feat(acme): Improve certificate management by adding global ACME configuration support and allowing route-level overrides. Enhanced error messages help identify missing ACME email and misconfigurations (e.g. wildcard domains). Documentation has been updated and new tests added to verify SmartCertManager behavior, ensuring a clearer migration path from legacy implementations.

docs/certificate-management.md

@@ -1,18 +1,60 @@
-# Certificate Management in SmartProxy v18+
+# Certificate Management in SmartProxy v19+
 
 ## Overview
 
-SmartProxy v18+ introduces a simplified certificate management system using the new `SmartCertManager` class. This replaces the previous `Port80Handler` and multiple certificate-related modules with a unified, route-based approach.
+SmartProxy v19+ enhances certificate management with support for both global and route-level ACME configuration. This guide covers the updated certificate management system, which now supports flexible configuration hierarchies.
 
 ## Key Changes from Previous Versions
 
-- **No backward compatibility**: This is a clean break from the legacy certificate system
-- **No separate Port80Handler**: ACME challenges are now handled as regular SmartProxy routes
-- **Unified route-based configuration**: Certificates are configured directly in route definitions
+### v19.0.0 Changes
+- **Global ACME configuration**: Set default ACME settings for all routes with `certificate: 'auto'`
+- **Configuration hierarchy**: Top-level ACME settings serve as defaults, route-level settings override
+- **Better error messages**: Clear guidance when ACME configuration is missing
+- **Improved validation**: Configuration validation warns about common issues
+
+### v18.0.0 Changes (from v17)
+- **No backward compatibility**: Clean break from the legacy certificate system
+- **No separate Port80Handler**: ACME challenges handled as regular SmartProxy routes
+- **Unified route-based configuration**: Certificates configured directly in route definitions
 - **Direct integration with @push.rocks/smartacme**: Leverages SmartAcme's built-in capabilities
 
 ## Configuration
 
+### Global ACME Configuration (New in v19+)
+
+Set default ACME settings at the top level that apply to all routes with `certificate: 'auto'`:
+
+```typescript
+const proxy = new SmartProxy({
+  // Global ACME defaults
+  acme: {
+    email: 'ssl@example.com',         // Required for Let's Encrypt
+    useProduction: false,             // Use staging by default
+    port: 80,                         // Port for HTTP-01 challenges
+    renewThresholdDays: 30,           // Renew 30 days before expiry
+    certificateStore: './certs',      // Certificate storage directory
+    autoRenew: true,                  // Enable automatic renewal
+    renewCheckIntervalHours: 24       // Check for renewals daily
+  },
+  
+  routes: [
+    // Routes using certificate: 'auto' will inherit global settings
+    {
+      name: 'website',
+      match: { ports: 443, domains: 'example.com' },
+      action: {
+        type: 'forward',
+        target: { host: 'localhost', port: 8080 },
+        tls: {
+          mode: 'terminate',
+          certificate: 'auto'  // Uses global ACME configuration
+        }
+      }
+    }
+  ]
+});
+```
+
 ### Route-Level Certificate Configuration
 
 Certificates are now configured at the route level using the `tls` property: