Maintenant

Fixes

Certificate monitor soft-delete replaced with hard delete

Deleting a certificate monitor used to flip an active=0 flag instead of removing the row. Combined with UNIQUE(hostname, port), this caused several user-visible problems:

• Auto-detection on a previously-deleted host:port silently resurrected the soft-deleted row with default settings, overriding user intent.
• Ghost rows accumulated forever since no retention cleaned them up.
• The standalone quota counter occasionally drifted from what was visible in the UI (see #20).
• The active flag was overloaded across three unrelated states (user-deleted, endpoint-removed, label-removed), making the code hard to reason about.

v1.2.5 removes the soft-delete pattern entirely. Dropping a monitor now issues a real DELETE, and cert_check_results / cert_chain_entries follow via ON DELETE CASCADE. The schema active column is gone. Auto-detection creates a fresh monitor when the same host:port reappears instead of reviving stale state.

A migration runs automatically on startup (12_cert_hard_delete) and purges any existing soft-deleted rows along with their check history. These rows were already hidden from the UI and from quota counters, so no user-visible data is lost.

HTTPS endpoints no longer consume the standalone certificate quota

Adding an HTTPS endpoint used to create a separate standalone certificate monitor on top of the auto-detected one, which double-counted against the Community Edition quota (max 5 standalone certificates) and blocked future auto-detection for the same host.

TLS monitoring for HTTPS endpoints is now unconditional and quota-free. The redundant "Monitor TLS" checkbox has been removed from the endpoint creation form.

Quota counter in the UI is now reactive

The Community Edition quota badge captured the edition object at mount time and never re-rendered after the asynchronous load completed, so the counter was invisible on first render and stale after each delete/auto-discover. It now tracks the source data reactively and refreshes on endpoint, certificate, heartbeat, and status-page lifecycle events (debounced).

Duplicate name conflicts now return 409

Several POST /api/v1/* handlers (alerts, certificates, heartbeats, posture, status admin, updates, webhooks) returned 500 Internal Server Error on name conflicts instead of 409 Conflict. Create errors are now logged server-side, and duplicate names surface with the correct HTTP status.

Improvements

Navigation order

Main navigation now follows the monitoring hierarchy: Endpoints → Certificates → Heartbeats.

Slideover padding

CertificateDetail and the Kubernetes / Swarm detail panels had inconsistent padding, causing cert progress bars and long SANs to bleed to the slideover edges. All detail panels now share a px-5 root with proper word-breaking on long identifiers (#20).

Upgrading from v1.2.4

docker compose pull && docker compose up -d --force-recreate

Migration: 12_cert_hard_delete runs automatically. It rebuilds cert_monitors, cert_check_results, and cert_chain_entries to add ON DELETE CASCADE and to drop the active column. On databases with many check results this may take a few seconds; the service is unavailable during the migration.

No configuration changes required.