feat(portproxy): Add ACME certificate management options to PortProxy, update ACME settings handling, and bump dependency versions

2025-03-11 12:56:03 +00:00 · 2025-03-11 12:56:03 +00:00 · 8d06f1533e
commit 8d06f1533e
parent 223be61c8d
5 changed files with 242 additions and 71 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,13 @@
 # Changelog

+## 2025-03-11 - 3.37.0 - feat(portproxy)
+Add ACME certificate management options to PortProxy, update ACME settings handling, and bump dependency versions
+
+- Bumped version in package.json from 3.34.0 to 3.36.0 and updated commitinfo accordingly
+- Updated dependencies: @push.rocks/tapbundle to ^5.5.10, @types/node to ^22.13.10, and @tsclass/tsclass to ^5.0.0
+- Added ACME certificate management configuration to PortProxy settings (acme options, updateAcmeSettings, requestCertificate)
+- Enhanced sync of domain configs to NetworkProxy with fallback for missing default certificates
+
 ## 2025-03-11 - 3.34.0 - feat(core)
 Improve wildcard domain matching and enhance NetworkProxy integration in PortProxy. Added support for TLD wildcards and complex wildcard patterns in the router, and refactored TLS renegotiation handling for stricter SNI enforcement.

--- a/package.json
+++ b/package.json
@ -1,8 +1,8 @@
 {
  "name": "@push.rocks/smartproxy",
-  "version": "3.34.0",
+  "version": "3.36.0",
  "private": false,
-  "description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.",
+  "description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
  "main": "dist_ts/index.js",
  "typings": "dist_ts/index.d.ts",
  "type": "module",
@ -18,8 +18,8 @@
    "@git.zone/tsbuild": "^2.2.6",
    "@git.zone/tsrun": "^1.2.44",
    "@git.zone/tstest": "^1.0.77",
-    "@push.rocks/tapbundle": "^5.5.6",
-    "@types/node": "^22.13.9",
+    "@push.rocks/tapbundle": "^5.5.10",
+    "@types/node": "^22.13.10",
    "typescript": "^5.8.2"
  },
  "dependencies": {
@ -28,7 +28,7 @@
    "@push.rocks/smartpromise": "^4.2.3",
    "@push.rocks/smartrequest": "^2.0.23",
    "@push.rocks/smartstring": "^4.0.15",
-    "@tsclass/tsclass": "^4.4.3",
+    "@tsclass/tsclass": "^5.0.0",
    "@types/minimatch": "^5.1.2",
    "@types/ws": "^8.18.0",
    "acme-client": "^5.4.0",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -24,8 +24,8 @@ importers:
        specifier: ^4.0.15
        version: 4.0.15
      '@tsclass/tsclass':
-        specifier: ^4.4.3
-        version: 4.4.3
+        specifier: ^5.0.0
+        version: 5.0.0
      '@types/minimatch':
        specifier: ^5.1.2
        version: 5.1.2
@ -55,11 +55,11 @@ importers:
        specifier: ^1.0.77
        version: 1.0.96(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)(typescript@5.8.2)
      '@push.rocks/tapbundle':
-        specifier: ^5.5.6
-        version: 5.5.6(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)
+        specifier: ^5.5.10
+        version: 5.5.10(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)
      '@types/node':
-        specifier: ^22.13.9
-        version: 22.13.9
+        specifier: ^22.13.10
+        version: 22.13.10
      typescript:
        specifier: ^5.8.2
        version: 5.8.2
@ -941,8 +941,8 @@ packages:
  '@push.rocks/smartyaml@2.0.5':
    resolution: {integrity: sha512-tBcf+HaOIfeEsTMwgUZDtZERCxXQyRsWO8Ar5DjBdiSRchbhVGZQEBzXswMS0W5ZoRenjgPK+4tPW3JQGRTfbg==}

-  '@push.rocks/tapbundle@5.5.6':
-    resolution: {integrity: sha512-V6u+nZwt4fNccxbm3ztZgHr/QAj/uKhaaOUFgtaae0jzYdds4jNEI+mXLpfXuNMgm7Nx93Lk5XUxWKTI8drjNw==}
+  '@push.rocks/tapbundle@5.5.10':
+    resolution: {integrity: sha512-vTGzd3/kzKp8s6jrREGIKGG+87fy7grcTZIelVDpyZMtBdIi9Fe7g8EIw/reVx8oTAFSuUEAEaAT8B5NDIFStg==}

  '@push.rocks/taskbuffer@3.1.7':
    resolution: {integrity: sha512-QktGVJPucqQmW/QNGnscf4FAigT1H7JWKFGFdRuDEaOHKFh9qN+PXG3QY7DtZ4jfXdGLxPN4yAufDuPSAJYFnw==}
@ -1315,8 +1315,11 @@ packages:
  '@tsclass/tsclass@3.0.48':
    resolution: {integrity: sha512-hC65UvDlp9qvsl6OcIZXz0JNiWZ0gyzsTzbXpg215sGxopgbkOLCr6E0s4qCTnweYm95gt2AdY95uP7M7kExaQ==}

-  '@tsclass/tsclass@4.4.3':
-    resolution: {integrity: sha512-Vhp+B1UsYlwXLhIeds++CXEeCwFgRzpput4YNM7Qyhr+UQgIMFRFAs2HSI3jEE5r9c1hR9G6MkSxi2U/CLyiaA==}
+  '@tsclass/tsclass@4.4.4':
+    resolution: {integrity: sha512-YZOAF+u+r4u5rCev2uUd1KBTBdfyFdtDmcv4wuN+864lMccbdfRICR3SlJwCfYS1lbeV3QNLYGD30wjRXgvCJA==}
+
+  '@tsclass/tsclass@5.0.0':
+    resolution: {integrity: sha512-2X66VCk0Oe1L01j6GQHC6F9Gj7lpZPPSUTDNax7e29lm4OqBTyAzTR3ePR8coSbWBwsmRV8awLRSrSI+swlqWA==}

  '@types/accepts@1.3.7':
    resolution: {integrity: sha512-Pay9fq2lM2wXPWbteBsRAGiWH2hig4ZE2asK+mm7kUzlxRTfL961rj89I6zV/E3PcIkDqyuBEcMxFT7rccugeQ==}
@ -1472,8 +1475,8 @@ packages:
  '@types/node-forge@1.3.11':
    resolution: {integrity: sha512-FQx220y22OKNTqaByeBGqHWYz4cl94tpcxeFdvBo3wjG6XPBuZ0BNgNZRV5J5TFmmcsJ4IzsLkmGRiQbnYsBEQ==}

-  '@types/node@22.13.9':
-    resolution: {integrity: sha512-acBjXdRJ3A6Pb3tqnw9HZmyR3Fiol3aGxRCK1x3d+6CDAMjl7I649wpSd+yNURCjbOUGu9tqtLKnTGxmK6CyGw==}
+  '@types/node@22.13.10':
+    resolution: {integrity: sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==}

  '@types/parse5@6.0.3':
    resolution: {integrity: sha512-SuT16Q1K51EAVPz1K29DJ/sXjhSQ0zjvsypYJ6tlwVsRV9jwW5Adq2ch8Dq8kDBCkYnELS7N7VNCSB5nC56t/g==}
@ -4373,7 +4376,7 @@ snapshots:
      '@push.rocks/taskbuffer': 3.1.7
      '@push.rocks/webrequest': 3.0.37
      '@push.rocks/webstore': 2.0.20
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4
      '@types/express': 4.17.21
      body-parser: 1.20.3
      cors: 2.8.5
@ -5231,7 +5234,7 @@ snapshots:
      '@push.rocks/smartlog': 3.0.7
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartshell': 3.2.3
-      '@push.rocks/tapbundle': 5.5.6(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)
+      '@push.rocks/tapbundle': 5.5.10(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)
      '@types/ws': 8.18.0
      figures: 6.1.0
      ws: 8.18.1
@ -5281,7 +5284,7 @@ snapshots:
      '@jest/schemas': 29.6.3
      '@types/istanbul-lib-coverage': 2.0.6
      '@types/istanbul-reports': 3.0.4
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      '@types/yargs': 17.0.33
      chalk: 4.1.2

@ -5529,7 +5532,7 @@ snapshots:
      '@push.rocks/smartstring': 4.0.15
      '@push.rocks/smartunique': 3.0.9
      '@push.rocks/taskbuffer': 3.1.7
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4
    transitivePeerDependencies:
      - aws-crt

@ -5551,7 +5554,7 @@ snapshots:
      '@pushrocks/smartjson': 4.0.6
      '@pushrocks/smartpath': 5.0.5
      '@pushrocks/smartpromise': 3.1.10
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4
      mongodb: 4.17.2
    transitivePeerDependencies:
      - aws-crt
@ -5602,7 +5605,7 @@ snapshots:
      '@push.rocks/smartstream': 3.2.5
      '@push.rocks/smartstring': 4.0.15
      '@push.rocks/smartunique': 3.0.9
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4
    transitivePeerDependencies:
      - aws-crt

@ -5652,7 +5655,7 @@ snapshots:
      '@push.rocks/smarttime': 4.1.1
      '@push.rocks/smartunique': 3.0.9
      '@push.rocks/taskbuffer': 3.1.7
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4
      mongodb: 6.14.2(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)
    transitivePeerDependencies:
      - '@aws-sdk/credential-providers'
@ -5764,7 +5767,7 @@ snapshots:
  '@push.rocks/smartlog-interfaces@3.0.2':
    dependencies:
      '@api.global/typedrequest-interfaces': 2.0.2
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4

  '@push.rocks/smartlog@3.0.7':
    dependencies:
@ -5879,7 +5882,7 @@ snapshots:
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartpuppeteer': 2.0.5(typescript@5.8.2)
      '@push.rocks/smartunique': 3.0.9
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4
      '@types/express': 5.0.0
      express: 4.21.2
      pdf-lib: 1.17.1
@ -5929,7 +5932,7 @@ snapshots:
      '@push.rocks/smartbucket': 3.3.7
      '@push.rocks/smartfile': 11.2.0
      '@push.rocks/smartpath': 5.0.18
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4
      '@types/s3rver': 3.7.4
      s3rver: 3.7.1
    transitivePeerDependencies:
@ -5952,7 +5955,7 @@ snapshots:
      '@push.rocks/smartxml': 1.1.1
      '@push.rocks/smartyaml': 2.0.5
      '@push.rocks/webrequest': 3.0.37
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4

  '@push.rocks/smartsocket@2.0.27':
    dependencies:
@ -6058,7 +6061,7 @@ snapshots:
      '@types/js-yaml': 3.12.10
      js-yaml: 3.14.1

-  '@push.rocks/tapbundle@5.5.6(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)':
+  '@push.rocks/tapbundle@5.5.10(@aws-sdk/credential-providers@3.758.0)(socks@2.8.4)':
    dependencies:
      '@open-wc/testing': 4.0.0
      '@push.rocks/consolecolor': 2.0.2
@ -6112,7 +6115,7 @@ snapshots:
    dependencies:
      '@pushrocks/smartdelay': 3.0.1
      '@pushrocks/smartpromise': 4.0.2
-      '@tsclass/tsclass': 4.4.3
+      '@tsclass/tsclass': 4.4.4

  '@push.rocks/webstore@2.0.20':
    dependencies:
@ -6654,20 +6657,24 @@ snapshots:
    dependencies:
      type-fest: 2.19.0

-  '@tsclass/tsclass@4.4.3':
+  '@tsclass/tsclass@4.4.4':
+    dependencies:
+      type-fest: 4.37.0
+
+  '@tsclass/tsclass@5.0.0':
    dependencies:
      type-fest: 4.37.0

  '@types/accepts@1.3.7':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/babel__code-frame@7.0.6': {}

  '@types/body-parser@1.19.5':
    dependencies:
      '@types/connect': 3.4.38
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/buffer-json@2.0.3': {}

@ -6683,17 +6690,17 @@ snapshots:

  '@types/clean-css@4.2.11':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      source-map: 0.6.1

  '@types/co-body@6.1.3':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      '@types/qs': 6.9.18

  '@types/connect@3.4.38':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/content-disposition@0.5.8': {}

@ -6706,11 +6713,11 @@ snapshots:
      '@types/connect': 3.4.38
      '@types/express': 5.0.0
      '@types/keygrip': 1.0.6
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/cors@2.8.17':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/debounce@1.2.4': {}

@ -6724,14 +6731,14 @@ snapshots:

  '@types/express-serve-static-core@4.19.6':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      '@types/qs': 6.9.18
      '@types/range-parser': 1.2.7
      '@types/send': 0.17.4

  '@types/express-serve-static-core@5.0.6':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      '@types/qs': 6.9.18
      '@types/range-parser': 1.2.7
      '@types/send': 0.17.4
@ -6756,30 +6763,30 @@ snapshots:

  '@types/from2@2.3.5':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/fs-extra@11.0.4':
    dependencies:
      '@types/jsonfile': 6.1.4
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/fs-extra@9.0.13':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/glob@7.2.0':
    dependencies:
      '@types/minimatch': 5.1.2
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/glob@8.1.0':
    dependencies:
      '@types/minimatch': 5.1.2
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/gunzip-maybe@1.4.2':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/hast@3.0.4':
    dependencies:
@ -6813,7 +6820,7 @@ snapshots:

  '@types/jsonfile@6.1.4':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/keygrip@1.0.6': {}

@ -6830,7 +6837,7 @@ snapshots:
      '@types/http-errors': 2.0.4
      '@types/keygrip': 1.0.6
      '@types/koa-compose': 3.2.8
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/mdast@4.0.4':
    dependencies:
@ -6848,9 +6855,9 @@ snapshots:

  '@types/node-forge@1.3.11':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

-  '@types/node@22.13.9':
+  '@types/node@22.13.10':
    dependencies:
      undici-types: 6.20.0

@ -6868,19 +6875,19 @@ snapshots:

  '@types/s3rver@3.7.4':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/semver@7.5.8': {}

  '@types/send@0.17.4':
    dependencies:
      '@types/mime': 1.3.5
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/serve-static@1.15.7':
    dependencies:
      '@types/http-errors': 2.0.4
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      '@types/send': 0.17.4

  '@types/sinon-chai@3.2.12':
@ -6900,11 +6907,11 @@ snapshots:

  '@types/tar-stream@2.2.3':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/through2@2.0.41':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/triple-beam@1.3.5': {}

@ -6928,18 +6935,18 @@ snapshots:

  '@types/whatwg-url@8.2.2':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      '@types/webidl-conversions': 7.0.3

  '@types/which@3.0.4': {}

  '@types/ws@7.4.7':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/ws@8.18.0':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10

  '@types/yargs-parser@21.0.3': {}

@ -6949,7 +6956,7 @@ snapshots:

  '@types/yauzl@2.10.3':
    dependencies:
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
    optional: true

  '@ungap/structured-clone@1.3.0': {}
@ -7598,7 +7605,7 @@ snapshots:
    dependencies:
      '@types/cookie': 0.4.1
      '@types/cors': 2.8.17
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      accepts: 1.3.8
      base64id: 2.0.0
      cookie: 0.4.2
@ -8370,7 +8377,7 @@ snapshots:
  jest-util@29.7.0:
    dependencies:
      '@jest/types': 29.6.3
-      '@types/node': 22.13.9
+      '@types/node': 22.13.10
      chalk: 4.1.2
      ci-info: 3.9.0
      graceful-fs: 4.2.11
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.35.0',
-  description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
+  version: '3.37.0',
+  description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
 }
--- a/ts/classes.portproxy.ts
+++ b/ts/classes.portproxy.ts
@ -56,9 +56,21 @@ export interface IPortProxySettings extends plugins.tls.TlsOptions {
  keepAliveInactivityMultiplier?: number; // Multiplier for inactivity timeout for keep-alive connections
  extendedKeepAliveLifetime?: number; // Extended lifetime for keep-alive connections (ms)

-  // New property for NetworkProxy integration
+  // NetworkProxy integration
  useNetworkProxy?: number[]; // Array of ports to forward to NetworkProxy
  networkProxyPort?: number; // Port where NetworkProxy is listening (default: 8443)
+  
+  // ACME certificate management options
+  acme?: {
+    enabled?: boolean;              // Whether to enable automatic certificate management
+    port?: number;                  // Port to listen on for ACME challenges (default: 80)
+    contactEmail?: string;          // Email for Let's Encrypt account 
+    useProduction?: boolean;        // Whether to use Let's Encrypt production (default: false for staging)
+    renewThresholdDays?: number;    // Days before expiry to renew certificates (default: 30)
+    autoRenew?: boolean;            // Whether to automatically renew certificates (default: true)
+    certificateStore?: string;      // Directory to store certificates (default: ./certs)
+    skipConfiguredCerts?: boolean;  // Skip domains that already have certificates configured
+  };
 }

 /**
@ -418,6 +430,18 @@ export class PortProxy {
      
      // NetworkProxy settings
      networkProxyPort: settingsArg.networkProxyPort || 8443, // Default NetworkProxy port
+      
+      // ACME certificate settings with reasonable defaults
+      acme: settingsArg.acme || {
+        enabled: false,
+        port: 80,
+        contactEmail: 'admin@example.com',
+        useProduction: false,
+        renewThresholdDays: 30,
+        autoRenew: true,
+        certificateStore: './certs',
+        skipConfiguredCerts: false
+      }
    };

    // Initialize NetworkProxy if enabled
@ -431,11 +455,19 @@ export class PortProxy {
   */
  private async initializeNetworkProxy(): Promise<void> {
    if (!this.networkProxy) {
-      this.networkProxy = new NetworkProxy({
+      // Configure NetworkProxy options based on PortProxy settings
+      const networkProxyOptions: any = {
        port: this.settings.networkProxyPort!,
        portProxyIntegration: true,
        logLevel: this.settings.enableDetailedLogging ? 'debug' : 'info'
-      });
+      };
+      
+      // Add ACME settings if configured
+      if (this.settings.acme) {
+        networkProxyOptions.acme = { ...this.settings.acme };
+      }
+      
+      this.networkProxy = new NetworkProxy(networkProxyOptions);
      
      console.log(`Initialized NetworkProxy on port ${this.settings.networkProxyPort}`);
      
@ -458,6 +490,55 @@ export class PortProxy {
    }
  }
  
+  /**
+   * Updates the ACME certificate settings
+   * @param acmeSettings New ACME settings
+   */
+  public async updateAcmeSettings(acmeSettings: IPortProxySettings['acme']): Promise<void> {
+    console.log('Updating ACME certificate settings');
+    
+    // Update settings
+    this.settings.acme = {
+      ...this.settings.acme,
+      ...acmeSettings
+    };
+    
+    // If NetworkProxy is initialized, update its ACME settings
+    if (this.networkProxy) {
+      try {
+        // Recreate NetworkProxy with new settings if ACME enabled state has changed
+        if (this.settings.acme.enabled !== acmeSettings.enabled) {
+          console.log(`ACME enabled state changed to: ${acmeSettings.enabled}`);
+          
+          // Stop the current NetworkProxy
+          await this.networkProxy.stop();
+          this.networkProxy = null;
+          
+          // Reinitialize with new settings
+          await this.initializeNetworkProxy();
+          
+          // Use start() to make sure ACME gets initialized if newly enabled
+          await this.networkProxy.start();
+        } else {
+          // Update existing NetworkProxy with new settings
+          // Note: Some settings may require a restart to take effect
+          console.log('Updating ACME settings in NetworkProxy');
+          
+          // For certificate renewals, we might want to trigger checks with the new settings
+          if (acmeSettings.renewThresholdDays) {
+            console.log(`Setting new renewal threshold to ${acmeSettings.renewThresholdDays} days`);
+            // This is implementation-dependent but gives an example
+            if (this.networkProxy.options.acme) {
+              this.networkProxy.options.acme.renewThresholdDays = acmeSettings.renewThresholdDays;
+            }
+          }
+        }
+      } catch (err) {
+        console.log(`Error updating ACME settings: ${err}`);
+      }
+    }
+  }
+  
  /**
   * Synchronizes PortProxy domain configurations to NetworkProxy
   * This allows domains configured in PortProxy to be used by NetworkProxy
@ -472,10 +553,24 @@ export class PortProxy {
      // Get SSL certificates from assets
      // Import fs directly since it's not in plugins
      const fs = await import('fs');
-      const certPair = {
-        key: fs.readFileSync('assets/certs/key.pem', 'utf8'),
-        cert: fs.readFileSync('assets/certs/cert.pem', 'utf8')
-      };
+      
+      let certPair;
+      try {
+        certPair = {
+          key: fs.readFileSync('assets/certs/key.pem', 'utf8'),
+          cert: fs.readFileSync('assets/certs/cert.pem', 'utf8')
+        };
+      } catch (certError) {
+        console.log(`Warning: Could not read default certificates: ${certError}`);
+        console.log('Using empty certificate placeholders - ACME will generate proper certificates if enabled');
+        
+        // Use empty placeholders - NetworkProxy will use its internal defaults
+        // or ACME will generate proper ones if enabled
+        certPair = {
+          key: '',
+          cert: ''
+        };
+      }
      
      // Convert domain configs to NetworkProxy configs
      const proxyConfigs = this.networkProxy.convertPortProxyConfigs(
@ -483,6 +578,19 @@ export class PortProxy {
        certPair
      );
      
+      // Log ACME-eligible domains if ACME is enabled
+      if (this.settings.acme?.enabled) {
+        const acmeEligibleDomains = proxyConfigs
+          .filter(config => !config.hostName.includes('*')) // Exclude wildcards
+          .map(config => config.hostName);
+          
+        if (acmeEligibleDomains.length > 0) {
+          console.log(`Domains eligible for ACME certificates: ${acmeEligibleDomains.join(', ')}`);
+        } else {
+          console.log('No domains eligible for ACME certificates found in configuration');
+        }
+      }
+      
      // Update NetworkProxy with the converted configs
      this.networkProxy.updateProxyConfigs(proxyConfigs).then(() => {
        console.log(`Successfully synchronized ${proxyConfigs.length} domain configurations to NetworkProxy`);
@ -493,6 +601,36 @@ export class PortProxy {
      console.log(`Failed to sync configurations: ${err}`);
    }
  }
+  
+  /**
+   * Requests a certificate for a specific domain
+   * @param domain The domain to request a certificate for
+   * @returns Promise that resolves to true if the request was successful, false otherwise
+   */
+  public async requestCertificate(domain: string): Promise<boolean> {
+    if (!this.networkProxy) {
+      console.log('Cannot request certificate - NetworkProxy not initialized');
+      return false;
+    }
+    
+    if (!this.settings.acme?.enabled) {
+      console.log('Cannot request certificate - ACME is not enabled');
+      return false;
+    }
+    
+    try {
+      const result = await this.networkProxy.requestCertificate(domain);
+      if (result) {
+        console.log(`Certificate request for ${domain} submitted successfully`);
+      } else {
+        console.log(`Certificate request for ${domain} failed`);
+      }
+      return result;
+    } catch (err) {
+      console.log(`Error requesting certificate: ${err}`);
+      return false;
+    }
+  }

  /**
   * Forwards a TLS connection to a NetworkProxy for handling
@ -1340,6 +1478,18 @@ export class PortProxy {
    if (this.networkProxy) {
      await this.networkProxy.start();
      console.log(`NetworkProxy started on port ${this.settings.networkProxyPort}`);
+      
+      // Log ACME status
+      if (this.settings.acme?.enabled) {
+        console.log(`ACME certificate management is enabled (${this.settings.acme.useProduction ? 'Production' : 'Staging'} mode)`);
+        console.log(`ACME HTTP challenge server on port ${this.settings.acme.port}`);
+        
+        // Register domains for ACME certificates if enabled
+        if (this.networkProxy.options.acme?.enabled) {
+          console.log('Registering domains with ACME certificate manager...');
+          // The NetworkProxy will handle this internally via registerDomainsWithAcmeManager()
+        }
+      }
    }

    // Define a unified connection handler for all listening ports.
@ -2094,11 +2244,17 @@ export class PortProxy {
      }
    }

-    // Stop NetworkProxy if it was started
+    // Stop NetworkProxy if it was started (which also stops ACME manager)
    if (this.networkProxy) {
      try {
+        console.log('Stopping NetworkProxy...');
        await this.networkProxy.stop();
        console.log('NetworkProxy stopped successfully');
+        
+        // Log ACME shutdown if it was enabled
+        if (this.settings.acme?.enabled) {
+          console.log('ACME certificate manager stopped');
+        }
      } catch (err) {
        console.log(`Error stopping NetworkProxy: ${err}`);
      }