crt.sh allows you to search for the history of TLS certificates for domains (example: *.wiert.me)
Posted by jpluimers on 2024/11/19
I while ago, I bumped into [Wayback/Archive] crt.sh | Certificate Search that allows searching for (the history of) TLS certificates.
One example of what it returns is [Wayback/Archive] crt.sh | wiert.me (for my blog domain and subdomains).
The basic mechanism of crt.sh is to query various Certificate Transparency logs and Certificate revocation list, terms I vaguely knew, but never fully realised the vast usefulness of (including questions like [Wayback/Archive] How does crt.sh becomes aware of certificates that are in no CT logs?).
The cool thing is that most (everything?) of it is open source in the various repositories at [Wayback/Archive] Github: crt.sh.
There is also an advanced search page [Wayback/Archive] crt.sh | Certificate Search (a=1) with many more options (including linting) I really want to try later plus a bunch of background links (including the support forum at) of which some *.crt.sh returned a http 502 while writing this blog post. Will try later to see if they have started working again:
Via [Wayback] Archive.is blog — archive ph occasionally serves an invalid…
Anonymous said: archive ph occasionally serves an invalid certificate (digicert instead of lets encrypt)
Answer: digicert is not mine [Wayback/Archive] https://crt.sh/?q=archive.ph
--jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment