I don’t see any new Let’s Encrypt certificates on crt.sh since May 4th?
Does anybody know why?
They’ve been having database problems for a few days - https://groups.google.com/forum/#!topic/crtsh/ZOscOEUYeHE .
crt.sh is currently buggy.
crt.sh hat two interfaces - the web interface and a PostGreSql-interface. I’ve used the PostGreSql in my tool, that didn’t work (~~ 2019-04-15), later it worked some hours. Last Saturday I’ve added a fallback to the webinterface, but new certificates ( Letsencrypt error DNS problem: NXDOMAIN looking up A for etc ) aren’t listet. Google shows that certificate.
Thanks so much for your reply, but the google one doesn’t work so well for me. Do you know any other alternative, even paid?
Not really. Entrust
has a search, but checking the new domain of the other thread (
nodejs-ssl-deploy.code.yousshark.com), entrust and crt.sh don’t show the certificate (created 5. Mai 2019, 21:40:35 GMT).
Hope the new Letsencrypt CT log is coming. With a good API
All currently qualified CT logs offer the same API described in RFC 6962 and the LE log will be the same. If you’re looking for an easy way to search/monitor a CT log the API from RFC 6962 (and the upcoming Let’s Encrypt log) won’t help you without implementing the monitoring. You’re looking for a log monitor, not a log itself We have no plans to offer a monitor.
Ok, I need a monitor. Mhm. Crt.sh has an ODBC Sql option, that’s very easy to use. And it’s possible to create a query
Where reverse(lower(ci.NAME_VALUE)) Like reverse(lower('%.example.com')) And ci.CERTIFICATE_ID > last_id_saved_local
There is an index reverse(lower(NAME_VALUE)), so this query is amazing.
And checking a domain three times (without a new certificate) the second and third query - don’t return results,
ci.CERTIFICATE_ID > last_id_saved_local blocks it.
The website crt.sh (with JSON-output) doesn’t have such a feature.
But if the website doesn’t work …
Certspotter has an API
1000 queries per hour are free. Perhaps I should use that.
Drifting slightly off-topic but Certmonitor’s public stats make it easy to see why monitoring CT logs is often a paid product. To keep track of all of the CT logs that Certspotter monitors takes 6,097 GB of disk space and counting!
I hope crt.sh will be back soon, although I’m really not sure.
I’ve updated my tool.
Now CertSpotter is used to fetch active certificates.
Expired certificates aren’t sent back. But one CertSpotter-check per one Domain-check is save enough.
Now it’s a fallback if crt.sh doesn’t work.
A current check shows a new certificate, created this evening.
Now crt.sh works.
nodejs-ssl-deploy.code.yousshark.com (created from a user this sunday) is now listed. The PostgreSql-Interface works again.
A Letsencrypt certificate (found from my tool) not before 2019-05-08 23:16:23 isn’t visible via crt.sh, CertSpotter shows that certificate.
So crt.sh works, but isn’t up to date.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.