certstream-server-go icon indicating copy to clipboard operation
certstream-server-go copied to clipboard
verified publisher icon d-Rickyy-b

Static-CT

Open Knight1 opened this issue 8 months ago • 1 comments

Filippo added the first production static-ct Logs to the google ct log list for inclusion. https://issues.chromium.org/issues/416691330

2025/05/13 07:28:45 ct-watcher.go:290: Could not get STH for 'https://tuscolo2025h2.sunlight.geomys.org': got HTTP Status "404 Not Found"
2025/05/13 07:28:45 ct-watcher.go:244: Worker for 'https://tuscolo2025h2.sunlight.geomys.org' failed - could not fetch STH
2025/05/13 07:28:45 ct-watcher.go:245: Stopping worker for CT log: https://tuscolo2025h2.sunlight.geomys.org

Knight1 avatar May 13 '25 05:05 Knight1

It seems that https://github.com/google/certificate-transparency-go does not intend to wdd support for tile logs (https://github.com/google/certificate-transparency-go/issues/1669).

There are some other clients that could be uses for that: https://pkg.go.dev/filippo.io/sunlight#Client https://github.com/transparency-dev/tesseract/blob/63fd586abdaa69f9308d33c364577f1c638dd2a7/cmd/client/main.go

mimi89999 avatar Sep 26 '25 14:09 mimi89999

Since around 2025-12-08 we are not receiving any Let's Encrypt certificates anymore. That is caused by Let's Encrypt stopping its RFC 6962 logs and will only running static CT logs. This situation makes support LE static CT logs very important.

AndreC10002 avatar Dec 14 '25 18:12 AndreC10002

I proposed a PR some time ago: https://github.com/d-Rickyy-b/certstream-server-go/pull/79

You can try my Python lib: https://github.com/CERT-Polska/ct-moniteur . It supports both static tiled logs and classic logs. If you need a WS API, it can easily be added.

mimi89999 avatar Dec 14 '25 21:12 mimi89999