ssl-certs
Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL.
allowed_tools: Bash, Read, Grep
$ 설치
git clone https://github.com/mhalder/dotfiles /tmp/dotfiles && cp -r /tmp/dotfiles/claude/.claude/skills/ssl-certs ~/.claude/skills/dotfiles// tip: Run this command in your terminal to install the skill
SKILL.md
name: ssl-certs description: Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL. allowed-tools: Bash, Read, Grep
SSL/TLS Certificates
Manage certificates, diagnose SSL issues, and handle renewals.
Instructions
- Identify the issue type (expiring, invalid, chain problem)
- Use appropriate diagnostic commands
- Determine root cause
- Provide remediation steps
Check certificate expiry
# Local certificate file
openssl x509 -enddate -noout -in cert.pem
# Remote server
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
# Check all certs expiring within 30 days
find /etc/letsencrypt/live -name "*.pem" -exec sh -c 'echo "{}:"; openssl x509 -enddate -noout -in "{}"' \;
Certificate information
# Full certificate details
openssl x509 -text -noout -in cert.pem
# Subject and issuer
openssl x509 -subject -issuer -noout -in cert.pem
# SANs (Subject Alternative Names)
openssl x509 -noout -ext subjectAltName -in cert.pem
Diagnose SSL connection
# Full connection debug
openssl s_client -connect example.com:443 -servername example.com
# Check specific TLS version
openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3
# Verify certificate chain
openssl s_client -connect example.com:443 -showcerts
Common issues
| Error | Cause | Solution |
|---|---|---|
| certificate has expired | Cert past end date | Renew certificate |
| unable to verify | Missing intermediate | Add chain certificates |
| hostname mismatch | Wrong cert or missing SAN | Get cert with correct names |
| self-signed certificate | Not from trusted CA | Use Let's Encrypt or commercial CA |
Let's Encrypt management
# Check certbot certificates
certbot certificates
# Renew all certificates
certbot renew --dry-run
certbot renew
# Force renewal
certbot renew --force-renewal
# Get new certificate
certbot certonly --nginx -d example.com -d www.example.com
Verify chain
# Check chain is complete
openssl verify -CAfile chain.pem cert.pem
# Download and verify chain
openssl s_client -connect example.com:443 -showcerts 2>/dev/null | awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/ {print}' > chain.pem
Rules
- MUST check expiry date first for any cert issue
- MUST verify the full certificate chain
- MUST check SANs match the domain being accessed
- Never delete certificates without backup
- Always test with
--dry-runbefore certbot renew - Always reload/restart web server after cert changes
Repository
mhalder
Author
mhalder/dotfiles/claude/.claude/skills/ssl-certs
0
Stars
0
Forks
Updated21h ago
Added1w ago