feat(certs): integrate smartacme v9 for ACME certificate provisioning and add certificate management features, docs, dashboard views, API endpoints, and per-domain backoff scheduler

2026-02-16 00:22:23 +00:00
parent 841f99e19d
commit 0a6315f177
9 changed files with 213 additions and 226 deletions
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '6.0.0',
+  version: '6.1.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts/classes.cert-provision-scheduler.ts
+++ b/ts/classes.cert-provision-scheduler.ts
@@ -11,31 +11,22 @@ interface IBackoffEntry {
 /**
 * Manages certificate provisioning scheduling with:
 * - Per-domain exponential backoff persisted in StorageManager
- * - Serial stagger queue with configurable delay between provisions
+ *
+ * Note: Serial stagger queue was removed — smartacme v9 handles
+ * concurrency, per-domain dedup, and rate limiting internally.
 */
 export class CertProvisionScheduler {
  private storageManager: StorageManager;
-  private staggerDelayMs: number;
  private maxBackoffHours: number;

-  // In-memory serial queue
-  private queue: Array<{
-    domain: string;
-    fn: () => Promise<any>;
-    resolve: (value: any) => void;
-    reject: (err: any) => void;
-  }> = [];
-  private processing = false;
-
  // In-memory backoff cache (mirrors storage for fast lookups)
  private backoffCache = new Map<string, IBackoffEntry>();

  constructor(
    storageManager: StorageManager,
-    options?: { staggerDelayMs?: number; maxBackoffHours?: number }
+    options?: { maxBackoffHours?: number }
  ) {
    this.storageManager = storageManager;
-    this.staggerDelayMs = options?.staggerDelayMs ?? 3000;
    this.maxBackoffHours = options?.maxBackoffHours ?? 24;
  }

@@ -136,41 +127,4 @@ export class CertProvisionScheduler {
      lastError: entry.lastError,
    };
  }
-
-  /**
-   * Enqueue a provision operation for serial execution with stagger delay.
-   * Returns the result of the provision function.
-   */
-  enqueueProvision<T>(domain: string, fn: () => Promise<T>): Promise<T> {
-    return new Promise<T>((resolve, reject) => {
-      this.queue.push({ domain, fn, resolve, reject });
-      this.processQueue();
-    });
-  }
-
-  /**
-   * Process the stagger queue serially
-   */
-  private async processQueue(): Promise<void> {
-    if (this.processing) return;
-    this.processing = true;
-
-    while (this.queue.length > 0) {
-      const item = this.queue.shift()!;
-      try {
-        logger.log('info', `Processing cert provision for ${item.domain}`);
-        const result = await item.fn();
-        item.resolve(result);
-      } catch (err) {
-        item.reject(err);
-      }
-
-      // Stagger delay between provisions
-      if (this.queue.length > 0) {
-        await new Promise<void>((r) => setTimeout(r, this.staggerDelayMs));
-      }
-    }
-
-    this.processing = false;
-  }
 }
--- a/ts/classes.dcrouter.ts
+++ b/ts/classes.dcrouter.ts
@@ -195,7 +195,7 @@ export class DcRouter {
    error?: string;
  }>();

-  // Certificate provisioning scheduler with backoff + stagger
+  // Certificate provisioning scheduler with per-domain backoff
  public certProvisionScheduler?: CertProvisionScheduler;

  // TypedRouter for API endpoints
@@ -496,23 +496,22 @@ export class DcRouter {
          }

          try {
-            const result = await scheduler.enqueueProvision(domain, async () => {
-              eventComms.log(`Attempting DNS-01 via SmartAcme for ${domain}`);
-              eventComms.setSource('smartacme-dns-01');
-              const cert = await this.smartAcme.getCertificateForDomain(domain);
-              if (cert.validUntil) {
-                eventComms.setExpiryDate(new Date(cert.validUntil));
-              }
-              return {
-                id: cert.id,
-                domainName: cert.domainName,
-                created: cert.created,
-                validUntil: cert.validUntil,
-                privateKey: cert.privateKey,
-                publicKey: cert.publicKey,
-                csr: cert.csr,
-              };
-            });
+            // smartacme v9 handles concurrency, per-domain dedup, and rate limiting internally
+            eventComms.log(`Attempting DNS-01 via SmartAcme for ${domain}`);
+            eventComms.setSource('smartacme-dns-01');
+            const cert = await this.smartAcme.getCertificateForDomain(domain);
+            if (cert.validUntil) {
+              eventComms.setExpiryDate(new Date(cert.validUntil));
+            }
+            const result = {
+              id: cert.id,
+              domainName: cert.domainName,
+              created: cert.created,
+              validUntil: cert.validUntil,
+              privateKey: cert.privateKey,
+              publicKey: cert.publicKey,
+              csr: cert.csr,
+            };

            // Success — clear any backoff
            await scheduler.clearBackoff(domain);