v9.5.0

changelog.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 2026-04-05 - 9.5.0 - feat(smartacme)
+add forceRenew option to bypass cached certificate reuse during issuance
+
+- adds a forceRenew flag to certificate issuance input handling
+- skips the cached valid-certificate check when forceRenew is enabled
+
+## 2026-04-03 - 9.4.0 - feat(smartacme)
+add forceRenew option for certificate issuance requests
+
+- extends getCertificateForDomain() options with forceRenew to allow bypassing cached non-expired certificates
+- preserves the existing certificate as a fallback during forced renewal instead of deleting it before successful issuance
+
 ## 2026-03-27 - 9.3.1 - fix(acme)
 parse issued certificate expiry from X.509 metadata and update build compatibility for dependency upgrades
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartacme",
-  "version": "9.3.1",
+  "version": "9.5.0",
   "private": false,
   "description": "A TypeScript-based ACME client and server for certificate management with built-in CA, supporting LetsEncrypt and custom ACME authorities.",
   "main": "dist_ts/index.js",

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartacme',
-  version: '9.3.1',
+  version: '9.5.0',
   description: 'A TypeScript-based ACME client and server for certificate management with built-in CA, supporting LetsEncrypt and custom ACME authorities.'
 }

ts/smartacme.classes.smartacme.ts

@@ -11,6 +11,7 @@ interface ICertIssuanceInput {
   domainArg: string;
   isWildcardRequest: boolean;
   includeWildcard: boolean;
+  forceRenew: boolean;
 }
 
 const CERT_ISSUANCE_STEPS = [
@@ -159,6 +160,7 @@ export class SmartAcme {
       },
       shouldExecute: async (_task, input?: ICertIssuanceInput) => {
         if (!input?.certDomainName || !this.certmanager) return true;
+        if (input.forceRenew) return true;
         // Safety net: if a valid cert is already cached, skip re-issuance
         const existing = await this.certmanager.retrieveCertificate(input.certDomainName);
         if (existing && !existing.shouldBeRenewed()) {
@@ -360,8 +362,9 @@ export class SmartAcme {
    */
   public async getCertificateForDomain(
     domainArg: string,
-    options?: { includeWildcard?: boolean }
+    options?: { includeWildcard?: boolean; forceRenew?: boolean }
   ): Promise<SmartacmeCert> {
+    const forceRenew = options?.forceRenew ?? false;
     // Determine if this is a wildcard request (e.g., '*.example.com').
     const isWildcardRequest = domainArg.startsWith('*.');
     // Determine the base domain for certificate retrieval/issuance.
@@ -381,12 +384,14 @@ export class SmartAcme {
     // Retrieve any existing certificate record by base domain.
     const retrievedCertificate = await this.certmanager.retrieveCertificate(certDomainName);
 
-    if (retrievedCertificate && !retrievedCertificate.shouldBeRenewed()) {
+    if (!forceRenew && retrievedCertificate && !retrievedCertificate.shouldBeRenewed()) {
       return retrievedCertificate;
-    } else if (retrievedCertificate && retrievedCertificate.shouldBeRenewed()) {
-      // Remove old certificate via certManager
+    } else if (!forceRenew && retrievedCertificate && retrievedCertificate.shouldBeRenewed()) {
+      // Remove old certificate via certManager (safe — it needs renewal anyway)
       await this.certmanager.deleteCertificate(certDomainName);
     }
+    // When forceRenew is true, keep the existing cert in place as fallback.
+    // The new cert will overwrite it upon successful issuance via certmanager.storeCertificate().
 
     // Build issuance input and trigger the constrained task
     const issuanceInput: ICertIssuanceInput = {
@@ -394,6 +399,7 @@ export class SmartAcme {
       domainArg,
       isWildcardRequest,
       includeWildcard: options?.includeWildcard ?? false,
+      forceRenew,
     };
 
     const result = await this.taskManager.triggerTaskConstrained(