certctl: Self-hosted certificate lifecycle platform with 78 API endpoints for AI agent automation

What certctl is
certctl is a self-hosted certificate lifecycle platform with a full REST API, built specifically for automation by AI coding agents ("claws"). The creator has been developing it with Claude as a copilot from the beginning, resulting in approximately 15,000 lines of Go and TypeScript code with 744+ tests.
Key features and capabilities
The platform addresses the upcoming challenge of TLS certificate management as SC-081v3 pushes certificate lifespans to 47 days by 2029, requiring constant rotation across server fleets.
The API provides 78 endpoints covering:
- Certificate issuance
- Renewal operations
- Revocation processes
- Deployment workflows
- Agent management
- Policy enforcement
- Audit trail access
- Fleet health monitoring
- Metrics collection
Every operation available in the React dashboard is also available through the API. An MCP server is on the roadmap to expose all functionality as native MCP tools.
Practical use cases for AI agents
With structured API access, AI agents can:
- Query which certificates are expiring within a specific timeframe
- Trigger certificate renewals
- Check agent fleet status
- Pull audit logs
- Revoke compromised certificates
- Read OCSP status
This eliminates the need for browser automation or screen scraping, providing direct API access to the entire certificate lifecycle.
Infrastructure compatibility
The platform is issuer-agnostic, supporting:
- ACME/Let's Encrypt
- step-ca
- Internal certificate authorities
- Sub-CAs under enterprise roots
It's also target-agnostic with current support for:
- NGINX
- Apache
- HAProxy
Support for F5 and IIS is coming soon. This provides a single interface for AI agents regardless of the underlying infrastructure.
Development workflow
The creator maintains a "CLAUDE.md" file in the repository that tracks every milestone, file location, and architecture decision. Each development session starts by reading this document to provide full context in seconds. When a milestone ships, the document updates with what changed, enabling sustained work on a complex multi-milestone project across dozens of sessions without losing state.
📖 Read the full source: r/openclaw
👀 See Also

Claude AI's UltraThink feature returns with practical usage guidance
Claude AI has reinstated the UltraThink feature after user feedback. Medium effort is now the default for Opus 4.6 (Max/Team), with High effort available permanently via /model, and UltraThink as a one-turn override to high effort.

Skill Studio: Open-Source Desktop App for Managing Claude AI Agent Skills
Skill Studio is a free, open-source macOS desktop app that lets developers browse community skill repositories, preview documentation with markdown rendering, and install skills with one-click commands like npx skills add.

oMLX introduces SSD KV caching for Apple Silicon, reducing OpenClaw response times from 30-90 seconds to 5 seconds
oMLX is a new backend that persists KV cache blocks to SSD in safetensors format, preventing cache invalidation when context shifts. This reduces OpenClaw response times from 30-90 seconds down to 5 seconds on subsequent turns.

Foreman: Open Source Slack Bot for Remote Control of Local Claude Code
Foreman is a free, open source Slack bot that provides remote control for locally running Claude Code instances. It allows developers to send tasks to Claude from their phone while maintaining full local access to filesystem, tools, and environment.