Certificate Transparency Monitor

Introduction

Certificate Transparency is a system for monitoring and auditing publicly-trusted SSL certificates. This website monitors Certificate Transparency log servers to check that they are behaving correctly.

Logs

Log	URL	Newest verified STH timestamp (UTC)		Uptime
Akamai	https://ct.akamai.com	2015-07-27 17:28:48	Ceased	N/A
Behind The Sofa	https://ct.filippo.io/behindthesofa	2018-09-23 18:50:49	Warning	99.89%
Certly	https://log.certly.io	2016-04-30 17:59:42	Ceased	N/A
Cloudflare Cirrus	https://ct.cloudflare.com/logs/cirrus	2018-09-23 17:53:32	Good	99.97%
Cloudflare Nimbus 2017	https://ct.cloudflare.com/logs/nimbus2017	2018-01-03 18:35:08	Frozen	99.98%
Cloudflare Nimbus 2018	https://ct.cloudflare.com/logs/nimbus2018	2018-09-23 19:26:16	Warning	99.98%
Cloudflare Nimbus 2019	https://ct.cloudflare.com/logs/nimbus2019	2018-09-23 19:24:19	Good	99.98%
Cloudflare Nimbus 2020	https://ct.cloudflare.com/logs/nimbus2020	2018-09-23 19:24:21	Good	99.98%
Cloudflare Nimbus 2021	https://ct.cloudflare.com/logs/nimbus2021	2018-09-23 19:22:27	Good	99.98%
Cloudflare Nimbus 2022	https://ct.cloudflare.com/logs/nimbus2022	2018-09-23 18:36:21	Good	99.97%
CNNIC	https://ctserver.cnnic.cn	2018-09-23 18:35:59	Good	99.33%
Comodo Dodo	https://dodo.ct.comodo.com	2018-09-23 19:25:21	Warning	99.91%
Comodo Mammoth	https://mammoth.ct.comodo.com	2018-09-23 19:25:56	Good	99.13%
Comodo Sabre	https://sabre.ct.comodo.com	2018-09-23 19:22:53	Good	99.94%
ctlog.keysupport.org	https://ctlog.keysupport.org	N/A	Pending	95.18%
DigiCert 1	https://ct1.digicert-ct.com/log	2018-09-23 07:00:00	Good	99.69%
DigiCert 2	https://ct2.digicert-ct.com/log	2018-09-23 07:00:28	Good	99.96%
DigiCert Golem	https://golem.ct.digicert.com/log	N/A	Pending	99.98%
DigiCert Nessie 2018	https://nessie2018.ct.digicert.com/log	2018-09-23 07:00:55	Good	99.98%
DigiCert Nessie 2019	https://nessie2019.ct.digicert.com/log	2018-09-23 07:00:46	Good	99.97%
DigiCert Nessie 2020	https://nessie2020.ct.digicert.com/log	2018-09-23 07:00:20	Good	99.97%
DigiCert Nessie 2021	https://nessie2021.ct.digicert.com/log	2018-09-23 07:00:37	Warning	99.97%
DigiCert Nessie 2022	https://nessie2022.ct.digicert.com/log	2018-09-23 07:00:21	Good	98.84%
DigiCert Yeti 2018	https://yeti2018.ct.digicert.com/log	2018-09-23 07:00:03	Good	99.97%
DigiCert Yeti 2019	https://yeti2019.ct.digicert.com/log	2018-09-23 07:00:39	Good	99.97%
DigiCert Yeti 2020	https://yeti2020.ct.digicert.com/log	2018-09-23 07:00:25	Good	99.97%
DigiCert Yeti 2021	https://yeti2021.ct.digicert.com/log	2018-09-23 07:00:28	Good	99.98%
DigiCert Yeti 2022	https://yeti2022.ct.digicert.com/log	2018-09-23 07:00:23	Good	99.97%
GDCA 1	https://log.gdca.com.cn	2018-09-23 19:21:11	Warning	99.97%
GDCA 2	https://log2.gdca.com.cn	2018-09-23 19:22:02	Good	99.96%
GDCA 2 (Old Key)	https://log2.gdca.com.cn	2017-09-07 20:11:06	Ceased	N/A
GDCA (Old 1)	https://ct.gdca.com.cn	2018-09-23 19:24:50	Warning	99.93%
GDCA (Old 2)	https://ctlog.gdca.com.cn	2018-09-23 19:31:40	Warning	99.94%
Google Argon 2017	https://ct.googleapis.com/logs/argon2017	2018-09-23 19:25:44	Good	99.98%
Google Argon 2018	https://ct.googleapis.com/logs/argon2018	2018-09-23 19:29:52	Good	99.98%
Google Argon 2019	https://ct.googleapis.com/logs/argon2019	2018-09-23 19:24:32	Good	99.98%
Google Argon 2020	https://ct.googleapis.com/logs/argon2020	2018-09-23 19:27:16	Good	99.98%
Google Argon 2021	https://ct.googleapis.com/logs/argon2021	2018-09-23 19:29:25	Good	99.97%
Google Aviator	https://ct.googleapis.com/aviator	2016-11-30 13:24:18	Frozen	99.98%
Google Daedalus	https://ct.googleapis.com/daedalus	2018-09-23 18:43:31	Good	99.98%
Google Icarus	https://ct.googleapis.com/icarus	2018-09-23 18:52:44	Good	99.98%
Google Pilot	https://ct.googleapis.com/pilot	2018-09-23 18:40:44	Good	99.98%
Google Rocketeer	https://ct.googleapis.com/rocketeer	2018-09-23 18:09:34	Good	99.98%
Google Skydiver	https://ct.googleapis.com/skydiver	2018-09-23 18:50:31	Good	99.98%
Google Submariner	https://ct.googleapis.com/submariner	2018-09-23 18:13:16	Good	99.97%
Google Test Tube	https://ct.googleapis.com/testtube	2018-09-23 18:59:35	Good	99.97%
Google Xenon 2018	https://ct.googleapis.com/logs/xenon2018	2018-09-23 19:29:31	Good	99.98%
Google Xenon 2019	https://ct.googleapis.com/logs/xenon2019	2018-09-23 19:18:47	Good	99.98%
Google Xenon 2020	https://ct.googleapis.com/logs/xenon2020	2018-09-23 19:18:23	Good	99.98%
Google Xenon 2021	https://ct.googleapis.com/logs/xenon2021	2018-09-23 19:18:42	Good	99.98%
Google Xenon 2022	https://ct.googleapis.com/logs/xenon2022	2018-09-23 19:18:17	Good	99.98%
Izenpe	https://ct.izenpe.com	2016-10-25 07:25:56	Ceased	N/A
Izenpe Argi	https://ct.izenpe.eus	2017-06-05 09:53:01	Ceased	N/A
Izenpe Pilot	https://ct.izenpe.com/pilot	2016-05-14 19:41:49	Ceased	N/A
Let's Encrypt Birch	https://birch.ct.letsencrypt.org/birch	N/A	Pending	0.00%
Let's Encrypt Clicky	https://clicky.ct.letsencrypt.org	2017-06-02 07:58:06	Ceased	N/A
Let's Encrypt Oak	https://oak.ct.letsencrypt.org/oak	N/A	Pending	0.00%
Let's Encrypt Spruce 2018	https://spruce.ct.letsencrypt.org/2018	N/A	Pending	5.96%
NORDUnet Flimsy	https://flimsy.ct.nordu.net	N/A	Ceased	N/A
NORDUnet Plausible	https://plausible.ct.nordu.net	2018-09-23 19:28:16	Warning	99.91%
PuChuangSiDa	https://www.certificatetransparency.cn/ct	2017-05-12 02:40:17	Ceased	N/A
SHECA	https://ct.sheca.com	2018-09-23 18:33:18	Warning	87.61%
SHECA (Old)	http://ctlog.sheca.com	2017-03-23 09:47:08	Ceased	N/A
SSLWatcher.com Alpha	https://alpha.ctlogs.org	N/A	Ceased	N/A
StartCom	https://ct.startssl.com	2018-04-18 05:52:18	Ceased	N/A
Symantec	https://ct.ws.symantec.com	2018-09-23 19:00:15	Good	99.93%
Symantec Deneb	https://deneb.ws.symantec.com	2018-09-23 19:00:00	Good	99.85%
Symantec Sirius	https://sirius.ws.symantec.com	2018-09-23 19:00:03	Good	99.92%
Symantec Vega	https://vega.ws.symantec.com	2018-09-23 19:00:03	Good	99.82%
Venafi	https://ctlog.api.venafi.com	2017-11-03 19:36:02	Ceased	N/A
Venafi Gen2	https://ctlog-gen2.api.venafi.com	2018-05-03 19:09:43	Frozen	99.98%
WoSign	https://ctlog.wosign.com	2018-04-18 02:39:01	Ceased	N/A
WoSign 2	https://ctlog2.wosign.com	2017-09-13 00:59:26	Ceased	N/A
WoSign 3	https://ctlog3.wosign.com	2017-09-25 05:49:12	Ceased	N/A
WoSign (Old)	https://ct.wosign.com	2016-04-14 03:22:46	Ceased	N/A
WoTrus	https://ctlog.wotrus.com	2018-09-23 18:48:28	Good	99.55%
WoTrus 3	https://ctlog3.wotrus.com	2018-04-18 05:29:49	Ceased	N/A

The list of logs is also available in JSON format at /logs.json. The schema is identical to the schema used by the official log_list.json and all_logs_list.json files, with the following exceptions:

Log operator information is excluded.
The final_sth, disqualified_at and dns_api_endpoint keys are excluded.
Keys are null if they are not known.
URLs are prefixed with https://.
A log_id field is added, which contains the Base64 hash of the log's key or null if the key is not known.

Monitors

Gossip is exchanged with the following monitors:

Monitor	URL
Cert Spotter	https://certspotter.com
Chromium STHSets	https://clients2.google.com/service/update2/crx
Google	https://www.gstatic.com/ct/gossip

Signed Tree Head gossip

Two API endpoints are provided for exchanging STH gossip:

/ct/v1/sth-gossip, which implements draft-linus-trans-gossip-ct-01.
/.well-known/ct/v1/sth-pollination, which implements draft-ietf-trans-gossip-00.

Both return all the STHs observed over the last hour, so there is little point in querying them more than once every 30 minutes. If you use one of these endpoints, I'd appreciate being able to fetch gossip from your monitor in return. In particular, the /ct/v1/sth-gossip endpoint doesn't support exchanging gossip in both directions. Get in touch with me if you want to organise this.

Signed Certificate Timestamp gossip

An experimental API endpoint is provided for submitting SCT gossip:

/ct/v1/sct-feedback, which implements draft-ietf-trans-gossip-00.

The monitor checks that the corresponding entries are included in the log after the log's Maximum Merge Delay has elapsed. Although the results of this check are stored in the database, they are not currently displayed in the web interface.

Tor

This website is also available as a Tor hidden service at ctgpe2yc6ez56dhwd5hpj2tdkiuz4m5iy7347cpzmxyacphl72dmfyqd.onion (supported by Tor versions >= 0.3.2) or ctgpe47oofn4ov5v.onion if you want to exchange gossip while remaining anonymous.

Methodology

I've put up a page describing the methodology used by the monitor. If the monitor displays a warning or bad status for a log, you should read the methodology page before reporting it to the log operator (or even better, get in touch, as the web interface doesn't present all of the available data). In particular, the backend is hosted from a residential Internet connection and network outages may cause false positives.