acme: Bring up-to-date with master

There are quite a few bugfixes in the version of the ACME package in
master, and the old version in 18.06 have some issues as seen in #10328.
This commit ports over all changes from the master branch in one go.

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>

net/acme/files/acme-cbi.lua

@@ -10,6 +10,11 @@ Copyright 2016 Toke Høiland-Jørgensen <toke@toke.dk>
 
 ]]--
 
+local fs = require "nixio.fs"
+
+local nginx_presence = fs.access("/usr/sbin/nginx") or false
+local uhttpd_presence = fs.access("/usr/sbin/uhttpd") or false
+
 m = Map("acme", translate("ACME certificates"),
 	translate("This configures ACME (Letsencrypt) automatic certificate installation. " ..
                   "Simply fill out this to have the router configured with Letsencrypt-issued " ..
@@ -47,21 +52,38 @@ us = cs:option(Flag, "use_staging", translate("Use staging server"),
                          "(use for testing; the certificate won't be valid)."))
 us.rmempty = false
 
-kl = cs:option(Value, "keylength", translate("Key length"),
-               translate("Number of bits (minimum 2048)."))
+kl = cs:option(ListValue, "keylength", translate("Key size"),
+               translate("Key size (and type) for the generated certificate."))
+kl:value("2048", "RSA 2048 bits")
+kl:value("3072", "RSA 3072 bits")
+kl:value("4096", "RSA 4096 bits")
+kl:value("ec-256", "ECC 256 bits")
+kl:value("ec-384", "ECC 384 bits")
+kl.default = "2048"
 kl.rmempty = false
-kl.datatype = "and(uinteger,min(2048))"
 
+if uhttpd_presence then
 u = cs:option(Flag, "update_uhttpd", translate("Use for uhttpd"),
               translate("Update the uhttpd config with this certificate once issued " ..
-                        "(only select this for one certificate)."))
+                        "(only select this for one certificate)." ..
+                        "Is also available luci-app-uhttpd to configure uhttpd form the LuCI interface."))
 u.rmempty = false
+end
+
+if nginx_presence then
+u = cs:option(Flag, "update_nginx", translate("Use for nginx"),
+              translate("Update the nginx config with this certificate once issued " ..
+                        "(only select this for one certificate)." ..
+                        "Nginx must support ssl, if not it won't start as it needs to be " ..
+                        "compiled with ssl support to use cert options"))
+u.rmempty = false
+end
 
 wr = cs:option(Value, "webroot", translate("Webroot directory"),
                translate("Webserver root directory. Set this to the webserver " ..
                          "document root to run Acme in webroot mode. The web " ..
                          "server must be accessible from the internet on port 80."))
-wr.rmempty = false
+wr.optional = true
 
 dom = cs:option(DynamicList, "domains", translate("Domain names"),
                 translate("Domain names to include in the certificate. " ..
@@ -75,7 +97,7 @@ dns = cs:option(Value, "dns", translate("DNS API"),
                           "In DNS mode, the domain name does not have to resolve to the router IP. " ..
                           "DNS mode is also the only mode that supports wildcard certificates. " ..
                           "Using this mode requires the acme-dnsapi package to be installed."))
-dns.rmempty = false
+dns.optional = true
 
 cred = cs:option(DynamicList, "credentials", translate("DNS API credentials"),
                  translate("The credentials for the DNS API mode selected above. " ..