{"id":"fserver-certbot","name":"certbot","af_score":37.2,"security_score":55.5,"reliability_score":48.8,"what_it_does":"Certbot is an ACME client used to obtain and renew TLS/SSL certificates from certificate authorities (commonly Let’s Encrypt) and configure/validate domains via supported plugins (e.g., webserver or standalone modes).","best_when":"You want local, automated ACME certificate issuance/renewal and can run Certbot with appropriate DNS/webserver access.","avoid_when":"You cannot run a client on the machine that can complete domain validation or install certificates, or you require a managed hosted API with OAuth-scoped permissions.","last_evaluated":"2026-04-04T21:30:27.047094+00:00","has_mcp":false,"has_api":false,"auth_methods":["ACME account registration/keys (account private key)","Challenge authentication via webserver/DNS plugin configuration (varies by plugin/CA)","Root/OS permissions to read/write certificate and webserver config"],"has_free_tier":true,"known_gotchas":["Certbot behavior depends heavily on the selected plugin (webroot/standalone/dns/etc.) and CA/challenge type; an agent must choose and configure the correct plugin.","Operations are side-effectful on the local filesystem and webserver configuration; agents should treat runs as potentially disruptive.","ACME challenges can require DNS propagation or inbound reachability; failures may be environmental rather than API-level.","Idempotency is not guaranteed at the CLI level; re-running may update files/renew certs depending on timing and state.","Agents should ensure appropriate filesystem permissions and avoid exposing private keys in logs."],"error_quality":0.0}