npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

certctl

v3.0.0

Published

A powerful CLI tool for managing SSL certificates - generate CSRs and deploy certificates via SSH

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

yangxploreryangxplorer

Keywords

sslcsrcertificateopensslclideploysshhttpstlssecurity

Readme

certctl

A powerful CLI tool for managing SSL certificates — generate CSRs and deploy certificates to remote servers via SSH.

Features

  • Interactive and non-interactive CSR generation
  • SSH-based certificate deployment with automatic backup
  • Multi-platform support (macOS, Linux, Windows)
  • Domain common name management
  • Web server config validation and auto-reload (httpd, nginx, apache2)
  • First-run setup wizard for organization details

Installation

npm install -g certctl

Quick Start

# Generate a new CSR (interactive)
certctl new

# Deploy certificate to remote server (interactive)
certctl deploy

# Manage domains
certctl domain list
certctl domain add example.com

# View configuration
certctl config show

Usage

certctl new

Generate a new Certificate Signing Request (CSR) and private key.

# Interactive mode — select domain and enter email
certctl new

# Non-interactive mode
certctl new --cn example.com --email [email protected] --no-interactive

# With custom organization details
certctl new --cn example.com --email [email protected] \
  --country US --state California --locality "San Francisco" \
  --org "My Corp" --ou "Engineering" --no-interactive

# Custom output directory and key size
certctl new --cn example.com --email [email protected] \
  --output /path/to/certs --key-size 4096 --no-interactive

Flags:

| Flag | Short | Description | |------|-------|-------------| | --cn | -c | Common Name (CN) for the certificate | | --email | -e | Email address for the certificate | | --country | | Country code (C), read from config | | --state | | State or Province (ST), read from config | | --locality | | Locality or City (L), read from config | | --org | -o | Organization (O), read from config | | --ou | | Organizational Unit (OU), read from config | | --output | -d | Output directory (default: ~/.config/openssl/) | | --key-size | | RSA key size in bits (default: 2048) | | --no-interactive | | Run in non-interactive mode |

Organization details (--country, --state, etc.) are read from your config file by default. Run certctl config show to check current values, or certctl config reset to re-run the setup wizard.

certctl deploy

Deploy SSL certificates to a remote server via SSH.

# Interactive mode — select host and domain from lists
certctl deploy

# Specify host and domain
certctl deploy --host myserver --domain example.com

# Deploy to nginx server
certctl deploy --host myserver --domain example.com --server nginx

# Custom remote certificate paths
certctl deploy --host myserver --domain example.com \
  --ca-path /etc/nginx/ssl/ca.crt \
  --crt-path /etc/nginx/ssl/cert.crt \
  --key-path /etc/nginx/ssl/key.key

# Skip validation and reload
certctl deploy --host myserver --domain example.com \
  --skip-validate --skip-reload

Flags:

| Flag | Short | Description | |------|-------|-------------| | --host | -H | SSH host name from SSH config | | --domain | -d | Domain name for the certificate | | --server | -s | Web server type: httpd, nginx, apache2 (default: httpd) | | --ssh-config | | Path to SSH config file (default: ~/.ssh/config) | | --cert-dir | | Local certificate directory (default: ~/.config/openssl/<domain>/) | | --ca-path | | Custom remote CA file path | | --crt-path | | Custom remote certificate file path | | --key-path | | Custom remote key file path | | --skip-validate | | Skip web server config validation | | --skip-reload | | Skip service reload after deployment |

Deployment process:

  1. Read SSH config and connect to server
  2. Backup existing certificates (.backup)
  3. Upload CA, certificate, and key files
  4. Set file permissions (644 for certs, 600 for keys)
  5. Validate web server configuration
  6. Reload web server to apply new certificates

certctl domain

Manage domain common names.

certctl domain list              # List all domains with file status
certctl domain add example.com   # Add a new domain
certctl domain remove example.com # Remove a domain
certctl domain search example    # Search domains by keyword

certctl config

Manage configuration settings.

certctl config show   # Show current configuration
certctl config edit   # Edit configuration interactively
certctl config reset  # Reset and re-run setup wizard

Certificate File Format

Generated files are stored in ~/.config/openssl/<domain>/:

~/.config/openssl/example.com/
├── key.pem          # Private key
├── example.com.csr  # Certificate Signing Request
├── cert.pem         # Certificate (placeholder, replace with CA-signed cert)
└── ca.pem           # CA certificate (placeholder)

Workflow:

  1. Run certctl new to generate CSR and private key
  2. Submit the .csr file to your Certificate Authority (CA)
  3. Place the signed certificate in cert.pem and CA chain in ca.pem
  4. Run certctl deploy to upload to your server

SSH Configuration

The deploy command reads hosts from ~/.ssh/config:

Host myserver
    HostName 192.168.1.100
    User root
    Port 22
    IdentityFile ~/.ssh/id_rsa

Supported Web Servers

| Server | Config validation | Reload command | |--------|------------------|----------------| | httpd (Apache) | httpd -t | systemctl reload httpd | | nginx | nginx -t | systemctl reload nginx | | apache2 | apache2ctl -t | systemctl reload apache2 |

Migration from make-csr-cli v2.x

| Before (v2.x) | After (v3.0) | |----------------|--------------| | make-csr generate | certctl new | | make-csr deploy | certctl deploy | | make-csr list | certctl domain list | | make-csr list --add "example.com" | certctl domain add example.com | | make-csr list --remove "example.com" | certctl domain remove example.com | | make-csr list --search "example" | certctl domain search example | | make-csr config --show | certctl config show | | make-csr config --edit | certctl config edit | | make-csr config --reset | certctl config reset | | Files: domain.key, domain.crt, domain.ca | Files: key.pem, cert.pem, ca.pem |

Legacy file format is still supported for deployment with a migration warning.

License

MIT