From 8564f61d5080403abed1f95ba11303166023b067 Mon Sep 17 00:00:00 2001
From: "Alexey I. Froloff" <raorn@raorn.name>
Date: Thu, 7 Feb 2019 15:16:10 +0300
Subject: [PATCH 1/4] net/acme: issue_cert should always call post_checks on
 exit

issue_cert fuction may return without calling post_checks, which leaves
port 80 open and uhttpd configuration is not restored is listen_http was
set.

Always call post_checks when returning from issue_cert.

Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
---
 net/acme/files/run.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/acme/files/run.sh b/net/acme/files/run.sh
index 233abee68..144cdcd09 100644
--- a/net/acme/files/run.sh
+++ b/net/acme/files/run.sh
@@ -180,6 +180,7 @@ issue_cert()
     local failed_dir
     local webroot
     local dns
+    local ret
 
     config_get_bool enabled "$section" enabled 0
     config_get_bool use_staging "$section" use_staging
@@ -211,8 +212,9 @@ issue_cert()
             moved_staging=1
         else
             log "Found previous cert config. Issuing renew."
-            $ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args || return 1
-            return 0
+            $ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args && ret=0 || ret=1
+            post_checks
+            return $ret
         fi
     fi
 
@@ -231,6 +233,7 @@ issue_cert()
     else
         if [ ! -d "$webroot" ]; then
             err "$main_domain: Webroot dir '$webroot' does not exist!"
+            post_checks
             return 1
         fi
         log "Using webroot dir: $webroot"

From c636bf374f2bafe044ee56ad170a186cf2bbb6e5 Mon Sep 17 00:00:00 2001
From: "Alexey I. Froloff" <raorn@raorn.name>
Date: Thu, 7 Feb 2019 15:22:56 +0300
Subject: [PATCH 2/4] net/acme: commit uhttpd configuration if update_httpd set

uhttpd configuration should be commited when update_uhttpd set.

Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
---
 net/acme/files/run.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/acme/files/run.sh b/net/acme/files/run.sh
index 144cdcd09..b5dfc731d 100644
--- a/net/acme/files/run.sh
+++ b/net/acme/files/run.sh
@@ -132,9 +132,9 @@ post_checks()
     if [ -e /etc/init.d/uhttpd ] && ( [ -n "$UHTTPD_LISTEN_HTTP" ] || [ $UPDATE_UHTTPD -eq 1 ] ); then
         if [ -n "$UHTTPD_LISTEN_HTTP" ]; then
             uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP"
-            uci commit uhttpd
             UHTTPD_LISTEN_HTTP=
         fi
+        uci commit uhttpd
         /etc/init.d/uhttpd reload
     fi
 

From 3439c008e52f6cd261854b5db73fd65cc497b1db Mon Sep 17 00:00:00 2001
From: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
Date: Wed, 30 Jan 2019 23:32:51 +0100
Subject: [PATCH 3/4] acme: Fix loading credentials
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )

Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
---
 net/acme/files/run.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/acme/files/run.sh b/net/acme/files/run.sh
index b5dfc731d..b0cae8fa6 100644
--- a/net/acme/files/run.sh
+++ b/net/acme/files/run.sh
@@ -204,6 +204,12 @@ issue_cert()
     [ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 1
 
     log "Running ACME for $main_domain"
+    
+    handle_credentials() {
+        local credential="$1"
+        eval export $credential
+    }
+    config_list_foreach "$section" credentials handle_credentials
 
     if [ -e "$STATE_DIR/$main_domain" ]; then
         if [ "$use_staging" -eq "0" ] && is_staging "$main_domain"; then
@@ -240,12 +246,6 @@ issue_cert()
         acme_args="$acme_args --webroot $webroot"
     fi
 
-    handle_credentials() {
-        local credential="$1"
-        eval export $credential
-    }
-    config_list_foreach "$section" credentials handle_credentials
-
     if ! $ACME --home "$STATE_DIR" --issue $acme_args; then
         failed_dir="$STATE_DIR/${main_domain}.failed-$(date +%s)"
         err "Issuing cert for $main_domain failed. Moving state to $failed_dir"

From 71cedd6ec4ac15d364de01269cdbb1e50fe82dec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
Date: Fri, 8 Feb 2019 17:17:37 +0100
Subject: [PATCH 4/4] acme: Bump package revision
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
---
 net/acme/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/acme/Makefile b/net/acme/Makefile
index 3feb74478..69dd3441f 100644
--- a/net/acme/Makefile
+++ b/net/acme/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=acme
 PKG_VERSION:=2.7.9
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 PKG_LICENSE:=GPLv3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz