OpenSkillIndex← back to search
claude-code

Skills letsencrypt

install
source · Clone the upstream repo
git clone https://github.com/TerminalSkills/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/TerminalSkills/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/letsencrypt" ~/.claude/skills/terminalskills-skills-letsencrypt && rm -rf "$T"
manifest: skills/letsencrypt/SKILL.md
safety · automated scan (low risk)
This is a pattern-based risk scan, not a security review. Our crawler flagged:
  • uses sudo
Always read a skill's source content before installing. Patterns alone don't mean the skill is malicious — but they warrant attention.
source content

Let's Encrypt

Overview

Let's Encrypt provides free, automated TLS certificates. Certbot is the official client — obtains and renews certificates automatically. Supports Nginx, Apache, standalone, and DNS validation for wildcards.

Instructions

Step 1: Install Certbot

sudo apt install certbot python3-certbot-nginx

Step 2: Get Certificate

# Automatic Nginx configuration
sudo certbot --nginx -d example.com -d www.example.com

# Standalone (no web server needed)
sudo certbot certonly --standalone -d example.com

# DNS validation (for wildcards)
sudo certbot certonly --manual --preferred-challenges dns -d "*.example.com"

Step 3: Auto-Renewal

# Certbot installs a systemd timer automatically
sudo systemctl status certbot.timer
sudo certbot renew --dry-run    # test renewal

Step 4: Docker with Traefik

# docker-compose.yml — Automatic TLS with Traefik
services:
  traefik:
    image: traefik:v3
    command:
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.le.acme.email=admin@example.com
      - --certificatesresolvers.le.acme.storage=/acme/acme.json
      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
    ports: ["80:80", "443:443"]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - acme:/acme
volumes:
  acme:

Guidelines

  • Certificates valid for 90 days — auto-renewal handles this.
  • Rate limits: 50 certs per domain per week.
  • Use DNS validation for wildcard certs and internal servers.
  • For containers, Traefik or Caddy handle Let's Encrypt automatically.