Andrew Ayer
Andrew Ayer
Thanks for the info. I don't see an option for CAA records in my Network Solutions account so I can't reproduce this myself. Would you be able to provide more...
Looks like GitHub has removed the attachments. Would you mind re-sending directly to my email address, [email protected]?
This is a known problem. Unfortunately, it won't be easy to fix until Mozilla starts collecting per-intermediate CAA information.
The groundwork for STH pollination has been laid in 0af026249894c99cc7f3fdbc0b74e0a3c4e3bfc5. If you place an STH in the `$STATEDIR/.logs/$LOG_ID/unverified_sths` directory, Cert Spotter will verify it the next time it runs. What's...
Cert Spotter already suppresses notifications for duplicate certificates, as long as you don't specify the `-no_save` option. The second suggestion is a good one.
One caveat: Cert Spotter considers the pre-certificate and final certificate to be different, so you may get up to two alerts for a single issuance. It would be good to...
Yes, that's correct. Note that `DNS_NAMES` and `IP_ADDRESSES` are comma-separated. There might be some changes to how `-script` works in a future release, which is one of the reasons I...
@bllfr0g certspotter produces multi-line formatted output which isn't appropriate for syslog. It's akin to daemons like smartmontools or mdadm, which directly send mail instead of using syslog.
This is not currently possible, but I can see the utility. To be clear, do you want to know which identifiers in the certificate matched, or do you want to...
I would rather not add support for a legacy algorithm. If the concern is OpenSSL 3 compatibility as indicated in #36, then presumably AES-256 support would address your use case?