# CertRemind CertRemind monitors the TLS/SSL certificate expiry dates of registered HTTPS sites and sends reminders through in-app alerts, webhooks, and browser push notifications. ## Requirements - Node.js v22 - pnpm - Docker Compose - PostgreSQL - OpenSSL ## Development Setup ```text pnpm install docker compose up -d postgres pnpm dev ``` Development URLs: ```text Frontend: http://127.0.0.1:5173/ API: http://127.0.0.1:3000 ``` Run the one-shot certificate monitor: ```text pnpm monitor:once ``` Run the certificate monitor worker every hour: ```text pnpm monitor:worker ``` Run quality checks: ```text pnpm lint pnpm test pnpm exec vite build ``` ## Database The initial schema is in `db/schema.sql`. Docker Compose loads it when the PostgreSQL volume is first created. If an existing database volume is already present, schema changes are not reapplied automatically. Apply the relevant `ALTER TABLE` statements from `db/schema.sql`, or recreate the development volume when data loss is acceptable. ## Environment Variables Copy `.env.example` to `.env` for local development. | Name | Required | Default | Purpose | | --- | --- | --- | --- | | `NODE_ENV` | No | `development` | Runtime mode. `production` enables secure cookies. | | `PORT` | No | `3000` | API server port. | | `DATABASE_URL` | No | `postgres://certremind:certremind@localhost:5432/certremind` | PostgreSQL connection string. | | `COOKIE_SECRET` | Reserved | none | Reserved for future signed-cookie support. | | `VAPID_PUBLIC_KEY` | For Push | empty | Browser Push public key. | | `VAPID_PRIVATE_KEY` | For Push | empty | Browser Push private key. Push delivery fails gracefully if missing. | | `VAPID_SUBJECT` | For Push | `mailto:admin@example.com` | VAPID contact subject. | | `OPENSSL_PATH` | No | `openssl` | OpenSSL executable path. On Windows, the app can also detect Git's bundled `openssl.exe`. | ## Operational Notes - Run `pnpm monitor:worker` as a long-lived Node process for hourly certificate checks. - `pnpm monitor:once` remains available for manual checks or external schedulers. - The monitor limits concurrent external certificate checks and records per-site failures without stopping the whole run. - Webhook URLs and monitored site URLs must be HTTPS and reject localhost/private IPv4 targets. - Existing browser Push subscriptions require valid VAPID keys to deliver successfully.