CT Log Lookup
Search public Certificate Transparency logs for certificates issued to a domain.
About the CT Log Lookup
Certificate Transparency logs record every publicly trusted TLS certificate issued for a domain. The CT Log Lookup searches those public logs via crt.sh and lists unique certificates with issuer, validity window, common name, and SANs.
Security teams use CT data to spot unauthorized issuance, forgotten subdomains, and certificates that were replaced but never revoked. Developers use it to see what names were covered on past certs before renewing or reissuing.
The domain you enter is sent to our server, which queries crt.sh. We do not store the domain. crt.sh is a public CT aggregator; results reflect what was logged, not necessarily what is currently served on your origin.
For the certificate currently live on a host, use SSL Checker. For PEM you already have, use SSL Decoder.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
What is Certificate Transparency?
Public CAs must append newly issued certificates to append-only logs. Anyone can search those logs to discover which certs exist for a domain.
Why use crt.sh?
crt.sh indexes multiple CT logs and exposes a simple JSON API. Our server queries it on your behalf so the browser does not need to call a third party directly.
Is this the same as checking my live server?
No. CT shows historical issuance. A cert may appear in CT but no longer be installed, and your live cert may have been issued too recently to appear yet.
Is my domain stored?
No. Our server forwards the query and returns summarized results without persisting the domain.
Why are there duplicate looking entries?
We deduplicate by serial number. Different issuances for the same name (renewals, reissues) appear as separate rows with different validity dates.