diff --git a/.gitignore b/.gitignore
index 1a46eb9..1049ba3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,5 @@ roles/vendor/
!.idea/
password.txt
+!/dockerfiles/services/sslproxy/letsencrypt/live/
+
diff --git a/.idea/sshConfigs.xml b/.idea/sshConfigs.xml
index 94748b2..774024a 100644
--- a/.idea/sshConfigs.xml
+++ b/.idea/sshConfigs.xml
@@ -5,7 +5,7 @@
-
+
\ No newline at end of file
diff --git a/dockerfiles/services/sslproxy/cli/certbot/certbot b/dockerfiles/services/sslproxy/cli/certbot/certbot
new file mode 100755
index 0000000..1cc1c29
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/certbot
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -e
+#set -x
+
+LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
+LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
+
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+export LETSENCRYPT_MOUNT
+export LETSENCRYPT_IMAGE
+
+run() {
+ docker-compose \
+ -f docker-compose.tools.yml \
+ run test $@
+}
+
+run_help() {
+ docker-compose \
+ -f docker-compose.tools.yml \
+ run test --help $@
+}
+
+
+while getopts h name
+do
+ case $name in
+ h) run_help $@;;
+ *) run $@;;
+ esac
+done
diff --git a/dockerfiles/services/sslproxy/cli/certbot/certbot.help b/dockerfiles/services/sslproxy/cli/certbot/certbot.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/certbot.help
@@ -0,0 +1,3 @@
+ARGS - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/certbot/certbot.usage b/dockerfiles/services/sslproxy/cli/certbot/certbot.usage
new file mode 100644
index 0000000..5226895
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/certbot.usage
@@ -0,0 +1 @@
+ARGS...
diff --git a/dockerfiles/services/sslproxy/cli/certbot/info b/dockerfiles/services/sslproxy/cli/certbot/info
new file mode 100755
index 0000000..79bb8ec
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/info
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+echo -e TODO: make this work!
+set -e
+set -x
+
+LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
+LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
+
+if [ "$1" == 'prod' ]; then
+ LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2
+fi
+
+
+
+export LETSENCRYPT_MOUNT
+export LETSENCRYPT_IMAGE
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+
+# shellcheck disable=SC2068
+docker-compose \
+ -f docker-compose.tools.yml \
+ run certificates
diff --git a/dockerfiles/services/sslproxy/cli/certbot/info.help b/dockerfiles/services/sslproxy/cli/certbot/info.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/info.help
@@ -0,0 +1,3 @@
+ARGS - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/certbot/info.usage b/dockerfiles/services/sslproxy/cli/certbot/info.usage
new file mode 100644
index 0000000..5226895
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/info.usage
@@ -0,0 +1 @@
+ARGS...
diff --git a/dockerfiles/services/sslproxy/cli/certbot/renew b/dockerfiles/services/sslproxy/cli/certbot/renew
new file mode 100755
index 0000000..57d7b4f
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew
@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+set -e
+#set -x
+
+LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
+LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
+
+LOG=$(mktemp)
+
+##export LOCAL_IMAGE
+#export REMOTE_IMAGE
+##export TAG
+
+###
+
+run() {
+ if [ "$ENVIRONMENT" == 'prod' ]; then
+ LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2
+ fi
+
+ update
+}
+
+update() {
+ export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+ export LETSENCRYPT_MOUNT
+ export LETSENCRYPT_IMAGE
+
+ # shellcheck disable=SC2086
+ docker-compose \
+ -f docker-compose.tools.yml \
+ run renew ${OPTIONS}
+}
+
+function trap_exit() {
+ code=$?
+ if [ $code -gt 0 ]; then
+ echo
+ rm "$LOG"
+ echo -e "\033[31mFailed updating production certs \033[39m"
+ exit $code
+ fi
+
+ rm "$LOG"
+ echo -e "\033[32mSuccess:\033[39m ssl certs have been updated"
+}
+trap trap_exit EXIT
+
+print_usage() {
+ printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
+ echo -r rollback
+ echo -t smoke tests
+ echo -s tag as latest
+ echo -h help
+ exit 0
+}
+
+######
+
+ENVIRONMENT=dev
+OPTIONS=''
+while getopts de: name
+do
+ case $name in
+ d)
+ OPTIONS="$OPTIONS --dryrun"
+ ;;
+ e)
+ if [ $OPTARG == 'prod' ]; then
+ ENVIRONMENT=prod
+ else
+ OPTIONS="$OPTIONS --test-cert"
+ fi
+ ;;
+ : )
+ echo "Invalid option: $OPTARG requires an argument" 1>&2
+ ;;
+ *) print_usage;;
+ esac
+done
+
+# shellcheck disable=SC2068
+run $@
diff --git a/dockerfiles/services/sslproxy/cli/certbot/renew.help b/dockerfiles/services/sslproxy/cli/certbot/renew.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew.help
@@ -0,0 +1,3 @@
+ARGS - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/certbot/renew.usage b/dockerfiles/services/sslproxy/cli/certbot/renew.usage
new file mode 100644
index 0000000..5226895
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/certbot/renew.usage
@@ -0,0 +1 @@
+ARGS...
diff --git a/dockerfiles/services/sslproxy/docker-compose.tools.yml b/dockerfiles/services/sslproxy/docker-compose.tools.yml
new file mode 100644
index 0000000..f4e9c3f
--- /dev/null
+++ b/dockerfiles/services/sslproxy/docker-compose.tools.yml
@@ -0,0 +1,45 @@
+---
+version: '3.4'
+
+services:
+
+ renew:
+ image: ${LETSENCRYPT_IMAGE}
+ volumes:
+ - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt:ro
+ ports:
+ - 80:80
+ command:
+ - certonly
+ - -n
+ - --standalone
+ - --test-cert
+ - --dryrun
+ networks:
+ - prod_ui
+
+ certificates:
+ image: ${LETSENCRYPT_IMAGE}
+ volumes:
+ - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
+ ports:
+ - 80:80
+ command:
+ - certificates
+# - --standalone
+# - --test-cert
+# - --dryrun
+
+ test:
+ image: ${LETSENCRYPT_IMAGE}
+ volumes:
+ - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
+ ports:
+ - 80:80
+
+
+
+networks:
+ prod_ui:
+ external:
+ name: prod_ui
diff --git a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem
deleted file mode 100644
index 3979622..0000000
--- a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGjCCAwKgAwIBAgIULbQEK4iaDmSK8Q1YfECc68c2eScwDQYJKoZIhvcNAQEL
-BQAwfDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u
-dHJlYWwxGDAWBgNVBAoMD1hhaSBDb3Jwb3JhdGlvbjEUMBIGA1UECwwLRGV2ZWxv
-cG1lbnQxGTAXBgNVBAMMEHd3dy54YWktY29ycC5uZXQwHhcNMjAwNTI5MTIxNzM3
-WhcNMjEwNTI5MTIxNzM3WjB8MQswCQYDVQQGEwJDQTEPMA0GA1UECAwGUXVlYmVj
-MREwDwYDVQQHDAhNb250cmVhbDEYMBYGA1UECgwPWGFpIENvcnBvcmF0aW9uMRQw
-EgYDVQQLDAtEZXZlbG9wbWVudDEZMBcGA1UEAwwQd3d3LnhhaS1jb3JwLm5ldDCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUxDfARL54LvmZq1Ef4LAec
-K4RJhdRG6R4vNCdc7Lskb7bYNo5n5w8dx1X2Wb2j2Dt4ReXBedq3Fw4e+C8zxwSY
-XGheU98j7XRJwlOOtUokcIxiSgwF0e0mEIrtkF+J4H3Rudn/3HEdVz7c4kMxlS8a
-cEEl41hNEyEJw6d5t86mFdkht8nhsk0+6s0RA8aYHr7ruwuHyWvHbFyLgphmt+hG
-GdRNijcFWfhRm9a/DciW2rYVDpJIcpPHIUrG06vzxThuBdyaCsWHBwH1sVR3hYsi
-R7jmzu9LPFVUQpSG/d1aaWvhQ6kFlud9qCzz2yoi57qcf3lUt/22z5gSmBQ8ZNMC
-AwEAAaOBkzCBkDCBjQYDVR0RBIGFMIGCggx4YWktY29ycC5uZXSCEHd3dy54YWkt
-Y29ycC5uZXSCEGFiYy54YWktY29ycC5uZXSCEWRrdWkueGFpLWNvcnAubmV0ghBn
-aXQueGFpLWNvcnAubmV0ghRqZW5raW5zLnhhaS1jb3JwLm5ldIITeGFpYm94Lnhh
-aS1jb3JwLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEANjXv0L9pTlk5eVfmyrgQz2Uf
-qe3nLZWRpwwOwDwdI32OQWB7VJwQtp13iRsvT+91xDGrpy7R52uz5Xxmf5vPcWtt
-nh2J60oeqRIkuh+cyyBAlAElRFw5Lqk37XjAWXbRvyFiUEnTu2k2jlYq55Az/+0U
-AXUj9LJbkBLZ89ZOEe9CNnlpV1mur1wGysxpRwh+lTan0WVdSy9nYnqsx5t8EOKM
-6pUZxqJmmQk988dajVFEodb+TNom6apcbjAwymjx6ggJmCF0zAFuJ1S8EfbuK665
-B10krT5BbEcV14V4W7Jne8tgxsN5wWkxytV029gsoBVes7EzuqQhGpUQ8mQ4KQ==
------END CERTIFICATE-----
diff --git a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem
deleted file mode 100644
index 219ebd8..0000000
--- a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVMQ3wES+eC75m
-atRH+CwHnCuESYXURukeLzQnXOy7JG+22DaOZ+cPHcdV9lm9o9g7eEXlwXnatxcO
-HvgvM8cEmFxoXlPfI+10ScJTjrVKJHCMYkoMBdHtJhCK7ZBfieB90bnZ/9xxHVc+
-3OJDMZUvGnBBJeNYTRMhCcOnebfOphXZIbfJ4bJNPurNEQPGmB6+67sLh8lrx2xc
-i4KYZrfoRhnUTYo3BVn4UZvWvw3Iltq2FQ6SSHKTxyFKxtOr88U4bgXcmgrFhwcB
-9bFUd4WLIke45s7vSzxVVEKUhv3dWmlr4UOpBZbnfags89sqIue6nH95VLf9ts+Y
-EpgUPGTTAgMBAAECggEACPIcAZzXAKzBeo61BagWQON+t/hV00h+c7PLXnN5w4iN
-34BHGcamXW4EdUj3DwwXALfVRwTNVi4km4UVKPXlPf4esopyvoRFbIHD07nDRa8t
-wdZGASclXewg+ZNqYXfpoZ3xTIJ9/4kZphuiqusjtWxIlZM/bO8fBF3ihd6HpfYi
-gN/BWYWxhNnhIrctWGZmEmk1hB8oT6VWPNGaydwcorL9fHIxvfVEojByIIIqHS/K
-krZN1nlZuPRLGackUGD5xJwAAvN6xwBQOqP+Eei7jBwQEABIoDaggZYuJLfCMpPq
-7K1E7BsOtyAxXzWkW9Hrzx1VmmZYzw1uhDvU7nyesQKBgQD6vmzh4aB5r13rf0XE
-sOBbzzf/otZujcotGkcsWp0Ylqj7EgcLjvlgy+STV6m1sdAeOEsHjiwGDa+geyk5
-hFIclTlRRO8bvU3w4fsjl8qvd51cCPBwFHMQVeTubtFDKyeE3/3Bi0t1AUrAAkAg
-VGfjfjaCrCcYVegkQ983YOEu/wKBgQDZqRyEnPCxlY6FHPw04lr/vg73y05zvaBa
-bUolI6NosSjs6iXlOnpS9rR/YLVnCz3qPscu+QQEDCQokNmOSKbbsKHvtbC7CuoH
-4uP1oridxVvx004A+RNPiePnVWGtEtEB6GctFtcZsK4c6XGs69wxAmOvvzgfnkol
-3iEGABreLQKBgQDuyp0M/QAEAuOR29JIwB3asVxmIuDNxlCtZWI0tlL30Ls65+83
-rcCG04ZqX8jqlV1a+kdR+a6pUS1ZyxD2irJcMCy23cxNAZqRddTjD7LiKir9NDIu
-uvrdqr9r5rN5oUZwf5S9VnfVBRb4BuylHV0WxOMKzQIqZd2/c7fHmIa7ZwKBgQCO
-jicCZ/Nwq74zSp+YV2Q4OZd+DabtQRYEA65bErNUvytJt7VoI9u3+KKRBproyUEc
-6U71YdySdg08kFocyVKXcmEtKXd9mZFb5utclt2JX5hvkvB0zK0sG+irO42EmF1R
-fZANxPbOeZwfjXmJQtTtOF5n3bp5Yue3U3uXfXwbZQKBgFn9PZJBHDrxQ1C1+2hG
-ImKqz0Qvl79YXNTIezQynz7Fxz9UPcf9GkC5hHvD5d6pCrG7xLDGSnBdzwBZYyw/
-3dmqhAjJzzPBlRd660CNOGWt5I7pQpb66hD+///KUg8DJtwuTXKrDeE+1j+ZWSDy
-V5aOKsQb/RDKGeI0rnlTfhNt
------END PRIVATE KEY-----