Andrew Ayer
Andrew Ayer
Running as a cron job is sub-optimal for several reasons: 1. It's not obvious what the interval between runs should be. A shorter interval allows for quicker notification of certificates,...
It's possible to obtain significantly higher throughput by downloading entries in parallel. There are several challenges with this approach, however: 1. We don't know how many entries a log will...
Allow user to specify the date we use for checking the expiration, so if they care about certs that were valid at any point in the last 30 days, they...
I think the entire PEM-encoded certificate chain should be fed to the script over stdin. Cert Spotter should ignore broken pipes in case the script closes stdin before reading anything....
It would copy the certificate into the state directory, so you're not alerted when the certificate later shows up in a log. This command could be invoked by a certbot...
certspotter should have a sub-command to submit a certificate chain to logs. It should store the SCTs in the state directory and demand inclusion proofs after the MMD has elapsed....
The plumbing is there, but it needs to be wired up with the watchlist.
Cert Spotter should catch name constrained intermediate CAs that are valid for an identifier on the watchlist.