Is it possible to get a list of domains authorized?

Hi,
is it possible to get a list of domains authorized?

Cheers,
Vic

In what context? ALL domains authorized by Let’s Encrypt? I.e., billions? As a list? Searchable? What do you mean?

All of my domains, with my key.

No. :sweat: You would have to piece that together from your own information, e.g. ACME client logs.

If your accounts have an email address, you’ll start to get warning emails if your certificates are about to expire, though.

The closest thing I can think of would be searching through transparency logs for each of your domains - but they don’t include your LE account #/key so you wouldn’t be able to search them in that way.
see: https://crt.sh/

Yeah, in this case I would have to know the subdomain I used.
I did a lot of testing with a production key by mistake.
Now… don’t know what to do.

yes it possibly is

what client are you using
did you issue all certificates from the same machine?

Andrei

What specifically are you trying to do?

Get a list of authorizations? You would have to check your client logs.

Get a list of certificates? They’re all recorded to CT. If you don’t have very many domains, you can search for production certificates on https://crt.sh/.

Is something returning an error? If so, what?

I don’t know what subdomain to look for. I know domains, but not subdomains.

I am using


The developer said his client supports it (see the bug there).

I did not use the same cloud machine or keep logs.
But I have my key.
Ideally using my key I should be able to say: give me all the domains for this key.

Why do you need a list of donains authorized? Do you need to revoke certificates for them because you believe their private key has been compromised? Have you hit some sort of rate limit and are getting an error when making an ACME request now?

Searching for the domain and examining the list of certificates wouldn’t work?

In case you’re not aware, you can use ‘%’ as a wildcard on crt.sh to search for subdomains of a known domain, eg. %.example.com

this has been discussed before, let’s encrypt doesn’t have an API to list all domains tied to a particular Account Key

As @mnordhoff and @jmorahan mentioned certificate transparency will tell you all the certificates issue for a domain.

I am not familiar with that client so can’t advise if this is possible from log files the client generates

Andrei

Mostly I want to delete them because it tells me I have to many domains.

Oh, I did not. That works!! Thank you!

If you hit some kind of rate limit, revoking certificates will not help you. It has no effect on the rate limits.

What rate limit have you reached? For what domain? What’s the error message?

For what it’s worth, you can’t really have too many domains. You can issue certificates too quickly for a single domain, but you could have millions of domains.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

It said I had to many if I recall correctly. I’ll try revoking to see if the error goes away.

My mistake was using production api. After I realized there is a dev api.

Too many of what? There are several rate limits, which apply to several different things. (Domains, FQDNs, accounts, etc.)

https://letsencrypt.org/docs/rate-limits/

Revoking doesn’t make any errors go away. In particular, it won’t reset the rate limits. A certificate uses pretty much the same amount of resources for Let’s Encrypt whether it’s revoked or not.