crt.sh Certificate Transparency Scraper — SSL Discovery avatar

crt.sh Certificate Transparency Scraper — SSL Discovery

Pricing

from $3.00 / 1,000 results

Go to Apify Store
crt.sh Certificate Transparency Scraper — SSL Discovery

crt.sh Certificate Transparency Scraper — SSL Discovery

Discover all SSL/TLS certificates issued for any domain via crt.sh Certificate Transparency logs. Find subdomains, wildcard certs, certificate history, and issuer details.

Pricing

from $3.00 / 1,000 results

Rating

0.0

(0)

Developer

Compute Edge

Compute Edge

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

a day ago

Last modified

Categories

Share

crt.sh Certificate Transparency Scraper

Extract SSL/TLS certificate records from crt.sh for any domain. Discover subdomains, wildcard certificates, certificate history, issuers, and validity dates from public Certificate Transparency (CT) logs — no API key required.

What is Certificate Transparency?

Every publicly trusted SSL/TLS certificate must be logged in a public Certificate Transparency log before browsers will trust it. crt.sh is a free public search interface over those logs maintained by Sectigo. This Actor queries it programmatically to return structured JSON output ready for security research, subdomain enumeration, and asset discovery workflows.

Key data fields extracted:

FieldDescription
commonNameCertificate Common Name (CN), typically the primary domain
nameValueSubject Alternative Names (SANs) — all domains covered by the cert
sanListSAN entries parsed into a clean array
issuerNameFull issuer string (e.g. "Let's Encrypt Authority X3")
notBeforeCertificate valid-from date (YYYY-MM-DD)
notAfterCertificate expiry date (YYYY-MM-DD)
isExpiredBoolean — true if the certificate has expired
serialNumberCertificate serial number
crtshIdcrt.sh internal record ID
crtshUrlDirect link to the certificate detail page on crt.sh
queryDomainThe domain that was queried (useful when running multiple domains)

How to Scrape SSL Certificates with This Actor

  1. Go to the Input tab in Apify Console.
  2. Enter one or more domains in the Domains field (e.g. example.com, %.example.com).
  3. Optionally filter by issuer, validity date range, or toggle expired certs on/off.
  4. Click Start and wait for the run to complete (most domains finish in under 30 seconds).
  5. Download results as JSON, CSV, or XLSX from the Dataset tab.

Input Configuration

{
"domains": ["example.com", "%.github.com"],
"includeExpired": false,
"deduplicateSubdomains": true,
"issuedAfter": "2024-01-01",
"issuerFilter": "Let's Encrypt",
"maxResultsPerDomain": 500
}

Wildcard prefix queries: Use %.example.com to find all subdomains. crt.sh treats % as a SQL LIKE wildcard.

Pricing

This Actor uses pay-per-result pricing. Typical costs:

UsageEstimated Cost
100 certificate records~$0.30
500 certificate records~$1.50
2,000 certificate records~$6.00

Large domains (e.g. %.google.com) can return thousands of records — use maxResultsPerDomain to control costs.

Example Output

{
"crtshId": 12345678,
"issuerCaId": 183267,
"issuerName": "C=US, O=Let's Encrypt, CN=R3",
"commonName": "api.example.com",
"nameValue": "api.example.com",
"sanList": ["api.example.com"],
"entryTimestamp": "2024-06-01T12:34:56",
"notBefore": "2024-06-01",
"notAfter": "2024-08-30",
"isExpired": false,
"serialNumber": "04abc123def456",
"queryDomain": "%.example.com",
"crtshUrl": "https://crt.sh/?id=12345678"
}

Use Cases

  • Security Research: Discover all subdomains of a target to map attack surface.
  • Asset Inventory: Audit all SSL certificates issued for your organisation's domains.
  • Competitive Intelligence: Track when competitors register new subdomains (new product launches, regional expansions).
  • Phishing Detection: Monitor for look-alike certificates (e.g. %.paypal-secure.com).
  • Certificate Expiry Monitoring: Find certificates nearing expiration across a portfolio of domains.

FAQ

Does this require login or an API key? No. crt.sh is a free public service. No authentication required.

How fresh is the data? crt.sh ingests CT logs in near real-time (typically within minutes of certificate issuance).

What does %.example.com mean? The % is a wildcard matching any prefix. %.example.com returns certs for all subdomains of example.com. You can also query example.com (exact) or %.%.example.com for deeper nesting.

Why might some results be missing? Pre-certificate SCTs (pre-issuance log entries) are included in crt.sh results. Some very old certificates predate CT logs and will not appear.

This Actor queries the publicly available crt.sh interface, which aggregates data from Certificate Transparency logs. Certificate Transparency logs are public by design (RFC 6962). Usage is subject to crt.sh's terms of service. Please use responsibly and avoid hammering the service with excessive concurrent requests. The Actor includes a 1-second polite delay between domain queries. The data extracted contains no personal information — only technical certificate metadata.

For support or feature requests, contact seatsignal on Apify.