v9.4.0

feat(smartacme): add forceRenew option for certificate issuance requests
2026-04-03 19:02:47 +00:00 · 2026-04-03 19:02:47 +00:00
4 changed files with 15 additions and 6 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,11 @@
 # Changelog

+## 2026-04-03 - 9.4.0 - feat(smartacme)
+add forceRenew option for certificate issuance requests
+
+- extends getCertificateForDomain() options with forceRenew to allow bypassing cached non-expired certificates
+- preserves the existing certificate as a fallback during forced renewal instead of deleting it before successful issuance
+
 ## 2026-03-27 - 9.3.1 - fix(acme)
 parse issued certificate expiry from X.509 metadata and update build compatibility for dependency upgrades

--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@push.rocks/smartacme",
-  "version": "9.3.1",
+  "version": "9.4.0",
  "private": false,
  "description": "A TypeScript-based ACME client and server for certificate management with built-in CA, supporting LetsEncrypt and custom ACME authorities.",
  "main": "dist_ts/index.js",
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartacme',
-  version: '9.3.1',
+  version: '9.4.0',
  description: 'A TypeScript-based ACME client and server for certificate management with built-in CA, supporting LetsEncrypt and custom ACME authorities.'
 }
--- a/ts/smartacme.classes.smartacme.ts
+++ b/ts/smartacme.classes.smartacme.ts
@@ -360,8 +360,9 @@ export class SmartAcme {
   */
  public async getCertificateForDomain(
    domainArg: string,
-    options?: { includeWildcard?: boolean }
+    options?: { includeWildcard?: boolean; forceRenew?: boolean }
  ): Promise<SmartacmeCert> {
+    const forceRenew = options?.forceRenew ?? false;
    // Determine if this is a wildcard request (e.g., '*.example.com').
    const isWildcardRequest = domainArg.startsWith('*.');
    // Determine the base domain for certificate retrieval/issuance.
@@ -381,12 +382,14 @@ export class SmartAcme {
    // Retrieve any existing certificate record by base domain.
    const retrievedCertificate = await this.certmanager.retrieveCertificate(certDomainName);

-    if (retrievedCertificate && !retrievedCertificate.shouldBeRenewed()) {
+    if (!forceRenew && retrievedCertificate && !retrievedCertificate.shouldBeRenewed()) {
      return retrievedCertificate;
-    } else if (retrievedCertificate && retrievedCertificate.shouldBeRenewed()) {
-      // Remove old certificate via certManager
+    } else if (!forceRenew && retrievedCertificate && retrievedCertificate.shouldBeRenewed()) {
+      // Remove old certificate via certManager (safe — it needs renewal anyway)
      await this.certmanager.deleteCertificate(certDomainName);
    }
+    // When forceRenew is true, keep the existing cert in place as fallback.
+    // The new cert will overwrite it upon successful issuance via certmanager.storeCertificate().

    // Build issuance input and trigger the constrained task
    const issuanceInput: ICertIssuanceInput = {
Author	SHA1	Message	Date
Juergen Kunz	9cf5ea05e2	v9.4.0 Some checks failed Default (tags) / security (push) Failing after 0s Details Default (tags) / test (push) Failing after 0s Details Default (tags) / release (push) Has been skipped Details Default (tags) / metadata (push) Has been skipped Details	2026-04-03 19:02:47 +00:00
Juergen Kunz	50f02bf81b	feat(smartacme): add forceRenew option for certificate issuance requests	2026-04-03 19:02:47 +00:00