Merge pull request #2966 from fosrl/dev

Try to pull domains from host regex
2026-05-07 00:39:53 +00:00 · 2026-05-01 20:54:09 -07:00 · 2026-05-01 20:53:39 -07:00 · 2026-05-01 17:35:29 -07:00 · 2026-05-01 17:34:05 -07:00 · 2026-05-01 17:02:41 -07:00
41 changed files with 1039 additions and 417 deletions
--- a/cli/commands/rotateServerSecret.ts
+++ b/cli/commands/rotateServerSecret.ts
@@ -1,5 +1,5 @@
 import { CommandModule } from "yargs";
-import { db, idpOidcConfig, licenseKey } from "@server/db";
+import { db, idpOidcConfig, licenseKey, certificates, eventStreamingDestinations, alertWebhookActions } from "@server/db";
 import { encrypt, decrypt } from "@server/lib/crypto";
 import { configFilePath1, configFilePath2 } from "@server/lib/consts";
 import { eq } from "drizzle-orm";
@@ -129,9 +129,15 @@ export const rotateServerSecret: CommandModule<
            console.log("\nReading encrypted data from database...");
            const idpConfigs = await db.select().from(idpOidcConfig);
            const licenseKeys = await db.select().from(licenseKey);
+            const certs = await db.select().from(certificates);
+            const streamingDestinations = await db.select().from(eventStreamingDestinations);
+            const webhookActions = await db.select().from(alertWebhookActions);

            console.log(`Found ${idpConfigs.length} OIDC IdP configuration(s)`);
            console.log(`Found ${licenseKeys.length} license key(s)`);
+            console.log(`Found ${certs.length} certificate(s)`);
+            console.log(`Found ${streamingDestinations.length} event streaming destination(s)`);
+            console.log(`Found ${webhookActions.length} alert webhook action(s)`);

            // Prepare all decrypted and re-encrypted values
            console.log("\nDecrypting and re-encrypting values...");
@@ -149,8 +155,27 @@ export const rotateServerSecret: CommandModule<
                encryptedInstanceId: string;
            };

+            type CertUpdate = {
+                certId: number;
+                encryptedCertFile: string | null;
+                encryptedKeyFile: string | null;
+            };
+
+            type StreamingDestinationUpdate = {
+                destinationId: number;
+                encryptedConfig: string;
+            };
+
+            type WebhookActionUpdate = {
+                webhookActionId: number;
+                encryptedConfig: string;
+            };
+
            const idpUpdates: IdpUpdate[] = [];
            const licenseKeyUpdates: LicenseKeyUpdate[] = [];
+            const certUpdates: CertUpdate[] = [];
+            const streamingDestinationUpdates: StreamingDestinationUpdate[] = [];
+            const webhookActionUpdates: WebhookActionUpdate[] = [];

            // Process idpOidcConfig entries
            for (const idpConfig of idpConfigs) {
@@ -217,6 +242,70 @@ export const rotateServerSecret: CommandModule<
                }
            }

+            // Process certificate entries
+            for (const cert of certs) {
+                try {
+                    const encryptedCertFile = cert.certFile
+                        ? encrypt(decrypt(cert.certFile, oldSecret), newSecret)
+                        : null;
+                    const encryptedKeyFile = cert.keyFile
+                        ? encrypt(decrypt(cert.keyFile, oldSecret), newSecret)
+                        : null;
+
+                    certUpdates.push({
+                        certId: cert.certId,
+                        encryptedCertFile,
+                        encryptedKeyFile
+                    });
+                } catch (error) {
+                    console.error(
+                        `Error processing certificate ${cert.certId} (${cert.domain}):`,
+                        error
+                    );
+                    throw error;
+                }
+            }
+
+            // Process eventStreamingDestinations entries
+            for (const dest of streamingDestinations) {
+                try {
+                    const decryptedConfig = decrypt(dest.config, oldSecret);
+                    const encryptedConfig = encrypt(decryptedConfig, newSecret);
+
+                    streamingDestinationUpdates.push({
+                        destinationId: dest.destinationId,
+                        encryptedConfig
+                    });
+                } catch (error) {
+                    console.error(
+                        `Error processing event streaming destination ${dest.destinationId}:`,
+                        error
+                    );
+                    throw error;
+                }
+            }
+
+            // Process alertWebhookActions entries
+            for (const webhook of webhookActions) {
+                try {
+                    if (webhook.config == null) continue;
+
+                    const decryptedConfig = decrypt(webhook.config, oldSecret);
+                    const encryptedConfig = encrypt(decryptedConfig, newSecret);
+
+                    webhookActionUpdates.push({
+                        webhookActionId: webhook.webhookActionId,
+                        encryptedConfig
+                    });
+                } catch (error) {
+                    console.error(
+                        `Error processing alert webhook action ${webhook.webhookActionId}:`,
+                        error
+                    );
+                    throw error;
+                }
+            }
+
            // Perform all database updates in a single transaction
            console.log("\nUpdating database in transaction...");
            await db.transaction(async (trx) => {
@@ -250,10 +339,50 @@ export const rotateServerSecret: CommandModule<
                        instanceId: update.encryptedInstanceId
                    });
                }
+
+                // Update certificate entries
+                for (const update of certUpdates) {
+                    await trx
+                        .update(certificates)
+                        .set({
+                            certFile: update.encryptedCertFile,
+                            keyFile: update.encryptedKeyFile
+                        })
+                        .where(eq(certificates.certId, update.certId));
+                }
+
+                // Update event streaming destination entries
+                for (const update of streamingDestinationUpdates) {
+                    await trx
+                        .update(eventStreamingDestinations)
+                        .set({ config: update.encryptedConfig })
+                        .where(
+                            eq(
+                                eventStreamingDestinations.destinationId,
+                                update.destinationId
+                            )
+                        );
+                }
+
+                // Update alert webhook action entries
+                for (const update of webhookActionUpdates) {
+                    await trx
+                        .update(alertWebhookActions)
+                        .set({ config: update.encryptedConfig })
+                        .where(
+                            eq(
+                                alertWebhookActions.webhookActionId,
+                                update.webhookActionId
+                            )
+                        );
+                }
            });

            console.log(`Rotated ${idpUpdates.length} OIDC IdP configuration(s)`);
            console.log(`Rotated ${licenseKeyUpdates.length} license key(s)`);
+            console.log(`Rotated ${certUpdates.length} certificate(s)`);
+            console.log(`Rotated ${streamingDestinationUpdates.length} event streaming destination(s)`);
+            console.log(`Rotated ${webhookActionUpdates.length} alert webhook action(s)`);

            // Update config file with new secret
            console.log("\nUpdating config file...");
@@ -270,6 +399,9 @@ export const rotateServerSecret: CommandModule<
            console.log(`\nSummary:`);
            console.log(`  - OIDC IdP configurations: ${idpUpdates.length}`);
            console.log(`  - License keys: ${licenseKeyUpdates.length}`);
+            console.log(`  - Certificates: ${certUpdates.length}`);
+            console.log(`  - Event streaming destinations: ${streamingDestinationUpdates.length}`);
+            console.log(`  - Alert webhook actions: ${webhookActionUpdates.length}`);
            console.log(
                `\n  IMPORTANT: Restart the server for the new secret to take effect.`
            );
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Крайна точка",
    "newtId": "Идентификационен номер",
    "newtSecretKey": "Секретен ключ",
+    "newtVersion": "Версия",
    "architecture": "Архитектура",
    "sites": "Сайтове",
    "siteWgAnyClients": "Използвайте клиент на WireGuard, за да се свържете. Ще трябва да използвате вътрешните ресурси чрез IP адреса на връстника.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Уайлдкард подсайтове не са позволени.",
    "domainPickerWildcardCertWarning": "Ресурсите с уайлдкард може да изискват допълнителна конфигурация за правилна работа.",
    "domainPickerWildcardCertWarningLink": "Научете повече",
-    "health": "Здраве"
+    "health": "Здраве",
+    "domainPendingErrorTitle": "Проблем при проверка"
 }
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Tajný klíč",
+    "newtVersion": "Verze",
    "architecture": "Architektura",
    "sites": "Stránky",
    "siteWgAnyClients": "K připojení použijte jakéhokoli klienta WireGuard. Budete muset řešit interní zdroje pomocí klientské IP adresy.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Zástupné poddomény nejsou povoleny.",
    "domainPickerWildcardCertWarning": "Zástupné zdroje mohou vyžadovat dodatečnou konfiguraci pro správnou funkci.",
    "domainPickerWildcardCertWarningLink": "Zjistit více",
-    "health": "Zdraví"
+    "health": "Zdraví",
+    "domainPendingErrorTitle": "Problém s ověřením"
 }
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpunkt",
    "newtId": "ID",
    "newtSecretKey": "Geheimnis",
+    "newtVersion": "Version",
    "architecture": "Architektur",
    "sites": "Standorte",
    "siteWgAnyClients": "Verwenden Sie jeden WireGuard-Client um sich zu verbinden. Sie müssen interne Ressourcen über die Peer-IP ansprechen.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Wildcard-Subdomains sind nicht erlaubt.",
    "domainPickerWildcardCertWarning": "Wildcard-Ressourcen erfordern möglicherweise zusätzliche Konfigurationen, um ordnungsgemäß zu funktionieren.",
    "domainPickerWildcardCertWarningLink": "Mehr erfahren",
-    "health": "Gesundheit"
+    "health": "Gesundheit",
+    "domainPendingErrorTitle": "Verifizierungsproblem"
 }
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Secret",
+    "newtVersion": "Version",
    "architecture": "Architecture",
    "sites": "Sites",
    "siteWgAnyClients": "Use any WireGuard client to connect. You will have to address internal resources using the peer IP.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Wildcard subdomains are not allowed.",
    "domainPickerWildcardCertWarning": "Wildcard resources may require additional configuration to work properly.",
    "domainPickerWildcardCertWarningLink": "Learn more",
-    "health": "Health"
+    "health": "Health",
+    "domainPendingErrorTitle": "Verification Issue"
 }
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Secreto",
+    "newtVersion": "Versión",
    "architecture": "Arquitectura",
    "sites": "Sitios",
    "siteWgAnyClients": "Usa cualquier cliente de Wirex para conectarte. Tendrás que dirigirte a los recursos internos usando la IP de compañeros.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "No se permiten subdominios comodín.",
    "domainPickerWildcardCertWarning": "Los recursos comodín pueden requerir configuración adicional para funcionar correctamente.",
    "domainPickerWildcardCertWarningLink": "Más información",
-    "health": "Salud"
+    "health": "Salud",
+    "domainPendingErrorTitle": "Problema de verificación"
 }
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Secrète",
+    "newtVersion": "Version",
    "architecture": "Architecture",
    "sites": "Nœuds",
    "siteWgAnyClients": "Utilisez n'importe quel client WireGuard pour vous connecter. Vous devrez adresser des ressources internes en utilisant l'adresse IP du pair.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Les sous-domaines Joker ne sont pas autorisés.",
    "domainPickerWildcardCertWarning": "Les ressources Joker peuvent nécessiter une configuration supplémentaire pour fonctionner correctement.",
    "domainPickerWildcardCertWarningLink": "En savoir plus",
-    "health": "Santé"
+    "health": "Santé",
+    "domainPendingErrorTitle": "Problème de vérification"
 }
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Segreto",
+    "newtVersion": "Versione",
    "architecture": "Architettura",
    "sites": "Siti",
    "siteWgAnyClients": "Usa qualsiasi client WireGuard per connetterti. Dovrai indirizzare le risorse interne utilizzando l'IP del peer.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "I sottodomini wildcard non sono permessi.",
    "domainPickerWildcardCertWarning": "Le risorse wildcard potrebbero richiedere configurazioni aggiuntive per funzionare correttamente.",
    "domainPickerWildcardCertWarningLink": "Scopri di più",
-    "health": "Salute"
+    "health": "Salute",
+    "domainPendingErrorTitle": "Problema di Verifica"
 }
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "엔드포인트",
    "newtId": "ID",
    "newtSecretKey": "비밀",
+    "newtVersion": "버전",
    "architecture": "아키텍처",
    "sites": "사이트",
    "siteWgAnyClients": "WireGuard 클라이언트를 사용하여 연결하십시오. 피어 IP를 사용하여 내부 리소스에 접근해야 합니다.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "와일드카드 서브도메인은 허용되지 않습니다.",
    "domainPickerWildcardCertWarning": "와일드카드 리소스는 올바르게 작동하려면 추가 구성이 필요할 수 있습니다.",
    "domainPickerWildcardCertWarningLink": "자세히 알아보기",
-    "health": "건강"
+    "health": "건강",
+    "domainPendingErrorTitle": "확인 문제"
 }
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Sikkerhetsnøkkel",
+    "newtVersion": "Versjon",
    "architecture": "Arkitektur",
    "sites": "Områder",
    "siteWgAnyClients": "Bruk hvilken som helst WireGuard klient til å koble til. Du må adressere interne ressurser ved hjelp av peer IP.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Jokertegnsubdomener er ikke tillatt.",
    "domainPickerWildcardCertWarning": "Jokertegnressurser kan kreve ekstra konfigurasjon for å fungere skikkelig.",
    "domainPickerWildcardCertWarningLink": "Lær mer",
-    "health": "Helse"
+    "health": "Helse",
+    "domainPendingErrorTitle": "Verifiseringsproblem"
 }
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Geheim",
+    "newtVersion": "Versie",
    "architecture": "Architectuur",
    "sites": "Sites",
    "siteWgAnyClients": "Gebruik een willekeurige WireGuard client om verbinding te maken. Je zult interne bronnen moeten aanspreken met behulp van de peer IP.",
@@ -3168,7 +3169,7 @@
    "publicIpEndpoint": "Eindpunt",
    "lastTriggeredAt": "Laatste Trigger",
    "reject": "Afwijzen",
-    "uptimeDaysAgo": "{count} days ago",
+    "uptimeDaysAgo": "{count} dagen geleden",
    "uptimeToday": "Vandaag",
    "uptimeNoDataAvailable": "Geen gegevens beschikbaar",
    "uptimeSuffix": "werktijd",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Wildcard-subdomeinen zijn niet toegestaan.",
    "domainPickerWildcardCertWarning": "Wildcard-bronnen hebben mogelijk extra configuratie nodig om correct te werken.",
    "domainPickerWildcardCertWarningLink": "Meer informatie",
-    "health": "Gezondheid"
+    "health": "Gezondheid",
+    "domainPendingErrorTitle": "Verificatieprobleem"
 }
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Sekret",
+    "newtVersion": "Wersja",
    "architecture": "Architektura",
    "sites": "Witryny",
    "siteWgAnyClients": "Użyj dowolnego klienta WireGuard, aby się połączyć. Będziesz musiał przekierować wewnętrzne zasoby za pomocą adresu IP.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Uniwersalne subdomeny nie są dozwolone.",
    "domainPickerWildcardCertWarning": "Uniwersalne zasoby mogą wymagać dodatkowej konfiguracji, aby działać poprawnie.",
    "domainPickerWildcardCertWarningLink": "Dowiedz się więcej",
-    "health": "Zdrowie"
+    "health": "Zdrowie",
+    "domainPendingErrorTitle": "Problem z weryfikacją"
 }
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Chave Secreta",
+    "newtVersion": "Versão",
    "architecture": "Arquitetura",
    "sites": "sites",
    "siteWgAnyClients": "Use qualquer cliente do WireGuard para se conectar. Você terá que endereçar recursos internos usando o IP de pares.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Subdomínios curinga não são permitidos.",
    "domainPickerWildcardCertWarning": "Recursos curinga podem exigir configurações adicionais para funcionarem corretamente.",
    "domainPickerWildcardCertWarningLink": "Saiba mais",
-    "health": "Saúde"
+    "health": "Saúde",
+    "domainPendingErrorTitle": "Problema de Verificação"
 }
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "Секретный ключ",
+    "newtVersion": "Версия",
    "architecture": "Архитектура",
    "sites": "Сайты",
    "siteWgAnyClients": "Для подключения используйте любой клиент WireGuard. Вы должны будете адресовать внутренние ресурсы, используя IP адрес пира.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Wildcard поддомены не допускаются.",
    "domainPickerWildcardCertWarning": "Wildcard ресурсы могут потребовать дополнительной настройки для правильной работы.",
    "domainPickerWildcardCertWarningLink": "Узнать больше",
-    "health": "Состояние"
+    "health": "Состояние",
+    "domainPendingErrorTitle": "Проблема с подтверждением"
 }
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Uç Nokta",
    "newtId": "Kimlik",
    "newtSecretKey": "Gizli",
+    "newtVersion": "Sürüm",
    "architecture": "Mimari",
    "sites": "Siteler",
    "siteWgAnyClients": "Herhangi bir WireGuard istemcisi kullanarak bağlanın. Dahili kaynaklara eş IP adresini kullanarak erişmeniz gerekecek.",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "Genel alt alanlara izin verilmiyor.",
    "domainPickerWildcardCertWarning": "Genel kaynaklar düzgün çalışmak için ek yapılandırma gerektirebilir.",
    "domainPickerWildcardCertWarningLink": "Daha fazla bilgi",
-    "health": "Sağlık"
+    "health": "Sağlık",
+    "domainPendingErrorTitle": "Doğrulama Sorunu"
 }
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -763,6 +763,7 @@
    "newtEndpoint": "Endpoint",
    "newtId": "ID",
    "newtSecretKey": "密钥",
+    "newtVersion": "版本",
    "architecture": "架构",
    "sites": "站点",
    "siteWgAnyClients": "使用任何 WireGuard 客户端连接。您必须使用对等IP解决内部资源问题。",
@@ -3201,5 +3202,6 @@
    "domainPickerWildcardSubdomainNotAllowed": "不允许使用通配符子域。",
    "domainPickerWildcardCertWarning": "通配符资源可能需要额外配置才能正常工作。",
    "domainPickerWildcardCertWarningLink": "了解更多",
-    "health": "健康"
+    "health": "健康",
+    "domainPendingErrorTitle": "验证问题"
 }
--- a/package-lock.json
+++ b/package-lock.json
@@ -1005,14 +1005,13 @@
            }
        },
        "node_modules/@aws-sdk/xml-builder": {
-            "version": "3.972.22",
-            "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.22.tgz",
-            "integrity": "sha512-PMYKKtJd70IsSG0yHrdAbxBr+ZWBKLvzFZfD3/urxgf6hXVMzuU5M+3MJ5G67RpOmLBu1fAUN65SbWuKUCOlAA==",
+            "version": "3.972.16",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.16.tgz",
+            "integrity": "sha512-iu2pyvaqmeatIJLURLqx9D+4jKAdTH20ntzB6BFwjyN7V960r4jK32mx0Zf7YbtOYAbmbtQfDNuL60ONinyw7A==",
            "license": "Apache-2.0",
            "dependencies": {
-                "@nodable/entities": "2.1.0",
-                "@smithy/types": "^4.14.1",
-                "fast-xml-parser": "5.7.2",
+                "@smithy/types": "^4.13.1",
+                "fast-xml-parser": "5.5.8",
                "tslib": "^2.6.2"
            },
            "engines": {
@@ -1059,6 +1058,7 @@
            "integrity": "sha512-CGOfOJqWjg2qW/Mb6zNsDm+u5vFQ8DxXfbM09z69p5Z6+mE1ikP2jUXw+j42Pf1XTYED2Rni5f95npYeuwMDQA==",
            "dev": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@babel/code-frame": "^7.29.0",
                "@babel/generator": "^7.29.0",
@@ -2354,6 +2354,7 @@
            "cpu": [
                "arm64"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2376,6 +2377,7 @@
            "cpu": [
                "x64"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2398,6 +2400,7 @@
            "cpu": [
                "arm64"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2414,6 +2417,7 @@
            "cpu": [
                "x64"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2430,6 +2434,7 @@
            "cpu": [
                "arm"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2446,6 +2451,7 @@
            "cpu": [
                "arm64"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2462,6 +2468,7 @@
            "cpu": [
                "ppc64"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2478,6 +2485,7 @@
            "cpu": [
                "s390x"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2494,6 +2502,7 @@
            "cpu": [
                "x64"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2510,6 +2519,7 @@
            "cpu": [
                "arm64"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2526,6 +2536,7 @@
            "cpu": [
                "x64"
            ],
+            "dev": true,
            "license": "LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2542,6 +2553,7 @@
            "cpu": [
                "arm"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2564,6 +2576,7 @@
            "cpu": [
                "arm64"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2586,6 +2599,7 @@
            "cpu": [
                "ppc64"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2608,6 +2622,7 @@
            "cpu": [
                "s390x"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2630,6 +2645,7 @@
            "cpu": [
                "x64"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2652,6 +2668,7 @@
            "cpu": [
                "arm64"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2674,6 +2691,7 @@
            "cpu": [
                "x64"
            ],
+            "dev": true,
            "license": "Apache-2.0",
            "optional": true,
            "os": [
@@ -2696,6 +2714,7 @@
            "cpu": [
                "wasm32"
            ],
+            "dev": true,
            "license": "Apache-2.0 AND LGPL-3.0-or-later AND MIT",
            "optional": true,
            "dependencies": {
@@ -2715,6 +2734,7 @@
            "cpu": [
                "arm64"
            ],
+            "dev": true,
            "license": "Apache-2.0 AND LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2734,6 +2754,7 @@
            "cpu": [
                "ia32"
            ],
+            "dev": true,
            "license": "Apache-2.0 AND LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -2753,6 +2774,7 @@
            "cpu": [
                "x64"
            ],
+            "dev": true,
            "license": "Apache-2.0 AND LGPL-3.0-or-later",
            "optional": true,
            "os": [
@@ -3012,6 +3034,7 @@
            "integrity": "sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw==",
            "dev": true,
            "license": "MIT",
+            "peer": true,
            "engines": {
                "node": "^14.21.3 || >=16"
            },
@@ -3048,18 +3071,6 @@
                "url": "https://paulmillr.com/funding/"
            }
        },
-        "node_modules/@nodable/entities": {
-            "version": "2.1.0",
-            "resolved": "https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz",
-            "integrity": "sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==",
-            "funding": [
-                {
-                    "type": "github",
-                    "url": "https://github.com/sponsors/nodable"
-                }
-            ],
-            "license": "MIT"
-        },
        "node_modules/@node-rs/argon2": {
            "version": "2.0.2",
            "resolved": "https://registry.npmjs.org/@node-rs/argon2/-/argon2-2.0.2.tgz",
@@ -6970,6 +6981,7 @@
            "resolved": "https://registry.npmjs.org/@react-email/text/-/text-0.1.6.tgz",
            "integrity": "sha512-TYqkioRS45wTR5il3dYk/SbUjjEdhSwh9BtRNB99qNH1pXAwA45H7rAuxehiu8iJQJH0IyIr+6n62gBz9ezmsw==",
            "license": "MIT",
+            "peer": true,
            "engines": {
                "node": ">=20.0.0"
            },
@@ -7554,9 +7566,9 @@
            }
        },
        "node_modules/@smithy/types": {
-            "version": "4.14.1",
-            "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.14.1.tgz",
-            "integrity": "sha512-59b5HtSVrVR/eYNei3BUj3DCPKD/G7EtDDe7OEJE7i7FtQFugYo6MxbotS8mVJkLNVf8gYaAlEBwwtJ9HzhWSg==",
+            "version": "4.13.1",
+            "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.13.1.tgz",
+            "integrity": "sha512-787F3yzE2UiJIQ+wYW1CVg2odHjmaWLGksnKQHUrK/lYZSEcy1msuLVvxaR/sI2/aDe9U+TBuLsXnr3vod1g0g==",
            "license": "Apache-2.0",
            "dependencies": {
                "tslib": "^2.6.2"
@@ -8430,6 +8442,7 @@
            "version": "5.90.21",
            "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.90.21.tgz",
            "integrity": "sha512-0Lu6y5t+tvlTJMTO7oh5NSpJfpg/5D41LlThfepTixPYkJ0sE2Jj0m0f6yYqujBwIXlId87e234+MxG3D3g7kg==",
+            "peer": true,
            "dependencies": {
                "@tanstack/query-core": "5.90.20"
            },
@@ -8545,6 +8558,7 @@
            "integrity": "sha512-NMv9ASNARoKksWtsq/SHakpYAYnhBrQgGD8zkLYk/jaK8jUGn08CfEdTRgYhMypUQAfzSP8W6gNLe0q19/t4VA==",
            "devOptional": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@types/node": "*"
            }
@@ -8892,6 +8906,7 @@
            "integrity": "sha512-sKYVuV7Sv9fbPIt/442koC7+IIwK5olP1KWeD88e/idgoJqDm3JV/YUiPwkoKK92ylff2MGxSz1CSjsXelx0YA==",
            "dev": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@types/body-parser": "*",
                "@types/express-serve-static-core": "^5.0.0",
@@ -8987,6 +9002,7 @@
            "integrity": "sha512-oX8xrhvpiyRCQkG1MFchB09f+cXftgIXb3a7UUa4Y3wpmZPw5tyZGTLWhlESOLq1Rq6oDlc8npVU2/9xiCuXMA==",
            "devOptional": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "undici-types": "~7.18.0"
            }
@@ -9014,6 +9030,7 @@
            "integrity": "sha512-gT+oueVQkqnj6ajGJXblFR4iavIXWsGAFCk3dP4Kki5+a9R4NMt0JARdk6s8cUKcfUoqP5dAtDSLU8xYUTFV+Q==",
            "devOptional": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@types/node": "*",
                "pg-protocol": "*",
@@ -9039,6 +9056,7 @@
            "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz",
            "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==",
            "devOptional": true,
+            "peer": true,
            "dependencies": {
                "csstype": "^3.2.2"
            }
@@ -9049,6 +9067,7 @@
            "integrity": "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ==",
            "devOptional": true,
            "license": "MIT",
+            "peer": true,
            "peerDependencies": {
                "@types/react": "^19.2.0"
            }
@@ -9135,8 +9154,7 @@
            "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
            "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
            "license": "MIT",
-            "optional": true,
-            "peer": true
+            "optional": true
        },
        "node_modules/@types/ws": {
            "version": "8.18.1",
@@ -9210,6 +9228,7 @@
            "integrity": "sha512-klQbnPAAiGYFyI02+znpBRLyjL4/BrBd0nyWkdC0s/6xFLkXYQ8OoRrSkqacS1ddVxf/LDyODIKbQ5TgKAf/Fg==",
            "dev": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@typescript-eslint/scope-manager": "8.56.1",
                "@typescript-eslint/types": "8.56.1",
@@ -9683,6 +9702,7 @@
            "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==",
            "dev": true,
            "license": "MIT",
+            "peer": true,
            "bin": {
                "acorn": "bin/acorn"
            },
@@ -10132,6 +10152,7 @@
            "integrity": "sha512-Ixm8tFfoKKIPYdCCKYTsqv+Fd4IJ0DQqMyEimo+pxUOMUR9cVPlwTrFt9Avu+3cb6Zp3mAzl+t1MrG2fxxKsxw==",
            "devOptional": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@babel/types": "^7.26.0"
            }
@@ -10203,6 +10224,7 @@
            "integrity": "sha512-Ba0KR+Fzxh2jDRhdg6TSH0SJGzb8C0aBY4hR8w8madIdIzzC6Y1+kx5qR6eS1Z+Gy20h6ZU28aeyg0z1VIrShQ==",
            "hasInstallScript": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "bindings": "^1.5.0",
                "prebuild-install": "^7.1.1"
@@ -10331,6 +10353,7 @@
                }
            ],
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "baseline-browser-mapping": "^2.9.0",
                "caniuse-lite": "^1.0.30001759",
@@ -11237,6 +11260,7 @@
            "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz",
            "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==",
            "license": "ISC",
+            "peer": true,
            "engines": {
                "node": ">=12"
            }
@@ -11677,7 +11701,6 @@
            "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz",
            "integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==",
            "license": "(MPL-2.0 OR Apache-2.0)",
-            "peer": true,
            "engines": {
                "node": ">=20"
            },
@@ -12312,6 +12335,7 @@
            "dev": true,
            "hasInstallScript": true,
            "license": "MIT",
+            "peer": true,
            "bin": {
                "esbuild": "bin/esbuild"
            },
@@ -12397,6 +12421,7 @@
            "integrity": "sha512-COV33RzXZkqhG9P2rZCFl9ZmJ7WL+gQSCRzE7RhkbclbQPtLAWReL7ysA0Sh4c8Im2U9ynybdR56PV0XcKvqaQ==",
            "dev": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.8.0",
                "@eslint-community/regexpp": "^4.12.2",
@@ -12533,6 +12558,7 @@
            "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==",
            "dev": true,
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@rtsao/scc": "^1.1.0",
                "array-includes": "^3.1.9",
@@ -12926,6 +12952,7 @@
            "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz",
            "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==",
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "accepts": "^2.0.0",
                "body-parser": "^2.2.1",
@@ -13091,9 +13118,9 @@
            "license": "BSD-3-Clause"
        },
        "node_modules/fast-xml-builder": {
-            "version": "1.1.5",
-            "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz",
-            "integrity": "sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==",
+            "version": "1.1.4",
+            "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz",
+            "integrity": "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==",
            "funding": [
                {
                    "type": "github",
@@ -13106,9 +13133,9 @@
            }
        },
        "node_modules/fast-xml-parser": {
-            "version": "5.7.2",
-            "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz",
-            "integrity": "sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w==",
+            "version": "5.5.8",
+            "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.8.tgz",
+            "integrity": "sha512-Z7Fh2nVQSb2d+poDViM063ix2ZGt9jmY1nWhPfHBOK2Hgnb/OW3P4Et3P/81SEej0J7QbWtJqxO05h8QYfK7LQ==",
            "funding": [
                {
                    "type": "github",
@@ -13117,10 +13144,9 @@
            ],
            "license": "MIT",
            "dependencies": {
-                "@nodable/entities": "^2.1.0",
-                "fast-xml-builder": "^1.1.5",
-                "path-expression-matcher": "^1.5.0",
-                "strnum": "^2.2.3"
+                "fast-xml-builder": "^1.1.4",
+                "path-expression-matcher": "^1.2.0",
+                "strnum": "^2.2.0"
            },
            "bin": {
                "fxparser": "src/cli/cli.js"
@@ -15344,7 +15370,6 @@
            "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.55.1.tgz",
            "integrity": "sha512-jz4x+TJNFHwHtwuV9vA9rMujcZRb0CEilTEwG2rRSpe/A7Jdkuj8xPKttCgOh+v/lkHy7HsZ64oj+q3xoAFl9A==",
            "license": "MIT",
-            "peer": true,
            "dependencies": {
                "dompurify": "3.2.7",
                "marked": "14.0.0"
@@ -15355,7 +15380,6 @@
            "resolved": "https://registry.npmjs.org/marked/-/marked-14.0.0.tgz",
            "integrity": "sha512-uIj4+faQ+MgHgwUW1l2PsPglZLOLOT1uErt06dAPtx2kjteLAkbsd/0FiYg/MGS+i7ZKLb7w2WClxHkzOOuryQ==",
            "license": "MIT",
-            "peer": true,
            "bin": {
                "marked": "bin/marked.js"
            },
@@ -15444,6 +15468,7 @@
            "resolved": "https://registry.npmjs.org/next/-/next-15.5.15.tgz",
            "integrity": "sha512-VSqCrJwtLVGwAVE0Sb/yikrQfkwkZW9p+lL/J4+xe+G3ZA+QnWPqgcfH1tDUEuk9y+pthzzVFp4L/U8JerMfMQ==",
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@next/env": "15.5.15",
                "@swc/helpers": "0.5.15",
@@ -16307,9 +16332,9 @@
            }
        },
        "node_modules/path-expression-matcher": {
-            "version": "1.5.0",
-            "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz",
-            "integrity": "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.2.0.tgz",
+            "integrity": "sha512-DwmPWeFn+tq7TiyJ2CxezCAirXjFxvaiD03npak3cRjlP9+OjTmSy1EpIrEbh+l6JgUundniloMLDQ/6VTdhLQ==",
            "funding": [
                {
                    "type": "github",
@@ -16403,6 +16428,7 @@
            "resolved": "https://registry.npmjs.org/pg/-/pg-8.20.0.tgz",
            "integrity": "sha512-ldhMxz2r8fl/6QkXnBD3CR9/xg694oT6DZQ2s6c/RI28OjtSOpxnPrUCGOBJ46RCUxcWdx3p6kw/xnDHjKvaRA==",
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "pg-connection-string": "^2.12.0",
                "pg-pool": "^3.13.0",
@@ -16910,6 +16936,7 @@
            "resolved": "https://registry.npmjs.org/react/-/react-19.2.4.tgz",
            "integrity": "sha512-9nfp2hYpCwOjAN+8TZFGhtWEwgvWHXqESH8qT89AT/lWklpLON22Lc8pEtnpsZz7VmawabSU0gCjnj8aC0euHQ==",
            "license": "MIT",
+            "peer": true,
            "engines": {
                "node": ">=0.10.0"
            }
@@ -16941,6 +16968,7 @@
            "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.4.tgz",
            "integrity": "sha512-AXJdLo8kgMbimY95O2aKQqsz2iWi9jMgKJhRBAxECE4IFxfcazB2LmzloIoibJI3C12IlY20+KFaLv+71bUJeQ==",
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "scheduler": "^0.27.0"
            },
@@ -17233,6 +17261,7 @@
            "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.71.2.tgz",
            "integrity": "sha512-1CHvcDYzuRUNOflt4MOq3ZM46AronNJtQ1S7tnX6YN4y72qhgiUItpacZUAQ0TyWYci3yz1X+rXaSxiuEm86PA==",
            "license": "MIT",
+            "peer": true,
            "engines": {
                "node": ">=18.0.0"
            },
@@ -18550,9 +18579,9 @@
            }
        },
        "node_modules/strnum": {
-            "version": "2.2.3",
-            "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz",
-            "integrity": "sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg==",
+            "version": "2.2.2",
+            "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.2.tgz",
+            "integrity": "sha512-DnR90I+jtXNSTXWdwrEy9FakW7UX+qUZg28gj5fk2vxxl7uS/3bpI4fjFYVmdK9etptYBPNkpahuQnEwhwECqA==",
            "funding": [
                {
                    "type": "github",
@@ -18694,7 +18723,8 @@
            "version": "4.2.2",
            "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.2.2.tgz",
            "integrity": "sha512-KWBIxs1Xb6NoLdMVqhbhgwZf2PGBpPEiwOqgI4pFIYbNTfBXiKYyWoTsXgBQ9WFg/OlhnvHaY+AEpW7wSmFo2Q==",
-            "license": "MIT"
+            "license": "MIT",
+            "peer": true
        },
        "node_modules/tapable": {
            "version": "2.3.2",
@@ -19169,6 +19199,7 @@
            "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
            "devOptional": true,
            "license": "Apache-2.0",
+            "peer": true,
            "bin": {
                "tsc": "bin/tsc",
                "tsserver": "bin/tsserver"
@@ -19596,6 +19627,7 @@
            "resolved": "https://registry.npmjs.org/winston/-/winston-3.19.0.tgz",
            "integrity": "sha512-LZNJgPzfKR+/J3cHkxcpHKpKKvGfDZVPS4hfJCc4cCG0CgYzvlD6yE/S3CIL/Yt91ak327YCpiF/0MyeZHEHKA==",
            "license": "MIT",
+            "peer": true,
            "dependencies": {
                "@colors/colors": "^1.6.0",
                "@dabh/diagnostics": "^2.0.8",
@@ -19802,6 +19834,7 @@
            "resolved": "https://registry.npmjs.org/zod/-/zod-4.3.6.tgz",
            "integrity": "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg==",
            "license": "MIT",
+            "peer": true,
            "funding": {
                "url": "https://github.com/sponsors/colinhacks"
            }
--- a/public/screenshots/hero.png
+++ b/public/screenshots/hero.png
--- a/public/screenshots/private-resources.png
+++ b/public/screenshots/private-resources.png
--- a/public/screenshots/public-resources.png
+++ b/public/screenshots/public-resources.png
--- a/public/screenshots/sites.png
+++ b/public/screenshots/sites.png
--- a/public/screenshots/user-devices.png
+++ b/public/screenshots/user-devices.png
--- a/public/screenshots/users.png
+++ b/public/screenshots/users.png
--- a/server/emails/templates/NotifyTrialExpiring.tsx
+++ b/server/emails/templates/NotifyTrialExpiring.tsx
@@ -64,7 +64,7 @@ export const NotifyTrialExpiring = ({

                                <EmailText>
                                    Some features and resources may now be
-                                    restricted or disconnected. To restore full
+                                    restricted. To restore full
                                    access and continue using all the features
                                    you had during your trial, please upgrade to
                                    a paid plan.
@@ -85,7 +85,7 @@ export const NotifyTrialExpiring = ({
                                    <strong>{orgName}</strong> will end on{" "}
                                    <strong>{trialEndsAt}</strong>
                                    {isLastDay
-                                        ? " — that's tomorrow!"
+                                        ? " - that's tomorrow!"
                                        : `, in ${daysRemaining} days`}
                                    .
                                </EmailText>
@@ -93,8 +93,7 @@ export const NotifyTrialExpiring = ({
                                <EmailText>
                                    After your trial ends, your account will be
                                    moved to the free plan and some
-                                    functionality may be restricted or your
-                                    sites may disconnect.
+                                    functionality may be restricted.
                                </EmailText>

                                <EmailText>
--- a/server/lib/billing/limitSet.ts
+++ b/server/lib/billing/limitSet.ts
@@ -25,7 +25,7 @@ export const tier1LimitSet: LimitSet = {

 export const tier2LimitSet: LimitSet = {
    [FeatureId.USERS]: {
-        value: 100,
+        value: 50,
        description: "Team limit"
    },
    [FeatureId.SITES]: {
@@ -48,7 +48,7 @@ export const tier2LimitSet: LimitSet = {

 export const tier3LimitSet: LimitSet = {
    [FeatureId.USERS]: {
-        value: 500,
+        value: 250,
        description: "Business limit"
    },
    [FeatureId.SITES]: {
--- a/server/lib/blueprints/clientResources.ts
+++ b/server/lib/blueprints/clientResources.ts
@@ -131,41 +131,22 @@ export async function updateClientResources(
            : [];

        const allSites: { siteId: number }[] = [];
+
        if (resourceData.site) {
-            let siteSingle;
-            const resourceSiteId = resourceData.site;
-
-            if (resourceSiteId) {
-                // Look up site by niceId
-                [siteSingle] = await trx
-                    .select({ siteId: sites.siteId })
-                    .from(sites)
-                    .where(
-                        and(
-                            eq(sites.niceId, resourceSiteId),
-                            eq(sites.orgId, orgId)
-                        )
+            // Look up site by niceId
+            const [siteSingle] = await trx
+                .select({ siteId: sites.siteId })
+                .from(sites)
+                .where(
+                    and(
+                        eq(sites.niceId, resourceData.site),
+                        eq(sites.orgId, orgId)
                    )
-                    .limit(1);
-            } else if (siteId) {
-                // Use the provided siteId directly, but verify it belongs to the org
-                [siteSingle] = await trx
-                    .select({ siteId: sites.siteId })
-                    .from(sites)
-                    .where(
-                        and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))
-                    )
-                    .limit(1);
-            } else {
-                throw new Error(`Target site is required`);
+                )
+                .limit(1);
+            if (siteSingle) {
+                allSites.push(siteSingle);
            }
-
-            if (!siteSingle) {
-                throw new Error(
-                    `Site not found: ${resourceSiteId} in org ${orgId}`
-                );
-            }
-            allSites.push(siteSingle);
        }

        if (resourceData.sites) {
@@ -180,15 +161,31 @@ export async function updateClientResources(
                        )
                    )
                    .limit(1);
-                if (!site) {
-                    throw new Error(
-                        `Site not found: ${siteId} in org ${orgId}`
-                    );
+                if (site) {
+                    allSites.push(site);
                }
-                allSites.push(site);
            }
        }

+        if (siteId && allSites.length === 0) {
+            // only add if there are not provided sites
+            // Use the provided siteId directly, but verify it belongs to the org
+            const [siteSingle] = await trx
+                .select({ siteId: sites.siteId })
+                .from(sites)
+                .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId)))
+                .limit(1);
+            if (siteSingle) {
+                allSites.push(siteSingle);
+            }
+        }
+
+        if (allSites.length === 0) {
+            throw new Error(
+                `No valid sites found for private private resource ${resourceNiceId} in org ${orgId}`
+            );
+        }
+
        if (existingResource) {
            let domainInfo:
                | { subdomain: string | null; domainId: string }
--- a/server/lib/traefik/TraefikConfigManager.ts
+++ b/server/lib/traefik/TraefikConfigManager.ts
@@ -535,6 +535,24 @@ export class TraefikConfigManager {
                        if (match && match[1]) {
                            domains.add(match[1]);
                        }
+                        // Match HostRegexp(`^[^.]+\.parent.domain$`) generated for wildcard resources
+                        const hostRegexpMatch = router.rule.match(
+                            /HostRegexp\(`([^`]+)`\)/
+                        );
+                        if (hostRegexpMatch && hostRegexpMatch[1]) {
+                            const innerRegex = hostRegexpMatch[1];
+                            // Pattern is always ^[^.]+\.PARENT_DOMAIN$ where dots are escaped as \.
+                            const domainMatch = innerRegex.match(
+                                /^\^\[\^\.\]\+\\\.(.+)\$$/
+                            );
+                            if (domainMatch && domainMatch[1]) {
+                                const parentDomain = domainMatch[1].replace(
+                                    /\\\./g,
+                                    "."
+                                );
+                                domains.add(`*.${parentDomain}`);
+                            }
+                        }
                    }
                }
            }
--- a/server/private/lib/acmeCertSync.ts
+++ b/server/private/lib/acmeCertSync.ts
@@ -12,6 +12,7 @@
 */

 import fs from "fs";
+import path from "path";
 import crypto from "crypto";
 import {
    certificates,
@@ -274,12 +275,244 @@ function detectWildcard(
    return { wildcard: false, wildcardSan: null };
 }

+interface HttpCert {
+    wildcard: boolean;
+    altName: string;
+    certName: string;
+    commonName: string;
+    certFile: string;
+    keyFile: string;
+}
+
+async function syncAcmeCertsFromHttp(endpoint: string): Promise<void> {
+    let response: Response;
+    try {
+        response = await fetch(endpoint);
+    } catch (err) {
+        logger.debug(
+            `acmeCertSync: could not reach HTTP endpoint ${endpoint}: ${err}`
+        );
+        return;
+    }
+
+    if (!response.ok) {
+        logger.debug(
+            `acmeCertSync: HTTP endpoint returned status ${response.status}`
+        );
+        return;
+    }
+
+    let httpCerts: HttpCert[];
+    try {
+        httpCerts = await response.json();
+    } catch (err) {
+        logger.debug(
+            `acmeCertSync: could not parse JSON from HTTP endpoint: ${err}`
+        );
+        return;
+    }
+
+    if (!Array.isArray(httpCerts) || httpCerts.length === 0) {
+        logger.debug(
+            `acmeCertSync: no certificates returned from HTTP endpoint`
+        );
+        return;
+    }
+
+    for (const cert of httpCerts) {
+        const domain = cert?.certName;
+
+        if (!domain || typeof domain !== "string") {
+            logger.debug(
+                `acmeCertSync: skipping HTTP cert with missing certName`
+            );
+            continue;
+        }
+
+        const certPem = cert.certFile;
+        const keyPem = cert.keyFile;
+
+        if (!certPem?.trim() || !keyPem?.trim()) {
+            logger.debug(
+                `acmeCertSync: skipping HTTP cert for ${domain} - empty certFile or keyFile`
+            );
+            continue;
+        }
+
+        const firstCertPemForValidation = extractFirstCert(certPem);
+        if (!firstCertPemForValidation) {
+            logger.debug(
+                `acmeCertSync: skipping HTTP cert for ${domain} - no PEM certificate block found`
+            );
+            continue;
+        }
+
+        let validatedX509: crypto.X509Certificate;
+        try {
+            validatedX509 = new crypto.X509Certificate(
+                firstCertPemForValidation
+            );
+        } catch (err) {
+            logger.debug(
+                `acmeCertSync: skipping HTTP cert for ${domain} - invalid X.509 certificate: ${err}`
+            );
+            continue;
+        }
+
+        try {
+            crypto.createPrivateKey(keyPem);
+        } catch (err) {
+            logger.debug(
+                `acmeCertSync: skipping HTTP cert for ${domain} - invalid private key: ${err}`
+            );
+            continue;
+        }
+
+        const wildcard = cert.wildcard ?? false;
+
+        const existing = await db
+            .select()
+            .from(certificates)
+            .where(eq(certificates.domain, domain))
+            .limit(1);
+
+        let oldCertPem: string | null = null;
+        let oldKeyPem: string | null = null;
+
+        if (existing.length > 0 && existing[0].certFile) {
+            try {
+                const storedCertPem = decrypt(
+                    existing[0].certFile,
+                    config.getRawConfig().server.secret!
+                );
+                const wildcardUnchanged = existing[0].wildcard === wildcard;
+                if (storedCertPem === certPem && wildcardUnchanged) {
+                    continue;
+                }
+                oldCertPem = storedCertPem;
+                if (existing[0].keyFile) {
+                    try {
+                        oldKeyPem = decrypt(
+                            existing[0].keyFile,
+                            config.getRawConfig().server.secret!
+                        );
+                    } catch (keyErr) {
+                        logger.debug(
+                            `acmeCertSync: could not decrypt stored key for ${domain}: ${keyErr}`
+                        );
+                    }
+                }
+            } catch (err) {
+                logger.debug(
+                    `acmeCertSync: could not decrypt stored cert for ${domain}, will update: ${err}`
+                );
+            }
+        }
+
+        let expiresAt: number | null = null;
+        try {
+            expiresAt = Math.floor(
+                new Date(validatedX509.validTo).getTime() / 1000
+            );
+        } catch (err) {
+            logger.debug(
+                `acmeCertSync: could not parse cert expiry for ${domain}: ${err}`
+            );
+        }
+
+        const encryptedCert = encrypt(
+            certPem,
+            config.getRawConfig().server.secret!
+        );
+        const encryptedKey = encrypt(
+            keyPem,
+            config.getRawConfig().server.secret!
+        );
+        const now = Math.floor(Date.now() / 1000);
+
+        const domainId = await findDomainId(domain);
+        if (domainId) {
+            logger.debug(
+                `acmeCertSync: resolved domainId "${domainId}" for HTTP cert domain "${domain}"`
+            );
+        } else {
+            logger.debug(
+                `acmeCertSync: no matching domain record found for HTTP cert domain "${domain}"`
+            );
+        }
+
+        if (existing.length > 0) {
+            logger.debug(
+                `acmeCertSync: updating existing certificate (HTTP) for ${domain} (expires ${expiresAt ? new Date(expiresAt * 1000).toISOString() : "unknown"})`
+            );
+            await db
+                .update(certificates)
+                .set({
+                    certFile: encryptedCert,
+                    keyFile: encryptedKey,
+                    status: "valid",
+                    expiresAt,
+                    updatedAt: now,
+                    wildcard,
+                    ...(domainId !== null && { domainId })
+                })
+                .where(eq(certificates.domain, domain));
+
+            await pushCertUpdateToAffectedNewts(
+                domain,
+                domainId,
+                oldCertPem,
+                oldKeyPem
+            );
+        } else {
+            logger.debug(
+                `acmeCertSync: inserting new certificate (HTTP) for ${domain} (expires ${expiresAt ? new Date(expiresAt * 1000).toISOString() : "unknown"})`
+            );
+            await db.insert(certificates).values({
+                domain,
+                domainId,
+                certFile: encryptedCert,
+                keyFile: encryptedKey,
+                status: "valid",
+                expiresAt,
+                createdAt: now,
+                updatedAt: now,
+                wildcard
+            });
+
+            await pushCertUpdateToAffectedNewts(domain, domainId, null, null);
+        }
+    }
+}
+
+function findAcmeJsonFiles(dirPath: string): string[] {
+    const results: string[] = [];
+    let entries: fs.Dirent[];
+    try {
+        entries = fs.readdirSync(dirPath, { withFileTypes: true });
+    } catch (err) {
+        logger.warn(
+            `acmeCertSync: could not read directory "${dirPath}": ${err}`
+        );
+        return results;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dirPath, entry.name);
+        if (entry.isDirectory()) {
+            results.push(...findAcmeJsonFiles(fullPath));
+        } else if (entry.isFile() && entry.name === "acme.json") {
+            results.push(fullPath);
+        }
+    }
+    return results;
+}
+
 async function syncAcmeCerts(acmeJsonPath: string): Promise<void> {
    let raw: string;
    try {
        raw = fs.readFileSync(acmeJsonPath, "utf8");
    } catch (err) {
-        logger.debug(`acmeCertSync: could not read ${acmeJsonPath}: ${err}`);
+        logger.warn(`acmeCertSync: could not read "${acmeJsonPath}": ${err}`);
        return;
    }

@@ -287,7 +520,9 @@ async function syncAcmeCerts(acmeJsonPath: string): Promise<void> {
    try {
        acmeJson = JSON.parse(raw);
    } catch (err) {
-        logger.debug(`acmeCertSync: could not parse acme.json: ${err}`);
+        logger.warn(
+            `acmeCertSync: could not parse "${acmeJsonPath}" as JSON: ${err}`
+        );
        return;
    }

@@ -389,11 +624,7 @@ async function syncAcmeCerts(acmeJsonPath: string): Promise<void> {
        const existing = await db
            .select()
            .from(certificates)
-            .where(
-                and(
-                    eq(certificates.domain, domain)
-                )
-            )
+            .where(and(eq(certificates.domain, domain)))
            .limit(1);

        let oldCertPem: string | null = null;
@@ -408,7 +639,7 @@ async function syncAcmeCerts(acmeJsonPath: string): Promise<void> {
                const wildcardUnchanged = existing[0].wildcard === wildcard;
                if (storedCertPem === certPem && wildcardUnchanged) {
                    // logger.debug(
-                        // `acmeCertSync: cert for ${domain} is unchanged, skipping`
+                    // `acmeCertSync: cert for ${domain} is unchanged, skipping`
                    // );
                    continue;
                }
@@ -547,19 +778,62 @@ export function initAcmeCertSync(): void {
        privateConfigData.acme?.acme_json_path ??
        "config/letsencrypt/acme.json";
    const intervalMs = privateConfigData.acme?.sync_interval_ms ?? 5000;
+    const httpEndpoint = privateConfigData.acme?.acme_http_endpoint;

    logger.debug(
        `acmeCertSync: starting ACME cert sync from "${acmeJsonPath}" across all resolvers every ${intervalMs}ms`
    );
+    if (httpEndpoint) {
+        logger.debug(
+            `acmeCertSync: also syncing from HTTP endpoint "${httpEndpoint}" every ${intervalMs}ms`
+        );
+    }
+
+    const runSync = () => {
+        if (httpEndpoint) {
+            syncAcmeCertsFromHttp(httpEndpoint).catch((err) => {
+                logger.error(`acmeCertSync: error during HTTP sync: ${err}`);
+            });
+        } else {
+            // only run the file-based sync if the HTTP endpoint is not configured, to avoid doubling up
+            let stat: fs.Stats | null = null;
+            try {
+                stat = fs.statSync(acmeJsonPath);
+            } catch (err) {
+                logger.warn(
+                    `acmeCertSync: cannot stat path "${acmeJsonPath}": ${err}`
+                );
+                return;
+            }
+
+            if (stat.isDirectory()) {
+                const files = findAcmeJsonFiles(acmeJsonPath);
+                if (files.length === 0) {
+                    logger.debug(
+                        `acmeCertSync: no acme.json files found in directory "${acmeJsonPath}"`
+                    );
+                    return;
+                }
+                logger.debug(
+                    `acmeCertSync: found ${files.length} acme.json file(s) in directory "${acmeJsonPath}"`
+                );
+                for (const file of files) {
+                    syncAcmeCerts(file).catch((err) => {
+                        logger.error(
+                            `acmeCertSync: error during sync of "${file}": ${err}`
+                        );
+                    });
+                }
+            } else {
+                syncAcmeCerts(acmeJsonPath).catch((err) => {
+                    logger.error(`acmeCertSync: error during sync: ${err}`);
+                });
+            }
+        }
+    };

    // Run immediately on init, then on the configured interval
-    syncAcmeCerts(acmeJsonPath).catch((err) => {
-        logger.error(`acmeCertSync: error during initial sync: ${err}`);
-    });
+    runSync();

-    setInterval(() => {
-        syncAcmeCerts(acmeJsonPath).catch((err) => {
-            logger.error(`acmeCertSync: error during sync: ${err}`);
-        });
-    }, intervalMs);
+    setInterval(runSync, intervalMs);
 }
--- a/server/private/lib/billing/getOrgTierData.ts
+++ b/server/private/lib/billing/getOrgTierData.ts
@@ -19,12 +19,13 @@ import { eq, and, ne } from "drizzle-orm";

 export async function getOrgTierData(
    orgId: string
-): Promise<{ tier: Tier | null; active: boolean }> {
+): Promise<{ tier: Tier | null; active: boolean; isTrial: boolean }> {
    let tier: Tier | null = null;
    let active = false;
+    let isTrial = false;

    if (build !== "saas") {
-        return { tier, active };
+        return { tier, active, isTrial };
    }

    try {
@@ -35,7 +36,7 @@ export async function getOrgTierData(
            .limit(1);

        if (!org) {
-            return { tier, active };
+            return { tier, active, isTrial };
        }

        let orgIdToUse = org.orgId;
@@ -44,7 +45,7 @@ export async function getOrgTierData(
                logger.warn(
                    `Org ${orgId} is not a billing org and does not have a billingOrgId`
                );
-                return { tier, active };
+                return { tier, active, isTrial };
            }
            orgIdToUse = org.billingOrgId;
        }
@@ -57,7 +58,7 @@ export async function getOrgTierData(
            .limit(1);

        if (!customer) {
-            return { tier, active };
+            return { tier, active, isTrial };
        }

        // Query for active subscriptions that are not license type
@@ -84,11 +85,13 @@ export async function getOrgTierData(
                tier = subscription.type;
                active = true;
            }
+
+            isTrial = subscription.trial ?? false;
        }
    } catch (error) {
        // If org not found or error occurs, return null tier and inactive
        // This is acceptable behavior as per the function signature
    }

-    return { tier, active };
+    return { tier, active, isTrial };
 }
--- a/server/private/lib/readConfigFile.ts
+++ b/server/private/lib/readConfigFile.ts
@@ -21,173 +21,172 @@ import { getEnvOrYaml } from "@server/lib/getEnvOrYaml";

 const portSchema = z.number().positive().gt(0).lte(65535);

-export const privateConfigSchema = z.object({
-    app: z
-        .object({
-            region: z.string().optional().default("default"),
-            base_domain: z.string().optional(),
-            identity_provider_mode: z.enum(["global", "org"]).optional()
-        })
-        .optional()
-        .default({
-            region: "default"
-        }),
-    server: z
-        .object({
-            reo_client_id: z
-                .string()
-                .optional()
-                .transform(getEnvOrYaml("REO_CLIENT_ID")),
-            fossorial_api: z
-                .string()
-                .optional()
-                .default("https://api.fossorial.io"),
-            fossorial_api_key: z
-                .string()
-                .optional()
-                .transform(getEnvOrYaml("FOSSORIAL_API_KEY"))
-        })
-        .optional()
-        .prefault({}),
-    redis: z
-        .object({
-            host: z.string(),
-            port: portSchema,
-            password: z
-                .string()
-                .optional()
-                .transform(getEnvOrYaml("REDIS_PASSWORD")),
-            db: z.int().nonnegative().optional().default(0),
-            replicas: z
-                .array(
-                    z.object({
-                        host: z.string(),
-                        port: portSchema,
-                        password: z.string().optional(),
-                        db: z.int().nonnegative().optional().default(0)
+export const privateConfigSchema = z
+    .object({
+        app: z
+            .object({
+                region: z.string().optional().default("default"),
+                base_domain: z.string().optional(),
+                identity_provider_mode: z.enum(["global", "org"]).optional()
+            })
+            .optional()
+            .default({
+                region: "default"
+            }),
+        server: z
+            .object({
+                reo_client_id: z
+                    .string()
+                    .optional()
+                    .transform(getEnvOrYaml("REO_CLIENT_ID")),
+                fossorial_api: z
+                    .string()
+                    .optional()
+                    .default("https://api.fossorial.io"),
+                fossorial_api_key: z
+                    .string()
+                    .optional()
+                    .transform(getEnvOrYaml("FOSSORIAL_API_KEY"))
+            })
+            .optional()
+            .prefault({}),
+        redis: z
+            .object({
+                host: z.string(),
+                port: portSchema,
+                password: z
+                    .string()
+                    .optional()
+                    .transform(getEnvOrYaml("REDIS_PASSWORD")),
+                db: z.int().nonnegative().optional().default(0),
+                replicas: z
+                    .array(
+                        z.object({
+                            host: z.string(),
+                            port: portSchema,
+                            password: z.string().optional(),
+                            db: z.int().nonnegative().optional().default(0)
+                        })
+                    )
+                    .optional(),
+                tls: z
+                    .object({
+                        rejectUnauthorized: z.boolean().optional().default(true)
                    })
-                )
-                .optional(),
-            tls: z
-                .object({
-                    rejectUnauthorized: z
-                        .boolean()
-                        .optional()
-                        .default(true)
-                })
-                .optional()
-        })
-        .optional(),
-    gerbil: z
-        .object({
-            local_exit_node_reachable_at: z
-                .string()
-                .optional()
-                .default("http://gerbil:3004")
-        })
-        .optional()
-        .prefault({}),
-    flags: z
-        .object({
-            enable_redis: z.boolean().optional().default(false),
-            use_pangolin_dns: z.boolean().optional().default(false),
-            use_org_only_idp: z.boolean().optional(),
-            enable_acme_cert_sync: z.boolean().optional().default(true)
-        })
-        .optional()
-        .prefault({}),
-    acme: z
-        .object({
-            acme_json_path: z
-                .string()
-                .optional()
-                .default("config/letsencrypt/acme.json"),
-            sync_interval_ms: z.number().optional().default(5000)
-        })
-        .optional(),
-    branding: z
-        .object({
-            app_name: z.string().optional(),
-            background_image_path: z.string().optional(),
-            colors: z
-                .object({
-                    light: colorsSchema.optional(),
-                    dark: colorsSchema.optional()
-                })
-                .optional(),
-            logo: z
-                .object({
-                    light_path: z.string().optional(),
-                    dark_path: z.string().optional(),
-                    auth_page: z
-                        .object({
-                            width: z.number().optional(),
-                            height: z.number().optional()
-                        })
-                        .optional(),
-                    navbar: z
-                        .object({
-                            width: z.number().optional(),
-                            height: z.number().optional()
-                        })
-                        .optional()
-                })
-                .optional(),
-            footer: z
-                .array(
-                    z.object({
-                        text: z.string(),
-                        href: z.string().optional()
+                    .optional()
+            })
+            .optional(),
+        gerbil: z
+            .object({
+                local_exit_node_reachable_at: z
+                    .string()
+                    .optional()
+                    .default("http://gerbil:3004")
+            })
+            .optional()
+            .prefault({}),
+        flags: z
+            .object({
+                enable_redis: z.boolean().optional().default(false),
+                use_pangolin_dns: z.boolean().optional().default(false),
+                use_org_only_idp: z.boolean().optional(),
+                enable_acme_cert_sync: z.boolean().optional().default(true)
+            })
+            .optional()
+            .prefault({}),
+        acme: z
+            .object({
+                acme_json_path: z
+                    .string()
+                    .optional()
+                    .default("config/letsencrypt/acme.json"),
+                acme_http_endpoint: z.string().optional(),
+                sync_interval_ms: z.number().optional().default(5000)
+            })
+            .optional(),
+        branding: z
+            .object({
+                app_name: z.string().optional(),
+                background_image_path: z.string().optional(),
+                colors: z
+                    .object({
+                        light: colorsSchema.optional(),
+                        dark: colorsSchema.optional()
                    })
-                )
-                .optional(),
-            hide_auth_layout_footer: z.boolean().optional().default(false),
-            login_page: z
-                .object({
-                    subtitle_text: z.string().optional()
-                })
-                .optional(),
-            signup_page: z
-                .object({
-                    subtitle_text: z.string().optional()
-                })
-                .optional(),
-            resource_auth_page: z
-                .object({
-                    show_logo: z.boolean().optional(),
-                    hide_powered_by: z.boolean().optional(),
-                    title_text: z.string().optional(),
-                    subtitle_text: z.string().optional()
-                })
-                .optional(),
-            emails: z
-                .object({
-                    signature: z.string().optional(),
-                    colors: z
-                        .object({
-                            primary: z.string().optional()
+                    .optional(),
+                logo: z
+                    .object({
+                        light_path: z.string().optional(),
+                        dark_path: z.string().optional(),
+                        auth_page: z
+                            .object({
+                                width: z.number().optional(),
+                                height: z.number().optional()
+                            })
+                            .optional(),
+                        navbar: z
+                            .object({
+                                width: z.number().optional(),
+                                height: z.number().optional()
+                            })
+                            .optional()
+                    })
+                    .optional(),
+                footer: z
+                    .array(
+                        z.object({
+                            text: z.string(),
+                            href: z.string().optional()
                        })
-                        .optional()
-                })
-                .optional()
-        })
-        .optional(),
-    stripe: z
-        .object({
-            secret_key: z
-                .string()
-                .optional()
-                .transform(getEnvOrYaml("STRIPE_SECRET_KEY")),
-            webhook_secret: z
-                .string()
-                .optional()
-                .transform(getEnvOrYaml("STRIPE_WEBHOOK_SECRET")),
-            // s3Bucket: z.string(),
-            // s3Region: z.string().default("us-east-1"),
-            // localFilePath: z.string().optional()
-        })
-        .optional()
-})
+                    )
+                    .optional(),
+                hide_auth_layout_footer: z.boolean().optional().default(false),
+                login_page: z
+                    .object({
+                        subtitle_text: z.string().optional()
+                    })
+                    .optional(),
+                signup_page: z
+                    .object({
+                        subtitle_text: z.string().optional()
+                    })
+                    .optional(),
+                resource_auth_page: z
+                    .object({
+                        show_logo: z.boolean().optional(),
+                        hide_powered_by: z.boolean().optional(),
+                        title_text: z.string().optional(),
+                        subtitle_text: z.string().optional()
+                    })
+                    .optional(),
+                emails: z
+                    .object({
+                        signature: z.string().optional(),
+                        colors: z
+                            .object({
+                                primary: z.string().optional()
+                            })
+                            .optional()
+                    })
+                    .optional()
+            })
+            .optional(),
+        stripe: z
+            .object({
+                secret_key: z
+                    .string()
+                    .optional()
+                    .transform(getEnvOrYaml("STRIPE_SECRET_KEY")),
+                webhook_secret: z
+                    .string()
+                    .optional()
+                    .transform(getEnvOrYaml("STRIPE_WEBHOOK_SECRET"))
+                // s3Bucket: z.string(),
+                // s3Region: z.string().default("us-east-1"),
+                // localFilePath: z.string().optional()
+            })
+            .optional()
+    })
    .transform((data) => {
        // this to maintain backwards compatibility with the old config file
        const identityProviderMode = data.app?.identity_provider_mode;
--- a/server/private/routers/certificates/createCertificate.ts
+++ b/server/private/routers/certificates/createCertificate.ts
@@ -79,7 +79,7 @@ export async function createCertificate(

    let domainToWrite = domain;
    if (
-        domainRecord.type == "wildcard" &&
+        domainRecord.type == "wildcard" && // this is to fix the wildcard certs for traefik in self hosted NOT ON THE CLOUD
        domainRecord.preferWildcardCert &&
        !domain.startsWith("*.")
    ) {
@@ -89,6 +89,16 @@ export async function createCertificate(
            domainToWrite = parts.slice(1).join(".");
            domainToWrite = `*.${domainToWrite}`;
        }
+    } else if (domainRecord.type == "ns") {
+        // first if we have a * in the domain for this case we dont want to include it because it will mess with the cert generator so remove it
+        if (domain.startsWith("*.")) {
+            domain = domain.slice(2);
+        }
+
+        const parts = domain.split(".");
+        if (parts.length > 2) {
+            domainToWrite = parts.slice(1).join(".");
+        }
    }

    // No cert found, create a new one in pending state
--- a/server/routers/auth/deleteMyAccount.ts
+++ b/server/routers/auth/deleteMyAccount.ts
@@ -104,8 +104,9 @@ export async function deleteMyAccount(
                (r) => r.isBillingOrg && r.isOwner
            )?.orgId;
            if (primaryOrgId) {
-                const { tier, active } = await getOrgTierData(primaryOrgId);
-                if (active && tier) {
+                const { tier, active, isTrial } =
+                    await getOrgTierData(primaryOrgId);
+                if (active && tier && !isTrial) {
                    return next(
                        createHttpError(
                            HttpCode.BAD_REQUEST,
--- a/server/routers/site/getSite.ts
+++ b/server/routers/site/getSite.ts
@@ -42,9 +42,12 @@ async function query(siteId?: number, niceId?: string, orgId?: string) {
    }
 }

-export type GetSiteResponse = NonNullable<
-    Awaited<ReturnType<typeof query>>
->["sites"] & { newtId: string | null };
+type SiteQueryRow = NonNullable<Awaited<ReturnType<typeof query>>>;
+
+export type GetSiteResponse = SiteQueryRow["sites"] & {
+    newtId: string | null;
+    newtVersion: string | null;
+};

 registry.registerPath({
    method: "get",
@@ -100,7 +103,8 @@ export async function getSite(

        const data: GetSiteResponse = {
            ...site.sites,
-            newtId: site.newt ? site.newt.newtId : null
+            newtId: site.newt ? site.newt.newtId : null,
+            newtVersion: site.newt?.version ?? null
        };

        return response<GetSiteResponse>(res, {
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -496,11 +496,6 @@ export async function createSiteResource(
                    );
                }
            }
-
-            await rebuildClientAssociationsFromSiteResource(
-                newSiteResource,
-                trx
-            ); // we need to call this because we added to the admin role
        });

        if (!newSiteResource) {
@@ -526,6 +521,22 @@ export async function createSiteResource(
            await createCertificate(domainId, fullDomain, db);
        }

+        // Run in the background after the response is sent. Wrapped in its
+        // own transaction so it always executes on the primary — avoiding any
+        // replica-lag issues while still allowing the HTTP response to return
+        // early.
+        db.transaction(async (trx) => {
+            await rebuildClientAssociationsFromSiteResource(
+                newSiteResource!,
+                trx
+            );
+        }).catch((err) => {
+            logger.error(
+                `Error rebuilding client associations for site resource ${newSiteResource!.siteResourceId}:`,
+                err
+            );
+        });
+
        return response(res, {
            data: newSiteResource,
            success: true,
--- a/server/routers/siteResource/deleteSiteResource.ts
+++ b/server/routers/siteResource/deleteSiteResource.ts
@@ -63,17 +63,26 @@ export async function deleteSiteResource(
            );
        }

-        await db.transaction(async (trx) => {
-            // Delete the site resource
-            const [removedSiteResource] = await trx
-                .delete(siteResources)
-                .where(eq(siteResources.siteResourceId, siteResourceId))
-                .returning();
+        // Delete the site resource
+        const [removedSiteResource] = await db
+            .delete(siteResources)
+            .where(eq(siteResources.siteResourceId, siteResourceId))
+            .returning();

+        // Run in the background after the response is sent. Wrapped in its
+        // own transaction so it always executes on the primary — avoiding any
+        // replica-lag issues while still allowing the HTTP response to return
+        // early.
+        db.transaction(async (trx) => {
            await rebuildClientAssociationsFromSiteResource(
                removedSiteResource,
                trx
            );
+        }).catch((err) => {
+            logger.error(
+                `Error rebuilding client associations for site resource ${removedSiteResource!.siteResourceId}:`,
+                err
+            );
        });

        logger.info(`Deleted site resource ${siteResourceId}`);
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -431,9 +431,6 @@ export async function updateSiteResource(
                    })
                    .returning();

-                // wait some time to allow for messages to be handled
-                await new Promise((resolve) => setTimeout(resolve, 750));
-
                const sshPamSet =
                    isLicensedSshPam &&
                    (authDaemonPort !== undefined ||
@@ -556,11 +553,6 @@ export async function updateSiteResource(
                        }))
                    );
                }
-
-                await rebuildClientAssociationsFromSiteResource(
-                    updatedSiteResource,
-                    trx
-                );
            } else {
                // Update the site resource
                const sshPamSet =
@@ -690,7 +682,24 @@ export async function updateSiteResource(
                }

                logger.info(`Updated site resource ${siteResourceId}`);
+            }
+        });

+        // Background: wait for removal messages to propagate, then rebuild
+        // associations for the re-created resource. Own transaction ensures
+        // execution on the primary against fully committed state.
+        (async () => {
+            await db.transaction(async (trx) => {
+                if (!updatedSiteResource) {
+                    throw new Error("No updated resource found after update");
+                }
+                if (sitesChanged) {
+                    await new Promise((resolve) => setTimeout(resolve, 750));
+                    await rebuildClientAssociationsFromSiteResource(
+                        updatedSiteResource,
+                        trx
+                    );
+                }
                await handleMessagingForUpdatedSiteResource(
                    existingSiteResource,
                    updatedSiteResource,
@@ -700,7 +709,12 @@ export async function updateSiteResource(
                    })),
                    trx
                );
-            }
+            });
+        })().catch((err) => {
+            logger.error(
+                `Error rebuilding client associations for site resource ${updatedSiteResource?.siteResourceId}:`,
+                err
+            );
        });

        return response(res, {
--- a/server/setup/scriptsPg/1.18.0.ts
+++ b/server/setup/scriptsPg/1.18.0.ts
@@ -16,6 +16,9 @@ export default async function migration() {
                thc."targetId",
                t."siteId",
                s."orgId",
+                r."name" AS "resourceName",
+                t."ip",
+                t."port",
                thc."hcEnabled",
                thc."hcPath",
                thc."hcScheme",
@@ -33,13 +36,17 @@ export default async function migration() {
                thc."hcTlsServerName"
            FROM "targetHealthCheck" thc
            JOIN "targets" t ON thc."targetId" = t."targetId"
-            JOIN "sites" s ON t."siteId" = s."siteId"`
+            JOIN "sites" s ON t."siteId" = s."siteId"
+            JOIN "resources" r ON t."resourceId" = r."resourceId"`
    );
    const existingHealthChecks = healthChecksQuery.rows as {
        targetHealthCheckId: number;
        targetId: number;
        siteId: number;
        orgId: string;
+        resourceName: string;
+        ip: string;
+        port: number;
        hcEnabled: boolean;
        hcPath: string | null;
        hcScheme: string | null;
@@ -385,6 +392,7 @@ export default async function migration() {
                        "targetId",
                        "orgId",
                        "siteId",
+                        "name",
                        "hcEnabled",
                        "hcPath",
                        "hcScheme",
@@ -405,6 +413,7 @@ export default async function migration() {
                        ${hc.targetId},
                        ${hc.orgId},
                        ${hc.siteId},
+                        ${`Resource ${hc.resourceName} - ${hc.ip}:${hc.port}`},
                        ${hc.hcEnabled},
                        ${hc.hcPath},
                        ${hc.hcScheme},
--- a/server/setup/scriptsSqlite/1.18.0.ts
+++ b/server/setup/scriptsSqlite/1.18.0.ts
@@ -22,6 +22,9 @@ export default async function migration() {
                    thc."targetId",
                    t."siteId",
                    s."orgId",
+                    r."name" AS "resourceName",
+                    t."ip",
+                    t."port",
                    thc."hcEnabled",
                    thc."hcPath",
                    thc."hcScheme",
@@ -39,13 +42,17 @@ export default async function migration() {
                    thc."hcTlsServerName"
                FROM 'targetHealthCheck' thc
                JOIN 'targets' t ON thc."targetId" = t."targetId"
-                JOIN 'sites' s ON t."siteId" = s."siteId"`
+                JOIN 'sites' s ON t."siteId" = s."siteId"
+                JOIN 'resources' r ON t."resourceId" = r."resourceId"`
            )
            .all() as {
            targetHealthCheckId: number;
            targetId: number;
            siteId: number;
            orgId: string;
+            resourceName: string;
+            ip: string;
+            port: number;
            hcEnabled: number;
            hcPath: string | null;
            hcScheme: string | null;
@@ -392,6 +399,7 @@ export default async function migration() {
                    "targetId",
                    "orgId",
                    "siteId",
+                    "name",
                    "hcEnabled",
                    "hcPath",
                    "hcScheme",
@@ -407,7 +415,7 @@ export default async function migration() {
                    "hcStatus",
                    "hcHealth",
                    "hcTlsServerName"
-                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+                ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
            );

            const insertAll = db.transaction(() => {
@@ -417,6 +425,7 @@ export default async function migration() {
                        hc.targetId,
                        hc.orgId,
                        hc.siteId,
+                        `Resource ${hc.resourceName} - ${hc.ip}:${hc.port}`,
                        hc.hcEnabled,
                        hc.hcPath,
                        hc.hcScheme,
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -81,10 +81,10 @@ export default function ProductUpdates({

    const showNewVersionPopup = Boolean(
        latestVersion &&
-        valid(latestVersion) &&
-        valid(currentVersion) &&
-        ignoredVersionUpdate !== latestVersion &&
-        gt(latestVersion, currentVersion)
+            valid(latestVersion) &&
+            valid(currentVersion) &&
+            ignoredVersionUpdate !== latestVersion &&
+            gt(latestVersion, currentVersion)
    );

    const filteredUpdates = data.updates.filter(
@@ -103,40 +103,51 @@ export default function ProductUpdates({
            )}
        >
            <div className="flex flex-col gap-1">
-                {filteredUpdates.length > 1 && (
-                    <small
-                        className={cn(
-                            "text-xs text-muted-foreground flex items-center gap-1 mt-2",
-                            showMoreUpdatesText
-                                ? "animate-in fade-in duration-300"
-                                : "opacity-0"
+                {filteredUpdates.length > 0 && (
+                    <div className="mt-3 flex flex-col gap-2">
+                        {filteredUpdates.length > 1 && (
+                            <small
+                                className={cn(
+                                    "text-xs text-muted-foreground flex items-center gap-1",
+                                    showMoreUpdatesText
+                                        ? "animate-in fade-in duration-300"
+                                        : "opacity-0"
+                                )}
+                            >
+                                <BellIcon className="flex-none size-3" />
+                                <span>
+                                    {showNewVersionPopup
+                                        ? t("productUpdateMoreInfo", {
+                                              noOfUpdates:
+                                                  filteredUpdates.length
+                                          })
+                                        : t("productUpdateInfo", {
+                                              noOfUpdates:
+                                                  filteredUpdates.length
+                                          })}
+                                </span>
+                            </small>
                        )}
-                    >
-                        <BellIcon className="flex-none size-3" />
-                        <span>
-                            {showNewVersionPopup
-                                ? t("productUpdateMoreInfo", {
-                                      noOfUpdates: filteredUpdates.length
-                                  })
-                                : t("productUpdateInfo", {
-                                      noOfUpdates: filteredUpdates.length
-                                  })}
-                        </span>
-                    </small>
+                        <ProductUpdatesListPopup
+                            updates={filteredUpdates}
+                            show={filteredUpdates.length > 0}
+                            onDimissAll={() =>
+                                setProductUpdatesRead([
+                                    ...productUpdatesRead,
+                                    ...filteredUpdates.map(
+                                        (update) => update.id
+                                    )
+                                ])
+                            }
+                            onDimiss={(id) =>
+                                setProductUpdatesRead([
+                                    ...productUpdatesRead,
+                                    id
+                                ])
+                            }
+                        />
+                    </div>
                )}
-                <ProductUpdatesListPopup
-                    updates={filteredUpdates}
-                    show={filteredUpdates.length > 0}
-                    onDimissAll={() =>
-                        setProductUpdatesRead([
-                            ...productUpdatesRead,
-                            ...filteredUpdates.map((update) => update.id)
-                        ])
-                    }
-                    onDimiss={(id) =>
-                        setProductUpdatesRead([...productUpdatesRead, id])
-                    }
-                />
            </div>

            <NewVersionAvailable
--- a/src/components/SiteInfoCard.tsx
+++ b/src/components/SiteInfoCard.tsx
@@ -1,6 +1,6 @@
 "use client";

-import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
+import { Alert, AlertDescription } from "@/components/ui/alert";
 import { useSiteContext } from "@app/hooks/useSiteContext";
 import {
    InfoSection,
@@ -9,77 +9,137 @@ import {
    InfoSectionTitle
 } from "@app/components/InfoSection";
 import { useTranslations } from "next-intl";
-import { useEnvContext } from "@app/hooks/useEnvContext";

 type SiteInfoCardProps = {};

-export default function SiteInfoCard({}: SiteInfoCardProps) {
-    const { site, updateSite } = useSiteContext();
-    const t = useTranslations();
-    const { env } = useEnvContext();
+function formatPublicEndpoint(endpoint: string) {
+    return endpoint.includes(":")
+        ? endpoint.substring(0, endpoint.lastIndexOf(":"))
+        : endpoint;
+}

-    const getConnectionTypeString = (type: string) => {
-        if (type === "newt") {
-            return "Newt";
-        } else if (type === "wireguard") {
-            return "WireGuard";
-        } else if (type === "local") {
-            return t("local");
-        } else {
-            return t("unknown");
-        }
-    };
+export default function SiteInfoCard({}: SiteInfoCardProps) {
+    const { site } = useSiteContext();
+    const t = useTranslations();
+
+    const identifierSection = (
+        <InfoSection>
+            <InfoSectionTitle>{t("identifier")}</InfoSectionTitle>
+            <InfoSectionContent>{site.niceId}</InfoSectionContent>
+        </InfoSection>
+    );
+
+    const statusSection = (
+        <InfoSection>
+            <InfoSectionTitle>{t("status")}</InfoSectionTitle>
+            <InfoSectionContent>
+                {site.online ? (
+                    <div className="text-green-500 flex items-center space-x-2">
+                        <div className="w-2 h-2 bg-green-500 rounded-full"></div>
+                        <span>{t("online")}</span>
+                    </div>
+                ) : (
+                    <div className="text-neutral-500 flex items-center space-x-2">
+                        <div className="w-2 h-2 bg-neutral-500 rounded-full"></div>
+                        <span>{t("offline")}</span>
+                    </div>
+                )}
+            </InfoSectionContent>
+        </InfoSection>
+    );
+
+    const endpointSection = site.endpoint ? (
+        <InfoSection>
+            <InfoSectionTitle>{t("publicIpEndpoint")}</InfoSectionTitle>
+            <InfoSectionContent>
+                {formatPublicEndpoint(site.endpoint)}
+            </InfoSectionContent>
+        </InfoSection>
+    ) : null;
+
+    if (site.type === "newt") {
+        return (
+            <Alert>
+                <AlertDescription>
+                    <InfoSections cols={site.endpoint ? 5 : 4}>
+                        {identifierSection}
+                        {statusSection}
+                        <InfoSection>
+                            <InfoSectionTitle>
+                                {t("connectionType")}
+                            </InfoSectionTitle>
+                            <InfoSectionContent>Newt</InfoSectionContent>
+                        </InfoSection>
+                        <InfoSection>
+                            <InfoSectionTitle>
+                                {t("newtVersion")}
+                            </InfoSectionTitle>
+                            <InfoSectionContent>
+                                {site.newtVersion
+                                    ? `v${site.newtVersion}`
+                                    : "-"}
+                            </InfoSectionContent>
+                        </InfoSection>
+                        {endpointSection}
+                    </InfoSections>
+                </AlertDescription>
+            </Alert>
+        );
+    }
+
+    if (site.type === "wireguard") {
+        return (
+            <Alert>
+                <AlertDescription>
+                    <InfoSections cols={site.endpoint ? 4 : 3}>
+                        {identifierSection}
+                        {statusSection}
+                        <InfoSection>
+                            <InfoSectionTitle>
+                                {t("connectionType")}
+                            </InfoSectionTitle>
+                            <InfoSectionContent>WireGuard</InfoSectionContent>
+                        </InfoSection>
+                        {endpointSection}
+                    </InfoSections>
+                </AlertDescription>
+            </Alert>
+        );
+    }
+
+    if (site.type === "local") {
+        return (
+            <Alert>
+                <AlertDescription>
+                    <InfoSections cols={site.endpoint ? 3 : 2}>
+                        {identifierSection}
+                        <InfoSection>
+                            <InfoSectionTitle>
+                                {t("connectionType")}
+                            </InfoSectionTitle>
+                            <InfoSectionContent>
+                                {t("local")}
+                            </InfoSectionContent>
+                        </InfoSection>
+                        {endpointSection}
+                    </InfoSections>
+                </AlertDescription>
+            </Alert>
+        );
+    }

    return (
        <Alert>
            <AlertDescription>
-                <InfoSections cols={site.endpoint ? 4 : 3}>
-                    <InfoSection>
-                        <InfoSectionTitle>{t("identifier")}</InfoSectionTitle>
-                        <InfoSectionContent>{site.niceId}</InfoSectionContent>
-                    </InfoSection>
-                    {(site.type == "newt" || site.type == "wireguard") && (
-                        <>
-                            <InfoSection>
-                                <InfoSectionTitle>
-                                    {t("status")}
-                                </InfoSectionTitle>
-                                <InfoSectionContent>
-                                    {site.online ? (
-                                        <div className="text-green-500 flex items-center space-x-2">
-                                            <div className="w-2 h-2 bg-green-500 rounded-full"></div>
-                                            <span>{t("online")}</span>
-                                        </div>
-                                    ) : (
-                                        <div className="text-neutral-500 flex items-center space-x-2">
-                                            <div className="w-2 h-2 bg-neutral-500 rounded-full"></div>
-                                            <span>{t("offline")}</span>
-                                        </div>
-                                    )}
-                                </InfoSectionContent>
-                            </InfoSection>
-                        </>
-                    )}
+                <InfoSections cols={site.endpoint ? 3 : 2}>
+                    {identifierSection}
                    <InfoSection>
                        <InfoSectionTitle>
                            {t("connectionType")}
                        </InfoSectionTitle>
-                        <InfoSectionContent>
-                            {getConnectionTypeString(site.type)}
-                        </InfoSectionContent>
+                        <InfoSectionContent>{t("unknown")}</InfoSectionContent>
                    </InfoSection>
-                    {site.endpoint && (
-                        <InfoSection>
-                            <InfoSectionTitle>
-                                {t("publicIpEndpoint")}
-                            </InfoSectionTitle>
-                            <InfoSectionContent>
-                                {site.endpoint.includes(":")
-                                    ? site.endpoint.substring(0, site.endpoint.lastIndexOf(":"))
-                                    : site.endpoint}
-                            </InfoSectionContent>
-                        </InfoSection>
-                    )}
+                    {endpointSection}
                </InfoSections>
            </AlertDescription>
        </Alert>
--- a/src/components/resource-target-address-item.tsx
+++ b/src/components/resource-target-address-item.tsx
@@ -113,10 +113,10 @@ export function ResourceTargetAddressItem({
                                    ? selectedSite?.name
                                    : t("siteSelect")}
                            </span>
-                            <CaretSortIcon className="ml-2h-4 w-4 shrink-0 opacity-50" />
+                            <CaretSortIcon className="ml-2 h-4 w-4 shrink-0 opacity-50" />
                        </Button>
                    </PopoverTrigger>
-                    <PopoverContent className="p-0 w-45">
+                    <PopoverContent className="p-0">
                        <SitesSelector
                            orgId={orgId}
                            selectedSite={selectedSite}
@@ -225,7 +225,6 @@ export function ResourceTargetAddressItem({
                        }
                    }}
                />
-
            </div>
        </div>
    );
Author	SHA1	Message	Date
Owen Schwartz	9df46f7014	Merge pull request #2966 from fosrl/dev Try to pull domains from host regex	2026-05-01 20:54:09 -07:00
Owen	908f0d54e2	Try to pull domains from host regex	2026-05-01 20:53:39 -07:00
Milo Schwartz	f0010ea12a	Merge pull request #2965 from fosrl/dev add new screenshots	2026-05-01 17:35:29 -07:00
miloschwartz	cab8be1a9a	add new screenshots	2026-05-01 17:34:05 -07:00
Owen Schwartz	0a9dab7cca	Merge pull request #2964 from fosrl/dev Update translations	2026-05-01 17:02:41 -07:00
Owen Schwartz	889ab1f8a8	Merge pull request #2963 from fosrl/crowdin_dev New Crowdin updates	2026-05-01 17:02:10 -07:00
Owen Schwartz	a9019cfb23	New translations en-us.json (Spanish) [ci skip]	2026-05-01 17:00:49 -07:00
Owen Schwartz	441d4bce6e	New translations en-us.json (Norwegian Bokmal) [ci skip]	2026-05-01 17:00:47 -07:00
Owen Schwartz	dd1e681a9c	New translations en-us.json (Chinese Simplified) [ci skip]	2026-05-01 17:00:45 -07:00
Owen Schwartz	a882619eaf	New translations en-us.json (Turkish) [ci skip]	2026-05-01 17:00:43 -07:00
Owen Schwartz	f43baaaf1f	New translations en-us.json (Russian) [ci skip]	2026-05-01 17:00:41 -07:00
Owen Schwartz	c3dc0bd015	New translations en-us.json (Portuguese) [ci skip]	2026-05-01 17:00:39 -07:00
Owen Schwartz	1fd2a0fae2	New translations en-us.json (Polish) [ci skip]	2026-05-01 17:00:37 -07:00
Owen Schwartz	8ba5b43569	New translations en-us.json (Dutch) [ci skip]	2026-05-01 17:00:35 -07:00
Owen Schwartz	6deefcd003	New translations en-us.json (Korean) [ci skip]	2026-05-01 17:00:33 -07:00
Owen Schwartz	4d6cea5fcd	New translations en-us.json (Italian) [ci skip]	2026-05-01 17:00:31 -07:00
Owen Schwartz	f175ac774f	New translations en-us.json (German) [ci skip]	2026-05-01 17:00:29 -07:00
Owen Schwartz	0fe2b24f6b	New translations en-us.json (Czech) [ci skip]	2026-05-01 17:00:27 -07:00
Owen Schwartz	6ad06e6faf	New translations en-us.json (Bulgarian) [ci skip]	2026-05-01 17:00:25 -07:00
Owen Schwartz	d47faeced1	New translations en-us.json (French) [ci skip]	2026-05-01 17:00:23 -07:00
Owen Schwartz	498f586eeb	New translations en-us.json (Spanish) [ci skip]	2026-05-01 16:57:38 -07:00
Owen Schwartz	e94fc6bc65	New translations en-us.json (Norwegian Bokmal) [ci skip]	2026-05-01 16:57:37 -07:00
Owen Schwartz	0a1fe1b725	New translations en-us.json (Chinese Simplified) [ci skip]	2026-05-01 16:57:35 -07:00
Owen Schwartz	eb40b04b43	New translations en-us.json (Turkish) [ci skip]	2026-05-01 16:57:33 -07:00
Owen Schwartz	6685afdcf9	New translations en-us.json (Russian) [ci skip]	2026-05-01 16:57:32 -07:00
Owen Schwartz	49232e32bf	New translations en-us.json (Portuguese) [ci skip]	2026-05-01 16:57:30 -07:00
Owen Schwartz	aec0aed211	New translations en-us.json (Polish) [ci skip]	2026-05-01 16:57:28 -07:00
Owen Schwartz	d43b3176f5	New translations en-us.json (Dutch) [ci skip]	2026-05-01 16:57:26 -07:00
Owen Schwartz	190074ea0c	New translations en-us.json (Korean) [ci skip]	2026-05-01 16:57:24 -07:00
Owen Schwartz	c5a7719239	New translations en-us.json (Italian) [ci skip]	2026-05-01 16:57:22 -07:00
Owen Schwartz	5eac131d2e	New translations en-us.json (German) [ci skip]	2026-05-01 16:57:21 -07:00
Owen Schwartz	0bc3276ee2	New translations en-us.json (Czech) [ci skip]	2026-05-01 16:57:18 -07:00
Owen Schwartz	5073507b90	New translations en-us.json (Bulgarian) [ci skip]	2026-05-01 16:57:16 -07:00
Owen Schwartz	805e6f856a	New translations en-us.json (French) [ci skip]	2026-05-01 16:57:14 -07:00
Owen Schwartz	412a9b5294	Merge pull request #2962 from fosrl/dev 1.18.1-s.6	2026-05-01 16:54:37 -07:00
Owen	fbf95c5363	Start creating ns one level down	2026-05-01 16:51:42 -07:00
Owen	b907850344	Add missing heading	2026-05-01 16:51:42 -07:00
miloschwartz	22116373e3	increase target site selector width	2026-05-01 16:33:40 -07:00
miloschwartz	9757c3d8b6	show newt version on site	2026-05-01 16:26:45 -07:00
miloschwartz	f8b85d4b4e	fix sidebar product updates spacing	2026-05-01 16:14:06 -07:00
Owen	4651f19c53	Support acme_json_path as a directory of acme file Fixes #2961	2026-05-01 16:06:37 -07:00
Owen	4524bdc094	Add http cert syncing for use with the controller	2026-05-01 15:42:38 -07:00
Owen Schwartz	741850880e	Merge pull request #2959 from fosrl/dev 1.18.1-s.4	2026-05-01 15:05:59 -07:00
Owen	53e096f7cb	Allow deleting account with trial	2026-05-01 15:01:48 -07:00
Owen	3dfd7e8a43	Update limits	2026-05-01 11:47:14 -07:00
Owen	db6e60d0a3	Adjust language	2026-05-01 10:48:09 -07:00
Owen	54d2d689c1	Run messaging for delete in the background as well	2026-04-30 14:38:03 -07:00
Owen Schwartz	bb5853827b	Merge pull request #2948 from fosrl/dev 1.18.1-s.3	2026-04-30 14:11:16 -07:00
Owen	68f5512732	Handle messaging in the background; dont time out	2026-04-30 14:00:32 -07:00
Owen	416e124c02	Rotate the secret on the new things using it	2026-04-30 11:53:55 -07:00
Owen	d3e4d8cda8	Fix pr blueprints not picking up site	2026-04-30 11:39:37 -07:00
Owen	81972dbb73	Add name to migration Fixes #2943	2026-04-30 10:56:12 -07:00