[Feat] Server SSLs (phase 1)

[RichardAnderson]

This pull request introduces a comprehensive refactor and expansion of SSL certificate management from the server. It adds new action classes for creating, activating, deactivating, and deleting SSLs directly on servers, and introduces a new ServerSSLController for API endpoints. The changes also improve certificate parsing and validation, and update naming conventions for consistency. Below are the most important changes grouped by theme.

Server-level SSL Management

• Added new action classes for server SSL operations: CreateServerSsl, CreateServerCsr, InstallCustomServerSsl, CreateLetsEncryptWildcardSsl, ActivateServerSsl, and DeactivateServerSsl, enabling creation, installation, activation, and deactivation of SSLs directly on servers. [1] [2] [3] [4] [5] [6]
• Introduced ServerSSLController with endpoints for listing, creating, activating, downloading, and deleting server SSLs via the API.

Certificate Handling and Validation

• Added CertificateParser class for robust parsing of PEM certificates, extracting expiry dates and domains from SANs, with improved validation and error handling.
• Enhanced input validation in SSL creation actions, including domain parsing and CSR field checks. [1] [2] [3]

CSR Generation

• Added a new type of server SSL called CSR (Certificate Signing Request).
• Added the ability to download a CSR from the Server SSL interface
• Added the ability to activate a certificate from a CSR

Wildcard LetsEncrypt Certificates

• Added a new type of server SSL called "Wildcard Certificate (Lets Encrypt)", eligible for domains managed by Vito. DNS verification will be automated to allow generation of the SSL certificate.

Deletion Logic and Naming Consistency

• Refactored DeleteSSL to DeleteSsl, and updated all references for naming consistency. Added logic for deleting server-level SSLs, including job dispatching and logging. [1] [2] [3] [4] [5] [6]

Enums and Domain Modeling

• Added CSR type to the SslType enum and updated color mapping logic.

Job Dispatching and Logging

• All SSL actions now log events and dispatch jobs to appropriate queues for asynchronous processing (ssh, ssh-certbot). [1] [2] [3] [4] [5]

These changes provide a robust foundation for managing SSL certificates at the server level, with improved validation, API support, and job-based processing.

[Copilot]

Pull request overview

This PR introduces server-level SSL certificate management (CSR generation, custom cert install, and LetsEncrypt wildcard issuance) backed by queued SSH jobs, plus new web/API endpoints and UI to manage these certificates.

Changes:

• Added server SSL create/activate/deactivate/delete flows with new action classes, jobs, and websocket broadcasting.
• Extended the SSL domain model (server/domain associations, CSR metadata, wildcard/CSR flags) and updated Horizon queues/config.
• Added a new server SSL UI (Inertia/React) and OpenAPI documentation, plus new feature/unit test coverage.

Reviewed changes

Copilot reviewed 61 out of 62 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
tests/Unit/SSH/Services/Database/GetUsersTest.php	Adds RefreshDatabase for isolation.
tests/Unit/SSH/Services/Database/GetDatabasesTest.php	Adds RefreshDatabase for isolation.
tests/Unit/SSH/Services/Database/GetCharsetsTest.php	Adds RefreshDatabase for isolation.
tests/Unit/Plugins/PluginTest.php	Adds RefreshDatabase for isolation.
tests/Unit/Plugins/LegacyPluginsTest.php	Adds RefreshDatabase for isolation.
tests/Unit/NotificationChannels/TelegramTest.php	Adds RefreshDatabase for isolation.
tests/Unit/NotificationChannels/SlackTest.php	Adds RefreshDatabase for isolation.
tests/Unit/NotificationChannels/EmailTest.php	Adds RefreshDatabase for isolation.
tests/Unit/NotificationChannels/DiscordTest.php	Adds RefreshDatabase for isolation.
tests/Unit/Helpers/AgentTest.php	Adds RefreshDatabase for isolation.
tests/Unit/DNSProviders/CloudflareTest.php	Adds RefreshDatabase for isolation.
tests/Unit/Actions/SSL/ParseDomainsTest.php	Adds unit coverage for CSR domain parsing helper.
tests/Feature/ServerSslTest.php	Adds end-to-end coverage for server SSL UI flows (CSR/custom/activate/delete/download).
resources/views/ssh/ssl/wildcard-prepare.blade.php	Adds certbot workspace preparation script.
resources/views/ssh/ssl/wildcard-cleanup-hook.blade.php	Adds certbot manual cleanup hook script.
resources/views/ssh/ssl/wildcard-cleanup-artifacts.blade.php	Adds cleanup for hook artifacts and certbot state files.
resources/views/ssh/ssl/wildcard-auth-hook.blade.php	Adds certbot manual auth hook script.
resources/views/ssh/ssl/delete-ssl.blade.php	Adds server-side SSL deletion script (incl. wildcard certbot delete).
resources/views/ssh/ssl/deactivate-ssl.blade.php	Adds server-side “deactivate” script (re-encrypt key and remove cert files).
resources/views/ssh/ssl/csr-config.blade.php	Adds OpenSSL config template for CSR generation.
resources/views/ssh/ssl/create-wildcard-ssl.blade.php	Adds certbot command template for wildcard issuance.
resources/views/ssh/ssl/create-csr.blade.php	Adds OpenSSL CSR generation command template.
resources/views/ssh/ssl/activate-ssl.blade.php	Adds activation command template (optional key decryption).
resources/js/types/ssl.d.ts	Extends frontend SSL type for server-level fields (CSR/wildcard/domains).
resources/js/pages/server-ssls/index.tsx	Adds server SSL listing page.
resources/js/pages/server-ssls/components/create-server-ssl.tsx	Adds sheet form to create CSR/custom/wildcard SSLs.
resources/js/pages/server-ssls/components/columns.tsx	Adds data table columns and actions (activate/deactivate/delete/log view).
resources/js/pages/server-ssls/components/activate-server-ssl.tsx	Adds activation UI for CSR (certificate/CA bundle input).
resources/js/layouts/server/layout.tsx	Adds “SSL” nav item in server layout.
public/api-docs/openapi/server-ssl.yaml	Adds OpenAPI paths for server SSL endpoints.
public/api-docs/openapi/schemas/SSL.yaml	Extends SSL schema for CSR data and server-level fields.
database/migrations/2026_03_19_195030_add_has_csr_to_ssls_table.php	Adds has_csr flag to ssls table.
database/migrations/2026_03_19_155628_add_is_wildcard_to_ssls_table.php	Adds is_wildcard flag to ssls table.
database/migrations/2026_03_19_151925_add_domain_id_to_ssls_table.php	Adds nullable domain_id foreign key to ssls table.
database/migrations/2026_03_19_095004_update_ssls_table_add_server_id_and_csr_data.php	Adds nullable server_id, CSR metadata columns, and relaxes nullability on legacy columns.
database/factories/SslFactory.php	Adds serverLevel() factory state for server SSLs.
config/horizon.php	Adds ssh-certbot queue/supervisor configuration.
config/core.php	Adds core.server_ssl_types configuration list.
app/Traits/BroadcastsSslEvents.php	Adds shared websocket broadcast + failure handling for SSL jobs.
app/Policies/SslPolicy.php	Adds server-level SSL policy methods (view/create/delete/activate).
app/Models/Ssl.php	Extends SSL model with server/domain relations, CSR fields, flags, casts, fillables.
app/Models/Server.php	Adds ssls() relationship.
app/Jobs/SSL/InstallCustomServerSslJob.php	Implements SSH-side installation for custom server SSL.
app/Jobs/SSL/DeleteServerSslJob.php	Implements SSH-side deletion for server SSLs (incl wildcard certbot delete).
app/Jobs/SSL/DeactivateServerSslJob.php	Implements SSH-side deactivation/revert-to-CSR behavior.
app/Jobs/SSL/CreateServerCsrJob.php	Implements SSH-side CSR generation and CSR path storage.
app/Jobs/SSL/CreateLetsEncryptWildcardSslJob.php	Implements certbot-based wildcard issuance with DNS record automation.
app/Jobs/SSL/ActivateServerSslJob.php	Implements SSH-side activation for CSR-based SSLs.
app/Http/Resources/SslResource.php	Extends SSL API resource to include server-level fields + limited CSR data.
app/Http/Controllers/ServerSslController.php	Adds web endpoints for listing/creating/activating/downloading/deleting server SSLs.
app/Http/Controllers/SSLController.php	Updates to renamed DeleteSsl action.
app/Http/Controllers/API/ServerSSLController.php	Adds API endpoints for server SSL management.
app/Http/Controllers/API/SSLController.php	Updates to renamed DeleteSsl action.
app/Enums/SslType.php	Adds CSR type and updates color mapping.
app/Actions/SSL/InstallCustomServerSsl.php	Adds action to validate/parse/install custom server SSLs.
app/Actions/SSL/DeleteSsl.php	Refactors delete action and adds server-level deletion job dispatch.
app/Actions/SSL/DeactivateServerSsl.php	Adds server SSL deactivation action.
app/Actions/SSL/CreateServerSsl.php	Adds server SSL “router” action to delegate to specific creators.
app/Actions/SSL/CreateServerCsr.php	Adds server CSR creation action + domain parsing helper.
app/Actions/SSL/CreateLetsEncryptWildcardSsl.php	Adds action to request wildcard SSL issuance and enqueue certbot job.
app/Actions/SSL/CertificateParser.php	Adds PEM parsing utility (domains + expiry extraction).
app/Actions/SSL/ActivateServerSsl.php	Adds CSR activation action with parsing/validation and job dispatch.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.