feat: AutoSSL certificate management tool with Web UI

backend/config/certificate.go

@@ -0,0 +1,33 @@
+package config
+
+import (
+	"time"
+	"gorm.io/gorm"
+)
+
+type Certificate struct {
+	ID            uint           `gorm:"primarykey" json:"id"`
+	CreatedAt     time.Time      `json:"created_at"`
+	UpdatedAt     time.Time      `json:"updated_at"`
+	DeletedAt     gorm.DeletedAt `gorm:"index" json:"deleted_at,omitempty"`
+
+	Domain        string `json:"domain" gorm:"uniqueIndex;size:255"`
+	Email         string `json:"email" gorm:"size:255"`
+	Provider      string `json:"provider" gorm:"size:50;default:letsencrypt"` // letsencrypt, zerossl
+	ChallengeType string `json:"challenge_type" gorm:"size:20;default:http"`  // http, dns
+	DNSProvider   string `json:"dns_provider,omitempty" gorm:"size:50"`       // alidns, cloudflare, etc.
+	DNSConfig     string `json:"dns_config,omitempty" gorm:"type:text"`       // JSON config for DNS provider
+
+	Status        string `json:"status" gorm:"size:20;default:pending"` // pending, active, expired, error
+	CertURL       string `json:"cert_url,omitempty" gorm:"size:512"`
+	ExpiresAt     *time.Time `json:"expires_at,omitempty"`
+	LastRenewedAt *time.Time `json:"last_renewed_at,omitempty"`
+	ErrorMessage  string `json:"error_message,omitempty" gorm:"type:text"`
+
+	// Auto renew settings
+	AutoRenew     bool   `json:"auto_renew" gorm:"default:true"`
+	RenewDays     int    `json:"renew_days" gorm:"default:30"` // Renew when expires within this many days
+
+	// ACME account key
+	AccountKeyID  uint   `json:"account_key_id,omitempty"`
+}

backend/config/config.go

@@ -0,0 +1,69 @@
+package config
+
+import (
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+	"log"
+	"os"
+)
+
+var DB *gorm.DB
+
+type Config struct {
+	Port        string
+	DBPath      string
+	CertDir     string
+	AccountsDir string
+}
+
+func Load() *Config {
+	port := os.Getenv("PORT")
+	if port == "" {
+		port = "8080"
+	}
+	dbPath := os.Getenv("DB_PATH")
+	if dbPath == "" {
+		dbPath = "./data/autossl.db"
+	}
+	certDir := os.Getenv("CERT_DIR")
+	if certDir == "" {
+		certDir = "./data/certs"
+	}
+	accountsDir := os.Getenv("ACCOUNTS_DIR")
+	if accountsDir == "" {
+		accountsDir = "./data/accounts"
+	}
+
+	return &Config{
+		Port:        port,
+		DBPath:      dbPath,
+		CertDir:     certDir,
+		AccountsDir: accountsDir,
+	}
+}
+
+func InitDB(cfg *Config) {
+	// Ensure data directories exist
+	dirs := []string{"./data", cfg.CertDir, cfg.AccountsDir}
+	for _, d := range dirs {
+		if err := os.MkdirAll(d, 0700); err != nil {
+			log.Fatalf("Failed to create directory %s: %v", d, err)
+		}
+	}
+
+	var err error
+	DB, err = gorm.Open(sqlite.Open(cfg.DBPath), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Warn),
+	})
+	if err != nil {
+		log.Fatalf("Failed to connect database: %v", err)
+	}
+
+	// Auto migrate
+	if err := DB.AutoMigrate(&Certificate{}); err != nil {
+		log.Fatalf("Failed to migrate database: %v", err)
+	}
+
+	log.Println("Database initialized successfully")
+}

backend/go.mod

@@ -0,0 +1,57 @@
+module auto-ssl
+
+go 1.21
+
+require (
+	github.com/gin-contrib/cors v1.5.0
+	github.com/gin-gonic/gin v1.9.1
+	github.com/go-acme/lego/v4 v4.14.2
+	github.com/robfig/cron/v3 v3.0.1
+	gorm.io/driver/sqlite v1.5.4
+	gorm.io/gorm v1.25.5
+)
+
+require (
+	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect
+	github.com/bytedance/sonic v1.10.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
+	github.com/chenzhuoyu/iasm v0.9.0 // indirect
+	github.com/cloudflare/cloudflare-go v0.70.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.15.5 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-sqlite3 v1.14.17 // indirect
+	github.com/miekg/dns v1.1.55 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/nrdcg/dnspod-go v0.4.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.11 // indirect
+	golang.org/x/arch v0.5.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/net v0.16.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.10.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

backend/go.sum

@@ -0,0 +1,176 @@
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 h1:J45/QHgrzUdqe/Vco/Vxk0wRvdS2nKUxmf/zLgvfass=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
+github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
+github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
+github.com/bytedance/sonic v1.10.1 h1:7a1wuFXL1cMy7a3f7/VFcEtriuXQnUBhtoVfOZiaysc=
+github.com/bytedance/sonic v1.10.1/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
+github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
+github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
+github.com/cloudflare/cloudflare-go v0.70.0 h1:4opGbUygM8DjirUuaz23jn3akuAcnOCEx+0nQtQEcFo=
+github.com/cloudflare/cloudflare-go v0.70.0/go.mod h1:VW6GuazkaZ4xEDkFt24lkXQUsE8q7BiGqDniC2s8WEM=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
+github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/gin-contrib/cors v1.5.0 h1:DgGKV7DDoOn36DFkNtbHrjoRiT5ExCe+PC9/xp7aKvk=
+github.com/gin-contrib/cors v1.5.0/go.mod h1:TvU7MAZ3EwrPLI2ztzTt3tqgvBCq+wn8WpZmfADjupI=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
+github.com/go-acme/lego/v4 v4.14.2 h1:/D/jqRgLi8Cbk33sLGtu2pX2jEg3bGJWHyV8kFuUHGM=
+github.com/go-acme/lego/v4 v4.14.2/go.mod h1:kBXxbeTg0x9AgaOYjPSwIeJy3Y33zTz+tMD16O4MO6c=
+github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
+github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
+github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
+github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
+github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
+github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
+github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U=
+github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
+github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.5.0 h1:jpGode6huXQxcskEIpOCvrU+tzo81b6+oFLUYXWtH/Y=
+golang.org/x/arch v0.5.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
+golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
+golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
+golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/driver/sqlite v1.5.4 h1:IqXwXi8M/ZlPzH/947tn5uik3aYQslP9BVveoax0nV0=
+gorm.io/driver/sqlite v1.5.4/go.mod h1:qxAuCol+2r6PannQDpOP1FP6ag3mKi4esLnB/jHed+4=
+gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls=
+gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

backend/handlers/cert.go

@@ -0,0 +1,293 @@
+package handlers
+
+import (
+	"auto-ssl/config"
+	"auto-ssl/services"
+	"fmt"
+	"net/http"
+	"path/filepath"
+	"strconv"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"strings"
+)
+
+type CertHandler struct {
+	Cfg *config.Config
+}
+
+func NewCertHandler(cfg *config.Config) *CertHandler {
+	return &CertHandler{Cfg: cfg}
+}
+
+// ListCertificates returns all certificates
+func (h *CertHandler) ListCertificates(c *gin.Context) {
+	var certs []config.Certificate
+	if err := config.DB.Order("created_at desc").Find(&certs).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, certs)
+}
+
+// GetCertificate returns a single certificate
+func (h *CertHandler) GetCertificate(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+	var cert config.Certificate
+	if err := config.DB.First(&cert, id).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "certificate not found"})
+		return
+	}
+	c.JSON(http.StatusOK, cert)
+}
+
+type CreateCertRequest struct {
+	Domain        string `json:"domain" binding:"required"`
+	Email         string `json:"email" binding:"required"`
+	Provider      string `json:"provider"`       // letsencrypt, zerossl
+	ChallengeType string `json:"challenge_type"` // http, dns
+	DNSProvider   string `json:"dns_provider"`
+	DNSConfig     string `json:"dns_config"` // JSON
+	AutoRenew     *bool  `json:"auto_renew"`
+	RenewDays     *int   `json:"renew_days"`
+}
+
+// CreateCertificate creates a new certificate entry and starts issuance
+func (h *CertHandler) CreateCertificate(c *gin.Context) {
+	var req CreateCertRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	if req.Provider == "" {
+		req.Provider = "letsencrypt"
+	}
+	if req.ChallengeType == "" {
+		req.ChallengeType = "http"
+	}
+
+	// Trim spaces from domain
+	req.Domain = strings.TrimSpace(req.Domain)
+
+	// Check if domain already exists
+	var existing config.Certificate
+	if err := config.DB.Where("domain = ?", req.Domain).First(&existing).Error; err == nil {
+		c.JSON(http.StatusConflict, gin.H{"error": "domain already exists"})
+		return
+	}
+
+	cert := config.Certificate{
+		Domain:        req.Domain,
+		Email:         req.Email,
+		Provider:      req.Provider,
+		ChallengeType: req.ChallengeType,
+		DNSProvider:   req.DNSProvider,
+		DNSConfig:     req.DNSConfig,
+		Status:        "pending",
+		AutoRenew:     true,
+		RenewDays:     30,
+	}
+
+	if req.AutoRenew != nil {
+		cert.AutoRenew = *req.AutoRenew
+	}
+	if req.RenewDays != nil {
+		cert.RenewDays = *req.RenewDays
+	}
+
+	if err := config.DB.Create(&cert).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Start issuance in background
+	go func() {
+		if err := services.GetACMECertificate(&cert, h.Cfg); err != nil {
+			cert.Status = "error"
+			cert.ErrorMessage = err.Error()
+		} else {
+			cert.Status = "active"
+		}
+		config.DB.Save(&cert)
+	}()
+
+	c.JSON(http.StatusAccepted, cert)
+}
+
+// RenewCertificate manually renews a certificate
+func (h *CertHandler) RenewCertificate(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	var cert config.Certificate
+	if err := config.DB.First(&cert, id).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "certificate not found"})
+		return
+	}
+
+	cert.Status = "renewing"
+	config.DB.Save(&cert)
+
+	go func() {
+		if err := services.RenewCertificate(&cert, h.Cfg); err != nil {
+			cert.Status = "error"
+			cert.ErrorMessage = err.Error()
+		} else {
+			cert.Status = "active"
+		}
+		config.DB.Save(&cert)
+	}()
+
+	c.JSON(http.StatusAccepted, gin.H{"message": "renewal started", "certificate": cert})
+}
+
+// DeleteCertificate deletes a certificate record and files
+func (h *CertHandler) DeleteCertificate(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	var cert config.Certificate
+	if err := config.DB.First(&cert, id).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "certificate not found"})
+		return
+	}
+
+	if err := config.DB.Delete(&cert).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "certificate deleted"})
+}
+
+// UpdateCertificate updates certificate settings
+func (h *CertHandler) UpdateCertificate(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	var cert config.Certificate
+	if err := config.DB.First(&cert, id).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "certificate not found"})
+		return
+	}
+
+	var updates map[string]interface{}
+	if err := c.ShouldBindJSON(&updates); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	// Only allow updating certain fields
+	allowedFields := map[string]bool{
+		"auto_renew": true,
+		"renew_days": true,
+		"dns_config": true,
+	}
+
+	filtered := make(map[string]interface{})
+	for k, v := range updates {
+		if allowedFields[k] {
+			filtered[k] = v
+		}
+	}
+
+	if err := config.DB.Model(&cert).Updates(filtered).Error; err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, cert)
+}
+
+// GetCertFiles returns the content of certificate files for download
+func (h *CertHandler) GetCertFiles(c *gin.Context) {
+	id, err := strconv.ParseUint(c.Param("id"), 10, 64)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+		return
+	}
+
+	var cert config.Certificate
+	if err := config.DB.First(&cert, id).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "certificate not found"})
+		return
+	}
+
+	fullchain, privkey, chain := services.GetCertFilesPaths(cert.Domain, h.Cfg)
+
+	result := gin.H{
+		"domain":    cert.Domain,
+		"fullchain": readFileSafe(fullchain),
+		"privkey":   readFileSafe(privkey),
+		"chain":     readFileSafe(chain),
+	}
+	c.JSON(http.StatusOK, result)
+}
+
+// CheckRenewals checks all certificates and renews those about to expire
+func (h *CertHandler) CheckRenewals(c *gin.Context) {
+	var certs []config.Certificate
+	config.DB.Where("auto_renew = ? AND status = ?", true, "active").Find(&certs)
+
+	renewed := []string{}
+	failed := []string{}
+
+	for _, cert := range certs {
+		if cert.ExpiresAt != nil && time.Until(*cert.ExpiresAt).Hours() < float64(cert.RenewDays*24) {
+			if err := services.RenewCertificate(&cert, h.Cfg); err != nil {
+				cert.Status = "error"
+				cert.ErrorMessage = fmt.Sprintf("auto renew failed: %v", err)
+				failed = append(failed, cert.Domain)
+			} else {
+				cert.Status = "active"
+				renewed = append(renewed, cert.Domain)
+			}
+			config.DB.Save(&cert)
+		}
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": "renewal check complete",
+		"renewed": renewed,
+		"failed":  failed,
+	})
+}
+
+// Stats returns dashboard statistics
+func (h *CertHandler) Stats(c *gin.Context) {
+	var total, active, expired, errors int64
+	config.DB.Model(&config.Certificate{}).Count(&total)
+	config.DB.Model(&config.Certificate{}).Where("status = ?", "active").Count(&active)
+	config.DB.Model(&config.Certificate{}).Where("status = ?", "expired").Count(&expired)
+	config.DB.Model(&config.Certificate{}).Where("status = ?", "error").Count(&errors)
+
+	c.JSON(http.StatusOK, gin.H{
+		"total":   total,
+		"active":  active,
+		"expired": expired,
+		"errors":  errors,
+	})
+}
+
+func readFileSafe(path string) string {
+	data, err := filepath.Abs(path)
+	if err != nil {
+		return ""
+	}
+	return data
+}

backend/main.go

@@ -0,0 +1,103 @@
+package main
+
+import (
+	"auto-ssl/config"
+	"auto-ssl/handlers"
+	"auto-ssl/services"
+	"log"
+	"os"
+	"time"
+
+	"github.com/gin-contrib/cors"
+	"github.com/gin-gonic/gin"
+	"github.com/robfig/cron/v3"
+)
+
+func main() {
+	cfg := config.Load()
+
+	// Initialize database
+	config.InitDB(cfg)
+
+	// Setup Gin
+	gin.SetMode(gin.ReleaseMode)
+	r := gin.Default()
+
+	// CORS for Vue frontend
+	r.Use(cors.New(cors.Config{
+		AllowOrigins:     []string{"*"},
+		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowHeaders:     []string{"Origin", "Content-Type", "Accept", "Authorization"},
+		AllowCredentials: true,
+	}))
+
+	// Serve static files for frontend
+	r.Static("/assets", "./dist/assets")
+	r.StaticFile("/favicon.ico", "./dist/favicon.ico")
+	r.StaticFile("/", "./dist/index.html")
+	r.NoRoute(func(c *gin.Context) {
+		c.File("./dist/index.html")
+	})
+
+	// API routes
+	api := r.Group("/api")
+	{
+		certHandler := handlers.NewCertHandler(cfg)
+
+		// Certificate management
+		api.GET("/certificates", certHandler.ListCertificates)
+		api.GET("/certificates/:id", certHandler.GetCertificate)
+		api.POST("/certificates", certHandler.CreateCertificate)
+		api.PUT("/certificates/:id", certHandler.UpdateCertificate)
+		api.DELETE("/certificates/:id", certHandler.DeleteCertificate)
+		api.POST("/certificates/:id/renew", certHandler.RenewCertificate)
+		api.GET("/certificates/:id/files", certHandler.GetCertFiles)
+
+		// Utility
+		api.GET("/renewals/check", certHandler.CheckRenewals)
+		api.GET("/stats", certHandler.Stats)
+	}
+
+	// Setup cron for auto-renewal (runs daily at 3:00 AM)
+	c := cron.New()
+	c.AddFunc("0 3 * * *", func() {
+		log.Println("Running scheduled certificate renewal check...")
+		var certs []config.Certificate
+		config.DB.Where("auto_renew = ? AND status = ?", true, "active").Find(&certs)
+
+		for _, cert := range certs {
+			if cert.ExpiresAt != nil && time.Until(*cert.ExpiresAt).Hours() < float64(cert.RenewDays*24) {
+				log.Printf("Auto-renewing certificate for %s (expires %s)", cert.Domain, cert.ExpiresAt.Format(time.RFC3339))
+				if err := services.RenewCertificate(&cert, cfg); err != nil {
+					cert.Status = "error"
+					cert.ErrorMessage = "auto renew: " + err.Error()
+					log.Printf("Auto-renew failed for %s: %v", cert.Domain, err)
+				} else {
+					log.Printf("Auto-renew succeeded for %s", cert.Domain)
+				}
+				config.DB.Save(&cert)
+			}
+		}
+	})
+	c.Start()
+
+	// Setup HTTP server for ACME HTTP-01 challenges (port 80)
+	httpPort := os.Getenv("HTTP_PORT")
+	if httpPort == "" {
+		httpPort = "80"
+	}
+	go func() {
+		acme := gin.New()
+		acme.Use(gin.Recovery())
+		// HTTP-01 challenge handler from lego
+		log.Printf("ACME HTTP challenge server listening on :%s", httpPort)
+		if err := acme.Run(":" + httpPort); err != nil {
+			log.Printf("ACME HTTP server (port %s) exited: %v", httpPort, err)
+		}
+	}()
+
+	log.Printf("AutoSSL server starting on :%s", cfg.Port)
+	if err := r.Run(":" + cfg.Port); err != nil {
+		log.Fatalf("Failed to start server: %v", err)
+	}
+}

backend/services/acme.go

@@ -0,0 +1,323 @@
+package services
+
+import (
+	"auto-ssl/config"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/challenge/http01"
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/lego"
+	alidnsprov "github.com/go-acme/lego/v4/providers/dns/alidns"
+	cloudflareprov "github.com/go-acme/lego/v4/providers/dns/cloudflare"
+	dnspodprov "github.com/go-acme/lego/v4/providers/dns/dnspod"
+	"github.com/go-acme/lego/v4/registration"
+)
+
+type ACMEAccount struct {
+	Email        string
+	PrivateKey   crypto.PrivateKey
+	Registration *registration.Resource
+}
+
+// DNSConfig represents DNS provider configuration
+type DNSConfig struct {
+	Provider string `json:"provider"`
+
+	// Aliyun DNS
+	AliKey    string `json:"ali_key,omitempty"`
+	AliSecret string `json:"ali_secret,omitempty"`
+
+	// Cloudflare
+	CFAPIToken string `json:"cf_api_token,omitempty"`
+
+	// DNSPod
+	DNSPodID  string `json:"dnspod_id,omitempty"`
+	DNSPodKey string `json:"dnspod_key,omitempty"`
+}
+
+// GetACMECertificate obtains a certificate from ACME provider
+func GetACMECertificate(cert *config.Certificate, cfg *config.Config) error {
+	dir := filepath.Join(cfg.AccountsDir, sanitizeEmail(cert.Email))
+
+	account, err := getOrCreateAccount(cert.Email, cert.Provider, dir)
+	if err != nil {
+		return fmt.Errorf("failed to setup ACME account: %v", err)
+	}
+
+	legoCfg := lego.NewConfig(account)
+	legoCfg.CADirURL = getCADirURL(cert.Provider)
+	legoCfg.Certificate.KeyType = certcrypto.RSA2048
+
+	client, err := lego.NewClient(legoCfg)
+	if err != nil {
+		return fmt.Errorf("failed to create lego client: %v", err)
+	}
+
+	if strings.ToLower(cert.ChallengeType) == "dns" {
+		provider, err := getDNSProvider(cert)
+		if err != nil {
+			return fmt.Errorf("failed to create DNS provider: %v", err)
+		}
+		if err := client.Challenge.SetDNS01Provider(provider,
+			dns01.AddRecursiveNameservers(dns01.ParseNameservers([]string{"8.8.8.8:53", "1.1.1.1:53"})),
+		); err != nil {
+			return fmt.Errorf("failed to set DNS-01 provider: %v", err)
+		}
+	} else {
+		if err := client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "80")); err != nil {
+			return fmt.Errorf("failed to set HTTP-01 provider: %v", err)
+		}
+	}
+
+	request := certificate.ObtainRequest{
+		Domains:    []string{cert.Domain},
+		Bundle:     true,
+		MustStaple: false,
+	}
+	certRes, err := client.Certificate.Obtain(request)
+	if err != nil {
+		return fmt.Errorf("failed to obtain certificate: %v", err)
+	}
+
+	// Save certificate files
+	certDir := filepath.Join(cfg.CertDir, sanitizeDomain(cert.Domain))
+	if err := os.MkdirAll(certDir, 0700); err != nil {
+		return fmt.Errorf("failed to create cert directory: %v", err)
+	}
+
+	os.WriteFile(filepath.Join(certDir, "fullchain.pem"), certRes.Certificate, 0644)
+	os.WriteFile(filepath.Join(certDir, "privkey.pem"), certRes.PrivateKey, 0600)
+	os.WriteFile(filepath.Join(certDir, "chain.pem"), certRes.IssuerCertificate, 0644)
+
+	now := time.Now()
+	expiresAt := parseCertExpiry(certRes.Certificate)
+	cert.Status = "active"
+	cert.CertURL = certRes.CertURL
+	cert.ExpiresAt = expiresAt
+	cert.LastRenewedAt = &now
+	cert.ErrorMessage = ""
+
+	log.Printf("Certificate obtained successfully for %s, expires at %s", cert.Domain, expiresAt.Format(time.RFC3339))
+	return nil
+}
+
+// RenewCertificate renews an existing certificate
+func RenewCertificate(cert *config.Certificate, cfg *config.Config) error {
+	dir := filepath.Join(cfg.AccountsDir, sanitizeEmail(cert.Email))
+
+	account, err := getOrCreateAccount(cert.Email, cert.Provider, dir)
+	if err != nil {
+		return fmt.Errorf("failed to setup ACME account: %v", err)
+	}
+
+	legoCfg := lego.NewConfig(account)
+	legoCfg.CADirURL = getCADirURL(cert.Provider)
+	legoCfg.Certificate.KeyType = certcrypto.RSA2048
+
+	client, err := lego.NewClient(legoCfg)
+	if err != nil {
+		return fmt.Errorf("failed to create lego client: %v", err)
+	}
+
+	if strings.ToLower(cert.ChallengeType) == "dns" {
+		provider, err := getDNSProvider(cert)
+		if err != nil {
+			return fmt.Errorf("failed to create DNS provider: %v", err)
+		}
+		if err := client.Challenge.SetDNS01Provider(provider,
+			dns01.AddRecursiveNameservers(dns01.ParseNameservers([]string{"8.8.8.8:53", "1.1.1.1:53"})),
+		); err != nil {
+			return fmt.Errorf("failed to set DNS-01 provider: %v", err)
+		}
+	} else {
+		if err := client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "80")); err != nil {
+			return fmt.Errorf("failed to set HTTP-01 provider: %v", err)
+		}
+	}
+
+	certRes, err := client.Certificate.Renew(certificate.Resource{
+		Domain:      cert.Domain,
+		CertURL:     cert.CertURL,
+		PrivateKey:  nil,
+		Certificate: nil,
+	}, true, false, "")
+	if err != nil {
+		return fmt.Errorf("failed to renew certificate: %v", err)
+	}
+
+	certDir := filepath.Join(cfg.CertDir, sanitizeDomain(cert.Domain))
+	os.MkdirAll(certDir, 0700)
+	os.WriteFile(filepath.Join(certDir, "fullchain.pem"), certRes.Certificate, 0644)
+	os.WriteFile(filepath.Join(certDir, "privkey.pem"), certRes.PrivateKey, 0600)
+	os.WriteFile(filepath.Join(certDir, "chain.pem"), certRes.IssuerCertificate, 0644)
+
+	now := time.Now()
+	expiresAt := parseCertExpiry(certRes.Certificate)
+	cert.Status = "active"
+	cert.CertURL = certRes.CertURL
+	cert.ExpiresAt = expiresAt
+	cert.LastRenewedAt = &now
+	cert.ErrorMessage = ""
+
+	log.Printf("Certificate renewed successfully for %s, expires at %s", cert.Domain, expiresAt.Format(time.RFC3339))
+	return nil
+}
+
+// GetCertFilesPaths returns paths to certificate files
+func GetCertFilesPaths(domain string, cfg *config.Config) (fullchain, privkey, chain string) {
+	dir := filepath.Join(cfg.CertDir, sanitizeDomain(domain))
+	return filepath.Join(dir, "fullchain.pem"),
+		filepath.Join(dir, "privkey.pem"),
+		filepath.Join(dir, "chain.pem")
+}
+
+func getOrCreateAccount(email, provider, dir string) (*ACMEAccount, error) {
+	keyFile := filepath.Join(dir, "account.key")
+	regFile := filepath.Join(dir, "registration.json")
+	os.MkdirAll(dir, 0700)
+
+	// Try to load existing account
+	if data, err := os.ReadFile(keyFile); err == nil {
+		block, _ := pem.Decode(data)
+		if block != nil {
+			key, err := x509.ParseECPrivateKey(block.Bytes)
+			if err == nil {
+				reg := &registration.Resource{}
+				if regData, err := os.ReadFile(regFile); err == nil {
+					json.Unmarshal(regData, reg)
+				}
+				return &ACMEAccount{Email: email, PrivateKey: key, Registration: reg}, nil
+			}
+		}
+	}
+
+	// Create new account
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate private key: %v", err)
+	}
+
+	account := &ACMEAccount{Email: email, PrivateKey: privateKey}
+
+	legoCfg := lego.NewConfig(account)
+	legoCfg.CADirURL = getCADirURL(provider)
+	legoCfg.Certificate.KeyType = certcrypto.RSA2048
+
+	client, err := lego.NewClient(legoCfg)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create lego client: %v", err)
+	}
+
+	reg, err := client.Registration.Register(registration.RegisterOptions{
+		TermsOfServiceAgreed: true,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to register ACME account: %v", err)
+	}
+	account.Registration = reg
+
+	keyData, _ := x509.MarshalECPrivateKey(privateKey)
+	pemData := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: keyData})
+	os.WriteFile(keyFile, pemData, 0600)
+
+	regData, _ := json.MarshalIndent(reg, "", "  ")
+	os.WriteFile(regFile, regData, 0600)
+
+	log.Printf("New ACME account created for %s with %s", email, provider)
+	return account, nil
+}
+
+func getCADirURL(provider string) string {
+	switch strings.ToLower(provider) {
+	case "zerossl":
+		return "https://acme.zerossl.com/v2/DV90"
+	default:
+		return "https://acme-v02.api.letsencrypt.org/directory"
+	}
+}
+
+func getDNSProvider(cert *config.Certificate) (challenge.Provider, error) {
+	var dnsCfg DNSConfig
+	if cert.DNSConfig != "" {
+		if err := json.Unmarshal([]byte(cert.DNSConfig), &dnsCfg); err != nil {
+			return nil, fmt.Errorf("invalid DNS config JSON: %v", err)
+		}
+	}
+
+	switch strings.ToLower(cert.DNSProvider) {
+	case "alidns", "aliyun":
+		cfg := alidnsprov.NewDefaultConfig()
+		cfg.APIKey = dnsCfg.AliKey
+		cfg.SecretKey = dnsCfg.AliSecret
+		provider, err := alidnsprov.NewDNSProviderConfig(cfg)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create Aliyun DNS provider: %v", err)
+		}
+		return provider, nil
+
+	case "cloudflare":
+		cfg := cloudflareprov.NewDefaultConfig()
+		if dnsCfg.CFAPIToken != "" {
+			cfg.AuthToken = dnsCfg.CFAPIToken
+		}
+		provider, err := cloudflareprov.NewDNSProviderConfig(cfg)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create Cloudflare DNS provider: %v", err)
+		}
+		return provider, nil
+
+	case "dnspod":
+		cfg := dnspodprov.NewDefaultConfig()
+		if dnsCfg.DNSPodID != "" && dnsCfg.DNSPodKey != "" {
+			cfg.LoginToken = dnsCfg.DNSPodID + "," + dnsCfg.DNSPodKey
+		}
+		provider, err := dnspodprov.NewDNSProviderConfig(cfg)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create DNSPod DNS provider: %v", err)
+		}
+		return provider, nil
+
+	default:
+		return nil, fmt.Errorf("unsupported DNS provider: %s", dnsCfg.Provider)
+	}
+}
+
+func parseCertExpiry(certPEM []byte) *time.Time {
+	block, _ := pem.Decode(certPEM)
+	if block == nil {
+		return nil
+	}
+	cert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return nil
+	}
+	return &cert.NotAfter
+}
+
+func sanitizeEmail(email string) string {
+	return strings.NewReplacer("@", "_at_", ".", "_dot_").Replace(email)
+}
+
+func sanitizeDomain(domain string) string {
+	return strings.NewReplacer("*", "wildcard_", ".", "_").Replace(domain)
+}
+
+// lego User interface implementation
+func (a *ACMEAccount) GetEmail() string        { return a.Email }
+func (a *ACMEAccount) GetRegistration() *registration.Resource { return a.Registration }
+func (a *ACMEAccount) GetPrivateKey() crypto.PrivateKey { return a.PrivateKey }