3 changed files with 16 additions and 20 deletions
--- a/app/Livewire/Setup/Wizard.php
+++ b/app/Livewire/Setup/Wizard.php
@ -181,6 +181,12 @@ class Wizard extends Component
        $done = @file_get_contents(self::STATE_DIR . '/done');
        if ($done !== false) {
            $this->setupDone = true;
+
+            // Bei erfolgreichem SSL sofort auf HTTPS weiterleiten,
+            // damit Livewire nicht mehr über HTTP pollt
+            if (trim($done) === '1' && $this->ui_domain) {
+                $this->redirect('https://' . $this->ui_domain . '/setup', navigate: false);
+            }
        }
    }

--- a/installer.sh
+++ b/installer.sh
@ -725,9 +725,8 @@ if [ -n "${UI_HOST}" ] && [ "${UI_HAS_CERT}" = "1" ]; then
  cat <<CONF

 server {
-  listen 443 ssl;
-  listen [::]:443 ssl;
-  http2 on;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
  server_name ${UI_HOST};

  ssl_certificate     /etc/letsencrypt/live/${UI_HOST}/fullchain.pem;
@ -753,9 +752,8 @@ if [ -n "${WEBMAIL_HOST}" ] && [ "${WM_HAS_CERT}" = "1" ]; then
  cat <<CONF

 server {
-  listen 443 ssl;
-  listen [::]:443 ssl;
-  http2 on;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
  server_name ${WEBMAIL_HOST};

  ssl_certificate     /etc/letsencrypt/live/${WEBMAIL_HOST}/fullchain.pem;
@ -778,20 +776,15 @@ CONF
 fi
 ) > "${NGINX_SITE}"

-# State-Dateien VOR dem nginx-Switch schreiben:
-# Browser-Poll (alle 2s) liest done=1 → Polling stoppt → "Zum Login" erscheint.
-# Danach 6s sleep → nginx switchet auf HTTPS → User klickt Link → funktioniert.
+# State-Dateien VOR dem nginx-Switch schreiben damit der Browser
+# noch über HTTP redirecten kann bevor nginx auf HTTPS wechselt
 STATE_DIR="/var/lib/mailwolt/wizard"
 if [ -d "${STATE_DIR}" ]; then
  for k in ui mail webmail; do
    [ -f "${STATE_DIR}/${k}" ] && printf "done" > "${STATE_DIR}/${k}"
  done
-  if [ "${UI_HAS_CERT}" = "1" ] || [ "${WM_HAS_CERT}" = "1" ]; then
-    printf "1" > "${STATE_DIR}/done"
-  else
-    printf "0" > "${STATE_DIR}/done"
-  fi
-  sleep 6
+  printf "1" > "${STATE_DIR}/done"
+  sleep 6  # 3 Poll-Zyklen (à 2s) — Browser hat Zeit zu redirecten
 fi

 nginx -t && systemctl reload nginx
@ -805,7 +798,6 @@ install -m 755 "${APP_DIR}/update.sh" /usr/local/sbin/mailwolt-update
 cat > /etc/sudoers.d/mailwolt-certbot <<'SUDOERS'
 www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-apply-domains
 www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-update
-www-data ALL=(root) NOPASSWD: /usr/bin/certbot
 SUDOERS
 chmod 440 /etc/sudoers.d/mailwolt-certbot

--- a/resources/views/livewire/setup/wizard.blade.php
+++ b/resources/views/livewire/setup/wizard.blade.php
@ -292,12 +292,10 @@
    </div>
    @elseif($step === 5 && $setupDone)
    <div style="display:flex;justify-content:flex-end;margin-top:20px">
-        {{-- Kein wire:click — plain Link damit kein Livewire-POST nötig ist.
-             nginx leitet /login nach SSL-Switch automatisch auf HTTPS weiter. --}}
-        <a href="/login" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content;text-decoration:none;display:inline-flex;align-items:center;gap:6px">
+        <button wire:click="goToLogin" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content">
            <svg width="12" height="12" viewBox="0 0 12 12" fill="none"><path d="M2 6.5l2.5 2.5 5.5-5.5" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/></svg>
            {{ collect($domainStatus)->contains(fn($s) => in_array($s, ['error','nodns','noipv6'])) ? 'Trotzdem zum Login' : 'Zum Login' }}
-        </a>
+        </button>
    </div>
    @endif