fix(certificate-manager, smart-proxy): Fix race condition in ACME certificate provisioning and refactor certificate manager initialization to defer provisioning until after port listeners are active

2025-05-19 22:07:08 +00:00
parent 84c5d0a69e
commit 91018173b0
12 changed files with 623 additions and 12 deletions
--- a/readme.hints.md
+++ b/readme.hints.md
@ -132,4 +132,27 @@ const proxy = new SmartProxy({
    // Your routes here
  ]
 });
-```
+```
+
+## ACME Certificate Provisioning Timing Fix (v19.3.9)
+
+### Issue
+Certificate provisioning would start before ports were listening, causing ACME HTTP-01 challenges to fail with connection refused errors.
+
+### Root Cause
+SmartProxy initialization sequence:
+1. Certificate manager initialized → immediately starts provisioning
+2. Ports start listening (too late for ACME challenges)
+
+### Solution
+Deferred certificate provisioning until after ports are ready:
+```typescript
+// SmartCertManager.initialize() now skips automatic provisioning
+// SmartProxy.start() calls provisionAllCertificates() directly after ports are listening
+```
+
+### Test Coverage
+- `test/test.acme-timing-simple.ts` - Verifies proper timing sequence
+
+### Migration
+Update to v19.3.9+, no configuration changes needed.