Stats
Actions
Tags
Manage TLS/SSL on Dokku — custom certificates via the core certs plugin and automated Let's Encrypt via the dokku-letsencrypt plugin. Use when adding, updating, or removing certificates, enabling HTTPS for an app, configuring automatic certificate renewal (cron), checking certificate expiry, or debugging why HTTPS is not active. Targets Dokku 0.37.x.
How this skill is triggered — by the user, by Claude, or both
Slash command
/dokku-devsecops-skills:dokku-tls-letsencryptThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Version:** Dokku 0.37.x. **Safety:** `certs:*` (except report/show) and all `letsencrypt:*` mutations change the live TLS endpoint — confirm before running. Let's Encrypt has issuance **rate limits**, so do not loop `enable`. `certs:report`, `certs:show`, `letsencrypt:list`, `letsencrypt:active` are read-only.
Version: Dokku 0.37.x. Safety: certs:* (except report/show) and all letsencrypt:* mutations change the live TLS endpoint — confirm before running. Let's Encrypt has issuance rate limits, so do not loop enable. certs:report, certs:show, letsencrypt:list, letsencrypt:active are read-only.
dokku domains:set <app> app.example.com).certs plugin)dokku certs:report <app> # read-only: issuer, expiry, presence
dokku certs:add <app> server.crt server.key # or pipe a tarball on stdin
dokku certs:update <app> server.crt server.key
dokku certs:remove <app>
dokku certs:generate <app> app.example.com # CSR + self-signed (dev/testing)
dokku certs:show <app> crt # print the crt (or: key)
dokku-letsencrypt plugin)This is the official community plugin
dokku/dokku-letsencrypt, not part of core Dokku. If it is not installed, install it first (host root):sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.gitConfirm with the operator before installing host plugins.
dokku letsencrypt:set <app> email [email protected] # required contact email
dokku letsencrypt:enable <app> # issue + install cert (also renews)
dokku letsencrypt:active <app> # read-only: is LE active?
dokku letsencrypt:list # read-only: secured apps + expiry
dokku letsencrypt:auto-renew [<app>] # renew if near expiry
dokku letsencrypt:revoke <app>
dokku letsencrypt:cleanup <app> # remove stale cert dirs
dokku letsencrypt:disable <app>
Add the periodic auto-renew cron job once (host-wide):
dokku letsencrypt:cron-job --add
This schedules letsencrypt:auto-renew so certificates renew before they expire.
dokku certs:report <app> # or: dokku letsencrypt:list
curl -vI https://app.example.com # confirm valid chain + expiry from a client
enable repeatedly can hit Let's Encrypt rate limits — check letsencrypt:list first.npx claudepluginhub shooding/dokku-devsecops-skills --plugin dokku-devsecops-skillsProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.