Watch LetsEncrypt issue its millionth certificate live(crt.sh)
crt.sh
Watch LetsEncrypt issue its millionth certificate live
http://crt.sh/?Identity=%25&iCAID=7395
30 comments
Who is publishing this list of possibly not-published-anywhere-else SSL sites? Having them all in a big easy to download list is not what I expected from LetsEncrypt.
It’s intentional. The general idea is to make it easier to detect fraudulently issued certificates. LetsEncrypt submit all certificates[0] to Certificate Transparency[1] logs.
Chrome won’t actually show the green address bar for EV certs unless a CT proof is provided along with the certificate[2].
[0]https://letsencrypt.org/certificates/
[1]https://www.certificate-transparency.org/faq
[2]https://blog.digicert.com/certificate-transparency-required-...
Chrome won’t actually show the green address bar for EV certs unless a CT proof is provided along with the certificate[2].
[0]https://letsencrypt.org/certificates/
[1]https://www.certificate-transparency.org/faq
[2]https://blog.digicert.com/certificate-transparency-required-...
Certificate transparency makes it much harder to surreptitiously issue a certificate and holds the offending CA responsible in case of unauthorized certificates. If your site is not public, you're better off with your own private CA anyway.
It's the public certificate audit log. It's not an accidental data leak.
For private sites just use your own CA.
Also the server for LetsEncrypt is open source [1] and comes with test scripts to run it during development and testing to avoid premature exposure to the public instance of LetsEncrypt.
[1] https://github.com/letsencrypt/boulder
Also the server for LetsEncrypt is open source [1] and comes with test scripts to run it during development and testing to avoid premature exposure to the public instance of LetsEncrypt.
[1] https://github.com/letsencrypt/boulder
https://whois.domaintools.com/crt.sh
Thought I recognised the favicon, it's Comodo.
I don't see the problem, if you want a secret url then self sign and distribute your certificate with other methods.
Is this a Certificate Transparency log ? It does not look "live" though. How often is it refreshed ?
The transparency logs themselves grow in bulk. If I watch one of the main logs with a 30 second refresh, I can go two hours without a single cert, then 2000 or so scroll past at once.
It refreshed a few minutes ago. Perhaps all 15 min?
Yes, and it just grew by ~20 certificates, which means people aren't gettings those as quickly as I thought.
+33 certs by last reload.
Edit: 1Million
Why does it look that most of issued certificates are for malware /ads domains? I'm guessing from the weird names.
It could be very well that most domains on the internet are for malware and ads where the cost of the domain itself is just slightly below break even point and LetsEncrypt now allows to serve them over https without extra investment.
Yay to : webdemo.jung.de
You win some internet points.
You win some internet points.
Its vuweb.smf.telema-stg.whitecloud.jp actually!
I counted the same.
https://crt.sh/?id=14392504
https://crt.sh/?id=14392504
Damn off by 1 errors.
has anyone been able to use letsencrypt with AWS api gatway? I've been struggling for months. I keep getting https crossed out in red when accessing my aws api gateway endpoint....
I generated certificates for *.mysite.com and when I go to api.mysite.com it throws warning and if you continue the https in the address bar is red and crossed out....
I generated certificates for *.mysite.com and when I go to api.mysite.com it throws warning and if you continue the https in the address bar is red and crossed out....
Woo! Just hit the 1,000,038th!
#1,000,000 https://crt.sh/?id=14392504
I think this was the 1,000,000th one: https://crt.sh/?id=14392497 [but I just counted back down 38 from the page list...]
* Certificate # 250k: Jan. 5, 2016 [1]
* Certificate # 500k: Feb. 4, 2016 [2]
* Certificate # 1M: Mar. 8, 2016
Seems they went from 250k certs per month in Jan to 500k certs per month in Feb.
[1] https://twitter.com/letsencrypt/status/684221075966705664
[2] https://twitter.com/letsencrypt/status/695077737380208640