feat(certs): integrate smartacme v9 for ACME certificate provisioning and add certificate management features, docs, dashboard views, API endpoints, and per-domain backoff scheduler

2026-02-16 00:22:23 +00:00
parent 841f99e19d
commit 0a6315f177
9 changed files with 213 additions and 226 deletions
--- a/ts_interfaces/readme.md
+++ b/ts_interfaces/readme.md
@@ -128,6 +128,37 @@ TypedRequest interfaces for the OpsServer API, organized by domain:
 | `IReq_GetBounceRecords` | `getBounceRecords` | Bounce records |
 | `IReq_RemoveFromSuppressionList` | `removeFromSuppressionList` | Unsuppress an address |

+#### 🔐 Certificates
+| Interface | Method | Description |
+|-----------|--------|-------------|
+| `IReq_GetCertificateOverview` | `getCertificateOverview` | Domain-centric certificate status |
+| `IReq_ReprovisionCertificate` | `reprovisionCertificate` | Reprovision by route name (legacy) |
+| `IReq_ReprovisionCertificateDomain` | `reprovisionCertificateDomain` | Reprovision by domain (preferred) |
+
+#### Certificate Types
+```typescript
+type TCertificateStatus = 'valid' | 'expiring' | 'expired' | 'provisioning' | 'failed' | 'unknown';
+type TCertificateSource = 'acme' | 'provision-function' | 'static' | 'none';
+
+interface ICertificateInfo {
+  domain: string;
+  routeNames: string[];
+  status: TCertificateStatus;
+  source: TCertificateSource;
+  tlsMode: 'terminate' | 'terminate-and-reencrypt' | 'passthrough';
+  expiryDate?: string;
+  issuer?: string;
+  issuedAt?: string;
+  error?: string;
+  canReprovision: boolean;
+  backoffInfo?: {
+    failures: number;
+    retryAfter?: string;
+    lastError?: string;
+  };
+}
+```
+
 #### 📡 RADIUS
 | Interface | Method | Description |
 |-----------|--------|-------------|
@@ -173,7 +204,16 @@ console.log('Email:', metrics.emailStats);
 console.log('DNS:', metrics.dnsStats);
 console.log('Security:', metrics.securityMetrics);

-// 3. Check email queues
+// 3. Check certificate status
+const certClient = new typedrequest.TypedRequest<requests.IReq_GetCertificateOverview>(
+  'https://your-dcrouter:3000/typedrequest',
+  'getCertificateOverview'
+);
+
+const certs = await certClient.fire({ identity });
+console.log(`Certificates: ${certs.summary.valid} valid, ${certs.summary.failed} failed`);
+
+// 4. Check email queues
 const queueClient = new typedrequest.TypedRequest<requests.IReq_GetQueuedEmails>(
  'https://your-dcrouter:3000/typedrequest',
  'getQueuedEmails'