt-SiteExtension/Web.config
index 09dd77e..a44357d 100644
--- a/LetsEncrypt-SiteExtension/Web.config
+++ b/LetsEncrypt-SiteExtension/Web.config
@@ -137,6 +137,10 @@
         <assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="BouncyCastle.Crypto" publicKeyToken="0e99375e54769942" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.8.5.0" newVersion="1.8.5.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.codedom>
diff --git a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
index c6d5877..974afe7 100644
--- a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
+++ b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.csproj
@@ -69,6 +69,9 @@
     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="BouncyCastle.Crypto, Version=1.8.5.0, Culture=neutral, PublicKeyToken=0e99375e54769942, processorArchitecture=MSIL">
+      <HintPath>..\packages\Portable.BouncyCastle.1.8.5\lib\net40\BouncyCastle.Crypto.dll</HintPath>
+    </Reference>
     <Reference Include="Certes, Version=2.3.3.0, Culture=neutral, PublicKeyToken=308b9c08e7effcb1, processorArchitecture=MSIL">
       <HintPath>..\packages\Certes.2.3.3\lib\net45\Certes.dll</HintPath>
     </Reference>
diff --git a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec
index 1338e73..572b80d 100644
--- a/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec
+++ b/LetsEncrypt.SiteExtension.Core/LetsEncrypt.Azure.Core.nuspec
@@ -3,7 +3,7 @@
   <metadata>
     <id>letsencrypt.azure.core</id>
     <title>Azure Let's Encrypt</title>
-    <version>1.0.0</version>
+    <version>1.0.1</version>
     <authors>SJKP</authors>
     <licenseUrl>http://opensource.org/licenses/Apache-2.0</licenseUrl>
     <projectUrl>https://github.com/sjkp/letsencrypt-siteextension</projectUrl>
@@ -16,6 +16,7 @@
       <dependency id="Microsoft.Azure.Management.Websites" version="2.0.1" />
       <dependency id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.14.0"></dependency>
       <dependency id="Newtonsoft.Json" version="12.0.1" />
+      <dependency id="BouncyCastle" version="1.8.5" />
     </dependencies>
   </metadata>
 </package>
diff --git a/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs b/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
index b0c5920..2b36cfa 100644
--- a/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
+++ b/LetsEncrypt.SiteExtension.Core/Services/ACMEService.cs
@@ -22,7 +22,7 @@ public class AcmeService
         private readonly IAuthorizationChallengeProvider authorizeChallengeProvider;
 
         public AcmeService(IAcmeConfig config, IAuthorizationChallengeProvider authorizeChallengeProvider)
-        {
+        {            
             if (string.IsNullOrEmpty(config.BaseUri))
             {
                 this.acmeenvironment = (config.UseProduction ? WellKnownServers.LetsEncryptV2 : WellKnownServers.LetsEncryptStagingV2);
@@ -71,14 +71,15 @@ public async Task<CertificateInfo> RequestCertificate()
                 var certPem = cert.ToPem();
 
                 var pfxBuilder = cert.ToPfx(privateKey);
-                var pfx = pfxBuilder.Build(config.Host, config.PFXPassword);
+                string pFXPassword = config.PFXPassword ?? Guid.NewGuid().ToString().Replace("-", "");
+                var pfx = pfxBuilder.Build(config.Host, pFXPassword);
 
 
                 return new CertificateInfo()
                     {
-                        Certificate = new X509Certificate2(pfx, config.PFXPassword, X509KeyStorageFlags.DefaultKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable),
+                        Certificate = new X509Certificate2(pfx, pFXPassword, X509KeyStorageFlags.DefaultKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable),
                         Name = $"{config.Host} {DateTime.Now}",
-                        Password = config.PFXPassword,
+                        Password = pFXPassword,
                         PfxCertificate = pfx
                     };
 
diff --git a/LetsEncrypt.SiteExtension.Core/app.config b/LetsEncrypt.SiteExtension.Core/app.config
index b4c3921..7e177ac 100644
--- a/LetsEncrypt.SiteExtension.Core/app.config
+++ b/LetsEncrypt.SiteExtension.Core/app.config
@@ -18,6 +18,10 @@
         <assemblyIdentity name="System.Xml.ReaderWriter" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="BouncyCastle.Crypto" publicKeyToken="0e99375e54769942" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.8.5.0" newVersion="1.8.5.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
 <startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6" /></startup></configuration>
diff --git a/LetsEncrypt.SiteExtension.Core/packages.config b/LetsEncrypt.SiteExtension.Core/packages.config
index 440d0c5..01a5652 100644
--- a/LetsEncrypt.SiteExtension.Core/packages.config
+++ b/LetsEncrypt.SiteExtension.Core/packages.config
@@ -15,7 +15,7 @@
   <package id="NETStandard.Library" version="2.0.3" targetFramework="net46" />
   <package id="Newtonsoft.Json" version="12.0.1" targetFramework="net46" />
   <package id="Polly" version="6.1.2" targetFramework="net46" />
-  <package id="Portable.BouncyCastle" version="1.8.1.4" targetFramework="net46" />
+  <package id="Portable.BouncyCastle" version="1.8.5" targetFramework="net46" />
   <package id="System.AppContext" version="4.3.0" targetFramework="net46" />
   <package id="System.Collections" version="4.3.0" targetFramework="net46" />
   <package id="System.Collections.Concurrent" version="4.3.0" targetFramework="net46" />
diff --git a/LetsEncrypt.SiteExtension.Test/App.config b/LetsEncrypt.SiteExtension.Test/App.config
index 2dff46b..b586463 100644
--- a/LetsEncrypt.SiteExtension.Test/App.config
+++ b/LetsEncrypt.SiteExtension.Test/App.config
@@ -74,6 +74,10 @@
         <assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="BouncyCastle.Crypto" publicKeyToken="0e99375e54769942" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.8.5.0" newVersion="1.8.5.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <startup>
diff --git a/LetsEncrypt.SiteExtension.WebJob/App.config b/LetsEncrypt.SiteExtension.WebJob/App.config
index 56fcf5d..55ab9bf 100644
--- a/LetsEncrypt.SiteExtension.WebJob/App.config
+++ b/LetsEncrypt.SiteExtension.WebJob/App.config
@@ -63,6 +63,10 @@
         <assemblyIdentity name="Microsoft.IdentityModel.Clients.ActiveDirectory" publicKeyToken="31bf3856ad364e35" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-3.14.0.8" newVersion="3.14.0.8" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="BouncyCastle.Crypto" publicKeyToken="0e99375e54769942" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.8.5.0" newVersion="1.8.5.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
 </configuration>
diff --git a/LetsEncrypt.WebAppOnly.nuspec b/LetsEncrypt.WebAppOnly.nuspec
index f2bb227..aee08de 100644
--- a/LetsEncrypt.WebAppOnly.nuspec
+++ b/LetsEncrypt.WebAppOnly.nuspec
@@ -3,7 +3,7 @@
   <metadata>
     <id>letsencrypt.webapponly</id>
     <title>Azure Let's Encrypt (No Web Jobs)</title>
-    <version>1.0.0</version>
+    <version>1.0.1</version>
     <authors>SJKP</authors>
     <licenseUrl>http://opensource.org/licenses/Apache-2.0</licenseUrl>
     <projectUrl>https://github.com/sjkp/letsencrypt-siteextension</projectUrl>
diff --git a/LetsEncrypt.nuspec b/LetsEncrypt.nuspec
index bc2ffc8..916ab92 100644
--- a/LetsEncrypt.nuspec
+++ b/LetsEncrypt.nuspec
@@ -3,7 +3,7 @@
   <metadata>
     <id>letsencrypt</id>
     <title>Azure Let's Encrypt</title>
-    <version>1.0.0</version>
+    <version>1.0.1</version>
     <authors>SJKP</authors>
     <licenseUrl>http://opensource.org/licenses/Apache-2.0</licenseUrl>
     <projectUrl>https://github.com/sjkp/letsencrypt-siteextension</projectUrl>