Is it possible to re-download an issued certificate file?
Due to an error in my script the certificates for my domain have been successfully created but have not been saved. I have exceeded the rate limit of five valid certificates per week and cannot create any new ones now that the problem in my script has been fixed.
In the past it was possible to download the certificates from crt.sh but that’s no longer possible because of the precertificate poison.
Hi @freaker
check your domain via https://check-your-website.server-daten.de/ - then check the CT-logs - part. There you can download the certificate.
PS: I should add an update, so it's visible if the download is a pre- or a leaf-certificate.
But most links are leaf certificates.
PS: Checked, active certificates listet in the certspotter part mostly leaf certificates. Added a small info.
Thank you for the quick reply. Unfortunately that doesn’t work for me either. It only has the same percert as downloadable on crt.sh.
There should be two copies of everything on crt.sh—the precertificate and the issued certificate. If you're not seeing the corresponding issued certificate, that sounds like a but in crt.sh. How long after issuance have you been checking? (It may be reasonable that the precertificate shows up slightly earlier.)
Maybe also compare with the Google Transparency site, which has a web interface to search CT?
What's your domain name?
There is an internal filter to find only newer certificates. But it's possible to skip that filter internal.
@schoen @JuergenAuer
Thanks for your help! After looking around a bit more I was eventually able to find the final certificates on https://sslmate.com/certspotter/
crt.sh still only lists the precerts though (issued about 10h ago), even searching by sha256 of the final ones didn’t turn up any results.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.