diff --git a/data/helpers.d/backend b/data/helpers.d/backend
index c0cbc616c..b715776e2 100644
--- a/data/helpers.d/backend
+++ b/data/helpers.d/backend
@@ -123,7 +123,7 @@ ynh_add_nginx_config () {
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
 	if test -n "${path_url:-}"; then
-		# path_url_slash_less if path_url or a blank value if path_url is only '/'
+		# path_url_slash_less is path_url, or a blank value if path_url is only '/'
 		path_url_slash_less=${path_url%/}
 		ynh_replace_string "__PATH__/" "$path_url_slash_less/" "$finalnginxconf"
 		ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf"
diff --git a/data/helpers.d/utils b/data/helpers.d/utils
index 44c679471..2cb18c5c0 100644
--- a/data/helpers.d/utils
+++ b/data/helpers.d/utils
@@ -59,14 +59,19 @@ ynh_restore_upgradebackup () {
 # ynh_abort_if_errors
 #
 ynh_backup_before_upgrade () {
+	if [ ! -e "/etc/yunohost/apps/$app/scripts/backup" ]
+	then
+		echo "This app doesn't have any backup script." >&2
+		return
+	fi
 	backup_number=1
 	old_backup_number=2
 	app_bck=${app//_/-}	# Replace all '_' by '-'
-	
-    	# Check if a backup already exists with the prefix 1
+
+	# Check if a backup already exists with the prefix 1
 	if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
-    	then
-        	# Prefix becomes 2 to preserve the previous backup
+	then
+		# Prefix becomes 2 to preserve the previous backup
 		backup_number=2
 		old_backup_number=1
 	fi
@@ -74,7 +79,7 @@ ynh_backup_before_upgrade () {
 	# Create backup
 	sudo yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number
 	if [ "$?" -eq 0 ]
-    	then
+	then
 		# If the backup succeeded, remove the previous backup
 		if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
 		then
diff --git a/data/templates/yunohost/firewall.yml b/data/templates/yunohost/firewall.yml
index df5b0fe88..201a39092 100644
--- a/data/templates/yunohost/firewall.yml
+++ b/data/templates/yunohost/firewall.yml
@@ -1,7 +1,7 @@
 uPnP:
     enabled: false
-    TCP: [22, 25, 53, 80, 443, 465, 587, 993, 5222, 5269]
-    UDP: [53]
+    TCP: [22, 25, 80, 443, 465, 587, 993, 5222, 5269]
+    UDP: []
 ipv4:
     TCP: [22, 25, 53, 80, 443, 465, 587, 993, 5222, 5269]
     UDP: [53, 5353]
diff --git a/locales/fr.json b/locales/fr.json
index 8bda0ddc3..8baccbd70 100644
--- a/locales/fr.json
+++ b/locales/fr.json
@@ -1,7 +1,7 @@
 {
     "action_invalid": "Action « {action:s} » incorrecte",
     "admin_password": "Mot de passe d'administration",
-    "admin_password_change_failed": "Impossible de modifier le mot de passe d'administration",
+    "admin_password_change_failed": "Impossible de changer le mot de passe",
     "admin_password_changed": "Le mot de passe d'administration a été modifié",
     "app_already_installed": "{app:s} est déjà installé",
     "app_argument_choice_invalid": "Choix invalide pour le paramètre « {name:s} », il doit être l'un de {choices:s}",
diff --git a/src/yunohost/vendor/acme_tiny/acme_tiny.py b/src/yunohost/vendor/acme_tiny/acme_tiny.py
index d0ba33d1e..6fd8558d5 100644
--- a/src/yunohost/vendor/acme_tiny/acme_tiny.py
+++ b/src/yunohost/vendor/acme_tiny/acme_tiny.py
@@ -39,7 +39,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA):
         raise IOError("OpenSSL Error: {0}".format(err))
     pub_hex, pub_exp = re.search(
         r"modulus:\n\s+00:([a-f0-9\:\s]+?)\npublicExponent: ([0-9]+)",
-        out.decode('utf8'), re.MULTILINE | re.DOTALL).groups()
+        out.decode('utf8'), re.MULTILINE|re.DOTALL).groups()
     pub_exp = "{0:x}".format(int(pub_exp))
     pub_exp = "0{0}".format(pub_exp) if len(pub_exp) % 2 else pub_exp
     header = {
@@ -82,10 +82,10 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA):
     if proc.returncode != 0:
         raise IOError("Error loading {0}: {1}".format(csr, err))
     domains = set([])
-    common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8'))
+    common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8'))
     if common_name is not None:
         domains.add(common_name.group(1))
-    subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE | re.DOTALL)
+    subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL)
     if subject_alt_names is not None:
         for san in subject_alt_names.group(1).split(", "):
             if san.startswith("DNS:"):
@@ -95,7 +95,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA):
     log.info("Registering account...")
     code, result = _send_signed_request(CA + "/acme/new-reg", {
         "resource": "new-reg",
-        "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
+        "agreement": json.loads(urlopen(CA + "/directory").read().decode('utf8'))['meta']['terms-of-service'],
     })
     if code == 201:
         log.info("Registered!")