letsencrypt: Numerous bug fixes

caddy/caddy.go

@@ -276,7 +276,7 @@ func Wait() {
 // the Caddyfile. If loader does not return a Caddyfile, the
 // default one will be returned. Thus, if there are no other
 // errors, this function always returns at least the default
-// Caddyfile.
+// Caddyfile (not the previously-used Caddyfile).
 func LoadCaddyfile(loader func() (Input, error)) (cdyfile Input, err error) {
 	// If we are a fork, finishing the restart is highest priority;
 	// piped input is required in this case.

caddy/caddyfile/json_test.go

@@ -62,7 +62,7 @@ baz"
 	{ // 8
 		caddyfile: `http://host, https://host {
 }`,
-		json: `[{"hosts":["host:http","host:https"],"body":{}}]`, // hosts in JSON are always host:port format (if port is specified)
+		json: `[{"hosts":["host:http","host:https"],"body":{}}]`, // hosts in JSON are always host:port format (if port is specified), for consistency
 	},
 }
 

caddy/config.go

@@ -89,10 +89,6 @@ func load(filename string, input io.Reader) ([]server.Config, error) {
 				}
 			}
 
-			if config.Port == "" {
-				config.Port = Port
-			}
-
 			configs = append(configs, config)
 		}
 	}
@@ -145,6 +141,11 @@ func arrangeBindings(allConfigs []server.Config) (Group, error) {
 
 	// Group configs by bind address
 	for _, conf := range allConfigs {
+		// use default port if none is specified
+		if conf.Port == "" {
+			conf.Port = Port
+		}
+
 		bindAddr, warnErr, fatalErr := resolveAddr(conf)
 		if fatalErr != nil {
 			return groupings, fatalErr

caddy/letsencrypt/maintain.go

@@ -25,7 +25,7 @@ var OnChange func() error
 //
 // You must pass in the server configs to maintain and the channel
 // which you'll close when maintenance should stop, to allow this
-// goroutine to clean up after itself.
+// goroutine to clean up after itself and unblock.
 func maintainAssets(configs []server.Config, stopChan chan struct{}) {
 	renewalTicker := time.NewTicker(renewInterval)
 	ocspTicker := time.NewTicker(ocspInterval)
@@ -66,7 +66,7 @@ func maintainAssets(configs []server.Config, stopChan chan struct{}) {
 
 // renewCertificates loops through all configured site and
 // looks for certificates to renew. Nothing is mutated
-// through this function. The changes happen directly on disk.
+// through this function; all changes happen directly on disk.
 // It returns the number of certificates renewed and any errors
 // that occurred. It only performs a renewal if necessary.
 func renewCertificates(configs []server.Config) (int, []error) {
@@ -75,7 +75,7 @@ func renewCertificates(configs []server.Config) (int, []error) {
 	var n int
 
 	for _, cfg := range configs {
-		// Host must be TLS-enabled and have assets managed by LE
+		// Host must be TLS-enabled and have existing assets managed by LE
 		if !cfg.TLS.Enabled || !existingCertAndKey(cfg.Host) {
 			continue
 		}
@@ -100,7 +100,7 @@ func renewCertificates(configs []server.Config) (int, []error) {
 		// Renew with a week or less remaining.
 		if daysLeft <= 7 {
 			log.Printf("[INFO] There are %d days left on the certificate of %s. Trying to renew now.", daysLeft, cfg.Host)
-			client, err := newClient(getEmail(cfg))
+			client, err := newClient("") // email not used for renewal
 			if err != nil {
 				errs = append(errs, err)
 				continue

main.go

@@ -41,7 +41,7 @@ func init() {
 	// TODO: Production endpoint is: https://acme-v01.api.letsencrypt.org
 	flag.StringVar(&letsencrypt.CAUrl, "ca", "https://acme-staging.api.letsencrypt.org", "Certificate authority ACME server")
 	flag.BoolVar(&letsencrypt.Agreed, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
-	flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default email address to use for Let's Encrypt transactions")
+	flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default Let's Encrypt account email address")
 	flag.StringVar(&revoke, "revoke", "", "Hostname for which to revoke the certificate")
 }