acme: if account key was revoked, generate new account key

the plan was to migrate only specific keys but this allows us the
flexibility to revoke keys after the release (since we have not
gotten response from DO about access to old 1-click images so far).

src/reverseproxy.js

@@ -51,8 +51,7 @@ const acme2 = require('./acme2.js'),
     shell = require('./shell.js'),
     sysinfo = require('./sysinfo.js'),
     users = require('./users.js'),
-    util = require('util'),
-    _ = require('underscore');
+    util = require('util');
 
 const NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/nginxconfig.ejs', { encoding: 'utf8' });
 const RESTART_SERVICE_CMD = path.join(__dirname, 'scripts/restartservice.sh');
@@ -82,11 +81,6 @@ async function getAcmeApi(domainObject) {
     const [error, owner] = await safe(users.getOwner());
     apiOptions.email = (error || !owner) ? 'webmaster@cloudron.io' : owner.email; // can error if not activated yet
 
-    const accountKeyPem = await blobs.get(blobs.ACME_ACCOUNT_KEY);
-    if (!accountKeyPem) throw new BoxError(BoxError.NOT_FOUND, 'acme account key not found');
-
-    apiOptions.accountKeyPem = accountKeyPem;
-
     return { acmeApi, apiOptions };
 }
 
@@ -412,7 +406,7 @@ async function ensureCertificate(vhost, domain, auditSource) {
         debug(`ensureCertificate: ${vhost} cert does not exist`);
     }
 
-    debug('ensureCertificate: getting certificate for %s with options %j', vhost, _.omit(apiOptions, 'accountKeyPem'));
+    debug('ensureCertificate: getting certificate for %s with options %j', vhost, apiOptions);
 
     const acmePaths = getAcmeCertificatePathSync(vhost, domainObject);
     let [error] = await safe(acmeApi.getCertificate(vhost, domain, acmePaths, apiOptions));