ssl-certs
Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL.
Installation
Details
Usage
After installing, this skill will be available to your AI coding assistant.
Verify installation:
skills listSkill Instructions
name: ssl-certs description: Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL. allowed-tools: Bash, Read, Grep
SSL/TLS Certificates
Manage certificates, diagnose SSL issues, and handle renewals.
Instructions
- Identify the issue type (expiring, invalid, chain problem)
- Use appropriate diagnostic commands
- Determine root cause
- Provide remediation steps
Check certificate expiry
# Local certificate file
openssl x509 -enddate -noout -in cert.pem
# Remote server
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
# Check all certs expiring within 30 days
find /etc/letsencrypt/live -name "*.pem" -exec sh -c 'echo "{}:"; openssl x509 -enddate -noout -in "{}"' \;
Certificate information
# Full certificate details
openssl x509 -text -noout -in cert.pem
# Subject and issuer
openssl x509 -subject -issuer -noout -in cert.pem
# SANs (Subject Alternative Names)
openssl x509 -noout -ext subjectAltName -in cert.pem
Diagnose SSL connection
# Full connection debug
openssl s_client -connect example.com:443 -servername example.com
# Check specific TLS version
openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3
# Verify certificate chain
openssl s_client -connect example.com:443 -showcerts
Common issues
| Error | Cause | Solution |
|---|---|---|
| certificate has expired | Cert past end date | Renew certificate |
| unable to verify | Missing intermediate | Add chain certificates |
| hostname mismatch | Wrong cert or missing SAN | Get cert with correct names |
| self-signed certificate | Not from trusted CA | Use Let's Encrypt or commercial CA |
Let's Encrypt management
# Check certbot certificates
certbot certificates
# Renew all certificates
certbot renew --dry-run
certbot renew
# Force renewal
certbot renew --force-renewal
# Get new certificate
certbot certonly --nginx -d example.com -d www.example.com
Verify chain
# Check chain is complete
openssl verify -CAfile chain.pem cert.pem
# Download and verify chain
openssl s_client -connect example.com:443 -showcerts 2>/dev/null | awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/ {print}' > chain.pem
Rules
- MUST check expiry date first for any cert issue
- MUST verify the full certificate chain
- MUST check SANs match the domain being accessed
- Never delete certificates without backup
- Always test with
--dry-runbefore certbot renew - Always reload/restart web server after cert changes
More by benchflow-ai
View allRepair an (often imperfect) Flexible Job Shop Scheduling baseline into a downtime-feasible, precedence-correct schedule while staying within policy budgets and matching the evaluator’s exact metrics and “local minimal right-shift” checks.
Test Temporal workflows with pytest, time-skipping, and mocking strategies. Covers unit testing, integration testing, replay testing, and local development setup. Use when implementing Temporal workflow tests or debugging test failures.
Extract locational marginal prices (LMPs) from DC-OPF solutions using dual values. Use when computing nodal electricity prices, reserve clearing prices, or performing price impact analysis.
This skill should be used when the user asks to "design package structure", "create managed package", "configure 2GP", "set up namespace", "version management", or mentions managed package topics like "LMA", "subscriber orgs", or "package versioning". Provides comprehensive guidance for second-generation managed package (2GP) architecture, ISV development patterns, and package lifecycle management.