diff --git a/README.md b/README.md
index 378a0d8..e805ffb 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,8 @@ Currently being tested with Ubuntu, Raspbian, and Debian on Digital Ocean, Raspb
 │           ├── fullchain.pem
 │           └── privkey.pem
 └── var
+    ├── files
+    └── tmp
 ```
 
 * `core` contains all walnut code
diff --git a/boot/worker.js b/boot/worker.js
index c03e202..7751d0b 100644
--- a/boot/worker.js
+++ b/boot/worker.js
@@ -5,6 +5,11 @@ module.exports.create = function (opts) {
   var promiseApp;
 
   function createAndBindInsecure(lex, message, cb) {
+    var webserver = require('http').createServer(lex.middleware(require('redirect-https')())).listen(message.conf.insecurePort, function () {
+      console.log('handling http-01 ACME challenges on port', message.conf.insecurePort);
+      cb(null, webserver, null, message);
+    });
+    /*
     // TODO conditional if 80 is being served by caddy
     require('../lib/insecure-server').create(lex, message.conf.externalPort, message.conf.insecurePort, message, function (err, webserver) {
       console.info("#" + id + " Listening on http://" + webserver.address().address + ":" + webserver.address().port, '\n');
@@ -12,34 +17,21 @@ module.exports.create = function (opts) {
       // we are returning the promise result to the caller
       return cb(null, webserver, null, message);
     });
+    */
   }
 
   function createLe(conf) {
     var LEX = require('letsencrypt-express');
     var lex = LEX.create({
-      configDir: conf.letsencrypt.configDir // i.e. __dirname + '/letsencrypt.config'
-    , approveRegistration: function (hostname, cb) {
-        cb(null, {
-          domains: [hostname]                 // TODO handle www and bare on the same cert
-        , email: conf.letsencrypt.email
-        , agreeTos: conf.letsencrypt.agreeTos
-        });
-        /*
-        letsencrypt.getConfig({ domains: [domain] }, function (err, config) {
-          if (!(config && config.checkpoints >= 0)) {
-            cb(err, null);
-            return;
-          }
-
-          cb(null, {
-            email: config.email
-                // can't remember which it is, but the pyconf is different that the regular variable
-          , agreeTos: config.tos || config.agree || config.agreeTos
-          , server: config.server || LE.productionServerUrl
-          , domains: config.domains || [domain]
-          });
-        });
-        */
+      server: 'https://acme-v01.api.letsencrypt.org/directory'
+      //server: 'staging'
+    , configDir: conf.letsencrypt.configDir // i.e. __dirname + '/letsencrypt.config'
+    , webrootPath: '/tmp/acme-challenges'
+    , approveDomains: function (opts, certs, cb) {
+        opts.email = conf.letsencrypt.email;
+        opts.agreeTos = conf.letsencrypt.agreeTos;
+        opts.domains = certs && certs.altnames || opts.domains;
+        cb(null, { options: opts, certs: certs });
       }
     });
     //var letsencrypt = lex.letsencrypt;
diff --git a/lib/insecure-server.js b/lib/insecure-server.js
index 1166aab..45985cc 100644
--- a/lib/insecure-server.js
+++ b/lib/insecure-server.js
@@ -42,7 +42,6 @@ module.exports.create = function (lex, securePort, insecurePort, info, serverCal
     // http://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/
     // needs ECDSA?
 
-    console.warn('HARD-CODED HTTPS EXCEPTION in insecure-server.js for redirect-www.org');
     if (/redirect-www.org$/.test(host) && useAppInsecurely(req, res)) {
       return true;
     }
diff --git a/lib/local-server.js b/lib/local-server.js
index e088213..c279861 100644
--- a/lib/local-server.js
+++ b/lib/local-server.js
@@ -44,8 +44,7 @@ module.exports.create = function (lex, certPaths, port, info, serverCallback) {
     }
 
     if (lex) {
-      var LEX = require('letsencrypt-express');
-      server.on('request', LEX.createAcmeResponder(lex, onRequest));
+      server.on('request', lex.middleware(onRequest));
     } else {
       server.on('request', onRequest);
     }
diff --git a/lib/worker.js b/lib/worker.js
index e165372..106548b 100644
--- a/lib/worker.js
+++ b/lib/worker.js
@@ -222,6 +222,15 @@ module.exports.create = function (webserver, info, state) {
             req.hostname = req.hostname.replace(/.*\.?proxyable\./, '');
           }
 
+          // hacky fix for com.enom.reseller, com.daplie.domains, org.oauth3.dns, org.oauth3.domains
+          if (req.path) {
+            req.url = req.url.replace(/com\.daplie\.domains/, 'com.enom.reseller');
+            req.url = req.url.replace(/org\.oauth3\.domains/, 'com.enom.reseller');
+            req.url = req.url.replace(/org\.oauth3\.dns/, 'com.enom.reseller');
+            req.url = req.url.replace(/org\.oauth3\.provider\/credentials/, 'org.oauth3.provider/logins');
+            //req.path = req.path.replace(/com\.daplie\.domains/, 'com.enom.reseller');
+          }
+
           require('./package-server').mapToApp({
             config: pkgConf
           , deps: pkgDeps
diff --git a/package.json b/package.json
index acdd50a..a45d98e 100644
--- a/package.json
+++ b/package.json
@@ -43,6 +43,7 @@
     "bluebird": "2.x",
     "body-parser": "1.x",
     "btoa": "1.x",
+    "busboy": "^0.2.13",
     "bytes": "^1.0.0",
     "cluster-store": "^1.0.0",
     "compression": "1.x",
@@ -80,8 +81,8 @@
     "jarson": "1.x",
     "json-storage": "2.x",
     "jsonwebtoken": "^5.4.0",
-    "lodash": "2.x",
     "letsencrypt-express": "1.1.x",
+    "lodash": "2.x",
     "masterquest-sqlite3": "git://github.com/coolaj86/masterquest-sqlite3.git",
     "media-typer": "^0.3.0",
     "methods": "^1.1.1",