crt.sh is a wonderful tool. I applaud anyone who makes CT log searching more available!

That said, crt.sh can be woefully unreliable. It often returns errors during a query or is just hard down. Large result sets may never return. Queries often take a very long time.

I wanted a more reliable CT log search tool for something I'm working on, so I built a purpose built CT log search tool. I ingest all the data from the logs directly and store in Clickhouse.

https://www.certkit.io/tools/ct-logs/

The subdomain search returns a lot of spurious matches for domains with the same suffix (e.g. searching for bar.com includes foobar.com in the results)

Hey HN, I built this after years of dealing with SSL certificate surprises – expired certs on subdomains nobody knew existed, shadow IT spinning up certs, the usual 3am outages.

CertRadar has four free tools (no signup, no premium tier):

- CT Log Search – find every certificate ever issued for a domain via Certificate Transparency logs. Great for discovering forgotten subdomains.

- SSL Analyzer – cert chain, TLS versions, HSTS, expiration. Faster than SSL Labs.

- DNS + SSL Check – DNS records and SSL health in one view.

- Security Headers – HSTS, CSP, X-Frame-Options analysis with recommendations.

Built with Rust on GCP Cloud Run. Happy to talk about the architecture or any feedback on what would make these more useful.

This is really cool. I've gone down the rabbit hole of Certificate Transparency to find out how crt.sh gets its information - first time I've even heard that it exists. Also, much better UI than crt.sh. I've tried to go over the information there, but it looks really cumbersome.

Feature ideas:

Log Whois and now RDAP JSON

Log DNS zones

Find typo squatting