# Certificate Transparency Monitor — AI Agent Recon API (`logiover/certificate-transparency-monitor`) Actor

Keyless certificate transparency intelligence for AI agents: crt.sh CT logs. Track new TLS certs for any domain, discover subdomains via wildcard, batch domains. Issuer, validity, SAN domains and serial per row. No API key, no browser.

- **URL**: https://apify.com/logiover/certificate-transparency-monitor.md
- **Developed by:** [Logiover](https://apify.com/logiover) (community)
- **Categories:** Developer tools, News
- **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, 0 bookmarks
- **User rating**: No ratings yet

## Pricing

from $3.50 / 1,000 results

This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events.
Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have.

Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event

## What's an Apify Actor?

Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases.
In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours,
and optionally produces a well-defined JSON output, datasets with results, or files in key-value store.
In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server.
Actors are written with capital "A".

## How to integrate an Actor?

If asked about integration, you help developers integrate Actors into their projects.
You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready.
The best way to integrate Actors is as follows.

In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md):

```bash
npm install apify-client
```

In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md):

```bash
pip install apify-client
```

In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md):

````bash
# MacOS / Linux
curl -fsSL https://apify.com/install-cli.sh | bash
# Windows
irm https://apify.com/install-cli.ps1 | iex
```bash

In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md).

If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md).

For usage examples, see the [API](#api) section below.

For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt).


# README

## Certificate Transparency Monitor — AI Agent Recon API

> **Keyless certificate transparency intelligence for AI security/recon agents.** Pull TLS certificates from CT logs (crt.sh) for any domain. Track newly-issued certs daily, discover subdomains via wildcard, or batch many domains. Each certificate becomes one structured row with issuer, validity window, SAN hostnames and serial — ideal for detecting new infrastructure, brand impersonation, and attack-surface changes. No API key, no headless browser.

Built for the new wave of **AI agents that reason about external infrastructure and attack surface** — recon agents that watch a target's new certificates, brand-protection agents that detect lookalike domains, asset-discovery agents that enumerate subdomains via CT logs, and RAG pipelines that ground LLM answers in current infrastructure data instead of stale scans.

---

### 🎯 What this Actor is for

Every TLS certificate issued by a public CA is logged to Certificate Transparency logs — a real-time firehose of new infrastructure, hostnames and issuer relationships. When an AI agent is asked *"what new infrastructure did Acme stand up this week?"* or *"what subdomains does google.com have?"*, it needs **structured, current, CT-log data** — not a raw crt.sh JSON dump. `certificate-transparency-monitor` is that infra-grounding layer:

- **Daily new certificates.** `watch` mode pulls only certs logged in the last N days for a domain — ideal for a scheduled daily monitoring run. Big companies log dozens of new certs a day.
- **Subdomain discovery.** `subdomains` mode uses a wildcard query (`%.domain`) to enumerate all hostnames ever certified for a domain — hundreds to thousands of subdomains for large orgs.
- **Batch domains.** `domain`/`bulk` mode pulls all certificates for a list of domains — build a full CT-log corpus.
- **Triage-ready schema.** Every cert carries the queried domain, `commonName`, `nameValues` (SAN hostnames array), `issuerName`, `serialNumber`, `notBefore`/`notAfter`, `entryTimestamp`/`loggedDate`, and `isExpired`.
- **Filters.** `excludeExpired` drops past-validity certs for a current attack-surface view. `dedupBySerial` collapses precertificate + final cert duplicates.
- **AI-agent friendly.** Predictable fields, ISO dates, nullable values. Drop straight into a prompt or a vector store.
- **No keys, no browser.** Pure HTTP + JSON from crt.sh on a small Node 20 container, with Apify proxy for reliability. Cheap, fast, resilient.

---

### ✨ Key features

- **📜 crt.sh CT logs** — `https://crt.sh/?q=…&output=json` covering all major CT logs (Google Argon, Cloudflare Nimbus, Let's Encrypt Oak, DigiCert, …).
- **👁️ Watch mode (daily monitoring)** — `daysBack` filter keeps only certs logged in the last N days (by `entry_timestamp`). 1 = today's new certs.
- **🌐 Subdomain discovery** — wildcard `%.domain` query surfaces every hostname that has ever held a cert for the domain, via SAN (`nameValues`).
- **🏷️ Rich per-cert fields** — `commonName`, SAN hostnames (`nameValues`), `issuerName`, `serialNumber`, validity window (`notBefore`/`notAfter`), log entry timestamp.
- **🧹 Filters** — `excludeExpired` (current attack surface), `dedupBySerial` (collapse precert+final duplicates).
- **📚 Batch domains** — `bulk` mode loops many domains; each tagged with `query`/`domain`.
- **🌐 Proxy-aware** — Apify datacenter proxy for reliability (crt.sh can be slow/overloaded).
- **🔁 Retry/backoff** — 5xx and timeouts trigger exponential backoff retry (up to 5 attempts).
- **💰 Pay-per-result** — charged per saved certificate, not per run. Empty results are free.

---

### 🤖 Why AI agents need this

CT logs are the highest-signal, real-time source of external infrastructure changes — every new cert means a new hostname, service, or issuer relationship. When an agent monitors a target's CT feed, it sees new infrastructure the moment it's certified (often before DNS or port scans catch it). `certificate-transparency-monitor` wraps crt.sh into one reliable, pay-per-result Actor:

1. **New-infrastructure detection.** A recon agent runs `watch` daily on a target domain and alerts when a cert is logged for a hostname not seen before — catching new services, staging environments, and shadow IT.
2. **Subdomain enumeration.** An asset-discovery agent runs `subdomains` mode to build a full hostname inventory via CT SANs — far broader than DNS brute-forcing.
3. **Brand-protection / lookalike detection.** An agent monitors certs whose `commonName` or SANs contain a brand string, flagging impersonation domains the moment they're certified.
4. **Issuer / CA tracking.** An agent tracks which CAs a target uses (Let's Encrypt vs DigiCert vs internal) and alerts on anomalies (e.g. a sudden shift to a cheap CA often used for phishing).
5. **Attack-surface diffing.** An agent schedules weekly `domain` runs, diffs the cert sets, and reports new/removed hostnames as attack-surface changes.
6. **RAG over infrastructure.** Embed the cert feed into a vector store; answer "when did X hostname first appear?" with citations to the exact cert.
7. **Threat-intel pipeline.** Feed new certs into a SIEM; correlate issuer/hostname patterns with known attacker TTPs.

Each of these is one Actor call (or a scheduled run). The output is a table of certs ready for an LLM to triage, summarize, or alert on.

---

### 📦 What you get (output schema)

Every run streams **one certificate per row** to the default dataset. A row looks like:

```json
{
  "query": "stripe.com",
  "domain": "stripe.com",
  "certId": 12345678901,
  "commonName": "*.stripe.com",
  "nameValues": ["stripe.com", "www.stripe.com", "api.stripe.com", "dashboard.stripe.com"],
  "issuerName": "DigiCert TLS RSA SHA256 2020 CA1",
  "serialNumber": "0abc123def456...",
  "notBefore": "2026-06-28T00:00:00.000Z",
  "notAfter": "2027-07-03T23:59:59.000Z",
  "entryTimestamp": "2026-06-28T12:34:56.789Z",
  "loggedDate": "2026-06-28",
  "isExpired": false,
  "scrapedAt": "2026-07-02T12:00:00.000Z"
}
````

Use the **Overview** view to scan all certs with issuer + validity, or the **Subdomains (SAN)** view to read the discovered hostnames per cert.

***

### 🚀 How to use

#### 1. Daily new certs (schedule this)

```json
{
  "mode": "watch",
  "domain": "google.com",
  "daysBack": 1,
  "maxPerDomain": 500
}
```

#### 2. Subdomain discovery

```json
{
  "mode": "subdomains",
  "domain": "stripe.com",
  "maxPerDomain": 2000,
  "excludeExpired": true
}
```

#### 3. All certs for a domain (batch)

```json
{
  "mode": "domain",
  "domains": ["stripe.com", "linear.app", "vercel.com"],
  "maxPerDomain": 1000
}
```

#### 4. Bulk many domains

```json
{
  "mode": "bulk",
  "domains": ["example.com", "acme.io", "target.org"],
  "maxPerDomain": 500
}
```

#### From code (Apify SDK)

```js
import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: process.env.APIFY_TOKEN });
const run = await client.actor('logiover/certificate-transparency-monitor').call({
  mode: 'subdomains',
  domain: 'stripe.com',
  excludeExpired: true,
});
const { items } = await client.dataset(run.defaultDatasetId).listItems();
const subdomains = new Set();
for (const c of items) for (const n of c.nameValues) subdomains.add(n);
console.log([...subdomains]);
```

#### As an MCP tool for AI agents

Wrap this Actor in an MCP server. A recon agent calls the tool with a domain + mode and receives structured certs/subdomains — no crt.sh scraping, no SAN parsing on the agent side.

***

### 🔧 Input fields

| Field | Type | Default | Description |
|---|---|---|---|
| `mode` | enum | `watch` | `watch` (new certs in N days), `subdomains` (wildcard), `domain` (all certs), `bulk` (many domains). |
| `domain` | string | — | Single domain for `watch`/`subdomains`. |
| `domains` | array | — | Domains for `domain`/`bulk` modes. |
| `daysBack` | int | 1 | Days back for `watch` mode (1–365). 1 = today. |
| `maxPerDomain` | int | 1000 | Cap on certs per domain (1–20000). |
| `excludeExpired` | bool | false | Drop certs past their `notAfter`. |
| `dedupBySerial` | bool | true | Collapse precert+final duplicates by serial. |
| `useApifyProxy` | bool | true | Route through Apify datacenter proxy. |

***

### 🧩 How it works

1. **Build the crt.sh query.** For `watch`/`domain`/`bulk`: `q=<domain>`. For `subdomains`: `q=%.<domain>` (wildcard, matches every hostname ending in the domain). All requests use `output=json`.
2. **Fetch with retry.** crt.sh can be slow (especially for popular domains with tens of thousands of certs). The Actor uses a 60s timeout and exponential backoff retry (up to 5 attempts) for 5xx/timeouts, routed through the Apify datacenter proxy.
3. **Parse + normalize.** Each cert object is mapped to a flat record: `commonName`, `nameValues` (SAN hostnames split on newlines, lowercased, deduped), `issuerName`, `serialNumber`, `notBefore`, `notAfter`, `entryTimestamp`, `loggedDate` (date part), `isExpired` (notAfter < now).
4. **Deduplicate.** If `dedupBySerial`, certificates sharing a serial (precertificate + final cert) collapse to one row.
5. **Filter.** `excludeExpired` drops certs past their validity. `watch` mode filters by `entryTimestamp` (or `notBefore` fallback) within `daysBack`.
6. **Cap.** Truncate to `maxPerDomain` per domain.
7. **Stream.** Each cert is pushed to the dataset and one `result` event is charged.

***

### 💡 Tips & best practices

- **Schedule `watch` daily.** `daysBack: 1` each morning catches yesterday's new certs. Big orgs log dozens/day; small sites a few/week. Consistent recurring volume.
- **`subdomains` for asset discovery.** A single wildcard query often yields hundreds of hostnames via SAN — broader than DNS brute-forcing and passively collected.
- **`excludeExpired` for current view.** CT logs retain expired certs forever; enable this to see only currently-valid infrastructure.
- **Batch competitors.** `bulk` mode over a watchlist of competitor domains builds a comparative CT corpus.
- **Brand monitoring.** Query your brand string (e.g. `stripe`) to catch lookalike certs (`stripe-login.com`, `secure-stripe.com`) the moment they're issued.
- **Pair with recon.** Combine with `subdomain-finder` (active CT + other sources), `bulk-dns-records-lookup` (resolve discovered hostnames), and `bulk-whois-rdap-lookup` (ownership).
- **Be patient on big domains.** `google.com` has tens of thousands of certs; `maxPerDomain: 5000` + 60s timeout is normal. Small domains return in seconds.

***

### ❓ FAQ

#### Does this Actor need any API keys?

No. It queries crt.sh, the public Certificate Transparency log search, which is keyless. Just an Apify account.

#### Why crt.sh instead of direct CT-log APIs?

crt.sh aggregates all major CT logs (Google, Cloudflare, DigiCert, Let's Encrypt, …) into one searchable interface with deduplication. Querying individual logs requires parsing Merkle trees and merge-deduplicating across logs — crt.sh does that for you.

#### How current is the data?

CT logs are append-only and nearly real-time. A cert logged minutes ago appears in crt.sh within minutes to a few hours. `watch` mode with `daysBack: 1` gives you certs logged in the last 24 hours.

#### Why are some certs duplicated (before dedup)?

CT logs record both the precertificate and the final certificate for each issuance, often with the same serial. `dedupBySerial: true` (default) collapses them into one row.

#### What's in `nameValues`?

The Subject Alternative Names (SAN) of the cert — every hostname the cert is valid for. For a wildcard cert that's `*.stripe.com` plus explicit names. This is the richest source for subdomain discovery.

#### Why do some certs have a null `entryTimestamp`?

Occasionally crt.sh has the `not_before` (validity start) but not the log entry timestamp. The Actor falls back to `not_before` for `watch` filtering and `loggedDate`.

#### How is this priced?

Pay-per-result: one `result` event per saved certificate. Runs that yield zero certs are free.

#### Will crt.sh be slow?

For popular domains (google, microsoft) with tens of thousands of certs, yes — the query can take 10–60s. The Actor uses a 60s timeout + retry. For most domains it's a few seconds.

#### Can AI agents call this directly?

Yes. Expose it through an MCP server or Apify tool integration; the agent passes a domain + mode and receives structured certs/subdomains back. This is the primary design target.

***

### 🔗 Related Actors

- **subdomain-finder** — CT-log subdomain finder (complementary, active).
- **bulk-dns-records-lookup** — resolve discovered hostnames.
- **bulk-whois-rdap-lookup** — domain ownership for cert attribution.
- **bulk-ssl-certificate-checker** — live cert inspection (vs CT-log history).
- **cve-security-advisory-monitor** — vulnerability DB (security context).
- **github-activity-stream** — dev-side security commits/releases.

***

### 📝 Changelog

#### 2026-07-02 — v1.0

- Initial release.
- 4 modes: `watch`, `subdomains`, `domain`, `bulk`.
- crt.sh CT-log search, SAN hostname extraction, issuer/serial/validity fields.
- `excludeExpired` and `dedupBySerial` filters.
- `daysBack` watch window, `maxPerDomain` cap.
- Apify datacenter proxy default.
- Pay-per-result (`result` event per saved cert).

***

### ⚖️ Disclaimer

This Actor queries crt.sh, the public Certificate Transparency log search. CT-log data is public by design (required by the CA/Browser Forum Baseline Requirements); certificate holders consent to logging upon issuance. Respect crt.sh's usage guidelines. Use for security monitoring, asset discovery, brand protection and AI-agent grounding on data that is already public.

# Actor input Schema

## `mode` (type: `string`):

How to run.

• **domain** — all certificates for one or many domains (highest volume)
• **watch** — only certificates logged in the last N days (daily monitoring)
• **subdomains** — wildcard query to discover subdomains of a domain via CT logs
• **bulk** — many domains in one run

## `domains` (type: `array`):

Array of domains for **domain** or **bulk** mode, e.g. `example.com`, `stripe.com`.

## `domain` (type: `string`):

Single domain for **watch** or **subdomains** mode.

## `daysBack` (type: `integer`):

Only certificates logged within this many days. 1 = today's new certs (ideal daily run).

## `maxPerDomain` (type: `integer`):

Cap on certificates saved per domain. Popular domains have tens of thousands.

## `excludeExpired` (type: `boolean`):

Drop certificates whose not\_after is in the past. Useful for current-attack-surface views.

## `dedupBySerial` (type: `boolean`):

Collapse duplicate certificates (same serial, precertificate + final) into one row.

## `useApifyProxy` (type: `boolean`):

Route through Apify datacenter proxy. crt.sh can be slow/overloaded; proxy rotation helps reliability.

## Actor input object example

```json
{
  "mode": "watch",
  "domains": [
    "stripe.com"
  ],
  "domain": "google.com",
  "daysBack": 1,
  "maxPerDomain": 300,
  "excludeExpired": false,
  "dedupBySerial": true,
  "useApifyProxy": true
}
```

# Actor output Schema

## `results` (type: `string`):

Full dataset of CT-log certificate records.

# API

You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup.

## JavaScript example

```javascript
import { ApifyClient } from 'apify-client';

// Initialize the ApifyClient with your Apify API token
// Replace the '<YOUR_API_TOKEN>' with your token
const client = new ApifyClient({
    token: '<YOUR_API_TOKEN>',
});

// Prepare Actor input
const input = {
    "mode": "watch",
    "domains": [
        "stripe.com"
    ],
    "domain": "google.com",
    "daysBack": 1,
    "maxPerDomain": 300,
    "excludeExpired": false,
    "dedupBySerial": true,
    "useApifyProxy": true
};

// Run the Actor and wait for it to finish
const run = await client.actor("logiover/certificate-transparency-monitor").call(input);

// Fetch and print Actor results from the run's dataset (if any)
console.log('Results from dataset');
console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`);
const { items } = await client.dataset(run.defaultDatasetId).listItems();
items.forEach((item) => {
    console.dir(item);
});

// 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs

```

## Python example

```python
from apify_client import ApifyClient

# Initialize the ApifyClient with your Apify API token
# Replace '<YOUR_API_TOKEN>' with your token.
client = ApifyClient("<YOUR_API_TOKEN>")

# Prepare the Actor input
run_input = {
    "mode": "watch",
    "domains": ["stripe.com"],
    "domain": "google.com",
    "daysBack": 1,
    "maxPerDomain": 300,
    "excludeExpired": False,
    "dedupBySerial": True,
    "useApifyProxy": True,
}

# Run the Actor and wait for it to finish
run = client.actor("logiover/certificate-transparency-monitor").call(run_input=run_input)

# Fetch and print Actor results from the run's dataset (if there are any)
print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"])
for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

# 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start

```

## CLI example

```bash
echo '{
  "mode": "watch",
  "domains": [
    "stripe.com"
  ],
  "domain": "google.com",
  "daysBack": 1,
  "maxPerDomain": 300,
  "excludeExpired": false,
  "dedupBySerial": true,
  "useApifyProxy": true
}' |
apify call logiover/certificate-transparency-monitor --silent --output-dataset

```

## MCP server setup

```json
{
    "mcpServers": {
        "apify": {
            "command": "npx",
            "args": [
                "mcp-remote",
                "https://mcp.apify.com/?tools=logiover/certificate-transparency-monitor",
                "--header",
                "Authorization: Bearer <YOUR_API_TOKEN>"
            ]
        }
    }
}

```

## OpenAPI specification

```json
{
    "openapi": "3.0.1",
    "info": {
        "title": "Certificate Transparency Monitor — AI Agent Recon API",
        "description": "Keyless certificate transparency intelligence for AI agents: crt.sh CT logs. Track new TLS certs for any domain, discover subdomains via wildcard, batch domains. Issuer, validity, SAN domains and serial per row. No API key, no browser.",
        "version": "1.0",
        "x-build-id": "XrOiVZk6sebIs1nQY"
    },
    "servers": [
        {
            "url": "https://api.apify.com/v2"
        }
    ],
    "paths": {
        "/acts/logiover~certificate-transparency-monitor/run-sync-get-dataset-items": {
            "post": {
                "operationId": "run-sync-get-dataset-items-logiover-certificate-transparency-monitor",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK"
                    }
                }
            }
        },
        "/acts/logiover~certificate-transparency-monitor/runs": {
            "post": {
                "operationId": "runs-sync-logiover-certificate-transparency-monitor",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor and returns information about the initiated run in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/runsResponseSchema"
                                }
                            }
                        }
                    }
                }
            }
        },
        "/acts/logiover~certificate-transparency-monitor/run-sync": {
            "post": {
                "operationId": "run-sync-logiover-certificate-transparency-monitor",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK"
                    }
                }
            }
        }
    },
    "components": {
        "schemas": {
            "inputSchema": {
                "type": "object",
                "required": [
                    "mode"
                ],
                "properties": {
                    "mode": {
                        "title": "Mode",
                        "enum": [
                            "domain",
                            "watch",
                            "subdomains",
                            "bulk"
                        ],
                        "type": "string",
                        "description": "How to run.\n\n• **domain** — all certificates for one or many domains (highest volume)\n• **watch** — only certificates logged in the last N days (daily monitoring)\n• **subdomains** — wildcard query to discover subdomains of a domain via CT logs\n• **bulk** — many domains in one run",
                        "default": "watch"
                    },
                    "domains": {
                        "title": "Domains (domain & bulk)",
                        "type": "array",
                        "description": "Array of domains for **domain** or **bulk** mode, e.g. `example.com`, `stripe.com`.",
                        "items": {
                            "type": "string"
                        },
                        "default": []
                    },
                    "domain": {
                        "title": "Domain (watch & subdomains)",
                        "type": "string",
                        "description": "Single domain for **watch** or **subdomains** mode."
                    },
                    "daysBack": {
                        "title": "Days back (watch mode)",
                        "minimum": 1,
                        "maximum": 365,
                        "type": "integer",
                        "description": "Only certificates logged within this many days. 1 = today's new certs (ideal daily run).",
                        "default": 1
                    },
                    "maxPerDomain": {
                        "title": "Max certs per domain",
                        "minimum": 1,
                        "maximum": 20000,
                        "type": "integer",
                        "description": "Cap on certificates saved per domain. Popular domains have tens of thousands.",
                        "default": 1000
                    },
                    "excludeExpired": {
                        "title": "Exclude expired certs",
                        "type": "boolean",
                        "description": "Drop certificates whose not_after is in the past. Useful for current-attack-surface views.",
                        "default": false
                    },
                    "dedupBySerial": {
                        "title": "Deduplicate by serial",
                        "type": "boolean",
                        "description": "Collapse duplicate certificates (same serial, precertificate + final) into one row.",
                        "default": true
                    },
                    "useApifyProxy": {
                        "title": "Use Apify datacenter proxy",
                        "type": "boolean",
                        "description": "Route through Apify datacenter proxy. crt.sh can be slow/overloaded; proxy rotation helps reliability.",
                        "default": true
                    }
                }
            },
            "runsResponseSchema": {
                "type": "object",
                "properties": {
                    "data": {
                        "type": "object",
                        "properties": {
                            "id": {
                                "type": "string"
                            },
                            "actId": {
                                "type": "string"
                            },
                            "userId": {
                                "type": "string"
                            },
                            "startedAt": {
                                "type": "string",
                                "format": "date-time",
                                "example": "2025-01-08T00:00:00.000Z"
                            },
                            "finishedAt": {
                                "type": "string",
                                "format": "date-time",
                                "example": "2025-01-08T00:00:00.000Z"
                            },
                            "status": {
                                "type": "string",
                                "example": "READY"
                            },
                            "meta": {
                                "type": "object",
                                "properties": {
                                    "origin": {
                                        "type": "string",
                                        "example": "API"
                                    },
                                    "userAgent": {
                                        "type": "string"
                                    }
                                }
                            },
                            "stats": {
                                "type": "object",
                                "properties": {
                                    "inputBodyLen": {
                                        "type": "integer",
                                        "example": 2000
                                    },
                                    "rebootCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "restartCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "resurrectCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "computeUnits": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            },
                            "options": {
                                "type": "object",
                                "properties": {
                                    "build": {
                                        "type": "string",
                                        "example": "latest"
                                    },
                                    "timeoutSecs": {
                                        "type": "integer",
                                        "example": 300
                                    },
                                    "memoryMbytes": {
                                        "type": "integer",
                                        "example": 1024
                                    },
                                    "diskMbytes": {
                                        "type": "integer",
                                        "example": 2048
                                    }
                                }
                            },
                            "buildId": {
                                "type": "string"
                            },
                            "defaultKeyValueStoreId": {
                                "type": "string"
                            },
                            "defaultDatasetId": {
                                "type": "string"
                            },
                            "defaultRequestQueueId": {
                                "type": "string"
                            },
                            "buildNumber": {
                                "type": "string",
                                "example": "1.0.0"
                            },
                            "containerUrl": {
                                "type": "string"
                            },
                            "usage": {
                                "type": "object",
                                "properties": {
                                    "ACTOR_COMPUTE_UNITS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_WRITES": {
                                        "type": "integer",
                                        "example": 1
                                    },
                                    "KEY_VALUE_STORE_LISTS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_INTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_EXTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_SERPS": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            },
                            "usageTotalUsd": {
                                "type": "number",
                                "example": 0.00005
                            },
                            "usageUsd": {
                                "type": "object",
                                "properties": {
                                    "ACTOR_COMPUTE_UNITS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_WRITES": {
                                        "type": "number",
                                        "example": 0.00005
                                    },
                                    "KEY_VALUE_STORE_LISTS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_INTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_EXTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_SERPS": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
```
