Free browser-based DevOps audit tools โ no signup, nothing leaves your browser
Let's Encrypt with nginx or Traefik on Vultr instances
sudo apt update sudo apt install certbot python3-certbot-nginx # Get certificate (replace with your domain) sudo certbot --nginx -d example.com -d www.example.com # Auto-renewal is set up automatically # Test renewal: sudo certbot renew --dry-run
services:
traefik:
image: traefik:v3
command:
- "--certificatesresolvers.myresolver.acme.email=you@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
ports:
- "80:80"
- "443:443"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock"
app:
image: myapp
labels:
- "traefik.http.routers.app.rule=Host('example.com')"
- "traefik.http.routers.app.tls=true"
- "traefik.http.routers.app.tls.certresolver=myresolver"
In Vultr's firewall settings, ensure inbound rules allow TCP port 80 (for ACME HTTP-01 challenge) and TCP port 443. Let's Encrypt requires port 80 to be accessible for certificate issuance.
Paste all your domain names and see expiry dates at a glance. Color coded: green (safe), orange (<30 days), red (<7 days).
Open SSL Checker โVultr's default firewall allows all inbound traffic. You need to add restrictive rules yourself. However, the ACME HTTP-01 challenge requires port 80 to be open. If you block port 80, use DNS-01 challenge instead.
Certbot installs a systemd timer that runs twice daily. Check its status with systemctl status certbot.timer. For Traefik, renewal is automatic โ Traefik renews certificates 30 days before expiry.