diff --git a/changelog.md b/changelog.md
index c7b846d..b936b65 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,24 @@
 # Changelog
 
+## 2025-08-18 - 5.0.6 - fix(connector.letsencrypt)
+Improve Let's Encrypt integration and certificate handling; fix coreflow certificate response; add local assistant permissions config
+
+- Replace ad-hoc setChallenge/removeChallenge hooks with a DNS-01 handler (smartacme.handlers.Dns01Handler) using Cloudflare to manage ACME DNS challenges.
+- Add MongoDB-backed certificate manager (smartacme.certmanagers.MongoCertManager) and pass it to SmartAcme as certManager.
+- Initialize SmartAcme with certManager and challengeHandlers instead of setChallenge/removeChallenge/mongoDescriptor options.
+- Return certificate object directly from coreflow certificate request handler (avoid createSavableObject) to fix the getCertificateForDomain response payload.
+- Add .claude/settings.local.json with local assistant/permissions entries to allow specific debugging/automation commands.
+- Bump commitinfo versions to 5.0.6 and update changelog.
+
+## 2025-08-18 - 5.0.6 - fix(connector.letsencrypt)
+Improve Let's Encrypt integration and certificate handling; add local assistant permissions config
+
+- Replace ad-hoc setChallenge/removeChallenge hooks with a DNS-01 handler using Cloudflare (smartacme.handlers.Dns01Handler) to manage ACME DNS challenges.
+- Add MongoDB-backed certificate manager (smartacme.certmanagers.MongoCertManager) and pass it to SmartAcme as certManager.
+- Update SmartAcme initialization to use certManager and challengeHandlers instead of setChallenge/removeChallenge/mongoDescriptor options.
+- Return certificate object directly from coreflow certificate request handler (avoid createSavableObject), fixing the response payload for getCertificateForDomain.
+- Add .claude/settings.local.json with local assistant/permissions entries to allow specific debugging/automation commands.
+
 ## 2025-08-18 - 5.0.5 - fix(coreflow)
 Fix Coreflow identity lookup and response shape; improve API client tests and bump dependencies
 
diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts
index 0382830..fe770c8 100644
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/cloudly',
-  version: '5.0.5',
+  version: '5.0.6',
   description: 'A comprehensive tool for managing containerized applications across multiple cloud providers using Docker Swarmkit, featuring web, CLI, and API interfaces.'
 }
diff --git a/ts/connector.letsencrypt/connector.ts b/ts/connector.letsencrypt/connector.ts
index fb03ea5..ec439eb 100644
--- a/ts/connector.letsencrypt/connector.ts
+++ b/ts/connector.letsencrypt/connector.ts
@@ -18,21 +18,22 @@ export class LetsencryptConnector {
    * inits letsencrypt
    */
   public async init() {
+    // Create DNS-01 challenge handler using Cloudflare
+    const dnsHandler = new plugins.smartacme.handlers.Dns01Handler(
+      this.cloudlyRef.cloudflareConnector.cloudflare
+    );
+
+    // Create MongoDB certificate manager
+    const certManager = new plugins.smartacme.certmanagers.MongoCertManager(
+      this.cloudlyRef.config.data.mongoDescriptor
+    );
+
     this.smartacme = new plugins.smartacme.SmartAcme({
       accountEmail: this.cloudlyRef.config.data.letsEncryptEmail,
       accountPrivateKey: this.cloudlyRef.config.data.letsEncryptPrivateKey,
       environment: this.cloudlyRef.config.data.environment,
-      setChallenge: async (dnsChallenge) => {
-        await this.cloudlyRef.cloudflareConnector.cloudflare.convenience.acmeSetDnsChallenge(
-          dnsChallenge,
-        );
-      },
-      removeChallenge: async (dnsChallenge) => {
-        await this.cloudlyRef.cloudflareConnector.cloudflare.convenience.acmeRemoveDnsChallenge(
-          dnsChallenge,
-        );
-      },
-      mongoDescriptor: this.cloudlyRef.config.data.mongoDescriptor,
+      certManager: certManager,
+      challengeHandlers: [dnsHandler],
     });
     await this.smartacme.start().catch((err) => {
       console.error('error in init', err);
diff --git a/ts/manager.coreflow/coreflowmanager.ts b/ts/manager.coreflow/coreflowmanager.ts
index 7a1d3a6..70017bd 100644
--- a/ts/manager.coreflow/coreflowmanager.ts
+++ b/ts/manager.coreflow/coreflowmanager.ts
@@ -92,7 +92,7 @@ export class CloudlyCoreflowManager {
           );
           console.log(`got certificate ready for reponse ${dataArg.domainName}`);
           return {
-            certificate: await cert.createSavableObject(),
+            certificate: cert,
           };
         }
       )
diff --git a/ts_web/00_commitinfo_data.ts b/ts_web/00_commitinfo_data.ts
index 0382830..fe770c8 100644
--- a/ts_web/00_commitinfo_data.ts
+++ b/ts_web/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/cloudly',
-  version: '5.0.5',
+  version: '5.0.6',
   description: 'A comprehensive tool for managing containerized applications across multiple cloud providers using Docker Swarmkit, featuring web, CLI, and API interfaces.'
 }