certctl: Self-hosted certificate lifecycle platform with 78 API endpoints for AI agent automation
What certctl is
certctl is a self-hosted certificate lifecycle platform with a full REST API, built specifically for automation by AI coding agents ("claws"). The creator has been developing it with Claude as a copilot from the beginning, resulting in approximately 15,000 lines of Go and TypeScript code with 744+ tests.
Key features and capabilities
The platform addresses the upcoming challenge of TLS certificate management as SC-081v3 pushes certificate lifespans to 47 days by 2029, requiring constant rotation across server fleets.
The API provides 78 endpoints covering:
- Certificate issuance
- Renewal operations
- Revocation processes
- Deployment workflows
- Agent management
- Policy enforcement
- Audit trail access
- Fleet health monitoring
- Metrics collection
Every operation available in the React dashboard is also available through the API. An MCP server is on the roadmap to expose all functionality as native MCP tools.
Practical use cases for AI agents
With structured API access, AI agents can:
- Query which certificates are expiring within a specific timeframe
- Trigger certificate renewals
- Check agent fleet status
- Pull audit logs
- Revoke compromised certificates
- Read OCSP status
This eliminates the need for browser automation or screen scraping, providing direct API access to the entire certificate lifecycle.
Infrastructure compatibility
The platform is issuer-agnostic, supporting:
- ACME/Let's Encrypt
- step-ca
- Internal certificate authorities
- Sub-CAs under enterprise roots
It's also target-agnostic with current support for:
- NGINX
- Apache
- HAProxy
Support for F5 and IIS is coming soon. This provides a single interface for AI agents regardless of the underlying infrastructure.
Development workflow
The creator maintains a "CLAUDE.md" file in the repository that tracks every milestone, file location, and architecture decision. Each development session starts by reading this document to provide full context in seconds. When a milestone ships, the document updates with what changed, enabling sustained work on a complex multi-milestone project across dozens of sessions without losing state.
📖 Read the full source: r/openclaw
👀 See Also
molequla: Continual Learning AI Organism Built from Scratch with ClaudeCode
molequla is a continual learning AI organism implemented from scratch in Go, C, JavaScript, and Rust with a Python orchestrator. Each element is a full transformer implementation with vector autograd, trained on raw text, that grows and develops a personality over time.
Harnessing Claude Code for Bot Consultancy: A Deep Dive
Exploring the integration of Claude Code within bot development to enhance functionality through AI consultancy, as shared by an enthusiast on r/clawdbot.
Savant Commander 48B: A Custom Qwen 3 Mixture-of-Experts Model with 12 Distilled Models
Savant Commander 48B is a custom Qwen 3 Mixture-of-Experts model with hand-coded routing that combines 12 distilled models from providers like Claude, Gemini, OpenAI, and Deepseek. It features 256K context length and allows prompt-controlled activation of specific distilled models.
soul.py adds persistent memory to local LLMs with simple file-based approach
soul.py is a Python library that adds persistent memory to any LLM using two markdown files for identity and conversation logging, working with Ollama, OpenAI, and Anthropic models without requiring databases or servers.