feat(api/cert): enhance certificate info retrieval

- Introduced a new method `GetCertInfos` to fetch details of all available certificates. - Updated the `Info` handler to return an array of `CertInfo` instead of a single certificate. - Improved error handling for cases with no available certificates. - Refactored related error messages for clarity.
2026-04-24 17:28:31 +02:00 · 2026-01-07 10:54:33 +08:00
parent 08f4d9e95f
commit 9205af3a4f
4 changed files with 63 additions and 37 deletions
--- a/internal/autocert/provider.go
+++ b/internal/autocert/provider.go
@@ -55,10 +55,20 @@ type (
 	}

 	CertExpiries map[string]time.Time
-	RenewMode    uint8
+
+	CertInfo struct {
+		Subject        string   `json:"subject"`
+		Issuer         string   `json:"issuer"`
+		NotBefore      int64    `json:"not_before"`
+		NotAfter       int64    `json:"not_after"`
+		DNSNames       []string `json:"dns_names"`
+		EmailAddresses []string `json:"email_addresses"`
+	} // @name CertInfo
+
+	RenewMode uint8
 )

-var ErrNoCertificate = errors.New("no certificate found")
+var ErrNoCertificates = errors.New("no certificates found")

 const (
 	// renew failed for whatever reason, 1 hour cooldown
@@ -98,7 +108,7 @@ func NewProvider(cfg *Config, user *User, legoCfg *lego.Config) (*Provider, erro

 func (p *Provider) GetCert(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	if p.tlsCert == nil {
-		return nil, ErrNoCertificate
+		return nil, ErrNoCertificates
 	}
 	if hello == nil || hello.ServerName == "" {
 		return p.tlsCert, nil
@@ -109,6 +119,29 @@ func (p *Provider) GetCert(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
 	return p.tlsCert, nil
 }

+func (p *Provider) GetCertInfos() ([]CertInfo, error) {
+	allProviders := p.allProviders()
+	certInfos := make([]CertInfo, 0, len(allProviders))
+	for _, provider := range allProviders {
+		if provider.tlsCert == nil {
+			continue
+		}
+		certInfos = append(certInfos, CertInfo{
+			Subject:        provider.tlsCert.Leaf.Subject.CommonName,
+			Issuer:         provider.tlsCert.Leaf.Issuer.CommonName,
+			NotBefore:      provider.tlsCert.Leaf.NotBefore.Unix(),
+			NotAfter:       provider.tlsCert.Leaf.NotAfter.Unix(),
+			DNSNames:       provider.tlsCert.Leaf.DNSNames,
+			EmailAddresses: provider.tlsCert.Leaf.EmailAddresses,
+		})
+	}
+
+	if len(certInfos) == 0 {
+		return nil, ErrNoCertificates
+	}
+	return certInfos, nil
+}
+
 func (p *Provider) GetName() string {
 	if p.cfg.idx == 0 {
 		return "main"