I was routinely checking CT logs for a couple of my domains where I stumbled accross multiple issuances which didn’t seem right. Every single domain had two certificates issued on the same day.
Further investigation revealed that both certificates share the same serial number and both are practically the same certificate. I noticed the only difference was one being a precertificate and the other one a leaf certificate.
- What is the difference between the two?
- Are precertificates required to be published to CT logs?
- Does this only happen with crt.sh? Is it a problem with them?
Thanks for your time.