Does a list of active SSL certs exist?

Basically title.

When I generate a cert it says my IP will be logged. I’m wondering if I’m on a public list somewhere that I can look at to see if I’m on it?

or is all of the ssl certs generated private?

Every trusted certificate ~ever can be looked up on certificate log aggregators such as https://crt.sh/ and https://censys.io/certificates.

I think the warning about “IP will be logged” is to warn users of Certbot’s --manual command, because those users might be running Certbot on their personal workstations, rather than the servers where the certificate will be deployed. So you have a moment to prevent yourself from accidentally revealing your own personal IP.

The IP addresses of the certificate requester do not actually appear in any kind of public ledger, but they might be sent in administrative emails (from Let’s Encrypt) or e.g. posted on this forum in case you ask for help and it’s relevant. Probably better to read https://letsencrypt.org/privacy/ on that matter.

3 Likes

Yes, initially Let’s Encrypt was thinking of publishing those addresses publicly, maybe to help researchers investigate patterns of certificate misissuance attempts. This has never happened, but colleagues have told me that the warning that it might happen shouldn’t be removed, because this information might still be made available to researchers or auditors somehow in the future. But indeed, there’s nowhere that the public can look it up at present.

3 Likes

I was able to get what I was looking for from here. Thank you!!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.