Revert "Try to fix ACME path when renew (#33668)"

This reverts commit f991807.

Author: wxiaoguang

cmd/web_acme.go

@@ -54,6 +54,10 @@ func runACME(listenAddr string, m http.Handler) error {
 		altTLSALPNPort = p
 	}
 
+	// FIXME: this path is not right, it uses "AppWorkPath" incorrectly, and writes the data into "AppWorkPath/https"
+	// Ideally it should migrate to AppDataPath write to "AppDataPath/https"
+	certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
+	magic := certmagic.NewDefault()
 	// Try to use private CA root if provided, otherwise defaults to system's trust
 	var certPool *x509.CertPool
 	if setting.AcmeCARoot != "" {
@@ -63,13 +67,7 @@ func runACME(listenAddr string, m http.Handler) error {
 			log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err)
 		}
 	}
-	// FIXME: this path is not right, it uses "AppWorkPath" incorrectly, and writes the data into "AppWorkPath/https"
-	// Ideally it should migrate to AppDataPath write to "AppDataPath/https"
-	// And one more thing, no idea why we should set the global default variables here
-	// But it seems that the current ACME code needs these global variables to make renew work.
-	// Otherwise, "renew" will use incorrect storage path
-	certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
-	certmagic.DefaultACME = certmagic.ACMEIssuer{
+	myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{
 		CA:                      setting.AcmeURL,
 		TrustedRoots:            certPool,
 		Email:                   setting.AcmeEmail,
@@ -79,10 +77,8 @@ func runACME(listenAddr string, m http.Handler) error {
 		ListenHost:              setting.HTTPAddr,
 		AltTLSALPNPort:          altTLSALPNPort,
 		AltHTTPPort:             altHTTPPort,
-	}
+	})
 
-	magic := certmagic.NewDefault()
-	myACME := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME)
 	magic.Issuers = []certmagic.Issuer{myACME}
 
 	// this obtains certificates or renews them if necessary

modules/setting/server.go

@@ -169,24 +169,20 @@ func loadServerFrom(rootCfg ConfigProvider) {
 	HTTPAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0")
 	HTTPPort = sec.Key("HTTP_PORT").MustString("3000")
 
-	// DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version
-	// if these are removed, the warning will not be shown
-	if sec.HasKey("ENABLE_ACME") {
-		EnableAcme = sec.Key("ENABLE_ACME").MustBool(false)
-	} else {
-		deprecatedSetting(rootCfg, "server", "ENABLE_LETSENCRYPT", "server", "ENABLE_ACME", "v1.19.0")
-		EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
-	}
-
 	Protocol = HTTP
 	protocolCfg := sec.Key("PROTOCOL").String()
-	if protocolCfg != "https" && EnableAcme {
-		log.Fatal("ACME could only be used with HTTPS protocol")
-	}
-
 	switch protocolCfg {
 	case "https":
 		Protocol = HTTPS
+
+		// DEPRECATED should not be removed because users maybe upgrade from lower version to the latest version
+		// if these are removed, the warning will not be shown
+		if sec.HasKey("ENABLE_ACME") {
+			EnableAcme = sec.Key("ENABLE_ACME").MustBool(false)
+		} else {
+			deprecatedSetting(rootCfg, "server", "ENABLE_LETSENCRYPT", "server", "ENABLE_ACME", "v1.19.0")
+			EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
+		}
 		if EnableAcme {
 			AcmeURL = sec.Key("ACME_URL").MustString("")
 			AcmeCARoot = sec.Key("ACME_CA_ROOT").MustString("")
@@ -214,9 +210,6 @@ func loadServerFrom(rootCfg ConfigProvider) {
 				deprecatedSetting(rootCfg, "server", "LETSENCRYPT_EMAIL", "server", "ACME_EMAIL", "v1.19.0")
 				AcmeEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
 			}
-			if AcmeEmail == "" {
-				log.Fatal("ACME Email is not set (ACME_EMAIL).")
-			}
 		} else {
 			CertFile = sec.Key("CERT_FILE").String()
 			KeyFile = sec.Key("KEY_FILE").String()