aj-geddes/useful-ai-prompts
Overview
This skill automates SSL/TLS certificate lifecycle across environments, including provisioning, renewal, monitoring, and secure distribution using Let's Encrypt, AWS ACM, or HashiCorp Vault. It provides practical recipes and scripts for zero-downtime rotation, multi-domain and wildcard handling, and expiration alerting. The goal is reliable HTTPS enablement and reduced manual overhead.
How this skill works
The skill supplies configuration examples, automation cronjobs, and monitoring scripts that inspect certificate stores (Kubernetes secrets, AWS ACM) and perform actions (renew, annotate, create DNS validation records). It leverages ACME with cert-manager for Lets Encrypt, Terraform and Route53 for ACM issuance, and shell tooling to detect expirations and trigger alerts. Secure key handling and role-based access controls are recommended for distribution.
When to use it
- Enable HTTPS/TLS for web services and APIs
- Automate certificate renewal to avoid outages
- Manage multi-domain or wildcard certificates at scale
- Monitor certificates and send expiration alerts
- Rotate certificates with zero downtime across services
Best practices
- Automate renewal and deployment pipelines; avoid manual replacement
- Use Lets Encrypt for public DV certs and ACM for AWS load balancers
- Monitor expirations and alert well before expiry (30+ days)
- Store private keys in a secure vault or cloud key management system
- Use strong keys (2048+ RSA, 256+ ECDSA) and rotate regularly
- Separate dev and production certificates; never commit keys to source control
Example use cases
- Kubernetes ingress TLS with cert-manager and ACME HTTP-01/DNS-01 solvers for wildcard domains
- AWS ALB with ACM certificates created via Terraform and validated by Route53 records
- CronJob that scans Kubernetes secrets and ACM certificates, emailing admins when expiry is near
- Automated renewal job that annotates cert-manager Certificates to trigger re-issuance without downtime
- Nginx configuration enforcing certificate pinning for sensitive API endpoints
FAQ
Use Lets Encrypt for public web certificates outside cloud-managed load balancers; use ACM when you need seamless integration with AWS load balancers and managed distribution. Consider automation and validation method (HTTP-01 vs DNS-01).
What alert threshold should I use for expiration warnings?
A good default is 30 days. For high-risk services use 60 days. Alerts should provide domain, namespace/service, and exact expiry date so remediation can be prioritized.
6 skills
This skill automates SSL/TLS certificate provisioning, renewal, and monitoring across environments using Let's Encrypt, ACM, or Vault.
This skill helps detect and fix memory leaks in applications using heap snapshots, profiling, and automated detection to prevent OOM errors.
This skill helps you assess, quantify, and prioritize technical debt to guide refactoring and architectural decisions.
This skill helps teams plan and execute sprints efficiently by defining goals, estimating work, and managing backlogs for incremental value.
This skill helps you design accessible color palettes and contrast checks to ensure color-blind friendly visuals across interfaces and charts.
This skill conducts market and competitor analysis to inform product strategy, pricing, and differentiation by synthesizing strengths, weaknesses,