On Tue, 24 Oct 2023, Slavko via mailop wrote:
Dňa 24. 10. o 4:04 Ian Kelling via mailop napísal(a):
Anyone know how to monitor C-T logs? I looked around a bit and didn't
see how to actually do it for let's encrypt certs.
I recently installed https://github.com/SSLMate/certspotter
Hard to say any opinion yet, as i install it on one my sparse machine with
debian old stable, thus somewhat old certspotter version, and it is too soon
to know something useful. First result i expect in next week or two, when
some of my certs have to be renewed (i don't want to force that).
When o tried recent debian's version of it on my desktop, it tooks minimal
RAM (~30 MB) and consumes 10-30% of CPU (not permanently, but in waves), thus
it is doing something. I will continue to try it...
I use certspotter (# apt install certspotter, in debian 12), and it's really a
no-brainer. Every time a subdomain of mine gets a new/renewed certificate, I get
the notification within seconds (I also use the crt.sh RSS feed, but this is,
from the point of view of the user, rather "passive" (polling), while
certspotter is, "active").
The good thing is that you can monitor any domain you want, so you learn a lot
about internal domains, etc. (think recon)._______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
