From 4350b76ea38245627bb88c7c413c10844c5e41f0 Mon Sep 17 00:00:00 2001
From: Cristian Le <git@lecris.me>
Date: Fri, 21 Jan 2022 14:40:23 +0900
Subject: [PATCH] Refactored runLetsEncrypt to runACME

Signed-off-by: Cristian Le <git@lecris.me>
---
 cmd/web.go      | 17 +++++++++--------
 cmd/web_acme.go |  8 ++++----
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/cmd/web.go b/cmd/web.go
index ee3b44248a35..710c12775fd0 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -223,17 +223,18 @@ func listen(m http.Handler, handleRedirector bool) error {
 		err = runHTTP("tcp", listenAddr, "Web", m)
 	case setting.HTTPS:
 		if setting.EnableAcme {
-			err = runLetsEncrypt(listenAddr, setting.Domain, setting.AcmeLiveDirectory, setting.AcmeEmail, m)
+			err = runACME(listenAddr, m)
 			break
-		}
-		if handleRedirector {
-			if setting.RedirectOtherPort {
-				go runHTTPRedirector()
-			} else {
-				NoHTTPRedirector()
+		} else {
+			if handleRedirector {
+				if setting.RedirectOtherPort {
+					go runHTTPRedirector()
+				} else {
+					NoHTTPRedirector()
+				}
 			}
+			err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
 		}
-		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
diff --git a/cmd/web_acme.go b/cmd/web_acme.go
index 89c2a33c5206..7ab24e012e13 100644
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -19,7 +19,7 @@ import (
 	"github.com/caddyserver/certmagic"
 )
 
-func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+func runACME(listenAddr string, m http.Handler) error {
 	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
 	// Due to docker port mapping this can't be checked programmatically
 	// TODO: these are placeholders until we add options for each in settings with appropriate warning
@@ -36,7 +36,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 	}
 
 	magic := certmagic.NewDefault()
-	magic.Storage = &certmagic.FileStorage{Path: directory}
+	magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
 	// Try to use private CA root if provided, otherwise defaults to system's trust
 	var certPool *x509.CertPool
 	if setting.AcmeCARoot != "" {
@@ -57,7 +57,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
 		CA:                      setting.AcmeURL,
 		TrustedRoots:            certPool,
-		Email:                   email,
+		Email:                   setting.AcmeEmail,
 		Agreed:                  setting.LetsEncryptTOS,
 		DisableHTTPChallenge:    !enableHTTPChallenge,
 		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
@@ -69,7 +69,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 	magic.Issuers = []certmagic.Issuer{myACME}
 
 	// this obtains certificates or renews them if necessary
-	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{domain})
+	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{setting.Domain})
 	if err != nil {
 		return err
 	}