There used to be a way to see each domain, certificate, and iP address used to get the certificate for LE certs. I can't seem to find that link anymore. Is it still public?
You can use certificate transparancy log aggregators such as https://crt.sh/ to search for the frst two items of your list. However, the IP addresses which requested those certificates are not public and never have been. This was just an idea LE previously had (to make such information public), but has never followed through with.
Each certificate, for each user?
You know that's terabytes of data each year, right?
You can grep through the certificate transparency logs, of course, or use a service that does that for you.
I could've sworn there was something that showed the most recently issued certs by LE.
I did find the crt.sh site but that wasn't what I had found in the past. Also seems like big corps have a way of staying off of those logs if they want to.
There might be something you found, but there's no web interface from Let's Encrypt themselves. They do log to their own Certificate Transparency log, but you need a client specifically for reading from those logs; it's not something easily seen in a web browser (thus the aggregation of the data on other sites).
Here are the sites I know of that help one look through CT logs:
Google Certificate Transparency- crt.sh by Sectigo
- Censys Certificates
- Facebook Transparency Monitoring (needs a Facebook account)
- Certstream
- Entrust Certificate Search
There are probably others, and if you want to be comprehensive you could get them all through the CT logs directly and write your own tooling.
Well, for certificates designed for "internal use only" operation, they could configure their browsers to not need CT and not log those certificates to CT. But for any certificate designed for use with the Internet at large, they need to be logged in order for browsers to accept them. The main way to "work around" CT logging that I know of is the one could make a wildcard certificate for *.domain.example
, and then since only the wildcard is listed in the certificate you can't use CT logs to find out that the only hostname actually being used is some-specific-host.domain.example
. But that doesn't really hide all that much.
Seems like Goggle has moved (or removed) that site.
What about using censys.io? Like
https://search.censys.io/certificates?q=parsed.issuer.organization%3A%22Let%27s+Encrypt%22
Hmm. Looks like that might be the case. Though it's still listed as a monitor on the "Certificate Transparency" site, which I think is also run by Google (or at least used to be):
Google announcent the shutdown of that tool on approx. March 23rd this year. Shutdown was on May 15th 2022.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.