@simplens/onboard 1.0.4 → 1.0.6

package/src/index.ts

@@ -15,7 +15,11 @@ import {
 } from './utils.js';
 import { text, confirm, select } from '@clack/prompts';
 import { intro, outro, handleCancel, log, note } from './ui.js';
-import { validatePrerequisites } from './validators.js';
+import {
+    validatePrerequisites,
+    validatePublicDomain,
+    validateEmailAddress,
+} from './validators.js';
 import {
     promptInfraServicesWithBasePath,
     generateInfraCompose,
@@ -45,6 +49,8 @@ import {
     waitForInfraHealth,
     startAppServices,
     displayServiceStatus,
+    setupSslCertificates,
+    getSslManualCommands,
 } from './services.js';
 
 const program = new Command();
@@ -58,7 +64,12 @@ program
     .option('--env <mode>', 'Environment setup mode: "default" or "interactive"')
     .option('--dir <path>', 'Target directory for setup')
     .option('--base-path <path>', 'Dashboard BASE_PATH (example: /dashboard, default: root)')
+    .option('--core-version <version>', 'Override CORE_VERSION in generated .env (primarily for --full mode)')
+    .option('--dashboard-version <version>', 'Override DASHBOARD_VERSION in generated .env (primarily for --full mode)')
     .option('--plugin [plugins...]', 'Plugins to install (e.g., @simplens/mock @simplens/nodemailer-gmail)')
+    .option('--ssl', 'Enable optional SSL certificate setup using Dockerized Certbot')
+    .option('--ssl-domain <domain>', 'Public domain for SSL certificate (required with --ssl in --full mode)')
+    .option('--ssl-email <email>', 'Email for Let\'s Encrypt registration (required with --ssl in --full mode)')
     .option('--no-output', 'Suppress all console output (silent mode)');
 
 interface OnboardSetupOptions {
@@ -68,6 +79,9 @@ interface OnboardSetupOptions {
     targetDir: string;
     basePath: string;
     plugins: string[];
+    enableSsl: boolean;
+    sslDomain?: string;
+    sslEmail?: string;
 }
 
 function printStep(step: number, total: number, title: string): void {
@@ -110,6 +124,9 @@ function showSetupSummary(setupOptions: OnboardSetupOptions, targetDir: string,
     const pluginsLabel = setupOptions.plugins.length > 0 
         ? setupOptions.plugins.join(', ') 
         : 'none';
+    const sslLabel = setupOptions.enableSsl
+        ? `enabled (${setupOptions.sslDomain})`
+        : 'disabled';
 
     const summaryLines = [
         `Target directory   : ${targetDir}`,
@@ -117,6 +134,7 @@ function showSetupSummary(setupOptions: OnboardSetupOptions, targetDir: string,
         `Environment mode   : ${setupOptions.envMode}`,
         `BASE_PATH          : ${basePathLabel}`,
         `Plugins            : ${pluginsLabel}`,
+        `SSL (Certbot)      : ${sslLabel}`,
         `Nginx auto-include : ${autoNginx ? 'enabled (BASE_PATH is non-default)' : 'disabled'}`,
     ].join('\n');
 
@@ -168,6 +186,26 @@ async function promptSetupOptions(options: any): Promise<OnboardSetupOptions> {
             }
         }
 
+        if (options.ssl === true) {
+            if (!options.sslDomain) {
+                errors.push('--ssl-domain <domain> is required in --full mode when --ssl is enabled');
+            } else {
+                const domainValidation = validatePublicDomain(options.sslDomain);
+                if (domainValidation !== true) {
+                    errors.push(`Invalid --ssl-domain: ${domainValidation}`);
+                }
+            }
+
+            if (!options.sslEmail) {
+                errors.push('--ssl-email <email> is required in --full mode when --ssl is enabled');
+            } else {
+                const emailValidation = validateEmailAddress(options.sslEmail);
+                if (emailValidation !== true) {
+                    errors.push(`Invalid --ssl-email: ${emailValidation}`);
+                }
+            }
+        }
+
         if (errors.length > 0) {
             console.error('\\n❌ Validation errors in --full mode:\\n');
             errors.forEach(err => console.error(`  • ${err}`));
@@ -272,6 +310,55 @@ async function promptSetupOptions(options: any): Promise<OnboardSetupOptions> {
     }
     // If not provided and not in full mode, will prompt later in the main workflow
 
+    // --- SSL ---
+    let enableSslValue = false;
+    let sslDomainValue: string | undefined;
+    let sslEmailValue: string | undefined;
+
+    if (options.ssl === true) {
+        enableSslValue = true;
+    } else if (!isFullMode) {
+        const sslConfirm = await confirm({
+            message: 'Do you want to automatically setup SSL certificate using Certbot?',
+            initialValue: false,
+            withGuide: true,
+        });
+        handleCancel(sslConfirm);
+        enableSslValue = sslConfirm as boolean;
+    }
+
+    if (enableSslValue) {
+        if (typeof options.sslDomain === 'string') {
+            sslDomainValue = options.sslDomain.trim().toLowerCase();
+        } else if (!isFullMode) {
+            const domainAnswer = await text({
+                message: 'Public domain to secure (example: app.example.com):',
+                validate: (value: string | undefined) => {
+                    const validation = validatePublicDomain(value ?? '');
+                    return validation === true ? undefined : validation;
+                },
+                withGuide: true,
+            });
+            handleCancel(domainAnswer);
+            sslDomainValue = (domainAnswer as string).trim().toLowerCase();
+        }
+
+        if (typeof options.sslEmail === 'string') {
+            sslEmailValue = options.sslEmail.trim();
+        } else if (!isFullMode) {
+            const emailAnswer = await text({
+                message: 'Email for Let\'s Encrypt registration:',
+                validate: (value: string | undefined) => {
+                    const validation = validateEmailAddress(value ?? '');
+                    return validation === true ? undefined : validation;
+                },
+                withGuide: true,
+            });
+            handleCancel(emailAnswer);
+            sslEmailValue = (emailAnswer as string).trim();
+        }
+    }
+
     return {
         infra: infraValue,
         infraServices: infraServices,
@@ -279,6 +366,9 @@ async function promptSetupOptions(options: any): Promise<OnboardSetupOptions> {
         targetDir: targetDirValue || process.cwd(),
         basePath: basePathValue,
         plugins: pluginsValue,
+        enableSsl: enableSslValue,
+        sslDomain: sslDomainValue,
+        sslEmail: sslEmailValue,
     };
 }
 
@@ -316,6 +406,7 @@ async function main() {
         // Get target directory
         const targetDir = path.resolve(setupOptions.targetDir);
         const autoEnableNginx = shouldAutoEnableNginx(setupOptions.basePath);
+        const nginxRequired = autoEnableNginx || setupOptions.enableSsl;
 
         logDebug(`Resolved target directory: ${targetDir}`);
         showSetupSummary(setupOptions, targetDir, autoEnableNginx);
@@ -327,48 +418,66 @@ async function main() {
         // Step 2: Infrastructure setup (if --infra flag is provided)
         log.step('Step 2/6 — Infrastructure Setup');
         let selectedInfraServices: string[] = [];
+        const shouldSetupInfra = setupOptions.infra || nginxRequired;
 
-        if (setupOptions.infra) {
+        if (shouldSetupInfra) {
             // Use pre-provided services from CLI, or prompt for them
-            if (setupOptions.infraServices.length > 0) {
+            if (setupOptions.infra && setupOptions.infraServices.length > 0) {
                 selectedInfraServices = setupOptions.infraServices;
                 log.info(`Using infrastructure services: ${selectedInfraServices.join(', ')}`);
+            } else if (!setupOptions.infra && nginxRequired) {
+                selectedInfraServices = ['nginx'];
+                log.info('Nginx is required (BASE_PATH/SSL), so infrastructure compose will be generated with nginx.');
             } else {
                 // Prompt for services (interactive mode)
                 if (!autoEnableNginx) {
                     log.info('BASE_PATH is empty, nginx reverse proxy is disabled.');
-                    selectedInfraServices = await promptInfraServicesWithBasePath({ allowNginx: false });
+                    selectedInfraServices = await promptInfraServicesWithBasePath({
+                        allowNginx: false,
+                    });
                 } else {
-                    selectedInfraServices = await promptInfraServicesWithBasePath({ allowNginx: true });
+                    selectedInfraServices = await promptInfraServicesWithBasePath({
+                        allowNginx: true,
+                        defaultNginx: true,
+                    });
                 }
             }
 
-            if (autoEnableNginx && !selectedInfraServices.includes('nginx')) {
+            if (setupOptions.enableSsl && !selectedInfraServices.includes('nginx')) {
                 selectedInfraServices.push('nginx');
-                log.info('BASE_PATH is non-default, so nginx was added automatically.');
+                log.info('SSL is enabled, so nginx was added automatically.');
             }
 
-            await generateInfraCompose(targetDir, selectedInfraServices);
+            const infraHasNginx = selectedInfraServices.includes('nginx');
+            await generateInfraCompose(targetDir, selectedInfraServices, {
+                includeSsl: setupOptions.enableSsl && infraHasNginx,
+            });
         } else {
             log.info('Skipping infrastructure setup (use --infra to enable).');
         }
 
         // Step 3: Always write app docker-compose
         log.step('Step 3/6 — Application Compose Setup');
-        const includeNginxInAppCompose = autoEnableNginx && !selectedInfraServices.includes('nginx');
-        if (includeNginxInAppCompose) {
-            log.info('Including nginx in docker-compose.yaml because BASE_PATH is non-default.');
-        }
-        await writeAppCompose(targetDir, { includeNginx: includeNginxInAppCompose });
+        await writeAppCompose(targetDir, {
+            includeNginx: false,
+            includeSsl: false,
+        });
 
         // Step 4: Environment configuration
         log.step('Step 4/6 — Environment Configuration');
         const envMode = setupOptions.envMode;
+        const envOverrides = options.full
+            ? {
+                CORE_VERSION: options.coreVersion,
+                DASHBOARD_VERSION: options.dashboardVersion,
+            }
+            : undefined;
         const envVars = await promptEnvVariables(
             envMode,
             selectedInfraServices,
             setupOptions.basePath,
-            options.full || false
+            options.full || false,
+            envOverrides
         );
         await generateEnvFile(targetDir, envVars);
 
@@ -381,9 +490,12 @@ async function main() {
         }
 
         // Generate nginx.conf whenever nginx is active in either compose file
-        const nginxEnabled = selectedInfraServices.includes('nginx') || includeNginxInAppCompose;
+        const nginxEnabled = selectedInfraServices.includes('nginx');
         if (nginxEnabled) {
-            await generateNginxConfig(targetDir, setupOptions.basePath);
+            await generateNginxConfig(targetDir, setupOptions.basePath, {
+                enableSsl: setupOptions.enableSsl,
+                domain: setupOptions.sslDomain,
+            });
         }
 
         // Step 5: Plugin installation
@@ -438,7 +550,7 @@ async function main() {
 
         if (shouldStart) {
             // Start infra services first (if --infra was used)
-            if (setupOptions.infra && selectedInfraServices.length > 0) {
+            if (selectedInfraServices.length > 0) {
                 await startInfraServices(targetDir);
                 await waitForInfraHealth(targetDir);
             }
@@ -446,15 +558,30 @@ async function main() {
             // Start app services
             await startAppServices(targetDir);
 
+            if (setupOptions.enableSsl && setupOptions.sslDomain && setupOptions.sslEmail) {
+                await setupSslCertificates(targetDir, {
+                    composeFile: 'docker-compose.infra.yaml',
+                    domain: setupOptions.sslDomain,
+                    email: setupOptions.sslEmail,
+                });
+            }
+
             // Display service status
             await displayServiceStatus();
         } else {
             log.info('Services not started. You can start them later with:');
             const commands: string[] = [];
-            if (setupOptions.infra) {
+            if (selectedInfraServices.length > 0) {
                 commands.push('docker-compose -f docker-compose.infra.yaml up -d');
             }
             commands.push('docker-compose up -d');
+            if (setupOptions.enableSsl && setupOptions.sslDomain && setupOptions.sslEmail) {
+                commands.push(...getSslManualCommands({
+                    composeFile: 'docker-compose.infra.yaml',
+                    domain: setupOptions.sslDomain,
+                    email: setupOptions.sslEmail,
+                }));
+            }
             printCommandHints('Manual startup commands', commands);
         }
 

package/src/infra.ts

@@ -1,4 +1,11 @@
-import { APP_COMPOSE_TEMPLATE, APP_NGINX_SERVICE_TEMPLATE } from './templates.js';
+import {
+    APP_COMPOSE_TEMPLATE,
+    APP_NGINX_SERVICE_TEMPLATE,
+    APP_NGINX_SSL_SERVICE_TEMPLATE,
+    APP_CERTBOT_SERVICES_TEMPLATE,
+    INFRA_CERTBOT_SERVICES_TEMPLATE,
+    INFRA_CERTBOT_VOLUMES,
+} from './templates.js';
 import { writeFile, logInfo, logSuccess } from './utils.js';
 import { multiselect } from '@clack/prompts';
 import { handleCancel, spinner } from './ui.js';
@@ -8,7 +15,7 @@ import type { InfraService } from './types/domain.js';
 const INFRA_SERVICES: InfraService[] = [
     { name: 'MongoDB (Database)', value: 'mongo', checked: true },
     { name: 'Kafka (Message Queue)', value: 'kafka', checked: true },
-    { name: 'Kafka UI (Dashboard)', value: 'kafka-ui', checked: true },
+    { name: 'Kafka UI (Dashboard)', value: 'kafka-ui', checked: false },
     { name: 'Redis (Cache)', value: 'redis', checked: true },
     { name: 'Nginx (Reverse Proxy)', value: 'nginx', checked: false },
     { name: 'Loki (Log Aggregation)', value: 'loki', checked: false },
@@ -31,9 +38,15 @@ export async function promptInfraServices(): Promise<string[]> {
  */
 export async function promptInfraServicesWithBasePath(options: {
     allowNginx: boolean;
+    defaultNginx?: boolean;
 }): Promise<string[]> {
     const choices = options.allowNginx
-        ? INFRA_SERVICES
+        ? INFRA_SERVICES.map(service => {
+            if (service.value === 'nginx') {
+                return { ...service, checked: options.defaultNginx === true };
+            }
+            return service;
+        })
         : INFRA_SERVICES.filter(service => service.value !== 'nginx');
 
     const message = options.allowNginx
@@ -179,6 +192,18 @@ const SERVICE_CHUNKS: Record<string, string> = {
     restart: unless-stopped`,
 };
 
+const NGINX_INFRA_SSL_SERVICE_CHUNK = `  nginx:
+    image: nginx:alpine
+    container_name: nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./nginx.conf:/etc/nginx/conf.d/default.conf:ro"
+      - certbot-etc:/etc/letsencrypt
+      - certbot-www:/var/www/certbot
+    restart: unless-stopped`;
+
 /**
  * Service-to-volumes mapping
  */
@@ -195,7 +220,10 @@ const SERVICE_VOLUMES: Record<string, string[]> = {
 /**
  * Build docker-compose content from selected services
  */
-function buildInfraCompose(selectedServices: string[]): string {
+function buildInfraCompose(
+    selectedServices: string[],
+    options: { includeSsl?: boolean } = {}
+): string {
     // Header
     const header = `# ============================================
 # SimpleNS Infrastructure Services
@@ -212,9 +240,17 @@ services:
     const serviceBlocks: string[] = [];
     for (const service of selectedServices) {
         if (SERVICE_CHUNKS[service]) {
-            serviceBlocks.push(SERVICE_CHUNKS[service]);
+            if (service === 'nginx' && options.includeSsl === true) {
+                serviceBlocks.push(NGINX_INFRA_SSL_SERVICE_CHUNK);
+            } else {
+                serviceBlocks.push(SERVICE_CHUNKS[service]);
+            }
         }
     }
+
+    if (options.includeSsl === true) {
+        serviceBlocks.push(INFRA_CERTBOT_SERVICES_TEMPLATE);
+    }
     
     // Collect volumes for selected services
     const volumeSet = new Set<string>();
@@ -222,6 +258,12 @@ services:
         const volumes = SERVICE_VOLUMES[service] || [];
         volumes.forEach(v => volumeSet.add(v));
     }
+
+    if (options.includeSsl === true) {
+        for (const volumeName of INFRA_CERTBOT_VOLUMES) {
+            volumeSet.add(volumeName);
+        }
+    }
     
     // Build volumes section
     const volumeLines: string[] = ['', 'volumes:'];
@@ -248,13 +290,14 @@ services:
  */
 export async function generateInfraCompose(
     targetDir: string,
-    selectedServices: string[]
+    selectedServices: string[],
+    options: { includeSsl?: boolean } = {}
 ): Promise<void> {
     const s = spinner();
     s.start('Generating docker-compose.infra.yaml...');
 
     // Build compose content from service chunks
-    const infraContent = buildInfraCompose(selectedServices);
+    const infraContent = buildInfraCompose(selectedServices, options);
 
     // Write infrastructure compose file
     const infraPath = path.join(targetDir, 'docker-compose.infra.yaml');
@@ -266,17 +309,35 @@ export async function generateInfraCompose(
  * Build app docker-compose content.
  * Optionally inject nginx reverse-proxy service before the volumes section.
  */
-export function buildAppComposeContent(includeNginx: boolean): string {
-    if (!includeNginx) {
-        return APP_COMPOSE_TEMPLATE;
+export function buildAppComposeContent(
+    includeNginx: boolean,
+    options: { includeSsl?: boolean } = {}
+): string {
+    let content = APP_COMPOSE_TEMPLATE;
+    const includeSsl = options.includeSsl === true;
+    const shouldIncludeNginx = includeNginx || includeSsl;
+    const marker = '\nvolumes:';
+
+    if (!content.includes(marker)) {
+        return content;
     }
 
-    const marker = '\nvolumes:';
-    if (!APP_COMPOSE_TEMPLATE.includes(marker)) {
-        return APP_COMPOSE_TEMPLATE;
+    if (shouldIncludeNginx) {
+        const nginxBlock = includeSsl
+            ? APP_NGINX_SSL_SERVICE_TEMPLATE
+            : APP_NGINX_SERVICE_TEMPLATE;
+        content = content.replace(marker, `\n${nginxBlock}\n${marker}`);
+    }
+
+    if (includeSsl) {
+        content = content.replace(marker, `\n${APP_CERTBOT_SERVICES_TEMPLATE}\n${marker}`);
+        content = content.replace(
+            '\nvolumes:\n  plugin-data:',
+            '\nvolumes:\n  certbot-etc:\n  certbot-www:\n  plugin-data:'
+        );
     }
 
-    return APP_COMPOSE_TEMPLATE.replace(marker, `\n${APP_NGINX_SERVICE_TEMPLATE}\n${marker}`);
+    return content;
 }
 
 /**
@@ -284,12 +345,14 @@ export function buildAppComposeContent(includeNginx: boolean): string {
  */
 export async function writeAppCompose(
     targetDir: string,
-    options: { includeNginx?: boolean } = {}
+    options: { includeNginx?: boolean; includeSsl?: boolean } = {}
 ): Promise<void> {
     const s = spinner();
     s.start('Generating docker-compose.yaml...');
     const appPath = path.join(targetDir, 'docker-compose.yaml');
-    const appContent = buildAppComposeContent(options.includeNginx === true);
+    const appContent = buildAppComposeContent(options.includeNginx === true, {
+        includeSsl: options.includeSsl === true,
+    });
     await writeFile(appPath, appContent);
     s.stop('Generated docker-compose.yaml');
 }
@@ -299,7 +362,8 @@ export async function writeAppCompose(
  */
 export async function generateNginxConfig(
     targetDir: string,
-    basePath: string
+    basePath: string,
+    options: { enableSsl?: boolean; domain?: string } = {}
 ): Promise<void> {
     const s = spinner();
     s.start('Generating nginx.conf...');
@@ -307,13 +371,11 @@ export async function generateNginxConfig(
     // Normalize basePath (remove leading/trailing slashes for template)
     const normalizedPath = basePath.trim().replace(/^\/|\/$/g, '');
     const hasBasePath = normalizedPath.length > 0;
+    const enableSsl = options.enableSsl === true;
+    const domain = options.domain?.trim() || 'localhost';
 
-    // Template for nginx.conf
-    const nginxTemplate = `server {
-    listen 80;
-    server_name localhost;
-
-    location /api/notification/ {
+    const proxyRoutes = `
+    location /api {
         proxy_pass http://api:3000;
         proxy_http_version 1.1;
 
@@ -395,10 +457,44 @@ ${hasBasePath ? `
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 `}
+`;
+
+    const nginxTemplate = enableSsl
+        ? `server {
+    listen 80;
+    server_name ${domain};
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name ${domain};
+
+    ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    location = / {
+        return 302 /dashboard;
+    }
+    ${proxyRoutes}
+}
+`
+        : `server {
+    listen 80;
+    server_name localhost;${proxyRoutes}
 }
 `;
 
     const nginxPath = path.join(targetDir, 'nginx.conf');
     await writeFile(nginxPath, nginxTemplate);
-    s.stop(`Generated nginx.conf${hasBasePath ? ` with base path: /${normalizedPath}` : ' (root path)'}`);
+    const sslLabel = enableSsl ? `, SSL domain: ${domain}` : '';
+    s.stop(`Generated nginx.conf${hasBasePath ? ` with base path: /${normalizedPath}` : ' (root path)'}${sslLabel}`);
 }

package/src/services.ts

@@ -19,6 +19,15 @@ async function execDockerCompose(args: string[], cwd: string): Promise<void> {
     }
 }
 
+type ComposeFile = 'docker-compose.yaml' | 'docker-compose.infra.yaml';
+
+function withComposeFile(args: string[], composeFile?: ComposeFile): string[] {
+    if (!composeFile) {
+        return args;
+    }
+    return ['-f', composeFile, ...args];
+}
+
 /**
  * Prompts user whether to start the services immediately after setup.
  *
@@ -125,6 +134,69 @@ export async function startAppServices(targetDir: string): Promise<void> {
     }
 }
 
+export function getSslManualCommands(options: {
+    composeFile: ComposeFile;
+    domain: string;
+    email: string;
+}): string[] {
+    const composeFlag = options.composeFile === 'docker-compose.infra.yaml'
+        ? '-f docker-compose.infra.yaml '
+        : '';
+
+    return [
+        `docker compose ${composeFlag}up -d nginx certbot certbot-renew`,
+        `docker compose ${composeFlag}exec -T certbot certbot certonly --webroot -w /var/www/certbot --email ${options.email} --agree-tos --no-eff-email -d ${options.domain} --non-interactive`,
+        `docker compose ${composeFlag}exec -T nginx nginx -s reload`,
+        `docker compose ${composeFlag}up -d certbot-renew`,
+    ];
+}
+
+export async function setupSslCertificates(targetDir: string, options: {
+    composeFile: ComposeFile;
+    domain: string;
+    email: string;
+}): Promise<void> {
+    logInfo(`Setting up SSL certificate for ${options.domain}...`);
+
+    const s = spinner();
+    const composeArgs = (args: string[]) => withComposeFile(args, options.composeFile);
+
+    s.start('Ensuring nginx/certbot services are running...');
+    await execDockerCompose(composeArgs(['up', '-d', 'nginx', 'certbot']), targetDir);
+    s.stop('Nginx and certbot services are running');
+
+    s.start('Requesting initial certificate from Let\'s Encrypt...');
+    await execDockerCompose(
+        composeArgs([
+            'exec',
+            '-T',
+            'certbot',
+            'certbot',
+            'certonly',
+            '--webroot',
+            '-w',
+            '/var/www/certbot',
+            '--email',
+            options.email,
+            '--agree-tos',
+            '--no-eff-email',
+            '-d',
+            options.domain,
+            '--non-interactive',
+        ]),
+        targetDir
+    );
+    s.stop('Initial certificate issued');
+
+    s.start('Reloading nginx to apply certificates...');
+    await execDockerCompose(composeArgs(['exec', '-T', 'nginx', 'nginx', '-s', 'reload']), targetDir);
+    s.stop('Nginx reloaded');
+
+    s.start('Starting automatic certificate renewal service...');
+    await execDockerCompose(composeArgs(['up', '-d', 'certbot-renew']), targetDir);
+    s.stop('Certificate auto-renewal service started');
+}
+
 /**
  * Display service status and URLs
  */