letsencrypt: Activate during config load just after tls directive

Before, we were activating Let's Encrypt after all the directives were executed. This means their setup functions had access to potentially erroneous information about the server's TLS setup, since the letsencrypt package makes changes to the port, etc. Now, we execute all directives up to and including tls, then activate letsencrypt, then finish with the rest of the directives. It's a bit ugly, but I do think it is more correct. It also fixes some bugs, for example: a host that only has a catch-all redirect.

caddy/letsencrypt/letsencrypt.go

@@ -40,10 +40,16 @@ import (
 // Activate returns the updated list of configs, since
 // some may have been appended, for example, to redirect
 // plaintext HTTP requests to their HTTPS counterpart.
+// This function only appends; it does not prepend or splice.
 func Activate(configs []server.Config) ([]server.Config, error) {
 	// just in case previous caller forgot...
 	Deactivate()
 
+	// TODO: All the output the end user should see when running caddy is something
+	// simple like "Setting up HTTPS..." (and maybe 'done' at the end of the line when finished).
+	// In other words, hide all the other logging except for on errors. Or maybe
+	// have a place to put those logs.
+
 	// reset cached ocsp statuses from any previous activations
 	ocspStatus = make(map[*[]byte]int)