Hello,
I like to monitor my certificates through the RSS feature of crt.sh, but as far as I can tell, but the certs for any of my domains haven't been showing up since about the 30th of April.
I'm not sure I'm doing something wrong, or if it's an issue on the side of crt.sh.
Thank you for any help or tips.
I think it's pretty far behind in reading its logs, in addition to even more uptime challenges than usual.
There's a link on the site under "advanced" (when you can get the site to load at all) to "Monitored Logs". You can look at the "Backlog" and "Latest Entry Age" columns to see how far it's behind in trying to read the CT logs.
There's also a crtsh Google Group where you can sometimes find people complaining:
At one point I started putting together a community wiki post with CT search resources, others are welcome to update anything on it if it might be out-of-date:
Thank you.
It's a shame such an important resource has problems to frequently. I see people on the CAADB mailing list sharing crt.sh links all the time, and it's a little scary that such an important resource just randomly stops functioning, or gets 3 weeks behind on log ingestion.
It would be great if ISRG could run a crt.sh-like service as part of Sunlight, preferably having CAADB members chipping in for maintenance.
It also seems that Sectigo only has a single person regularly maintaining the project's GitHub repositories/
I've been trying to access the https://crt.sh/cert-populations page for the last 24 hrs, and only keep getting 404s and 502s.
Looking at the monitored logs, it seems a significant intake backlog started around the 1st of May, and further certs aren't being processed at anywhere the speed needed to keep up with new writes to the CT logs.
crt.sh has long suffered from erratic performance.
I have had good luck using censys.io. They even now allow a small number of searches for free. At one time even their API was free, then became only a paid service. The web search language is extensive. Just one sample search
cert.names="my.example.com" and cert.parsed.validity_period.not_before>="2026-05-25" and cert.parsed.validity_period.not_before<="2026-05-26"
Can be done with URL:
https://platform.censys.io/search?q=cert.names%3D%22my.example.com%22+and+cert.parsed.validity_period.not_before%3E%3D%222026-05-25%22+and+cert.parsed.validity_period.not_before%3C%3D%222026-05-26%22
These services may be useful for routine monitoring as well.
We host a free CT log search tool that might be of use: Search Certificate Transparency Logs
We don't have the same level of detail that crt.sh does, but our search is optimized for speed and we index from all the approved Chrome CT logs (and are up to date within a few minutes). Might be useful depending on your needs.
Seems like crt.sh got a new page design, and (mostly) caught up on it's certificate backlog as of now.
There's a recent post in the Google Group that they're working on reworking the backend to be able to scale better: