Claude Code Plugins

Community-maintained marketplace

Feedback

ssl-certs

@mhalder/dotfiles
0
0

Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name ssl-certs
description Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL.
allowed-tools Bash, Read, Grep

SSL/TLS Certificates

Manage certificates, diagnose SSL issues, and handle renewals.

Instructions

  1. Identify the issue type (expiring, invalid, chain problem)
  2. Use appropriate diagnostic commands
  3. Determine root cause
  4. Provide remediation steps

Check certificate expiry

# Local certificate file
openssl x509 -enddate -noout -in cert.pem

# Remote server
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates

# Check all certs expiring within 30 days
find /etc/letsencrypt/live -name "*.pem" -exec sh -c 'echo "{}:"; openssl x509 -enddate -noout -in "{}"' \;

Certificate information

# Full certificate details
openssl x509 -text -noout -in cert.pem

# Subject and issuer
openssl x509 -subject -issuer -noout -in cert.pem

# SANs (Subject Alternative Names)
openssl x509 -noout -ext subjectAltName -in cert.pem

Diagnose SSL connection

# Full connection debug
openssl s_client -connect example.com:443 -servername example.com

# Check specific TLS version
openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3

# Verify certificate chain
openssl s_client -connect example.com:443 -showcerts

Common issues

Error Cause Solution
certificate has expired Cert past end date Renew certificate
unable to verify Missing intermediate Add chain certificates
hostname mismatch Wrong cert or missing SAN Get cert with correct names
self-signed certificate Not from trusted CA Use Let's Encrypt or commercial CA

Let's Encrypt management

# Check certbot certificates
certbot certificates

# Renew all certificates
certbot renew --dry-run
certbot renew

# Force renewal
certbot renew --force-renewal

# Get new certificate
certbot certonly --nginx -d example.com -d www.example.com

Verify chain

# Check chain is complete
openssl verify -CAfile chain.pem cert.pem

# Download and verify chain
openssl s_client -connect example.com:443 -showcerts 2>/dev/null | awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/ {print}' > chain.pem

Rules

  • MUST check expiry date first for any cert issue
  • MUST verify the full certificate chain
  • MUST check SANs match the domain being accessed
  • Never delete certificates without backup
  • Always test with --dry-run before certbot renew
  • Always reload/restart web server after cert changes