Letencrypt not logging leaf certificates on CT logs

I am unable to find details of Lets Encrypt leaf certificates from CT log servers. On crt.sh also, if I checked for details then found that only pre-certificates are being logged and not leaf certificates.

Is there any method, I can check certificates issued by Let’s Encrypt anywhere else ?

1 Like

Hi,

Let’s Encrypt indeed log the leaf certificate. However, crt.sh has a large backlog on some of the CT servers.
https://crt.sh/monitored-logs

You can use Google’s certificate transparency search tool.
https://transparencyreport.google.com/https/certificates

Thank you

1 Like

Hi @prok_in

crt.sh : Both certificate types are logged. But sometimes leaf certificates are later. Use “check your website”, there you see, if the certificate with that serial number found is a pre- or a leaf-certificate.

1 Like

You’re all correct here.

However, last night as a troubleshooting method for a very specific database problem we disabled final certificate submissions to our Oak shards. We’ll be re-enabling final certificate submission this coming week.

3 Likes

Oh is that why crt.sh cleared the backlog for Oak today. :grin:

Are you still logging final certs elsewhere? E.g. Argon or Testflume?

(crt.sh is still backlogged 6 days for Argon, and doesn’t track test logs like Testflume.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.