From: Tariq Ibrahim <tariq181290@gmail.com>
Date: Wed, 15 May 2019 17:21:50 -0700
Subject: replace rsc.io/letsencrypt in favour of golang.org/x/crypto

Signed-off-by: Tariq Ibrahim <tariq181290@gmail.com>
Origin: upstream, https://github.com/docker/distribution/pull/2926/commits/8f9c8094fbe639e6b4e56e5c574932e629b145ef

diff --git a/registry/registry.go b/registry/registry.go
index 03ff3fd7..e4fe36cb 10064
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -12,11 +12,17 @@ import (
 	"syscall"
 	"time"
 
-	"rsc.io/letsencrypt"
-
 	"github.com/Shopify/logrus-bugsnag"
 	logstash "github.com/bshuster-repo/logrus-logstash-hook"
 	"github.com/bugsnag/bugsnag-go"
+	"github.com/docker/go-metrics"
+	gorhandlers "github.com/gorilla/handlers"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/yvasiyarov/gorelic"
+	"golang.org/x/crypto/acme"
+	"golang.org/x/crypto/acme/autocert"
+
 	"github.com/docker/distribution/configuration"
 	dcontext "github.com/docker/distribution/context"
 	"github.com/docker/distribution/health"
@@ -24,11 +30,6 @@ import (
 	"github.com/docker/distribution/registry/listener"
 	"github.com/docker/distribution/uuid"
 	"github.com/docker/distribution/version"
-	"github.com/docker/go-metrics"
-	gorhandlers "github.com/gorilla/handlers"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	"github.com/yvasiyarov/gorelic"
 )
 
 // this channel gets notified when process receives signal. It is global to ease unit testing
@@ -154,19 +155,14 @@ func (registry *Registry) ListenAndServe() error {
 			if config.HTTP.TLS.Certificate != "" {
 				return fmt.Errorf("cannot specify both certificate and Let's Encrypt")
 			}
-			var m letsencrypt.Manager
-			if err := m.CacheFile(config.HTTP.TLS.LetsEncrypt.CacheFile); err != nil {
-				return err
-			}
-			if !m.Registered() {
-				if err := m.Register(config.HTTP.TLS.LetsEncrypt.Email, nil); err != nil {
-					return err
-				}
-			}
-			if len(config.HTTP.TLS.LetsEncrypt.Hosts) > 0 {
-				m.SetHosts(config.HTTP.TLS.LetsEncrypt.Hosts)
+			m := &autocert.Manager{
+				HostPolicy: autocert.HostWhitelist(config.HTTP.TLS.LetsEncrypt.Hosts...),
+				Cache:      autocert.DirCache(config.HTTP.TLS.LetsEncrypt.CacheFile),
+				Email:      config.HTTP.TLS.LetsEncrypt.Email,
+				Prompt:     autocert.AcceptTOS,
 			}
 			tlsConf.GetCertificate = m.GetCertificate
+			tlsConf.NextProtos = append(tlsConf.NextProtos, acme.ALPNProto)
 		} else {
 			tlsConf.Certificates = make([]tls.Certificate, 1)
 			tlsConf.Certificates[0], err = tls.LoadX509KeyPair(config.HTTP.TLS.Certificate, config.HTTP.TLS.Key)