fix(dcrouter): retry auto certificate provisioning after SmartAcme becomes ready

changelog.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## 2026-03-27 - 11.12.1 - fix(dcrouter)
+retry auto certificate provisioning after SmartAcme becomes ready
+
+- detects certificates that failed during startup before the DNS-01 provider was available
+- clears provisioning backoff and failed status for affected domains before retrying
+- re-triggers auto certificate provisioning for SmartProxy routes once SmartAcme is ready
+
 ## 2026-03-27 - 11.12.0 - feat(web-ui)
 pause dashboard polling, sockets, and chart updates when the tab is hidden
 

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '11.12.0',
+  version: '11.12.1',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

ts/classes.dcrouter.ts

@@ -388,6 +388,36 @@ export class DcRouter {
               await this.smartAcme.start();
               this.smartAcmeReady = true;
               logger.log('info', 'SmartAcme DNS-01 provider is now ready');
+
+              // Re-provision any certificates that failed during the startup window
+              // (before SmartAcme was ready — the certProvisionFunction returned 'http01'
+              // which fails because Rust ACME is disabled when certProvisionFunction is set)
+              if (this.smartProxy) {
+                const failedDomains = [...this.certificateStatusMap.entries()]
+                  .filter(([_, status]) => status.status === 'failed')
+                  .map(([domain]) => domain);
+
+                if (failedDomains.length > 0) {
+                  logger.log('info', `Re-provisioning ${failedDomains.length} certificates that failed before SmartAcme was ready`);
+                  // Clear backoff and status for failed domains — these failures were from the startup race
+                  for (const domain of failedDomains) {
+                    if (this.certProvisionScheduler) {
+                      await this.certProvisionScheduler.clearBackoff(domain);
+                    }
+                    this.certificateStatusMap.delete(domain);
+                  }
+                  // Re-trigger provisioning for all auto-cert routes
+                  const routes = this.smartProxy.routeManager.getRoutes();
+                  for (const route of routes) {
+                    const tls = (route as any).action?.tls;
+                    if (tls && tls.certificate === 'auto') {
+                      this.smartProxy.provisionCertificate(route.name).catch((err: any) => {
+                        logger.log('warn', `Re-provision for route '${route.name}' failed: ${err?.message || err}`);
+                      });
+                    }
+                  }
+                }
+              }
             }
           })
           .withStop(async () => {

ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '11.12.0',
+  version: '11.12.1',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }