refactor: migrate to flat-file i18n structure and fix relative imports

pages/guide/certificates/_meta.id.json

@@ -0,0 +1,7 @@
+{
+    "request-new": "Minta Sertifikat Baru",
+    "download-install": "Unduh & Format",
+    "view-details": "Lihat Detail",
+    "renewal": "Proses Perpanjangan",
+    "revocation": "Pencabutan (Revocation)"
+}

pages/guide/certificates/_meta.json

@@ -0,0 +1,7 @@
+{
+    "request-new": "Requesting a Certificate",
+    "view-details": "View Details",
+    "download-install": "Download & Formats",
+    "renewal": "Renewal Process",
+    "revocation": "Revocation"
+}

pages/guide/certificates/download-install.id.mdx

@@ -0,0 +1,43 @@
+# Unduh & Format (PEM, PFX, JKS)
+
+Setelah sertifikat Anda diterbitkan, Anda dapat mengunduhnya dalam berbagai format yang sesuai untuk server dan aplikasi yang berbeda.
+
+## Format yang Tersedia
+
+| Format | Ekstensi | Digunakan Untuk |
+| :--- | :--- | :--- |
+| **PEM (Nginx/Apache)** | `.crt`, `.key` | Server web Linux standar. Anda mendapatkan file Sertifikat dan Private Key terpisah. |
+| **PFX / PKCS#12** | `.pfx`, `.p12` | IIS (Windows), Microsoft Exchange, Sertifikat Klien (S/MIME). Berisi key dan cert sekaligus. |
+| **JKS (Java)** | `.jks` | Aplikasi Java (Tomcat, Spring Boot). |
+
+## Cara Mengunduh (Salin & Simpan)
+
+Dashboard memungkinkan Anda untuk menyalin data mentah sertifikat secara langsung.
+
+1.  Buka menu **"My Certificates"** dan klik tombol **View (Ikon Mata)** pada sertifikat Anda.
+2.  **Sertifikat:** Gulir ke bagian "Certificate (CRT)" dan klik **Ikon Salin** di pojok kanan atas. Simpan ke dalam file bernama `domain.crt` atau `domain.pem`.
+3.  **Private Key:** Gulir ke bagian "Private Key (KEY)", klik **Show**, lalu klik **Ikon Salin**. Simpan ke dalam file bernama `domain.key`.
+
+> [!TIP]
+> Gunakan editor teks murni (Notepad, VS Code, Nano) untuk menyimpan file-file ini. Jangan gunakan Word atau editor Rich Text.
+
+> [!WARNING]
+> **Private Key** dihasilkan secara aman secara lokal di browser/server. Jika Anda menghilangkannya, kunci tersebut **TIDAK BISA** dipulihkan. Anda harus melakukan revoke dan menerbitkan ulang sertifikat.
+
+## Contoh Instalasi
+
+### Nginx (PEM)
+```nginx
+server {
+    listen 443 ssl;
+    server_name internal.app;
+
+    ssl_certificate     /etc/nginx/ssl/internal.app.crt;
+    ssl_certificate_key /etc/nginx/ssl/internal.app.key;
+}
+```
+
+### Windows (PFX)
+1. Klik dua kali file `.pfx` yang diunduh.
+2. Ikuti "Certificate Import Wizard".
+3. Saat diminta kata sandi, masukkan kata sandi yang Anda tetapkan saat mengunduh (atau kata sandi ekspor default yang disediakan di UI).

pages/guide/certificates/download-install.mdx

@@ -0,0 +1,43 @@
+# Download & Formats (PEM, PFX, JKS)
+
+Once your certificate is issued, you can download it in various formats suitable for different servers and applications.
+
+## Available Formats
+
+| Format | Extension | Used For |
+| :--- | :--- | :--- |
+| **PEM (Nginx/Apache)** | `.crt`, `.key` | Standard Linux web servers. You get separate Certificate and Private Key files. |
+| **PFX / PKCS#12** | `.pfx`, `.p12` | IIS (Windows), Microsoft Exchange, Client Certificates (S/MIME). Contains both key and cert. |
+| **JKS (Java)** | `.jks` | Java applications (Tomcat, Spring Boot). |
+
+## How to Download (Copy & Save)
+
+The dashboard allows you to copy the raw certificate data directly.
+
+1.  Navigate to **"My Certificates"** and click the **View (Eye Icon)** button on your certificate.
+2.  **Certificate:** Scroll to the "Certificate (CRT)" section and click the **Copy Icon** in the top right. Paste this into a file named `domain.crt` or `domain.pem`.
+3.  **Private Key:** Scroll to the "Private Key (KEY)" section, click **Show**, then click the **Copy Icon**. Paste this into a file named `domain.key`.
+
+> [!TIP]
+> Use a plain text editor (Notepad, VS Code, Nano) to save these files. Do not use Word or Rich Text editors.
+
+> [!WARNING]
+> The **Private Key** is generated securely. If you lose it, you cannot recover it. You must revoke and re-issue the certificate.
+
+## Installation Examples
+
+### Nginx (PEM)
+```nginx
+server {
+    listen 443 ssl;
+    server_name internal.app;
+
+    ssl_certificate     /etc/nginx/ssl/internal.app.crt;
+    ssl_certificate_key /etc/nginx/ssl/internal.app.key;
+}
+```
+
+### Windows (PFX)
+1. Double-click the downloaded `.pfx` file.
+2. Follow the "Certificate Import Wizard".
+3. When prompted for a password, enter the password you set during download (or the default export password provided in the UI).

pages/guide/certificates/renewal.id.mdx

@@ -0,0 +1,60 @@
+import { Steps } from 'nextra/components'
+import { RefreshCcw, Bell, ShieldCheck } from 'lucide-react'
+
+# Proses Perpanjangan
+
+Sertifikat SSL/TLS memiliki masa aktif yang terbatas. Di TrustLab, kami menyederhanakan proses perpanjangan (renewal) untuk memastikan layanan Anda tetap berjalan tanpa gangguan.
+
+## Kapan Harus Memperpanjang?
+
+- **Rekomendasi**: Lakukan perpanjangan **30 hari** sebelum sertifikat kadaluarsa.
+- **Notifikasi**: TrustLab akan mengirimkan pengingat email otomatis ke akun Anda pada H-30, H-7, dan H-1 sebelum masa berlaku habis.
+
+---
+
+## Proses Pembaruan
+
+Sertifikat memiliki masa berlaku untuk menjamin rotasi keamanan. TrustLab menyederhanakan proses pembaruan agar Anda tidak mengalami downtime.
+
+## Kapan Harus Memperbarui?
+Anda akan menerima notifikasi email:
+- **30 hari** sebelum kedaluwarsa.
+- **7 hari** sebelum kedaluwarsa.
+- **1 hari** sebelum kedaluwarsa.
+
+## Cara Memperbarui (Penerbitan Ulang Manual)
+
+Untuk memperbarui sertifikat, Anda cukup membuat sertifikat baru dengan nama domain yang sama.
+
+<Steps>
+### Buka Dashboard
+Login ke [trustlab.dyzulk.com](https://trustlab.dyzulk.com) dan masuk ke menu **"Manage Certificates"**.
+
+1.  Buka menu **Certificates** dan klik **"Generate New"**.
+2.  **Identity**: Masukkan **Common Name (CN) yang sama** dengan sertifikat Anda yang akan habis masa berlakunya.
+3.  **Generate**: Sistem akan menerbitkan sertifikat baru dengan masa berlaku yang segar.
+4.  **Ganti**: Unduh `.crt` baru (dan `.key` jika Anda tidak menggunakan kembali CSR) dan ganti file di server Anda.
+</Steps>
+
+> [!NOTE]
+> Sertifikat lama akan tetap valid sampai habis masa berlakunya secara alami. Anda dapat menghapusnya dengan aman setelah memastikan sertifikat baru berfungsi.
+
+## Apa yang Terjadi Selanjutnya?
+- **Sertifikat baru** dihasilkan dengan masa berlaku baru.
+- **Private Key** tetap sama (jika "Reuse Key" dipilih) ATAU kunci baru dihasilkan (disarankan).
+- Sertifikat lama tetap valid hingga tanggal kedaluwarsa aslinya (kecuali dicabut).
+
+> [!IMPORTANT]
+> Anda harus **mengunduh dan menginstal sertifikat baru** di server Anda. Pembaruan **tidak terjadi otomatis** di sisi server kecuali Anda menggunakan integrasi ACME kami.
+
+---
+
+## Penting: Mengapa Harus Perpanjang?
+
+Jika sertifikat kadaluarsa sebelum diganti:
+- Browser akan memblokir akses ke situs Anda dengan pesan **"Your connection is not private"**.
+- API internal akan gagal melakukan enkripsi (SSL Handshake Error).
+- Pengguna akan kehilangan kepercayaan terhadap keamanan jaringan Anda.
+
+> [!TIP]
+> Perpanjangan di TrustLab tidak mengubah Root CA Anda. Anda **tidak perlu** menginstal ulang Root CA di perangkat klien setiap kali Anda memperpanjang sertifikat server.

pages/guide/certificates/renewal.mdx

@@ -0,0 +1,29 @@
+# Renewal Process
+
+Certificates expire to ensure security rotation. TrustLab simplifies the renewal process so you don't experience downtime.
+
+## When to Renew
+You will receive an email notification:
+- **30 days** before expiration.
+- **7 days** before expiration.
+- **1 day** before expiration.
+
+## How to Renew (Manual Re-issue)
+
+To renew a certificate, you simply generate a fresh one with the same domain name.
+
+1.  Go to **Certificates** and click **"Generate New"**.
+2.  **Identity**: Enter the **same Common Name (CN)** as your expiring certificate.
+3.  **Generate**: The system will issue a new certificate with a fresh validity period.
+4.  **Replace**: Download the new `.crt` (and `.key` if you didn't reuse the CSI) and replace the files on your server.
+
+> [!NOTE]
+> The old certificate will remain valid until it expires naturally. You can safely delete it after verifying the new one works.
+
+## What Happens Next?
+- A **new certificate** is generated with a new validity period.
+- The **Private Key** remains the same (if "Reuse Key" was selected) OR a new key is generated (recommended).
+- The old certificate remains valid until its original expiration date (unless revoked).
+
+> [!IMPORTANT]
+> You must **download and install the new certificate** on your server. Renewal **does not** happen automatically on the server side unless you use our ACME integration.

pages/guide/certificates/request-new.id.mdx

@@ -0,0 +1,51 @@
+import { Steps, Callout, Cards, Card } from 'nextra/components'
+import { FileBadge, ShieldCheck, Globe, Code, Save, AlertTriangle } from 'lucide-react'
+
+# Menerbitkan Sertifikat Baru
+
+TrustLab menyediakan wizard yang disederhanakan untuk menghasilkan sertifikat SSL/TLS pribadi untuk infrastruktur internal Anda.
+
+## Prasyarat
+Sebelum memulai, pastikan Anda memiliki:
+*   Akses akun TrustLab yang aktif.
+*   **Root CA** telah terinstal di perangkat Anda (agar mempercayai sertifikat yang diterbitkan).
+
+---
+
+<Steps>
+### 1. Buka Menu Sertifikat
+Akses halaman **Certificates**. Tampilan ini mencantumkan semua sertifikat aktif dan kedaluwarsa Anda. Klik tombol **"Generate New"** (atau "+") untuk memulai.
+
+![Certificates List](/images/guide/certificates-screen.png)
+
+### 2. Masukkan Detail Domain (Mode Default)
+Secara default, Anda hanya perlu memberikan Identitas. Sistem akan mengisi otomatis metadata Organisasi & Lokasi.
+
+![Default Generation Modal](/images/guide/certificates-generate-modal-default-metadata-screen.png)
+
+*   **Common Name (CN)**: Domain utama (misalnya, `app.internal`).
+*   **SANs**: Domain tambahan atau alamat IP.
+*   **Key Strength**: Pilih tingkat enkripsi.
+    ![Key Strength Selector](/images/guide/certificates-generate-modal-key-strength-focused-screen.png)
+    *   **2048-bit**: Standar industri, kompatibel dengan semua perangkat.
+    *   **4096-bit**: Keamanan lebih tinggi, sedikit lebih intensif pada CPU.
+
+### 3. Kustomisasi CSR (Kontrol Manual)
+Aktifkan **"Manual Control"** jika Anda perlu menimpa bidang Identitas default (misalnya, untuk kantor cabang tertentu atau entitas hukum khusus).
+
+![Manual Control Modal](/images/guide/certificates-generate-modal-manual-control-screen.png)
+
+*   **Organization (O)**: Ganti nama perusahaan default.
+*   **Locality (L) / State (ST)**: Atur data lokasi spesifik.
+*   **Country (C)**: Kode ISO Negara.
+
+
+### 4. Terbitkan & Simpan
+Klik **Generate**.
+*   **Certificate (.pem)** dan **Private Key (.key)** akan dihasilkan secara instan.
+*   Anda dapat menyalinnya segera atau mengaksesnya nanti dari halaman **Certificate Details**.
+
+<Callout type="info" emoji={<Save className="w-5 h-5" />}>
+  **Penyimpanan:** Private Key Anda disimpan dengan aman di server (dienkripsi). Anda dapat melihatnya kapan saja dengan mengklik **"View Details"** pada daftar sertifikat.
+</Callout>
+</Steps>

pages/guide/certificates/request-new.mdx

@@ -0,0 +1,53 @@
+import { Steps, Callout, Cards, Card } from 'nextra/components'
+import { FileBadge, ShieldCheck, Globe, Code, Save, AlertTriangle } from 'lucide-react'
+
+# Requesting a New Certificate
+
+TrustLab provides a streamlined wizard to generate private SSL/TLS certificates for your internal infrastructure.
+
+## Prerequisites
+Before starting, ensure you have:
+*   Active TrustLab account access.
+*   **Root CA** installed on your machine (to trust the generated certs).
+
+---
+
+<Steps>
+### 1. Open Certificates Menu
+Navigate to the **Certificates** page. This view lists all your active and expired certificates. Click the **"Generate New"** (or "+") button to start.
+
+![Certificates List](/images/guide/certificates-screen.png)
+
+### 2. Enter Domain Details (Default Mode)
+By default, you only need to provide the Identity. The system will auto-fill the Organization & Location metadata.
+
+![Default Generation Modal](/images/guide/certificates-generate-modal-default-metadata-screen.png)
+
+*   **Common Name (CN)**: The primary domain (e.g., `app.internal`).
+*   **SANs**: Additional domains or IP addresses.
+*   **Key Strength**: Choose the encryption level.
+    ![Key Strength Selector](/images/guide/certificates-generate-modal-key-strength-focused-screen.png)
+    *   **2048-bit**: Industry standard, compatible with all devices.
+    *   **4096-bit**: Higher security, slightly more CPU intensive.
+
+### 3. Customize CSR (Manual Control)
+Toggle **"Manual Control"** if you need to override the default Identity fields (e.g., for a specific branch office or legal entity).
+
+![Manual Control Modal](/images/guide/certificates-generate-modal-manual-control-screen.png)
+
+*   **Organization (O)**: Override the default company name.
+*   **Locality (L) / State (ST)**: Set specific location data.
+*   **Country (C)**: ISO Code.
+
+
+### 4. Generate & Save
+Click **Generate**.
+*   The **Certificate (.pem)** and **Private Key (.key)** will be generated.
+*   You can copy them immediately or access them later from the **Certificate Details** page.
+
+<Callout type="info" emoji={<Save className="w-5 h-5" />}>
+  **Storage:** Your Private Key is securely stored. You can view it anytime by clicking **"View Details"** on the certificate list.
+</Callout>
+</Steps>
+
+

pages/guide/certificates/revocation.id.mdx

@@ -0,0 +1,22 @@
+# Pencabutan (Revocation)
+
+Pencabutan membatalkan validitas sertifikat sebelum tanggal kedaluwarsanya. Ini sangat penting jika Private Key Anda bocor atau hilang.
+
+## Kapan Harus Mencabut?
+- **Kebocoran Kunci (Key Compromise)**: Anda curiga seseorang telah mencuri Private Key Anda.
+- **Perubahan Layanan**: Nama domain secara efektif tidak lagi menjadi milik layanan tersebut.
+- **Kesalahan**: Sertifikat diterbitkan dengan detail yang salah.
+
+## Cara Menghapus / Mencabut
+
+Jika sertifikat bocor atau tidak lagi dibutuhkan, Anda dapat menghapusnya dari sistem.
+
+1.  Buka daftar **Certificates**.
+2.  Cari sertifikat yang ingin dihapus.
+3.  Klik **Ikon Tempat Sampah** (Delete) di sisi kanan baris.
+4.  **Konfirmasi**: Ketik `DELETE` di modal konfirmasi untuk menghapus sertifikat dan private key-nya secara permanen dari TrustLab.
+
+![Delete Certificate Action](/images/guide/certificates_list_view_1767869137654.png)
+
+## CRL (Certificate Revocation List)
+Setelah dicabut, nomor seri sertifikat akan ditambahkan ke TrustLab CRL. Semua klien yang memeriksa CRL akan segera menolak sertifikat tersebut.

pages/guide/certificates/revocation.mdx

@@ -0,0 +1,22 @@
+# Revocation (Cabut Sertifikat)
+
+Revocation invalidates a certificate before its expiration date. This is critical if a Private Key is compromised.
+
+## When to Revoke?
+- **Key Compromise**: You suspect someone stole your Private Key.
+- **Service Change**: The domain name effectively no longer belongs to the service.
+- **Mistake**: The certificate was issued with incorrect details.
+
+## How to Remove / Revoke
+
+If a certificate is compromised or no longer needed, you can remove it from the system.
+
+1.  Go to the **Certificates** list.
+2.  Identify the certificate to remove.
+3.  Click the **Trash Icon** (Delete) on the right side of the row.
+4.  **Confirm**: Type `DELETE` in the confirmation modal to permanently remove the certificate and its private key from TrustLab.
+
+![Delete Certificate Action](/images/guide/certificates_list_view_1767869137654.png)
+
+## CRL (Certificate Revocation List)
+Once revoked, the certificate serial number is added to the TrustLab CRL. All clients checking the CRL will immediately reject the certificate.

pages/guide/certificates/view-details.id.mdx

@@ -0,0 +1,42 @@
+import { Steps } from 'nextra/components'
+import { Search, Eye, Clipboard, ShieldAlert } from 'lucide-react'
+
+# Lihat Detail Sertifikat
+
+Setiap sertifikat di TrustLab memiliki metadata lengkap yang bisa Anda audit kapan saja untuk memastikan kesesuaian identitas dan keamanan.
+
+## Cara Melihat Detail
+
+<Steps>
+### Navigasi ke List
+Di menu utama Dashboard, klik **"Manage Certificates"**. Anda akan melihat daftar semua sertifikat yang pernah diterbitkan.
+
+### Klik Ikon Mata
+Gunakan kolom pencarian untuk menemukan domain Anda. Klik tombol **"View Details"** (ikon mata 👁️) di sisi kanan baris sertifikat.
+
+### Tinjau Tab Informasi
+Anda akan melihat detail seperti:
+- **Serial Number**: ID unik sertifikat Anda.
+- **Validity period**: Tanggal mulai dan berakhir.
+- **Issuer**: CA mana yang menandatangani (TrustLab Intermediate).
+- **Public Key Info**: Algoritma yang digunakan (RSA 2048/4096).
+</Steps>
+
+---
+
+## Audit Metadata
+
+Penting untuk memeriksa detail berikut secara berkala:
+
+- **Thumbprint (SHA-1/SHA-256)**: Gunakan fingerprint ini untuk memverifikasi apakah sertifikat yang terpasang di server benar-benar yang Anda terbitkan dari TrustLab.
+- **Subject Alternative Names (SAN)**: Pastikan semua alias domain yang dibutuhkan sudah terdaftar di sini.
+- **Status**: Pastikan statusnya **Valid** (hijau). Jika warnanya merah, berarti sertifikat telah kadaluarsa atau dicabut.
+
+---
+
+## Keamanan Data Detail
+
+Meskipun detail sertifikat (Public) aman untuk dilihat, tim TrustLab menyarankan untuk membatasi akses ke dashboard hanya untuk admin sistem yang berkepentingan untuk mencegah kebocoran informasi topologi jaringan.
+
+> [!TIP]
+> Anda bisa menyalin (copy) Serial Number secara cepat melalui tombol clipboard di samping teks untuk keperluan dokumentasi internal atau konfigurasi firewall.

pages/guide/certificates/view-details.mdx

@@ -0,0 +1,40 @@
+import { Callout } from 'nextra/components'
+import { ShieldAlert } from 'lucide-react'
+
+# Viewing Certificate Details
+
+After generating a certificate, you can view its full metadata, download the files, or retrieve the Private Key at any time.
+
+## Certificate List
+The main **Certificates** page lists all issuing certificates.
+*   **Status Indicators**: Quickly see if a cert is `Valid`, `Expired`, or `Revoked`.
+*   **Search**: Filter by Common Name or Serial Number.
+
+![Certificate List](/images/guide/certificates_list_view_1767869137654.png)
+
+## Details View
+Clicking the **View Icon** (Eye) or the row opens the detailed management view.
+
+![Certificate Management View](/images/guide/certificate_management_view_1767869044987.png)
+
+### 1. Metadata
+The top section displays critical information:
+*   **Validity Period**: Start and End dates.
+*   **Issuer**: The CA that signed this certificate.
+*   **Subject Info**: Organization, Location, and Country.
+*   **Key Strength**: 2048-bit or 4096-bit.
+
+### 2. Certificate (CRT)
+This text box contains the public certificate in **PEM format** (`-----BEGIN CERTIFICATE-----`).
+*   **Copy**: Click the **Copy Icon** to copy the full block.
+*   This is safe to share publicly.
+
+### 3. Private Key (KEY)
+This section contains your secret Private Key.
+*   **Hidden by Default**: The specific key content is blurred/hidden for security.
+*   **Show**: Click the **"Show"** button to reveal the key.
+*   **Copy**: Click the **Copy Icon** to retrieve it.
+
+<Callout type="error" emoji={<ShieldAlert className="w-5 h-5" />}>
+  **Security Warning:** Never share your Private Key. Anyone with this key can impersonate your server.
+</Callout>