Certificate Transparency Monitor

Introduction

Certificate Transparency is a system for monitoring and auditing publicly-trusted SSL certificates. This website monitors Certificate Transparency log servers to check that they are behaving correctly.

Logs

Log	URL	Newest verified STH timestamp (UTC)		Uptime
Akamai	https://ct.akamai.com	2015-07-27 17:28:48	Ceased	N/A
Behind The Sofa	https://ct.filippo.io/behindthesofa	2019-01-02 00:47:16	Ceased	N/A
Certly	https://log.certly.io	2016-04-30 17:59:42	Ceased	N/A
Cloudflare Cirrus	https://ct.cloudflare.com/logs/cirrus	2019-07-04 09:43:26	Good	99.83%
Cloudflare Nimbus 2017	https://ct.cloudflare.com/logs/nimbus2017	2018-01-03 18:35:08	Frozen	99.81%
Cloudflare Nimbus 2018	https://ct.cloudflare.com/logs/nimbus2018	2019-01-02 17:44:50	Frozen	99.81%
Cloudflare Nimbus 2019	https://ct.cloudflare.com/logs/nimbus2019	2019-07-03 20:59:05	Good	99.82%
Cloudflare Nimbus 2020	https://ct.cloudflare.com/logs/nimbus2020	2019-07-03 22:07:06	Good	99.82%
Cloudflare Nimbus 2021	https://ct.cloudflare.com/logs/nimbus2021	2019-07-04 15:19:08	Good	99.83%
Cloudflare Nimbus 2022	https://ct.cloudflare.com/logs/nimbus2022	2019-07-18 20:13:59	Good	99.80%
Cloudflare Nimbus 2023	https://ct.cloudflare.com/logs/nimbus2023	2019-07-18 20:14:01	Good	99.80%
CNNIC	https://ctserver.cnnic.cn	2019-07-15 16:44:09	Good	92.03%
ctlog.keysupport.org	https://ctlog.keysupport.org	N/A	Ceased	N/A
DigiCert 1	https://ct1.digicert-ct.com/log	2019-07-03 15:00:45	Good	91.54%
DigiCert 2	https://ct2.digicert-ct.com/log	2019-07-03 09:00:58	Good	82.54%
DigiCert Golem	https://golem.ct.digicert.com/log	N/A	Pending	93.27%
DigiCert Nessie 2018	https://nessie2018.ct.digicert.com/log	2019-12-01 06:00:03	Good	96.02%
DigiCert Nessie 2019	https://nessie2019.ct.digicert.com/log	2019-07-07 09:00:46	Good	95.71%
DigiCert Nessie 2020	https://nessie2020.ct.digicert.com/log	2019-07-07 09:00:43	Good	82.67%
DigiCert Nessie 2021	https://nessie2021.ct.digicert.com/log	2019-07-07 09:00:46	Warning	76.74%
DigiCert Nessie 2022	https://nessie2022.ct.digicert.com/log	2019-07-18 10:00:55	Good	95.45%
DigiCert Nessie 2023	https://nessie2023.ct.digicert.com/log	2019-07-18 09:37:39	Good	94.66%
DigiCert Yeti 2018	https://yeti2018.ct.digicert.com/log	2019-12-01 06:00:23	Good	67.03%
DigiCert Yeti 2019	https://yeti2019.ct.digicert.com/log	2019-07-03 09:00:24	Good	94.31%
DigiCert Yeti 2020	https://yeti2020.ct.digicert.com/log	2019-07-04 05:00:21	Good	94.13%
DigiCert Yeti 2021	https://yeti2021.ct.digicert.com/log	2019-07-05 04:00:56	Good	80.78%
DigiCert Yeti 2022	https://yeti2022.ct.digicert.com/log	2019-07-18 10:00:08	Good	94.02%
DigiCert Yeti 2023	https://yeti2023.ct.digicert.com/log	2019-07-18 09:36:02	Good	93.70%
GDCA 1	https://log.gdca.com.cn	2019-02-14 06:38:06	Ceased	N/A
GDCA 2	https://log2.gdca.com.cn	2019-01-15 01:32:04	Ceased	N/A
GDCA 2 (Old Key)	https://log2.gdca.com.cn	2017-09-07 20:11:06	Ceased	N/A
GDCA (Old 1)	https://ct.gdca.com.cn	2019-02-22 06:14:52	Ceased	N/A
GDCA (Old 2)	https://ctlog.gdca.com.cn	2018-10-25 03:04:42	Ceased	N/A
Google Argon 2017	https://ct.googleapis.com/logs/argon2017	2019-12-01 17:46:40	Good	74.27%
Google Argon 2018	https://ct.googleapis.com/logs/argon2018	2019-07-19 02:49:12	Good	94.79%
Google Argon 2019	https://ct.googleapis.com/logs/argon2019	2019-07-03 20:53:39	Good	77.04%
Google Argon 2020	https://ct.googleapis.com/logs/argon2020	2019-07-04 13:28:38	Good	93.92%
Google Argon 2021	https://ct.googleapis.com/logs/argon2021	2019-07-05 07:03:34	Good	94.56%
Google Argon 2022	https://ct.googleapis.com/logs/argon2022	2019-07-18 20:58:05	Good	91.08%
Google Argon 2023	https://ct.googleapis.com/logs/argon2023	2019-07-18 20:58:25	Good	93.64%
Google Aviator	https://ct.googleapis.com/aviator	2016-11-30 13:24:18	Frozen	89.23%
Google Daedalus	https://ct.googleapis.com/daedalus	2019-08-11 14:34:40	Good	80.28%
Google Icarus	https://ct.googleapis.com/icarus	2019-07-03 21:35:22	Good	86.48%
Google Pilot	https://ct.googleapis.com/pilot	2019-07-03 20:53:02	Good	73.48%
Google Rocketeer	https://ct.googleapis.com/rocketeer	2019-07-03 20:53:39	Good	89.97%
Google Skydiver	https://ct.googleapis.com/skydiver	2019-07-03 20:53:39	Good	77.26%
Google Submariner	https://ct.googleapis.com/submariner	2019-07-04 15:11:46	Good	93.03%
Google Test Tube	https://ct.googleapis.com/testtube	2019-07-04 02:13:24	Good	75.58%
Google Xenon 2018	https://ct.googleapis.com/logs/xenon2018	2019-11-01 11:36:38	Bad	75.89%
Google Xenon 2019	https://ct.googleapis.com/logs/xenon2019	2019-07-07 20:47:17	Good	93.17%
Google Xenon 2020	https://ct.googleapis.com/logs/xenon2020	2019-07-07 21:05:01	Good	75.21%
Google Xenon 2021	https://ct.googleapis.com/logs/xenon2021	2019-07-07 21:03:57	Good	91.89%
Google Xenon 2022	https://ct.googleapis.com/logs/xenon2022	2019-07-18 20:58:08	Good	83.54%
Google Xenon 2023	https://ct.googleapis.com/logs/xenon2023	2019-07-18 20:58:08	Good	92.20%
Izenpe	https://ct.izenpe.com	2016-10-25 07:25:56	Ceased	N/A
Izenpe Argi	https://ct.izenpe.eus	2017-06-05 09:53:01	Ceased	N/A
Izenpe Pilot	https://ct.izenpe.com/pilot	2016-05-14 19:41:49	Ceased	N/A
Let's Encrypt Birch	https://birch.ct.letsencrypt.org/birch	N/A	Ceased	N/A
Let's Encrypt Clicky	https://clicky.ct.letsencrypt.org	2017-06-02 07:58:06	Ceased	N/A
Let's Encrypt Oak	https://oak.ct.letsencrypt.org/oak	N/A	Ceased	N/A
Let's Encrypt Oak 2019	https://oak.ct.letsencrypt.org/2019	2019-07-03 20:54:36	Good	90.90%
Let's Encrypt Oak 2020	https://oak.ct.letsencrypt.org/2020	2019-07-11 06:34:19	Good	72.90%
Let's Encrypt Oak 2021	https://oak.ct.letsencrypt.org/2021	2019-07-09 12:04:18	Good	71.34%
Let's Encrypt Oak 2022	https://oak.ct.letsencrypt.org/2022	2019-07-07 21:04:17	Good	91.26%
Let's Encrypt Spruce 2018	https://spruce.ct.letsencrypt.org/2018	N/A	Ceased	N/A
NORDUnet Flimsy	https://flimsy.ct.nordu.net	N/A	Ceased	N/A
NORDUnet Plausible	https://plausible.ct.nordu.net	2019-07-07 20:58:41	Warning	94.70%
PuChuangSiDa	https://www.certificatetransparency.cn/ct	2017-05-12 02:40:17	Ceased	N/A
Sectigo Dodo	https://dodo.ct.comodo.com	2019-07-18 22:02:34	Warning	92.20%
Sectigo Mammoth	https://mammoth.ct.comodo.com	2019-07-03 20:56:52	Good	79.60%
Sectigo Sabre	https://sabre.ct.comodo.com	2019-07-04 10:00:47	Good	90.93%
SHECA	https://ct.sheca.com	2019-03-01 01:41:10	Ceased	N/A
SHECA (Old)	http://ctlog.sheca.com	2017-03-23 09:47:08	Ceased	N/A
SSLWatcher.com Alpha	https://alpha.ctlogs.org	N/A	Ceased	N/A
StartCom	https://ct.startssl.com	2018-04-18 05:52:18	Ceased	N/A
Symantec	https://ct.ws.symantec.com	2018-10-12 19:00:00	Ceased	N/A
Symantec Deneb	https://deneb.ws.symantec.com	2018-10-12 19:00:00	Ceased	N/A
Symantec Sirius	https://sirius.ws.symantec.com	2018-10-12 19:00:01	Ceased	N/A
Symantec Vega	https://vega.ws.symantec.com	2018-10-12 19:00:00	Ceased	N/A
Venafi	https://ctlog.api.venafi.com	2017-11-03 19:36:02	Ceased	N/A
Venafi Gen2	https://ctlog-gen2.api.venafi.com	2018-05-03 19:09:43	Frozen	86.02%
WoSign	https://ctlog.wosign.com	2018-04-18 02:39:01	Ceased	N/A
WoSign 2	https://ctlog2.wosign.com	2017-09-13 00:59:26	Ceased	N/A
WoSign 3	https://ctlog3.wosign.com	2017-09-25 05:49:12	Ceased	N/A
WoSign (Old)	https://ct.wosign.com	2016-04-14 03:22:46	Ceased	N/A
WoTrus	https://ctlog.wotrus.com	2019-12-01 17:53:38	Bad	82.70%
WoTrus 3	https://ctlog3.wotrus.com	2018-04-18 05:29:49	Ceased	N/A

The list of logs is also available in JSON format at /logs.json. The schema is identical to the schema used by the official log_list.json and all_logs_list.json files, with the following exceptions:

Log operator information is excluded.
The final_sth, disqualified_at and dns_api_endpoint keys are excluded.
Keys are null if they are not known.
URLs are prefixed with https://.
A log_id field is added, which contains the Base64 hash of the log's key or null if the key is not known.

Monitors

Gossip is exchanged with the following monitors:

Monitor	URL
Cert Spotter	https://certspotter.com
Chromium STHSets	https://clients2.google.com/service/update2/crx
Google	https://www.gstatic.com/ct/gossip

Signed Tree Head gossip

Two API endpoints are provided for exchanging STH gossip:

/ct/v1/sth-gossip, which implements draft-linus-trans-gossip-ct-01.
/.well-known/ct/v1/sth-pollination, which implements draft-ietf-trans-gossip-00.

Both return all the STHs observed over the last hour, so there is little point in querying them more than once every 30 minutes. If you use one of these endpoints, I'd appreciate being able to fetch gossip from your monitor in return. In particular, the /ct/v1/sth-gossip endpoint doesn't support exchanging gossip in both directions. Get in touch with me if you want to organise this.

Signed Certificate Timestamp gossip

An experimental API endpoint is provided for submitting SCT gossip:

/ct/v1/sct-feedback, which implements draft-ietf-trans-gossip-00.

The monitor checks that the corresponding entries are included in the log after the log's Maximum Merge Delay has elapsed. Although the results of this check are stored in the database, they are not currently displayed in the web interface.

Tor

This website is also available as a Tor hidden service at ctgpe2yc6ez56dhwd5hpj2tdkiuz4m5iy7347cpzmxyacphl72dmfyqd.onion (supported by Tor versions >= 0.3.2) or ctgpe47oofn4ov5v.onion if you want to exchange gossip while remaining anonymous.

Methodology

I've put up a page describing the methodology used by the monitor. If the monitor displays a warning or bad status for a log, you should read the methodology page before reporting it to the log operator (or even better, get in touch, as the web interface doesn't present all of the available data). In particular, the backend is hosted from a residential Internet connection and network outages may cause false positives.