Certificate Transparency logs are public records of every SSL certificate ever issued for your domain. Here's what they reveal and how to use them to spot security threats.
By CertGuard Team
There is a public record of every SSL certificate ever issued for your domain. It's been there since 2018, it's searchable by anyone, and most business owners have never heard of it.
Certificate Transparency (CT) logs are one of the most underused security tools available — and they're completely free.
Note: This post is for informational purposes only. The third-party tools referenced are subject to change — verify availability directly with each provider.
Since 2018, all publicly trusted Certificate Authorities are required to submit every certificate they issue to at least two publicly accessible Certificate Transparency logs. These are append-only, cryptographically verifiable records.
The goal was to make certificate misissuance detectable. Before CT logs, a CA could issue a certificate for your domain without your knowledge, and you'd have no practical way to find out. With CT logs, every certificate issued for your domain is publicly recorded within minutes to hours of issuance.
Google enforces CT log compliance in Chrome — any certificate not logged in at least two CT logs is rejected by Chrome with an error.
Each CT log entry contains:
What's not logged: your private key, your customer data, or any confidential information. CT logs only contain the certificate metadata.
The simplest tool is crt.sh, a free search interface maintained by Sectigo.
certguard.auYou can also search for wildcards and subdomains. The results show:
For a domain you've operated for years, you'll typically see dozens of entries — each renewal generates a new certificate and a new entry.
The most important use of CT logs: finding certificates issued for your domain that you didn't authorise.
If an attacker compromises a Certificate Authority (it has happened — see the DigiNotar incident of 2011), they could issue a certificate for your domain. Before CT logs, you'd never know. With CT logs, you can see it within minutes.
Search for your domain and look for:
CT logs reveal the full certificate history for your domain, including certificates for subdomains. This is useful for:
If your certificate was renewed on the same date each year for five years, you can use that pattern to predict when your team will likely need to act. If the pattern is broken — if your next renewal is earlier than expected — it might indicate someone else acted on your behalf.
You can automate monitoring of CT logs for your domain using:
Facebook's Certificate Transparency Monitoring (developers.facebook.com/tools/ct): Subscribe to email notifications when new certificates are issued for your domain. (Verify this tool is still active — Meta periodically retires developer tools.)
certspotter (sslmate.com/certspotter): Free tier alerts you when new certificates appear for your domain.
crt.sh RSS feeds: The site generates RSS feeds you can subscribe to for a domain.
These tools give you near-real-time alerts when any new certificate is issued for your domain — which is useful both for catching authorised renewals and for detecting potential compromise.
For most small businesses, CT logs are a passive security benefit — your certificates are logged automatically, and the existence of the logs deters fraudulent issuance.
For businesses handling sensitive data or operating in regulated industries, active monitoring of CT logs for your domain is a meaningful control that costs nothing.
Practical steps:
CT log monitoring is one layer of a complete certificate management approach. The other critical layer — ensuring your certificates are renewed before they expire — is where CertGuard helps.
CertGuard monitors your live certificate status and alerts you before expiry. Free for up to 3 domains.
CertGuard monitors your certificates automatically and alerts you before anything expires. Free for up to 3 domains.
Start Free →ISO 27001 requires formal controls for cryptographic key and certificate management. Here's how to build an SSL certificate management program that satisfies auditors.
Certificate authorities are the backbone of web security — but not all of them carry the same weight. Here's what Australian businesses need to know before buying or issuing an SSL certificate.
The Australian Cyber Security Centre's Essential Eight framework addresses certificate management through patch management and application hardening. Here's how SSL monitoring fits in.