diff --git a/default_masquerades.go b/default_masquerades.go
index eb7b364..a9b6255 100644
--- a/default_masquerades.go
+++ b/default_masquerades.go
@@ -9,6 +9,10 @@ var DefaultTrustedCAs = []*CA{
 		CommonName: "DigiCert Global Root G2",
 		Cert:       "-----BEGIN CERTIFICATE-----\nMIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH\nMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI\n2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx\n1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ\nq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz\ntCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ\nvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP\nBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV\n5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY\n1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4\nNeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG\nFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91\n8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe\npLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl\nMrY=\n-----END CERTIFICATE-----\n",
 	},
+	{
+		CommonName: "DigiCert Global Root G3",
+		Cert:       "-----BEGIN CERTIFICATE-----\nMIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu\nZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe\nFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw\nEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x\nIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF\nK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG\nfp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO\nZ9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd\nBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx\nAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/\noAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8\nsycX\n-----END CERTIFICATE-----\n",
+	},
 	{
 		CommonName: "DigiCert Global Root CA",
 		Cert:       "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n",
diff --git a/front.go b/front.go
index 94ab00c..b21d25d 100644
--- a/front.go
+++ b/front.go
@@ -16,7 +16,6 @@ import (
 	"time"
 
 	"github.com/getlantern/ops"
-	"github.com/getlantern/tlsdialer/v3"
 	tls "github.com/refraction-networking/utls"
 )
 
@@ -133,19 +132,51 @@ func (fr *front) dial(rootCAs *x509.CertPool, clientHelloID tls.ClientHelloID) (
 		doDial = dialWithTimeout
 	}
 
-	dialer := &tlsdialer.Dialer{
-		DoDial:         doDial,
-		Timeout:        dialTimeout,
-		SendServerName: sendServerNameExtension,
-		Config:         tlsConfig,
-		ClientHelloID:  clientHelloID,
-	}
 	_, _, err := net.SplitHostPort(addr)
 	if err != nil {
 		// If there is no port, we default to 443
 		addr = net.JoinHostPort(addr, "443")
 	}
-	return dialer.Dial("tcp", addr)
+
+	deadline := time.Now().Add(dialTimeout)
+
+	rawConn, err := doDial("tcp", addr, dialTimeout)
+	if err != nil {
+		return nil, err
+	}
+
+	configCopy := tlsConfig.Clone()
+	configCopy.InsecureSkipVerify = true
+	if !sendServerNameExtension {
+		configCopy.ServerName = ""
+	}
+
+	chid := clientHelloID
+	if chid.Client == "" {
+		chid = tls.HelloGolang
+	}
+
+	conn := tls.UClient(rawConn, configCopy, chid)
+	rawConn.SetDeadline(deadline)
+	if err := conn.Handshake(); err != nil {
+		rawConn.Close()
+		return nil, err
+	}
+	rawConn.SetDeadline(time.Time{})
+
+	if !tlsConfig.InsecureSkipVerify {
+		state := conn.ConnectionState()
+		rawCerts := make([][]byte, len(state.PeerCertificates))
+		for i, cert := range state.PeerCertificates {
+			rawCerts[i] = cert.Raw
+		}
+		if err := verifyPeerCertificate(rawCerts, tlsConfig.RootCAs, tlsConfig.ServerName); err != nil {
+			rawConn.Close()
+			return nil, err
+		}
+	}
+
+	return conn, nil
 }
 
 func dialWithTimeout(network string, addr string, timeout time.Duration) (net.Conn, error) {
diff --git a/fronted.go b/fronted.go
index bbd6178..e4ee2c4 100644
--- a/fronted.go
+++ b/fronted.go
@@ -171,6 +171,14 @@ func WithCountryCode(cc string) Option {
 	}
 }
 
+// WithDefaultProviderID sets the default provider ID used when a front has no
+// provider (e.g. from a cache file). Defaults to "cloudfront".
+func WithDefaultProviderID(id string) Option {
+	return func(f *fronted) {
+		f.defaultProviderID = id
+	}
+}
+
 // WithConfigURL sets the URL from which to continually fetch updated domain fronting configurations.
 func WithConfigURL(configURL string) Option {
 	return func(f *fronted) {
diff --git a/fronted_test.go b/fronted_test.go
index fbde58c..f3a5765 100644
--- a/fronted_test.go
+++ b/fronted_test.go
@@ -95,8 +95,7 @@ func TestDomainFrontingWithSNIConfig(t *testing.T) {
 		UseArbitrarySNIs: true,
 		ArbitrarySNIs:    []string{"mercadopago.com", "amazon.com.br", "facebook.com", "google.com", "twitter.com", "youtube.com", "instagram.com", "linkedin.com", "whatsapp.com", "netflix.com", "microsoft.com", "yahoo.com", "bing.com", "wikipedia.org", "github.com"},
 	})
-	defaultFrontedProviderID = "akamai"
-	transport := NewFronted(WithCacheFile(cacheFile), WithCountryCode("test"), WithEmbeddedConfigName("noconfig.yaml"))
+	transport := NewFronted(WithCacheFile(cacheFile), WithCountryCode("test"), WithEmbeddedConfigName("noconfig.yaml"), WithDefaultProviderID("akamai"))
 	transport.onNewFronts(certs, p)
 
 	client := &http.Client{
@@ -110,6 +109,7 @@ func newTransportFromDialer(f Fronted) http.RoundTripper {
 	return rt
 }
 
+
 func doTestDomainFronting(t *testing.T, cacheFile string, expectedMasqueradesAtEnd int) int {
 	getURL := "https://config.example.com/global.yaml.gz"
 	getHost := "config.example.com"
@@ -128,8 +128,7 @@ func doTestDomainFronting(t *testing.T, cacheFile string, expectedMasqueradesAtE
 	}
 	certs := trustedCACerts(t)
 	p := testProvidersWithHosts(hosts)
-	defaultFrontedProviderID = testProviderID
-	transport := NewFronted(WithCacheFile(cacheFile))
+	transport := NewFronted(WithCacheFile(cacheFile), WithDefaultProviderID(testProviderID))
 	transport.onNewFronts(certs, p)
 
 	rt := newTransportFromDialer(transport)
@@ -139,8 +138,7 @@ func doTestDomainFronting(t *testing.T, cacheFile string, expectedMasqueradesAtE
 	}
 	require.True(t, doCheck(client, http.MethodPost, http.StatusAccepted, pingURL))
 
-	defaultFrontedProviderID = testProviderID
-	transport = NewFronted(WithCacheFile(cacheFile))
+	transport = NewFronted(WithCacheFile(cacheFile), WithDefaultProviderID(testProviderID))
 	transport.onNewFronts(certs, p)
 	client = &http.Client{
 		Transport: newTransportFromDialer(transport),
@@ -256,8 +254,7 @@ func TestHostAliasesBasic(t *testing.T) {
 	certs := x509.NewCertPool()
 	certs.AddCert(cloudSack.Certificate())
 
-	defaultFrontedProviderID = "cloudsack"
-	rt := NewFronted()
+	rt := NewFronted(WithDefaultProviderID("cloudsack"))
 
 	rt.onNewFronts(certs, map[string]*Provider{"cloudsack": p})
 	for _, test := range tests {
@@ -365,8 +362,7 @@ func TestHostAliasesMulti(t *testing.T) {
 		"sadcloud":  p2,
 	}
 
-	defaultFrontedProviderID = "cloudsack"
-	rt := NewFronted()
+	rt := NewFronted(WithDefaultProviderID("cloudsack"))
 	rt.onNewFronts(certs, providers)
 
 	providerCounts := make(map[string]int)
@@ -489,8 +485,7 @@ func TestPassthrough(t *testing.T) {
 	certs := x509.NewCertPool()
 	certs.AddCert(cloudSack.Certificate())
 
-	defaultFrontedProviderID = "cloudsack"
-	rt := NewFronted()
+	rt := NewFronted(WithDefaultProviderID("cloudsack"))
 	rt.onNewFronts(certs, map[string]*Provider{"cloudsack": p})
 
 	for _, test := range tests {
@@ -624,8 +619,16 @@ func corruptMasquerades(cacheFile string) (int, error) {
 }
 
 func TestVerifyPeerCertificate(t *testing.T) {
-	// raw certs generated by printing the received rawCerts from TestDirectDomainFrontingWithSNIConfig
-	rawCerts := [][]byte{{48, 130, 5, 201, 48, 130, 5, 79, 160, 3, 2, 1, 2, 2, 16, 10, 104, 174, 217, 200, 97, 246, 117, 233, 137, 207, 239, 166, 251, 207, 173, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 48, 86, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 48, 48, 46, 6, 3, 85, 4, 3, 19, 39, 68, 105, 103, 105, 67, 101, 114, 116, 32, 84, 76, 83, 32, 72, 121, 98, 114, 105, 100, 32, 69, 67, 67, 32, 83, 72, 65, 51, 56, 52, 32, 50, 48, 50, 48, 32, 67, 65, 49, 48, 30, 23, 13, 50, 53, 48, 51, 49, 56, 48, 48, 48, 48, 48, 48, 90, 23, 13, 50, 54, 48, 51, 49, 56, 50, 51, 53, 57, 53, 57, 90, 48, 121, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 22, 48, 20, 6, 3, 85, 4, 8, 19, 13, 77, 97, 115, 115, 97, 99, 104, 117, 115, 101, 116, 116, 115, 49, 18, 48, 16, 6, 3, 85, 4, 7, 19, 9, 67, 97, 109, 98, 114, 105, 100, 103, 101, 49, 34, 48, 32, 6, 3, 85, 4, 10, 19, 25, 65, 107, 97, 109, 97, 105, 32, 84, 101, 99, 104, 110, 111, 108, 111, 103, 105, 101, 115, 44, 32, 73, 110, 99, 46, 49, 26, 48, 24, 6, 3, 85, 4, 3, 19, 17, 97, 50, 52, 56, 46, 101, 46, 97, 107, 97, 109, 97, 105, 46, 110, 101, 116, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 137, 179, 173, 36, 7, 148, 115, 87, 89, 242, 68, 18, 67, 219, 1, 116, 170, 189, 59, 31, 134, 167, 129, 151, 124, 33, 237, 233, 140, 3, 235, 210, 253, 232, 46, 212, 95, 18, 33, 192, 156, 90, 87, 31, 233, 17, 0, 194, 110, 216, 164, 93, 216, 34, 45, 203, 136, 211, 69, 207, 17, 17, 92, 225, 163, 130, 3, 218, 48, 130, 3, 214, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 10, 188, 8, 41, 23, 140, 165, 57, 109, 122, 14, 206, 51, 199, 46, 179, 237, 251, 195, 122, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 84, 136, 107, 213, 162, 51, 87, 199, 43, 162, 19, 8, 242, 17, 240, 170, 80, 244, 78, 184, 48, 110, 6, 3, 85, 29, 17, 4, 103, 48, 101, 130, 17, 97, 50, 52, 56, 46, 101, 46, 97, 107, 97, 109, 97, 105, 46, 110, 101, 116, 130, 15, 42, 46, 97, 107, 97, 109, 97, 105, 122, 101, 100, 46, 110, 101, 116, 130, 23, 42, 46, 97, 107, 97, 109, 97, 105, 122, 101, 100, 45, 115, 116, 97, 103, 105, 110, 103, 46, 110, 101, 116, 130, 14, 42, 46, 97, 107, 97, 109, 97, 105, 104, 100, 46, 110, 101, 116, 130, 22, 42, 46, 97, 107, 97, 109, 97, 105, 104, 100, 45, 115, 116, 97, 103, 105, 110, 103, 46, 110, 101, 116, 48, 62, 6, 3, 85, 29, 32, 4, 55, 48, 53, 48, 51, 6, 6, 103, 129, 12, 1, 2, 2, 48, 41, 48, 39, 6, 8, 43, 6, 1, 5, 5, 7, 2, 1, 22, 27, 104, 116, 116, 112, 58, 47, 47, 119, 119, 119, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 67, 80, 83, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 3, 136, 48, 29, 6, 3, 85, 29, 37, 4, 22, 48, 20, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 129, 155, 6, 3, 85, 29, 31, 4, 129, 147, 48, 129, 144, 48, 70, 160, 68, 160, 66, 134, 64, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 84, 76, 83, 72, 121, 98, 114, 105, 100, 69, 67, 67, 83, 72, 65, 51, 56, 52, 50, 48, 50, 48, 67, 65, 49, 45, 49, 46, 99, 114, 108, 48, 70, 160, 68, 160, 66, 134, 64, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 52, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 84, 76, 83, 72, 121, 98, 114, 105, 100, 69, 67, 67, 83, 72, 65, 51, 56, 52, 50, 48, 50, 48, 67, 65, 49, 45, 49, 46, 99, 114, 108, 48, 129, 133, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, 121, 48, 119, 48, 36, 6, 8, 43, 6, 1, 5, 5, 7, 48, 1, 134, 24, 104, 116, 116, 112, 58, 47, 47, 111, 99, 115, 112, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 48, 79, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, 134, 67, 104, 116, 116, 112, 58, 47, 47, 99, 97, 99, 101, 114, 116, 115, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 84, 76, 83, 72, 121, 98, 114, 105, 100, 69, 67, 67, 83, 72, 65, 51, 56, 52, 50, 48, 50, 48, 67, 65, 49, 45, 49, 46, 99, 114, 116, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2, 48, 0, 48, 130, 1, 127, 6, 10, 43, 6, 1, 4, 1, 214, 121, 2, 4, 2, 4, 130, 1, 111, 4, 130, 1, 107, 1, 105, 0, 119, 0, 14, 87, 148, 188, 243, 174, 169, 62, 51, 27, 44, 153, 7, 179, 247, 144, 223, 155, 194, 61, 113, 50, 37, 221, 33, 169, 37, 172, 97, 197, 78, 33, 0, 0, 1, 149, 170, 99, 183, 135, 0, 0, 4, 3, 0, 72, 48, 70, 2, 33, 0, 235, 0, 242, 233, 98, 214, 73, 85, 137, 193, 228, 5, 25, 30, 42, 94, 189, 169, 209, 120, 117, 2, 217, 215, 176, 205, 75, 242, 208, 168, 238, 17, 2, 33, 0, 198, 118, 215, 89, 151, 11, 1, 238, 193, 90, 1, 193, 70, 74, 22, 58, 217, 225, 104, 133, 172, 94, 20, 99, 124, 128, 254, 138, 79, 55, 54, 123, 0, 118, 0, 73, 156, 155, 105, 222, 29, 124, 236, 252, 54, 222, 205, 135, 100, 166, 184, 91, 175, 10, 135, 128, 25, 209, 85, 82, 251, 233, 235, 41, 221, 248, 195, 0, 0, 1, 149, 170, 99, 183, 201, 0, 0, 4, 3, 0, 71, 48, 69, 2, 33, 0, 214, 242, 234, 42, 116, 165, 172, 238, 126, 119, 200, 152, 85, 19, 124, 2, 180, 24, 8, 241, 20, 135, 91, 42, 14, 66, 55, 214, 136, 129, 23, 27, 2, 32, 113, 102, 37, 203, 235, 86, 220, 129, 181, 162, 156, 200, 129, 80, 125, 97, 82, 224, 31, 181, 77, 27, 136, 123, 70, 2, 130, 127, 3, 92, 16, 2, 0, 118, 0, 203, 56, 247, 21, 137, 124, 132, 161, 68, 95, 91, 193, 221, 251, 201, 110, 242, 154, 89, 205, 71, 10, 105, 5, 133, 176, 203, 20, 195, 20, 88, 231, 0, 0, 1, 149, 170, 99, 183, 157, 0, 0, 4, 3, 0, 71, 48, 69, 2, 32, 74, 67, 53, 194, 171, 185, 139, 172, 120, 13, 130, 224, 25, 132, 23, 1, 186, 169, 182, 193, 127, 84, 186, 57, 200, 221, 58, 255, 253, 149, 89, 203, 2, 33, 0, 222, 152, 192, 126, 210, 194, 215, 227, 190, 66, 199, 219, 75, 231, 144, 230, 249, 77, 28, 106, 124, 143, 55, 68, 212, 178, 188, 36, 28, 126, 135, 152, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 3, 104, 0, 48, 101, 2, 48, 74, 189, 221, 93, 21, 162, 48, 200, 90, 164, 63, 233, 219, 209, 90, 6, 177, 129, 252, 19, 92, 4, 173, 221, 13, 8, 160, 9, 229, 206, 17, 220, 154, 107, 76, 136, 54, 79, 185, 131, 246, 235, 144, 87, 215, 248, 58, 246, 2, 49, 0, 179, 157, 243, 87, 121, 153, 72, 22, 90, 230, 197, 138, 127, 234, 20, 45, 23, 37, 48, 186, 234, 163, 23, 206, 103, 92, 5, 159, 100, 167, 161, 141, 193, 223, 215, 23, 62, 4, 91, 91, 103, 13, 39, 75, 50, 14, 60, 43}, {48, 130, 4, 23, 48, 130, 2, 255, 160, 3, 2, 1, 2, 2, 16, 7, 242, 243, 92, 135, 168, 119, 175, 122, 239, 233, 71, 153, 53, 37, 189, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 12, 5, 0, 48, 97, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 25, 48, 23, 6, 3, 85, 4, 11, 19, 16, 119, 119, 119, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 49, 32, 48, 30, 6, 3, 85, 4, 3, 19, 23, 68, 105, 103, 105, 67, 101, 114, 116, 32, 71, 108, 111, 98, 97, 108, 32, 82, 111, 111, 116, 32, 67, 65, 48, 30, 23, 13, 50, 49, 48, 52, 49, 52, 48, 48, 48, 48, 48, 48, 90, 23, 13, 51, 49, 48, 52, 49, 51, 50, 51, 53, 57, 53, 57, 90, 48, 86, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 48, 48, 46, 6, 3, 85, 4, 3, 19, 39, 68, 105, 103, 105, 67, 101, 114, 116, 32, 84, 76, 83, 32, 72, 121, 98, 114, 105, 100, 32, 69, 67, 67, 32, 83, 72, 65, 51, 56, 52, 32, 50, 48, 50, 48, 32, 67, 65, 49, 48, 118, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 193, 27, 198, 154, 91, 152, 217, 164, 41, 160, 233, 212, 4, 181, 219, 235, 166, 178, 108, 85, 192, 255, 237, 152, 198, 73, 47, 6, 39, 81, 203, 191, 112, 193, 5, 122, 195, 177, 157, 135, 137, 186, 173, 180, 19, 23, 201, 168, 180, 131, 200, 184, 144, 209, 204, 116, 53, 54, 60, 131, 114, 176, 181, 208, 247, 34, 105, 200, 241, 128, 196, 123, 64, 143, 207, 104, 135, 38, 92, 57, 137, 241, 77, 145, 77, 218, 137, 139, 228, 3, 195, 67, 229, 191, 47, 115, 163, 130, 1, 130, 48, 130, 1, 126, 48, 18, 6, 3, 85, 29, 19, 1, 1, 255, 4, 8, 48, 6, 1, 1, 255, 2, 1, 0, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 10, 188, 8, 41, 23, 140, 165, 57, 109, 122, 14, 206, 51, 199, 46, 179, 237, 251, 195, 122, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 3, 222, 80, 53, 86, 209, 76, 187, 102, 240, 163, 226, 27, 27, 195, 151, 178, 61, 209, 85, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 1, 134, 48, 29, 6, 3, 85, 29, 37, 4, 22, 48, 20, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 118, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, 106, 48, 104, 48, 36, 6, 8, 43, 6, 1, 5, 5, 7, 48, 1, 134, 24, 104, 116, 116, 112, 58, 47, 47, 111, 99, 115, 112, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 48, 64, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, 134, 52, 104, 116, 116, 112, 58, 47, 47, 99, 97, 99, 101, 114, 116, 115, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 82, 111, 111, 116, 67, 65, 46, 99, 114, 116, 48, 66, 6, 3, 85, 29, 31, 4, 59, 48, 57, 48, 55, 160, 53, 160, 51, 134, 49, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 82, 111, 111, 116, 67, 65, 46, 99, 114, 108, 48, 61, 6, 3, 85, 29, 32, 4, 54, 48, 52, 48, 11, 6, 9, 96, 134, 72, 1, 134, 253, 108, 2, 1, 48, 7, 6, 5, 103, 129, 12, 1, 1, 48, 8, 6, 6, 103, 129, 12, 1, 2, 1, 48, 8, 6, 6, 103, 129, 12, 1, 2, 2, 48, 8, 6, 6, 103, 129, 12, 1, 2, 3, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 12, 5, 0, 3, 130, 1, 1, 0, 71, 89, 129, 127, 212, 27, 31, 176, 113, 246, 152, 93, 24, 186, 152, 71, 152, 176, 126, 118, 43, 234, 255, 26, 139, 172, 38, 179, 66, 141, 49, 230, 74, 232, 25, 208, 239, 218, 20, 231, 215, 20, 146, 161, 146, 242, 167, 46, 45, 175, 251, 29, 246, 251, 83, 176, 138, 63, 252, 216, 22, 10, 233, 176, 46, 182, 165, 11, 24, 144, 53, 38, 162, 218, 246, 168, 183, 50, 252, 149, 35, 75, 198, 69, 185, 196, 207, 228, 124, 238, 230, 201, 248, 144, 189, 114, 227, 153, 195, 29, 11, 5, 124, 106, 151, 109, 178, 171, 2, 54, 216, 194, 188, 44, 1, 146, 63, 4, 163, 139, 117, 17, 199, 185, 41, 188, 17, 208, 134, 186, 146, 188, 38, 249, 101, 200, 55, 205, 38, 246, 134, 19, 12, 4, 170, 137, 229, 120, 177, 193, 78, 121, 188, 118, 163, 11, 81, 228, 197, 208, 158, 106, 254, 26, 44, 86, 174, 6, 54, 39, 163, 115, 28, 8, 125, 147, 50, 208, 194, 68, 25, 218, 141, 244, 14, 123, 29, 40, 3, 43, 9, 138, 118, 202, 119, 220, 135, 122, 172, 123, 82, 38, 85, 167, 114, 15, 157, 210, 136, 79, 254, 177, 33, 197, 26, 161, 170, 57, 245, 86, 219, 194, 132, 196, 53, 31, 112, 218, 187, 70, 240, 134, 191, 100, 0, 196, 62, 247, 159, 70, 27, 157, 35, 5, 185, 125, 179, 79, 15, 169, 69, 58, 227, 116, 48, 152}}
+	// raw certs fetched from a248.e.akamai.net on 2026-03-19 (leaf valid 2025-12-22 to 2026-12-22)
+	// To refresh: connect to a248.e.akamai.net:443 and extract PeerCertificates as raw bytes.
+	rawCerts := [][]byte{{48, 130, 5, 201, 48, 130, 5, 79, 160, 3, 2, 1, 2, 2, 16, 3, 115, 171, 66, 15, 84, 148, 27, 85, 87, 66, 217, 172, 137, 6, 38, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 48, 89, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 51, 48, 49, 6, 3, 85, 4, 3, 19, 42, 68, 105, 103, 105, 67, 101, 114, 116, 32, 71, 108, 111, 98, 97, 108, 32, 71, 51, 32, 84, 76, 83, 32, 69, 67, 67, 32, 83, 72, 65, 51, 56, 52, 32, 50, 48, 50, 48, 32, 67, 65, 49, 48, 30, 23, 13, 50, 53, 49, 50, 50, 50, 48, 48, 48, 48, 48, 48, 90, 23, 13, 50, 54, 49, 50, 50, 50, 50, 51, 53, 57, 53, 57, 90, 48, 121, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 22, 48, 20, 6, 3, 85, 4, 8, 19, 13, 77, 97, 115, 115, 97, 99, 104, 117, 115, 101, 116, 116, 115, 49, 18, 48, 16, 6, 3, 85, 4, 7, 19, 9, 67, 97, 109, 98, 114, 105, 100, 103, 101, 49, 34, 48, 32, 6, 3, 85, 4, 10, 19, 25, 65, 107, 97, 109, 97, 105, 32, 84, 101, 99, 104, 110, 111, 108, 111, 103, 105, 101, 115, 44, 32, 73, 110, 99, 46, 49, 26, 48, 24, 6, 3, 85, 4, 3, 19, 17, 97, 50, 52, 56, 46, 101, 46, 97, 107, 97, 109, 97, 105, 46, 110, 101, 116, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 111, 186, 198, 28, 140, 210, 95, 69, 166, 32, 10, 8, 148, 120, 2, 169, 163, 29, 116, 53, 247, 176, 207, 132, 247, 126, 133, 217, 90, 254, 197, 204, 161, 221, 162, 45, 40, 93, 124, 215, 173, 109, 242, 231, 189, 68, 138, 78, 158, 124, 200, 219, 211, 208, 130, 202, 71, 245, 147, 123, 110, 135, 176, 174, 163, 130, 3, 215, 48, 130, 3, 211, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 138, 35, 235, 158, 107, 215, 249, 55, 93, 249, 109, 33, 57, 118, 154, 161, 103, 222, 16, 168, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 175, 50, 71, 249, 169, 75, 98, 88, 227, 19, 56, 139, 138, 197, 234, 121, 107, 93, 97, 180, 48, 110, 6, 3, 85, 29, 17, 4, 103, 48, 101, 130, 17, 97, 50, 52, 56, 46, 101, 46, 97, 107, 97, 109, 97, 105, 46, 110, 101, 116, 130, 15, 42, 46, 97, 107, 97, 109, 97, 105, 122, 101, 100, 46, 110, 101, 116, 130, 23, 42, 46, 97, 107, 97, 109, 97, 105, 122, 101, 100, 45, 115, 116, 97, 103, 105, 110, 103, 46, 110, 101, 116, 130, 14, 42, 46, 97, 107, 97, 109, 97, 105, 104, 100, 46, 110, 101, 116, 130, 22, 42, 46, 97, 107, 97, 109, 97, 105, 104, 100, 45, 115, 116, 97, 103, 105, 110, 103, 46, 110, 101, 116, 48, 62, 6, 3, 85, 29, 32, 4, 55, 48, 53, 48, 51, 6, 6, 103, 129, 12, 1, 2, 2, 48, 41, 48, 39, 6, 8, 43, 6, 1, 5, 5, 7, 2, 1, 22, 27, 104, 116, 116, 112, 58, 47, 47, 119, 119, 119, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 67, 80, 83, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 3, 136, 48, 19, 6, 3, 85, 29, 37, 4, 12, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 129, 159, 6, 3, 85, 29, 31, 4, 129, 151, 48, 129, 148, 48, 72, 160, 70, 160, 68, 134, 66, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 71, 51, 84, 76, 83, 69, 67, 67, 83, 72, 65, 51, 56, 52, 50, 48, 50, 48, 67, 65, 49, 45, 50, 46, 99, 114, 108, 48, 72, 160, 70, 160, 68, 134, 66, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 52, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 71, 51, 84, 76, 83, 69, 67, 67, 83, 72, 65, 51, 56, 52, 50, 48, 50, 48, 67, 65, 49, 45, 50, 46, 99, 114, 108, 48, 129, 135, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, 123, 48, 121, 48, 36, 6, 8, 43, 6, 1, 5, 5, 7, 48, 1, 134, 24, 104, 116, 116, 112, 58, 47, 47, 111, 99, 115, 112, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 48, 81, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, 134, 69, 104, 116, 116, 112, 58, 47, 47, 99, 97, 99, 101, 114, 116, 115, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 71, 51, 84, 76, 83, 69, 67, 67, 83, 72, 65, 51, 56, 52, 50, 48, 50, 48, 67, 65, 49, 45, 50, 46, 99, 114, 116, 48, 12, 6, 3, 85, 29, 19, 1, 1, 255, 4, 2, 48, 0, 48, 130, 1, 128, 6, 10, 43, 6, 1, 4, 1, 214, 121, 2, 4, 2, 4, 130, 1, 112, 4, 130, 1, 108, 1, 106, 0, 119, 0, 216, 9, 85, 59, 148, 79, 122, 255, 200, 22, 25, 111, 148, 79, 133, 171, 176, 248, 252, 94, 135, 85, 38, 15, 21, 209, 46, 114, 187, 69, 75, 20, 0, 0, 1, 155, 71, 44, 132, 37, 0, 0, 4, 3, 0, 72, 48, 70, 2, 33, 0, 158, 239, 46, 20, 200, 22, 143, 122, 32, 169, 168, 36, 34, 171, 17, 160, 242, 99, 250, 113, 52, 152, 147, 215, 65, 170, 144, 115, 138, 2, 209, 143, 2, 33, 0, 241, 103, 177, 230, 12, 45, 78, 165, 173, 93, 247, 231, 142, 233, 1, 84, 78, 188, 128, 104, 48, 175, 194, 219, 199, 202, 188, 108, 185, 246, 140, 168, 0, 118, 0, 200, 163, 196, 127, 199, 179, 173, 185, 53, 107, 1, 63, 106, 122, 18, 109, 227, 58, 78, 67, 165, 198, 70, 249, 151, 173, 57, 117, 153, 29, 207, 154, 0, 0, 1, 155, 71, 44, 132, 94, 0, 0, 4, 3, 0, 71, 48, 69, 2, 32, 30, 43, 243, 178, 133, 25, 152, 197, 50, 214, 210, 84, 47, 137, 244, 144, 108, 208, 20, 112, 231, 241, 170, 95, 140, 160, 173, 229, 147, 32, 32, 130, 2, 33, 0, 244, 24, 46, 179, 140, 173, 98, 78, 147, 190, 97, 173, 133, 157, 31, 31, 40, 155, 114, 124, 249, 209, 107, 71, 77, 183, 52, 179, 54, 127, 243, 103, 0, 119, 0, 194, 49, 126, 87, 69, 25, 163, 69, 238, 127, 56, 222, 178, 144, 65, 235, 199, 194, 33, 90, 34, 191, 127, 213, 181, 173, 118, 154, 217, 14, 82, 205, 0, 0, 1, 155, 71, 44, 132, 51, 0, 0, 4, 3, 0, 72, 48, 70, 2, 33, 0, 136, 72, 13, 74, 213, 175, 80, 26, 100, 90, 38, 231, 231, 13, 200, 54, 16, 62, 160, 225, 74, 11, 232, 106, 210, 170, 57, 127, 106, 163, 3, 128, 2, 33, 0, 129, 9, 223, 236, 95, 171, 3, 167, 165, 117, 237, 65, 73, 5, 166, 58, 150, 57, 136, 11, 171, 61, 39, 189, 153, 90, 222, 175, 199, 66, 159, 172, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 3, 104, 0, 48, 101, 2, 48, 107, 182, 71, 108, 4, 218, 17, 79, 182, 69, 42, 22, 248, 54, 241, 143, 118, 155, 201, 39, 83, 15, 165, 234, 140, 53, 63, 223, 164, 29, 44, 76, 81, 64, 204, 38, 27, 143, 88, 24, 224, 126, 22, 106, 173, 134, 123, 182, 2, 49, 0, 238, 81, 173, 172, 28, 31, 243, 138, 237, 192, 179, 6, 131, 198, 133, 126, 181, 63, 143, 84, 161, 243, 146, 74, 168, 108, 249, 164, 34, 232, 22, 87, 70, 121, 197, 36, 208, 94, 88, 253, 223, 101, 108, 73, 217, 244, 239, 225}, {48, 130, 3, 121, 48, 130, 2, 255, 160, 3, 2, 1, 2, 2, 16, 11, 0, 233, 45, 77, 109, 115, 31, 202, 48, 89, 199, 203, 30, 24, 134, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 48, 97, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 25, 48, 23, 6, 3, 85, 4, 11, 19, 16, 119, 119, 119, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 49, 32, 48, 30, 6, 3, 85, 4, 3, 19, 23, 68, 105, 103, 105, 67, 101, 114, 116, 32, 71, 108, 111, 98, 97, 108, 32, 82, 111, 111, 116, 32, 71, 51, 48, 30, 23, 13, 50, 49, 48, 52, 49, 52, 48, 48, 48, 48, 48, 48, 90, 23, 13, 51, 49, 48, 52, 49, 51, 50, 51, 53, 57, 53, 57, 90, 48, 89, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 21, 48, 19, 6, 3, 85, 4, 10, 19, 12, 68, 105, 103, 105, 67, 101, 114, 116, 32, 73, 110, 99, 49, 51, 48, 49, 6, 3, 85, 4, 3, 19, 42, 68, 105, 103, 105, 67, 101, 114, 116, 32, 71, 108, 111, 98, 97, 108, 32, 71, 51, 32, 84, 76, 83, 32, 69, 67, 67, 32, 83, 72, 65, 51, 56, 52, 32, 50, 48, 50, 48, 32, 67, 65, 49, 48, 118, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 120, 169, 156, 117, 174, 136, 93, 99, 164, 173, 93, 134, 216, 16, 73, 214, 175, 146, 89, 99, 67, 35, 133, 244, 72, 101, 48, 205, 74, 52, 149, 166, 14, 62, 217, 124, 8, 215, 87, 5, 40, 72, 158, 11, 171, 235, 194, 211, 150, 158, 237, 69, 210, 139, 138, 206, 1, 75, 23, 67, 225, 115, 207, 109, 115, 72, 52, 220, 0, 70, 9, 181, 86, 84, 201, 95, 122, 199, 19, 7, 208, 108, 24, 23, 108, 202, 219, 199, 11, 38, 86, 46, 141, 7, 245, 103, 163, 130, 1, 130, 48, 130, 1, 126, 48, 18, 6, 3, 85, 29, 19, 1, 1, 255, 4, 8, 48, 6, 1, 1, 255, 2, 1, 0, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 138, 35, 235, 158, 107, 215, 249, 55, 93, 249, 109, 33, 57, 118, 154, 161, 103, 222, 16, 168, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 179, 219, 72, 164, 249, 161, 197, 216, 174, 54, 65, 204, 17, 99, 105, 98, 41, 188, 75, 198, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 1, 134, 48, 29, 6, 3, 85, 29, 37, 4, 22, 48, 20, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 118, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, 106, 48, 104, 48, 36, 6, 8, 43, 6, 1, 5, 5, 7, 48, 1, 134, 24, 104, 116, 116, 112, 58, 47, 47, 111, 99, 115, 112, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 48, 64, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, 134, 52, 104, 116, 116, 112, 58, 47, 47, 99, 97, 99, 101, 114, 116, 115, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 82, 111, 111, 116, 71, 51, 46, 99, 114, 116, 48, 66, 6, 3, 85, 29, 31, 4, 59, 48, 57, 48, 55, 160, 53, 160, 51, 134, 49, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 68, 105, 103, 105, 67, 101, 114, 116, 71, 108, 111, 98, 97, 108, 82, 111, 111, 116, 71, 51, 46, 99, 114, 108, 48, 61, 6, 3, 85, 29, 32, 4, 54, 48, 52, 48, 11, 6, 9, 96, 134, 72, 1, 134, 253, 108, 2, 1, 48, 7, 6, 5, 103, 129, 12, 1, 1, 48, 8, 6, 6, 103, 129, 12, 1, 2, 1, 48, 8, 6, 6, 103, 129, 12, 1, 2, 2, 48, 8, 6, 6, 103, 129, 12, 1, 2, 3, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 3, 3, 104, 0, 48, 101, 2, 48, 126, 38, 88, 110, 238, 136, 236, 12, 221, 21, 65, 238, 122, 184, 153, 153, 112, 209, 98, 101, 79, 160, 32, 158, 71, 177, 91, 193, 178, 103, 49, 29, 204, 114, 122, 175, 34, 114, 64, 66, 110, 101, 132, 254, 135, 75, 15, 25, 2, 49, 0, 230, 191, 214, 174, 52, 135, 91, 63, 103, 199, 29, 168, 111, 213, 18, 120, 181, 230, 135, 49, 68, 169, 93, 198, 184, 120, 204, 207, 239, 212, 50, 88, 17, 255, 58, 133, 6, 60, 29, 132, 111, 211, 245, 249, 218, 51, 28, 164}}
+
+	// Check if the leaf cert has expired; skip with a clear message if so.
+	if leafCert, err := x509.ParseCertificate(rawCerts[0]); err == nil {
+		if time.Now().After(leafCert.NotAfter) {
+			t.Skipf("Test leaf certificate expired on %s — fetch fresh certs from a248.e.akamai.net:443", leafCert.NotAfter.Format("2006-01-02"))
+		}
+	}
 
 	var tests = []struct {
 		name            string
diff --git a/go.mod b/go.mod
index 996e18b..564584a 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,6 @@ require (
 	github.com/alitto/pond/v2 v2.1.5
 	github.com/getlantern/keepcurrent v0.0.0-20240126172110-2e0264ca385d
 	github.com/getlantern/ops v0.0.0-20231025133620-f368ab734534
-	github.com/getlantern/tlsdialer/v3 v3.0.6-0.20260105215053-2a1cd54af4d5
 	github.com/getlantern/waitforserver v1.0.1
 	github.com/goccy/go-yaml v1.15.13
 	github.com/refraction-networking/utls v1.7.1
@@ -21,22 +20,14 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/getlantern/context v0.0.0-20220418194847-3d5e7a086201 // indirect
-	github.com/getlantern/errors v1.0.3 // indirect
-	github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65 // indirect
-	github.com/getlantern/hex v0.0.0-20220104173244-ad7e4b9194dc // indirect
-	github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770 // indirect
-	github.com/getlantern/iptool v0.0.0-20230112135223-c00e863b2696 // indirect
-	github.com/getlantern/mtime v0.0.0-20200417132445-23682092d1f7 // indirect
-	github.com/getlantern/netx v0.0.0-20240814210628-0984f52e2d18 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
 	github.com/nwaples/rardecode v1.1.0 // indirect
-	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
@@ -45,8 +36,6 @@ require (
 	go.opentelemetry.io/otel v1.19.0 // indirect
 	go.opentelemetry.io/otel/metric v1.19.0 // indirect
 	go.opentelemetry.io/otel/trace v1.19.0 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 40c08d3..ad0c213 100644
--- a/go.sum
+++ b/go.sum
@@ -3,57 +3,29 @@ github.com/alitto/pond/v2 v2.1.5/go.mod h1:xkjYEgQ05RSpWdfSd1nM3OVv7TBhLdy7rMp3+
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
 github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
 github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 h1:iFaUwBSo5Svw6L7HYpRu/0lE3e0BaElwnNO1qkNQxBY=
 github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
 github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
-github.com/getlantern/context v0.0.0-20190109183933-c447772a6520/go.mod h1:L+mq6/vvYHKjCX2oez0CgEAJmbq1fbb/oNJIWQkBybY=
 github.com/getlantern/context v0.0.0-20220418194847-3d5e7a086201 h1:oEZYEpZo28Wdx+5FZo4aU7JFXu0WG/4wJWese5reQSA=
 github.com/getlantern/context v0.0.0-20220418194847-3d5e7a086201/go.mod h1:Y9WZUHEb+mpra02CbQ/QczLUe6f0Dezxaw5DCJlJQGo=
-github.com/getlantern/errors v1.0.1/go.mod h1:l+xpFBrCtDLpK9qNjxs+cHU6+BAdlBaxHqikB6Lku3A=
 github.com/getlantern/errors v1.0.3 h1:Ne4Ycj7NI1BtSyAfVeAT/DNoxz7/S2BUc3L2Ht1YSHE=
 github.com/getlantern/errors v1.0.3/go.mod h1:m8C7H1qmouvsGpwQqk/6NUpIVMpfzUPn608aBZDYV04=
-github.com/getlantern/fdcount v0.0.0-20190912142506-f89afd7367c4 h1:JdD4XSaT6/j6InM7MT1E4WRvzR8gurxfq53A3ML3B/Q=
-github.com/getlantern/fdcount v0.0.0-20190912142506-f89afd7367c4/go.mod h1:XZwE+iIlAgr64OFbXKFNCllBwV4wEipPx8Hlo2gZdbM=
-github.com/getlantern/golog v0.0.0-20210606115803-bce9f9fe5a5f/go.mod h1:ZyIjgH/1wTCl+B+7yH1DqrWp6MPJqESmwmEQ89ZfhvA=
-github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65 h1:NlQedYmPI3pRAXJb+hLVVDGqfvvXGRPV8vp7XOjKAZ0=
-github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65/go.mod h1:+ZU1h+iOVqWReBpky6d5Y2WL0sF2Llxu+QcxJFs2+OU=
-github.com/getlantern/hex v0.0.0-20190417191902-c6586a6fe0b7/go.mod h1:dD3CgOrwlzca8ed61CsZouQS5h5jIzkK9ZWrTcf0s+o=
-github.com/getlantern/hex v0.0.0-20220104173244-ad7e4b9194dc h1:sue+aeVx7JF5v36H1HfvcGFImLpSD5goj8d+MitovDU=
-github.com/getlantern/hex v0.0.0-20220104173244-ad7e4b9194dc/go.mod h1:D9RWpXy/EFPYxiKUURo2TB8UBosbqkiLhttRrZYtvqM=
-github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55/go.mod h1:6mmzY2kW1TOOrVy+r41Za2MxXM+hhqTtY3oBKd2AgFA=
-github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770 h1:cSrD9ryDfTV2yaur9Qk3rHYD414j3Q1rl7+L0AylxrE=
-github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770/go.mod h1:GOQsoDnEHl6ZmNIL+5uVo+JWRFWozMEp18Izcb++H+A=
-github.com/getlantern/iptool v0.0.0-20230112135223-c00e863b2696 h1:D7wbL2Ww6QN5SblEDMiQcFulqz2jgcvawKaNBTzHLvQ=
-github.com/getlantern/iptool v0.0.0-20230112135223-c00e863b2696/go.mod h1:hfspzdRcvJ130tpTPL53/L92gG0pFtvQ6ln35ppwhHE=
 github.com/getlantern/keepcurrent v0.0.0-20240126172110-2e0264ca385d h1:2/9rPC1xT+jWBnAe4mD6Q0LWkByFYGcTiKsmDWbv2T4=
 github.com/getlantern/keepcurrent v0.0.0-20240126172110-2e0264ca385d/go.mod h1:enUAvxkJ15QUtTKOKoO9WJV2L5u33P8YmqkC+iu8iT4=
-github.com/getlantern/mockconn v0.0.0-20200818071412-cb30d065a848 h1:2MhMMVBTnaHrst6HyWFDhwQCaJ05PZuOv1bE2gN8WFY=
-github.com/getlantern/mockconn v0.0.0-20200818071412-cb30d065a848/go.mod h1:+F5GJ7qGpQ03DBtcOEyQpM30ix4BLswdaojecFtsdy8=
-github.com/getlantern/mtime v0.0.0-20200417132445-23682092d1f7 h1:03J6Cb42EG06lHgpOFGm5BOax4qFqlSbSeKO2RGrj2g=
-github.com/getlantern/mtime v0.0.0-20200417132445-23682092d1f7/go.mod h1:GfzwugvtH7YcmNIrHHizeyImsgEdyL88YkdnK28B14c=
-github.com/getlantern/netx v0.0.0-20240814210628-0984f52e2d18 h1:I5xFq/HkvWGUPysqC8LQH9oks1WaM9BpcB+fjmvMRic=
-github.com/getlantern/netx v0.0.0-20240814210628-0984f52e2d18/go.mod h1:4WkWbHy7Mqri9lxpLFN6dOU5nUy3kyNCpHxSRQZocv0=
-github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA=
-github.com/getlantern/ops v0.0.0-20220713155959-1315d978fff7/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA=
 github.com/getlantern/ops v0.0.0-20231025133620-f368ab734534 h1:3BwvWj0JZzFEvNNiMhCu4bf60nqcIuQpTYb00Ezm1ag=
 github.com/getlantern/ops v0.0.0-20231025133620-f368ab734534/go.mod h1:ZsLfOY6gKQOTyEcPYNA9ws5/XHZQFroxqCOhHjGcs9Y=
-github.com/getlantern/tlsdialer/v3 v3.0.6-0.20260105215053-2a1cd54af4d5 h1:+Ai5I/vz3jitmogrCWCAJCBsiP+afn3PDeCJ42LeOrs=
-github.com/getlantern/tlsdialer/v3 v3.0.6-0.20260105215053-2a1cd54af4d5/go.mod h1:QrBr/wjs8AHmtRxIIsTqk5fTsflPN5PwDtIFEG2szlU=
 github.com/getlantern/waitforserver v1.0.1 h1:xBjqJ3GgEk9JMWnDgRSiNHXINi6Lv2tGNjJR0hCkHFY=
 github.com/getlantern/waitforserver v1.0.1/go.mod h1:K1oSA8lNKgQ9iC00OFpMfMNm4UMrsxoGCdHf0NT9LGs=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
 github.com/goccy/go-yaml v1.15.13 h1:Xd87Yddmr2rC1SLLTm2MNDcTjeO/GYo0JGiww6gSTDg=
@@ -62,7 +34,6 @@ github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
@@ -72,36 +43,23 @@ github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6K
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo=
 github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
 github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ=
 github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
-github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
-github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.15 h1:MO0/ucJhngq7299dKLwIMtgTfbkoSPF6AoMYDd8Q4q0=
 github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/refraction-networking/utls v1.7.1 h1:dxg+jla3uocgN8HtX+ccwDr68uCBBO3qLrkZUbqkcw0=
 github.com/refraction-networking/utls v1.7.1/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ=
 github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
@@ -110,61 +68,19 @@ github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
 github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo=
 go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
 go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
 go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
 go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
-go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTNGg6VODnOiPo=
 go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
 go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
-go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
-go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/test_support.go b/test_support.go
index cb47761..4a8e9e8 100644
--- a/test_support.go
+++ b/test_support.go
@@ -21,8 +21,7 @@ func ConfigureForTest(t *testing.T) Fronted {
 func ConfigureCachingForTest(t *testing.T, cacheFile string) Fronted {
 	certs := trustedCACerts(t)
 	p := testProviders()
-	defaultFrontedProviderID = testProviderID
-	f := NewFronted(WithCacheFile(cacheFile))
+	f := NewFronted(WithCacheFile(cacheFile), WithDefaultProviderID(testProviderID))
 	f.onNewFronts(certs, p)
 	return f
 }
@@ -30,8 +29,7 @@ func ConfigureCachingForTest(t *testing.T, cacheFile string) Fronted {
 func ConfigureHostAlaisesForTest(t *testing.T, hosts map[string]string) Fronted {
 	certs := trustedCACerts(t)
 	p := testProvidersWithHosts(hosts)
-	defaultFrontedProviderID = testProviderID
-	f := NewFronted()
+	f := NewFronted(WithDefaultProviderID(testProviderID))
 	f.onNewFronts(certs, p)
 	return f
 }
@@ -59,9 +57,13 @@ func testProviders() map[string]*Provider {
 }
 
 func testProvidersWithHosts(hosts map[string]string) map[string]*Provider {
-	return map[string]*Provider{
+	p := map[string]*Provider{
 		testProviderID: NewProvider(hosts, pingTestURL, testMasquerades, nil, nil, nil, ""),
 	}
+	// Also register the test hosts with the akamai provider so that akamai fronts
+	// loaded from the embedded config don't cause "no domain fronting mapping" errors.
+	p["akamai"] = NewProvider(hosts, pingTestURL, nil, nil, nil, nil, "")
+	return p
 }
 func testAkamaiProvidersWithHosts(hosts map[string]string, sniConfig *SNIConfig) map[string]*Provider {
 	frontingSNIs := map[string]*SNIConfig{