v5.1.0

feat(acme): Integrate SmartAcme DNS-01 handling and add certificate provisioning for SmartProxy
2026-02-13 12:12:01 +00:00 · 2026-02-13 12:12:01 +00:00
6 changed files with 58 additions and 20 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,14 @@
 # Changelog

+## 2026-02-13 - 5.1.0 - feat(acme)
+Integrate SmartAcme DNS-01 handling and add certificate provisioning for SmartProxy
+
+- Add smartAcme property and lifecycle management (start/stop) in DcRouter
+- Create SmartAcme instance when DNS challenge handlers are present and wire certProvisionFunction to SmartProxy to return certificates for domains
+- Fall back to http-01 provisioning on SmartAcme errors for a domain
+- Stop SmartAcme during shutdown sequence to clean up resources
+- Bump dependency @push.rocks/smartproxy to ^23.1.5
+
 ## 2026-02-13 - 5.0.7 - fix(deps)
 bump @push.rocks/smartdns to ^7.8.1 and @push.rocks/smartmta to ^5.2.2

--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@serve.zone/dcrouter",
  "private": false,
-  "version": "5.0.7",
+  "version": "5.1.0",
  "description": "A multifaceted routing service handling mail and SMS delivery functions.",
  "type": "module",
  "exports": {
@@ -49,7 +49,7 @@
    "@push.rocks/smartnetwork": "^4.4.0",
    "@push.rocks/smartpath": "^6.0.0",
    "@push.rocks/smartpromise": "^4.2.3",
-    "@push.rocks/smartproxy": "^23.1.4",
+    "@push.rocks/smartproxy": "^23.1.5",
    "@push.rocks/smartradius": "^1.1.1",
    "@push.rocks/smartrequest": "^5.0.1",
    "@push.rocks/smartrx": "^3.0.10",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -37,7 +37,7 @@ importers:
        version: 6.1.3
      '@push.rocks/smartacme':
        specifier: ^8.0.0
-        version: 8.0.0(socks@2.8.7)
+        version: 8.0.0(@push.rocks/smartserve@2.0.1)(socks@2.8.7)
      '@push.rocks/smartdata':
        specifier: ^7.0.15
        version: 7.0.15(socks@2.8.7)
@@ -75,8 +75,8 @@ importers:
        specifier: ^4.2.3
        version: 4.2.3
      '@push.rocks/smartproxy':
-        specifier: ^23.1.4
-        version: 23.1.4(socks@2.8.7)
+        specifier: ^23.1.5
+        version: 23.1.5(@push.rocks/smartserve@2.0.1)(socks@2.8.7)
      '@push.rocks/smartradius':
        specifier: ^1.1.1
        version: 1.1.1
@@ -116,7 +116,7 @@ importers:
        version: 2.0.1
      '@git.zone/tstest':
        specifier: ^3.1.8
-        version: 3.1.8(@push.rocks/smartserve@2.0.1)(socks@2.8.7)(typescript@5.9.3)
+        version: 3.1.8(socks@2.8.7)(typescript@5.9.3)
      '@git.zone/tswatch':
        specifier: ^3.1.0
        version: 3.1.0(@tiptap/pm@2.27.2)
@@ -1040,8 +1040,8 @@ packages:
  '@push.rocks/smartpromise@4.2.3':
    resolution: {integrity: sha512-Ycg/TJR+tMt+S3wSFurOpEoW6nXv12QBtKXgBcjMZ4RsdO28geN46U09osPn9N9WuwQy1PkmTV5J/V4F9U8qEw==}

-  '@push.rocks/smartproxy@23.1.4':
-    resolution: {integrity: sha512-VzpXVw3VsA7muhqkEB95pxCFtKtNLLjNCQcdvf0s49TVPXy/wHcmMqOPmExacLZEuvzXYiRM5poUqX4+em/8zw==}
+  '@push.rocks/smartproxy@23.1.5':
+    resolution: {integrity: sha512-Ak8jUm0XMQgHO57syoP+DkeKiw4GQwq4uQuLxoUj42w95a0liOQ3WQTKoHHNlbRjlCzFjszHXNh+D+7GW1IlXA==}

  '@push.rocks/smartpuppeteer@2.0.5':
    resolution: {integrity: sha512-yK/qSeWVHIGWRp3c8S5tfdGP6WCKllZC4DR8d8CQlEjszOSBmHtlTdyyqOMBZ/BA4kd+eU5f3A1r4K2tGYty1g==}
@@ -5308,7 +5308,7 @@ snapshots:
      '@push.rocks/smartshell': 3.3.0
      tsx: 4.21.0

-  '@git.zone/tstest@3.1.8(@push.rocks/smartserve@2.0.1)(socks@2.8.7)(typescript@5.9.3)':
+  '@git.zone/tstest@3.1.8(socks@2.8.7)(typescript@5.9.3)':
    dependencies:
      '@api.global/typedserver': 3.0.80(@push.rocks/smartserve@2.0.1)
      '@git.zone/tsbundle': 2.8.3
@@ -5339,7 +5339,6 @@ snapshots:
      - '@aws-sdk/credential-providers'
      - '@mongodb-js/zstd'
      - '@nuxt/kit'
-      - '@push.rocks/smartserve'
      - '@swc/helpers'
      - aws-crt
      - bare-abort-controller
@@ -5833,7 +5832,7 @@ snapshots:
      '@push.rocks/smartlog': 3.1.10
      '@push.rocks/smartpath': 6.0.0

-  '@push.rocks/smartacme@8.0.0(socks@2.8.7)':
+  '@push.rocks/smartacme@8.0.0(@push.rocks/smartserve@2.0.1)(socks@2.8.7)':
    dependencies:
      '@api.global/typedserver': 3.0.80(@push.rocks/smartserve@2.0.1)
      '@apiclient.xyz/cloudflare': 6.4.3
@@ -5855,7 +5854,9 @@ snapshots:
      - '@aws-sdk/credential-providers'
      - '@mongodb-js/zstd'
      - '@nuxt/kit'
+      - '@push.rocks/smartserve'
      - bare-abort-controller
+      - bufferutil
      - encoding
      - gcp-metadata
      - kerberos
@@ -5865,6 +5866,7 @@ snapshots:
      - snappy
      - socks
      - supports-color
+      - utf-8-validate
      - vue

  '@push.rocks/smartarchive@4.2.4':
@@ -6439,10 +6441,10 @@ snapshots:

  '@push.rocks/smartpromise@4.2.3': {}

-  '@push.rocks/smartproxy@23.1.4(socks@2.8.7)':
+  '@push.rocks/smartproxy@23.1.5(@push.rocks/smartserve@2.0.1)(socks@2.8.7)':
    dependencies:
      '@push.rocks/lik': 6.2.2
-      '@push.rocks/smartacme': 8.0.0(socks@2.8.7)
+      '@push.rocks/smartacme': 8.0.0(@push.rocks/smartserve@2.0.1)(socks@2.8.7)
      '@push.rocks/smartcrypto': 2.0.4
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartfile': 13.1.2
@@ -6464,6 +6466,7 @@ snapshots:
      - '@aws-sdk/credential-providers'
      - '@mongodb-js/zstd'
      - '@nuxt/kit'
+      - '@push.rocks/smartserve'
      - bare-abort-controller
      - bufferutil
      - encoding
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '5.0.7',
+  version: '5.1.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts/classes.dcrouter.ts
+++ b/ts/classes.dcrouter.ts
@@ -171,6 +171,7 @@ export class DcRouter {

  // Core services
  public smartProxy?: plugins.smartproxy.SmartProxy;
+  public smartAcme?: plugins.smartacme.SmartAcme;
  public dnsServer?: plugins.smartdns.dnsServerMod.DnsServer;
  public emailServer?: UnifiedEmailServer;
  public radiusServer?: RadiusServer;
@@ -429,12 +430,34 @@ export class DcRouter {
        acme: acmeConfig
      };
      
-      // If we have DNS challenge handlers, enhance the config
+      // If we have DNS challenge handlers, create SmartAcme and wire to certProvisionFunction
      if (challengeHandlers.length > 0) {
-        // We'll need to pass this to SmartProxy somehow
-        // For now, we'll set it as a property
-        (smartProxyConfig as any).acmeChallengeHandlers = challengeHandlers;
-        (smartProxyConfig as any).acmeChallengePriority = ['dns-01', 'http-01'];
+        this.smartAcme = new plugins.smartacme.SmartAcme({
+          accountEmail: acmeConfig?.accountEmail || this.options.tls?.contactEmail || 'admin@example.com',
+          certManager: new plugins.smartacme.certmanagers.MemoryCertManager(),
+          environment: 'production',
+          challengeHandlers: challengeHandlers,
+          challengePriority: ['dns-01'],
+        });
+        await this.smartAcme.start();
+
+        smartProxyConfig.certProvisionFunction = async (domain: string) => {
+          try {
+            const cert = await this.smartAcme.getCertificateForDomain(domain);
+            return {
+              id: cert.id,
+              domainName: cert.domainName,
+              created: cert.created,
+              validUntil: cert.validUntil,
+              privateKey: cert.privateKey,
+              publicKey: cert.publicKey,
+              csr: cert.csr,
+            };
+          } catch (err) {
+            console.error(`[DcRouter] SmartAcme DNS-01 failed for ${domain}, falling back to http-01:`, err.message);
+            return 'http01';
+          }
+        };
      }
      
      // Create SmartProxy instance
@@ -652,6 +675,9 @@ export class DcRouter {
        // Stop unified email server if running
        this.emailServer ? this.emailServer.stop().catch(err => console.error('Error stopping email server:', err)) : Promise.resolve(),

+        // Stop SmartAcme if running
+        this.smartAcme ? this.smartAcme.stop().catch(err => console.error('Error stopping SmartAcme:', err)) : Promise.resolve(),
+
        // Stop HTTP SmartProxy if running
        this.smartProxy ? this.smartProxy.stop().catch(err => console.error('Error stopping SmartProxy:', err)) : Promise.resolve(),

--- a/ts_web/00_commitinfo_data.ts
+++ b/ts_web/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '5.0.7',
+  version: '5.1.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
Author	SHA1	Message	Date
Juergen Kunz	96cefe984a	v5.1.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-13 12:12:01 +00:00
Juergen Kunz	ca112c3e42	feat(acme): Integrate SmartAcme DNS-01 handling and add certificate provisioning for SmartProxy	2026-02-13 12:12:01 +00:00