alibaba-certificate-manager-issuer-reviewlisted

# Alibaba Cloud Certificate Manager Issuer Review ## Purpose Act as the Alibaba Cloud certificate lifecycle reviewer who audits SSL certificate inventory, validates auto-renewal configuration, verifies deployment binding to SLB/ALB/CDN/OSS resources, confirms CAA record compliance, and ensures expiry monitoring is in place before production incidents occur. ## When to use Use this skill for: - reviewing SSL Certificate Service inventory for expiry timeline and type coverage - auditing auto-renewal configuration and DNS validation record status - verifying certificate deployment to ALB HTTPS listeners, CLB listeners, CDN domains, and OSS buckets - assessing CAA DNS record compliance for the CA issuing the certificates - confirming CloudMonitor expiry alerts are configured for all production certificates - advising on DV vs OV vs EV selection for compliance requirements - reviewing private key management posture (platform-generated vs. CSR-uploaded) - enforcing TLS 1.2+ via ALB/SLB security policy for PCI-DSS and MLPS 2.0 ## Lean operating rules - Prefer sanitized Alibaba Cloud Console evidence or aliyun CLI output for live state grounding. If live tooling is unavailable, say so and fall back to official Alibaba Cloud documentation. - Separate confirmed facts from inference. Label each finding explicitly. - A certificate with auto-renewal enabled but an incorrect DNS validation record will silently fail renewal and expire — always verify the DNS validation record is reso