From ed1828ca92b08563845f453b4f7785753102b9ea Mon Sep 17 00:00:00 2001
From: Giteabot <teabot@gitea.io>
Date: Fri, 10 Jan 2025 09:06:40 +0800
Subject: [PATCH] Fix ACME panic (#33178) (#33186)

Backport #33178 by @wxiaoguang

Fix #33177, Manually tested:

````
1.7364311850484018e+09	info	maintenance	started background certificate maintenance	{"cache": "0x1400ca64180"}
1.736431185054049e+09	info	obtain	acquiring lock	{"identifier": "example.com"}
1.736431185058073e+09	info	obtain	lock acquired	{"identifier": "example.com"}
1.736431185058133e+09	info	obtain	obtaining certificate	{"identifier": "example.com"}
````

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---
 cmd/web_acme.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cmd/web_acme.go b/cmd/web_acme.go
index 2fe14c1f54..5daf0f55f2 100644
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -54,8 +54,10 @@ func runACME(listenAddr string, m http.Handler) error {
 		altTLSALPNPort = p
 	}
 
-	magic := &certmagic.Default
-	magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
+	// FIXME: this path is not right, it uses "AppWorkPath" incorrectly, and writes the data into "AppWorkPath/https"
+	// Ideally it should migrate to AppDataPath write to "AppDataPath/https"
+	certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
+	magic := certmagic.NewDefault()
 	// Try to use private CA root if provided, otherwise defaults to system's trust
 	var certPool *x509.CertPool
 	if setting.AcmeCARoot != "" {