feat(smartacme): add forceRenew option for certificate issuance requests

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartacme',
-  version: '9.3.1',
+  version: '9.4.0',
   description: 'A TypeScript-based ACME client and server for certificate management with built-in CA, supporting LetsEncrypt and custom ACME authorities.'
 }

ts/smartacme.classes.smartacme.ts

@@ -360,8 +360,9 @@ export class SmartAcme {
    */
   public async getCertificateForDomain(
     domainArg: string,
-    options?: { includeWildcard?: boolean }
+    options?: { includeWildcard?: boolean; forceRenew?: boolean }
   ): Promise<SmartacmeCert> {
+    const forceRenew = options?.forceRenew ?? false;
     // Determine if this is a wildcard request (e.g., '*.example.com').
     const isWildcardRequest = domainArg.startsWith('*.');
     // Determine the base domain for certificate retrieval/issuance.
@@ -381,12 +382,14 @@ export class SmartAcme {
     // Retrieve any existing certificate record by base domain.
     const retrievedCertificate = await this.certmanager.retrieveCertificate(certDomainName);
 
-    if (retrievedCertificate && !retrievedCertificate.shouldBeRenewed()) {
+    if (!forceRenew && retrievedCertificate && !retrievedCertificate.shouldBeRenewed()) {
       return retrievedCertificate;
-    } else if (retrievedCertificate && retrievedCertificate.shouldBeRenewed()) {
-      // Remove old certificate via certManager
+    } else if (!forceRenew && retrievedCertificate && retrievedCertificate.shouldBeRenewed()) {
+      // Remove old certificate via certManager (safe — it needs renewal anyway)
       await this.certmanager.deleteCertificate(certDomainName);
     }
+    // When forceRenew is true, keep the existing cert in place as fallback.
+    // The new cert will overwrite it upon successful issuance via certmanager.storeCertificate().
 
     // Build issuance input and trigger the constrained task
     const issuanceInput: ICertIssuanceInput = {