feat(certs): persist ACME certificates in StorageManager, add storage-backed cert manager, default storage to filesystem, and improve certificate status reporting

ts/opsserver/handlers/certificate.handler.ts

@@ -104,6 +104,22 @@ export class CertificateHandler {
         }
       }
 
+      // Check persisted cert data from StorageManager
+      if (status === 'unknown' && routeDomains.length > 0) {
+        for (const domain of routeDomains) {
+          if (expiryDate) break;
+          const cleanDomain = domain.replace(/^\*\.?/, '');
+          const certData = await dcRouter.storageManager.getJSON(`/certs/${cleanDomain}`);
+          if (certData?.validUntil) {
+            expiryDate = new Date(certData.validUntil).toISOString();
+            if (certData.created) {
+              issuedAt = new Date(certData.created).toISOString();
+            }
+            issuer = 'smartacme-dns-01';
+          }
+        }
+      }
+
       // Compute status from expiry date if we have one and status is still valid/unknown
       if (expiryDate && (status === 'valid' || status === 'unknown')) {
         const expiry = new Date(expiryDate);
@@ -124,6 +140,11 @@ export class CertificateHandler {
         status = 'valid';
       }
 
+      // ACME/provision-function routes with no cert data are still provisioning
+      if (status === 'unknown' && (source === 'acme' || source === 'provision-function')) {
+        status = 'provisioning';
+      }
+
       const canReprovision = source === 'acme' || source === 'provision-function';
 
       certificates.push({