Bug: .gitignore certs/ pattern too broad — blocks docker/certs/ tracked files

[mrveiss]

Problem

Root .gitignore line 360 contains a broad certs/ pattern:

# TLS Certificates (generated by scripts/security/generate-tls-certificates.sh)
certs/

This catches docker/certs/ which contains tracked files added in #1896:

• docker/certs/generate-self-signed.sh (tracked, executable)
• docker/certs/.gitignore (tracked, excludes generated certs)

These files had to be force-added with git add -f. Future contributors adding files to docker/certs/ will silently fail without -f.

Proposed Fix

Make the pattern more specific:

# TLS Certificates (generated by scripts/security/generate-tls-certificates.sh)
# Excludes tracked scripts in docker/certs/
certs/*.crt
certs/*.key
certs/*.pem
!docker/certs/

Or add a negation rule:

certs/
!docker/certs/generate-self-signed.sh
!docker/certs/.gitignore

Discovered During

Implementing #1896 (Docker TLS/HTTPS configuration)

Impact

Priority: low — contributor friction only, tracked files already committed with -f

[mrveiss]

Merged in PR #1941. docker/certs/ added to .gitignore negation.