diff --git a/modules/tls-certificate/certifix-client.nix b/modules/tls-certificate/certifix-client.nix
index 0c02d05..9b65a2e 100644
--- a/modules/tls-certificate/certifix-client.nix
+++ b/modules/tls-certificate/certifix-client.nix
@@ -23,7 +23,7 @@ oneshot {
   inherit name;
   up = ''
     (in_outputs ${name}
-     SSL_CA_CERT_FILE=${caCertFile} ${certifix-client}/bin/certifix-client --subject ${subject} --secret ${secretFile} --key-out key --certificate-out cert ${serviceUrl}
+     SSL_CERT_FILE=${caCertFile} ${certifix-client}/bin/certifix-client --subject ${subject} --secret ${secretFile} --key-out key --certificate-out cert ${serviceUrl}
     )
   '';
 }
diff --git a/pkgs/certifix-client/certifix-client.fnl b/pkgs/certifix-client/certifix-client.fnl
index 0874701..13a2d3a 100644
--- a/pkgs/certifix-client/certifix-client.fnl
+++ b/pkgs/certifix-client/certifix-client.fnl
@@ -7,7 +7,9 @@
 (local pkey (require :openssl.pkey))
 (local xn (require :openssl.x509.name))
 
-(local http (require :fetch))
+(local request (require :http.request))
+(local http_tls (require :http.tls))
+(local x509 (require :openssl.x509))
 
 (macro ncall [f]
   `(case ,f
@@ -62,22 +64,27 @@
     (: :addAttribute :challengePassword [options.secret])
     (: :sign pk)))
 
+(fn http-post [url  body]
+  (let [r (request.new_from_uri url)
+        h r.headers]
+    (h:upsert ":method" :POST)
+    (h:upsert "content-type" "application/x-pem-file")
+    (when body
+      (r:set_body body))
+    (or
+     (case (r:go)
+       (headers stream)
+       (if (= (headers:get ":status") "200")
+           (stream:get_body_as_string)
+           (error (.. "error response from server: "
+                      (headers:get ":status"))))
 
-(fn http-post [url body]
-  (match
-      (http.request "POST" url
-                    "" 0
-                    "application/x-pem-file"
-                    body)
-    s s
-    (nil code msg) (error (.. "Error " code " POST " url ": " msg))))
-
+       (nil failure)
+       (error (.. "error: " failure))))))
 
 (fn run []
   (let [pk (private-key)
         csr (signing-request pk)
-    ;; key-out (or options.key-out-handle io.stdout)
-    ;; cert-out (or options.cert-out-handle io.stdout)
         cert (http-post options.server (csr:toPEM))]
     (with-open [f (ncall (io.open options.key-out :w))]
       (f:write (pk:toPEM :private)))
diff --git a/pkgs/certifix-client/default.nix b/pkgs/certifix-client/default.nix
index bb20d61..4c363d4 100644
--- a/pkgs/certifix-client/default.nix
+++ b/pkgs/certifix-client/default.nix
@@ -7,9 +7,7 @@
   lua,
   anoia,
   lualinux,
-  fetch-freebsd,
   openssl,
-  luaossl',
   stdenv,
 }:
 let
@@ -20,7 +18,6 @@ stdenv.mkDerivation {
   src = ./.;
 
   buildInputs = [
-    fetch-freebsd
     openssl
     lua
   ];
@@ -30,12 +27,18 @@ stdenv.mkDerivation {
     mkdir -p $out/bin
     cp -p ${
       writeFennel name {
-        packages = [
-          fetch-freebsd
+        packages = with lua.pkgs; [
           fennel
           anoia
           lualinux
-          luaossl'
+          luaossl
+          http
+          lpeg
+          lpeg_patterns
+          basexx
+          cqueues
+          fifo
+          binaryheap
         ];
         mainFunction = "run";
       } ./${name}.fnl