depot/nix/pkgs/vault-acme/just-add-a-sleep.patch

diff --git a/acme/client.go b/acme/client.go
index 20f98a9..cc85277 100644
--- a/acme/client.go
+++ b/acme/client.go
@@ -3,6 +3,7 @@ package acme
 import (
 	"context"
 	"os"
+	"time"
 
 	"github.com/go-acme/lego/v3/certificate"
 	"github.com/go-acme/lego/v3/challenge/dns01"
@@ -42,6 +43,22 @@ func setupChallengeProviders(ctx context.Context, logger log.Logger, client *leg
 		nameServer := os.Getenv("LEGO_TEST_NAMESERVER")
 		isTesting := nameServer != ""
 		err = client.Challenge.SetDNS01Provider(provider,
+			dns01.WrapPreCheck(func(domain, fqdn, value string, check dns01.PreCheckFunc) (bool, error) {
+				ok, err := check(fqdn, value)
+				if !ok || err != nil {
+					return ok, err
+				}
+
+				if a.IgnoreDNSPropagation {
+					// Just wait 1 minute for stuff to settle...
+					const duration = 60 * time.Second
+					logger.Info("waiting %v for things to settle", duration)
+					time.Sleep(duration)
+					logger.Info("done waiting %v for things to settle", duration)
+				}
+
+				return true, nil
+			}),
 			dns01.CondOption(isTesting, dns01.AddRecursiveNameservers([]string{nameServer})),
 			dns01.CondOption(a.IgnoreDNSPropagation || isTesting, dns01.DisableCompletePropagationRequirement()))
 		if err != nil {