ssl-cert-monitor
Operate ssl-cert-monitor -- add hosts, configure alert rules, trigger checks, review history, and deploy the stack.
Best use case
ssl-cert-monitor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Operate ssl-cert-monitor -- add hosts, configure alert rules, trigger checks, review history, and deploy the stack.
Teams using ssl-cert-monitor should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ssl-cert-monitor/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ssl-cert-monitor Compares
| Feature / Agent | ssl-cert-monitor | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Operate ssl-cert-monitor -- add hosts, configure alert rules, trigger checks, review history, and deploy the stack.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
## When to use this skill
Use this skill when working with ssl-cert-monitor: configuring hostnames to monitor, setting expiry thresholds, creating Slack webhook alert rules, reviewing certificate history, or deploying the stack.
## Quick Start (development)
```bash
cd ssl-cert-monitor
pnpm install
cp .env.example .env
# Edit .env if needed
# Start backend
cd backend && pnpm dev
# Start frontend (separate terminal)
cd frontend && pnpm dev
# Dashboard: http://localhost:5173
# API: http://localhost:3000
```
## Quick Start (Docker)
```bash
docker compose up -d
# Dashboard: http://localhost:8080
```
## Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `PORT` | `3000` | Express server port |
| `DB_PATH` | `./data/ssl.db` | SQLite database path |
| `CHECK_INTERVAL_MINUTES` | `60` | Default check interval for new hosts |
| `WARN_DAYS` | `30` | Default warning threshold |
| `CRIT_DAYS` | `7` | Default critical threshold |
| `WEBHOOK_TIMEOUT_MS` | `5000` | Webhook delivery timeout |
| `CORS_ORIGIN` | `http://localhost:5173` | Dashboard CORS origin |
| `VITE_API_URL` | `http://localhost:3000` | API base URL for frontend |
## Adding Hosts
Via the dashboard: click "Add Host", enter the hostname and port, optionally set display name and per-host thresholds. A connection test runs before saving.
Via the API:
```bash
curl -X POST http://localhost:3000/api/hosts \
-H "Content-Type: application/json" \
-d '{"hostname":"api.example.com","port":443,"warnDaysBeforeExpiry":30,"critDaysBeforeExpiry":7}'
```
## Triggering an Immediate Check
```bash
curl -X POST http://localhost:3000/api/hosts/1/check
```
The check runs synchronously and returns the new `CheckResult`.
## API Reference
| Method | Path | Description |
|--------|------|-------------|
| `GET` | `/api/health` | `{ ok: true }` |
| `GET` | `/api/hosts` | List all hosts |
| `POST` | `/api/hosts` | Add a host |
| `GET` | `/api/hosts/:id` | Host with latest check |
| `PUT` | `/api/hosts/:id` | Update host settings |
| `DELETE` | `/api/hosts/:id` | Remove host and history |
| `POST` | `/api/hosts/:id/check` | Trigger immediate check |
| `GET` | `/api/hosts/:id/checks` | Check history (90 days) |
| `GET` | `/api/checks` | All recent results (100) |
| `GET` | `/api/alerts` | Hosts below threshold |
| `GET` | `/api/alert-rules` | Alert rule list |
| `POST` | `/api/alert-rules` | Create alert rule |
| `PUT` | `/api/alert-rules/:id` | Update alert rule |
| `DELETE` | `/api/alert-rules/:id` | Delete alert rule |
| `POST` | `/api/alert-rules/:id/test` | Send test webhook |
| `GET` | `/api/settings` | Current settings |
| `POST` | `/api/settings` | Update settings |
## Alert Rules
Alert rules fire when a certificate's `daysUntilExpiry` falls below the rule's `thresholdDays`. Rules match hostnames using glob patterns (e.g. `*.example.com` or `*`).
One webhook delivery per host per rule per 24 hours (deduplication in the scheduler).
Webhook payload (Slack-compatible):
```json
{
"text": "SSL certificate for api.example.com expires in 6 days (2024-03-21)",
"attachments": [{
"color": "#dc2626",
"fields": [
{ "title": "Host", "value": "api.example.com:443" },
{ "title": "Expires", "value": "2024-03-21" },
{ "title": "Days Remaining", "value": "6" },
{ "title": "Severity", "value": "critical" }
]
}]
}
```
## Check Schedule
The scheduler ticks every minute via `node-cron`. On each tick it queries for hosts where `last_checked_at IS NULL OR last_checked_at <= datetime('now', '-N minutes')`. Checks run concurrently with max 5 simultaneous connections.
## Expiry Severity Thresholds
| State | Condition | Badge Color |
|-------|-----------|-------------|
| ok | > warn_days | Green |
| warning | <= warn_days and > crit_days | Amber |
| critical | <= crit_days and > 0 | Red |
| expired | <= 0 | Red |
| error | Connection failed | Violet |
## Troubleshooting
**"Connection timed out"**
- Confirm the host is reachable on port 443 from the server running ssl-cert-monitor
- Check firewall rules; the server needs outbound TCP to port 443
- For Docker: ensure the backend container has network access to external hosts
**"No certificate returned"**
- The host is listening on the port but not offering TLS (may be HTTP-only)
- Or the port accepts connections but drops them before the TLS handshake
**"Webhook not receiving test"**
- Verify the webhook URL is correct and the receiving service (Slack, Discord) is operational
- Check `webhook_deliveries` table for `error_message` from failed attempts
- Increase `WEBHOOK_TIMEOUT_MS` if the receiving endpoint is slow
**Checks not running automatically**
- Confirm the backend process is running: `GET /api/health`
- Verify `node-cron` is scheduling: check logs for "Scheduler started" on startupRelated Skills
Skill: Uptime Monitoring
## Overview
serial-monitor
No description provided.
backup-monitor
Track backup jobs via heartbeat pings, alert on missed or failed backups. Use when you need to monitor scheduled backup scripts, get alerted when a backup misses its window, or track backup execution history. Triggers include "backup monitoring", "backup alerts", "missed backup", "backup heartbeat", "backup job tracking", or any task involving backup reliability verification.
mkcert
Generate locally-trusted TLS certificates for development. Use when you need to understand how mkcert works, need to generate certificates manually outside of ssl-proxy, need to check if mkcert is installed, or are debugging certificate trust issues. Triggers include "mkcert", "local certificate", "self-signed cert", "trusted cert localhost", "local CA".
cron-monitor
Send heartbeat pings to cron-monitor after cron job completion, check job status, and register new jobs. Use when you need to confirm a scheduled task ran successfully, check if a cron job is healthy, or add monitoring to a new cron script. Triggers include "ping cron-monitor", "check job status", "register cron job", "heartbeat", "cron health check", or any task involving scheduled job monitoring.
database-size-monitor
Dashboard for monitoring PostgreSQL and MySQL table sizes over time, with growth tracking, threshold alerts, and snapshot comparison
data-pipeline-monitor
Track ETL and data pipeline jobs with success/failure status, duration tracking, heartbeat monitoring, and dependency visualization. Use when you need to monitor scheduled jobs, detect failures, track pipeline health over time, or visualize ETL step dependencies. Triggers include "pipeline monitoring", "job tracking", "ETL status", "cron job health", "heartbeat monitor", "pipeline failed", or any task involving monitoring data workflows.
process-monitor
Monitor system processes for resource usage using process-tree watch mode. Use when tracking CPU or memory usage over time, finding resource hogs, or watching a specific process. Triggers include "monitor processes", "watch cpu usage", "process monitor", "top processes", "resource usage", "ptree watch".
Skill: Status Page
## Overview
Skill: unit-conversion
## Overview
Skill: recipe-scaler
## Overview
reading-list
Operate the reading-list API to save, manage, tag, search, and export articles.