feat: Add certificate management tools (6 new MCP tools)

New tools for SSL/TLS certificate management via acme.sh: - haproxy_list_certs: List all certificates with expiry info - haproxy_cert_info: Get detailed certificate info (expiry, issuer, SANs) - haproxy_issue_cert: Issue new certificate via Cloudflare DNS validation - haproxy_renew_cert: Renew specific certificate (with force option) - haproxy_renew_all_certs: Renew all certificates due for renewal - haproxy_delete_cert: Delete certificate from acme.sh and HAProxy Features: - Automatic PEM deployment to HAProxy certs directory - HAProxy hot-reload after certificate changes (USR2 signal) - Cloudflare DNS validation with CF_Token support - Wildcard certificate support Total MCP tools: 22 → 28 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 03:55:26 +00:00
parent 7bee373684
commit dbacb86d60
3 changed files with 348 additions and 3 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -241,7 +241,7 @@ Returns backend server status for a specific domain:

 **Status values:** `healthy` (all UP), `degraded` (partial UP), `down` (all DOWN), `no_servers`

-## MCP Tools (22 total)
+## MCP Tools (28 total)

 ### Domain Management
 | Tool | Description |
@@ -285,6 +285,16 @@ Returns backend server status for a specific domain:
 | `haproxy_save_state` | Save server state to disk (legacy) |
 | `haproxy_restore_state` | Restore state from disk (legacy) |

+### Certificate Management
+| Tool | Description |
+|------|-------------|
+| `haproxy_list_certs` | List all certificates with expiry info |
+| `haproxy_cert_info` | Get detailed certificate info (expiry, issuer, SANs) |
+| `haproxy_issue_cert` | Issue new certificate via acme.sh + Cloudflare DNS |
+| `haproxy_renew_cert` | Renew specific certificate (force option available) |
+| `haproxy_renew_all_certs` | Renew all certificates due for renewal |
+| `haproxy_delete_cert` | Delete certificate from acme.sh and HAProxy |
+
 ## Key Conventions

 ### Pool-Based Routing
@@ -359,12 +369,13 @@ echo "set server pool_1/pool_1_1 state ready" | nc localhost 9999
 │   ├── haproxy_client.py # HAProxy Runtime API client
 │   ├── file_ops.py      # File I/O operations
 │   ├── utils.py         # Parsing utilities
-│   └── tools/           # MCP tools (22 total)
+│   └── tools/           # MCP tools (28 total)
 │       ├── domains.py   # Domain management (3 tools)
 │       ├── servers.py   # Server management (7 tools)
 │       ├── health.py    # Health checks (3 tools)
 │       ├── monitoring.py # Monitoring (4 tools)
-│       └── configuration.py # Config management (4 tools)
+│       ├── configuration.py # Config management (4 tools)
+│       └── certificates.py # Certificate management (6 tools)
 ├── conf/
 │   ├── haproxy.cfg      # Main HAProxy config (100 pool backends)
 │   ├── domains.map      # Domain → Pool mapping