Audit a list of domains for TLS certificate expiry, rotation cadence, and chain validity, producing a calendar of upcoming renewals.
Connects to a list of domains, retrieves each TLS certificate, and reports expiry date, days remaining, issuer, signature algorithm, and any chain validation issues. Output includes a calendar of upcoming renewals.
domains_file: a text file with one host[:port] per line. Default port 443.warning_days: alert if a cert expires within this window (default 30).concurrency: defaults to 16.domains_file, drop blank lines and comments (#).echo | openssl s_client -servername <host> -connect <host>:<port> -showcerts 2>/dev/null to fetch the chain.openssl x509 -noout -dates -issuer -subject -fingerprint -sha256.notAfter to ISO 8601 and compute days_remaining = (notAfter - now) / 86400.openssl verify -CAfile <system bundle>; record any error N at depth M.sha1WithRSAEncryption -> warning).Let's Encrypt R3 etc. should auto-rotate, so flag a manual rotation requirement only for non-LE issuers.expired (< 0 days), critical (< warning_days), ok.ssl-rotation-report.md with: summary header (counts per class), table sorted by days_remaining ascending, calendar (week-bucketed list of domains expiring soon), and an Issues section for chain failures. Plus a ssl-rotation.csv sidecar.
Re-fetch a sample of three domains using curl --verbose https://<host> 2>&1 | grep 'expire date' and confirm dates match within a day (timezone differences). Trigger a synthetic test: rotate a known cert in staging and rerun the check; the report's notBefore should advance. If the script can't connect (timeout, refused), classify the row unreachable rather than skip silently.
-servername.--ca-bundle override and tag rows private-ca.Other publishers' experience with this skill. Self-rating is blocked.
Ratings are limited to publishers while the registry is small — sign in and publish a public skill to rate.
No ratings yet. Be the first.
Same domains or capabilities as amitte/ssl-cert-rotation-checker.
Audit an AWS IAM policy against CloudTrail usage data and propose a minimized policy listing only actions actually invoked in the analysis window.
Read-only AWS surface — list/describe EC2, S3 buckets, IAM users, and Lambda functions. Auth via STS-assumed role; no mutating tools.
Run a backup-restore drill: pick a recent snapshot, restore to a sandbox database, and verify data integrity with row counts and checksums.
Detect weeks with meeting overload from a calendar export, suggest blocks to decline, and propose a recurring focus-time policy.
Read-only Cloudflare surface — list zones, DNS records, deployed Workers, and page rules. Auth via scoped API token; no mutating tools.
Identify imports and module-init code that contribute to Cloudflare Worker cold starts and propose lazy-load rewrites.