Name: Ssl Cert Renew
Author: jezweb

name	ssl-cert-renew
description	Check SSL certificate expiry across managed properties; flag anything within 30 days; renew where the renewal is automatable (Let's Encrypt, Cloudflare-managed). Use weekly via cron.

SSL cert renew

Don't let a cert expire silently.

Steps

List every property in wiki/properties/websites/ (or scope from input)
For each: query the live cert via openssl or fetch + inspect
Compute days-to-expiry
Classify:
- OK (>30 days): no action
- Warn (8-30 days): file a finding to surface to boss
- Critical (<7 days): file an URGENT finding + auto-renew if Let's Encrypt + cf-managed
Auto-renewable cases: trigger wrangler ssl ... renew or equivalent provider API
Save per-property cert status to wiki/properties/websites/<domain>/cert-status.md

Output

---
kind: ssl-status
domain: <domain>
issuer: <issuer>
not_after: <ISO>
days_to_expiry: <int>
status: ok | warn | critical
auto_renew_supported: bool
last_checked: <date>
---

Anti-patterns

Renewing a cert without verifying the domain is still valid (e.g. transferred away)
Renewing a cert and forgetting to update CAA records
Silent failure modes — every check must produce an entry

name	ssl-cert-renew
description	Check SSL certificate expiry across managed properties; flag anything within 30 days; renew where the renewal is automatable (Let's Encrypt, Cloudflare-managed). Use weekly via cron.

SSL cert renew

Don't let a cert expire silently.

Steps

List every property in wiki/properties/websites/ (or scope from input)
For each: query the live cert via openssl or fetch + inspect
Compute days-to-expiry
Classify:
- OK (>30 days): no action
- Warn (8-30 days): file a finding to surface to boss
- Critical (<7 days): file an URGENT finding + auto-renew if Let's Encrypt + cf-managed
Auto-renewable cases: trigger wrangler ssl ... renew or equivalent provider API
Save per-property cert status to wiki/properties/websites/<domain>/cert-status.md

Output

---
kind: ssl-status
domain: <domain>
issuer: <issuer>
not_after: <ISO>
days_to_expiry: <int>
status: ok | warn | critical
auto_renew_supported: bool
last_checked: <date>
---

Anti-patterns

Renewing a cert without verifying the domain is still valid (e.g. transferred away)
Renewing a cert and forgetting to update CAA records
Silent failure modes — every check must produce an entry

ssl-cert-renew

SSL cert renew

Steps

Output

Anti-patterns

同仓库更多 Skills

SSL cert renew

Steps

Output

Anti-patterns

同仓库更多 Skills