-- Leo's gemini proxy
-- Connecting to jacksonchen666.com:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en
2023-09-23 16:18:35Z (last updated 2024-03-08 10:20:31Z)
Did you know that when you get a certificate for HTTPS use from certificate issuers (e.g. Let's encrypt, Cloudflare, etc.), the certificate issuing is logged?
Welcome to Certificate Transparency. You can even search for certificates! Hope you didn't request for a certificate with nasty/sensitive subdomains names or malicious (impersonating) domains because the domains for issued certificates are definitely public.
So how do you search the certificate logs?
Well, I haven't found a way to directly pull the CT logs (yet). But there is something which provides searching: crt.sh. It provides domain search, or any other kinds of search on pretty much all attributes for a certificate.
So, subdomains. How?
Well, you need a target. How about my domain? It has a bit of an interesting history with subdomains like:
posts.jacksonchen666.com
chat.jacksonchen666.com
server.jacksonchen666.com
api.billwurtz-search.jacksonchen666.com
billwurtz-search.jacksonchen666.com
*.http3.jacksonchen666.com (yes, that's a wildcard certificate)
foobar.jacksonchen666.com
redesign.jacksonchen666.com
These days though, I have much less interesting domains in my certificates because I use wildcard certificates, which doesn't show the specific domains issued so you can't see them nowadays.
-- Response ended
-- Page fetched on Fri May 10 13:25:54 2024