SSL Certificate & Subdomain Finder for Any Website avatar

SSL Certificate & Subdomain Finder for Any Website

Pricing

Pay per usage

Go to Apify Store
SSL Certificate & Subdomain Finder for Any Website

SSL Certificate & Subdomain Finder for Any Website

Find all the subdomains of any website and check its SSL certificates. Paste a domain and get every subdomain seen in public certificate records, plus the certificate issuer, valid dates and days until expiry. Great for security checks and finding forgotten sites. No API key needed.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Ken M

Ken M

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

a day ago

Last modified

Share

Find every subdomain of a website and check its SSL certificates in one run. Paste a domain like github.com and get one clean row per subdomain, with the certificate issuer, valid dates and how many days until it expires.

Built for security teams, IT admins, penetration testers and website owners. Forgotten subdomains and expired certificates are two of the most common ways websites get attacked or go down. This finds both, using only public data, with no signup or API key.

What you get

  • Every subdomain seen in public SSL certificates for the domain (the standard passive discovery method, via certificate transparency logs from SSLMate certspotter, with crt.sh as backup).
  • Certificate records: the issuer and valid dates from the newest certificate on file for each subdomain.
  • Live certificate check (on by default): connects to each subdomain over HTTPS and reads its current certificate:
    • who issued it
    • valid from and valid to dates
    • days until it expires (great for catching renewals before they lapse)
    • whether the certificate is valid right now
    • whether the site is even reachable

Example output

{
"subdomain": "api.github.com",
"domain": "github.com",
"seenAsWildcard": false,
"certIssuer": "DigiCert Inc",
"certValidFrom": "2026-02-01",
"certValidTo": "2027-02-28",
"liveReachable": true,
"liveIssuer": "Sectigo Limited",
"liveValidFrom": "2026-03-15",
"liveValidTo": "2026-09-30",
"liveDaysToExpiry": 79,
"liveValidNow": true,
"liveSanCount": 2
}

Pricing

$0.002 per subdomain. The first 2 rows of every run are free. A typical domain returns tens to a few hundred subdomains, so most runs cost a few cents to under a dollar. Paid attack-surface and certificate-monitoring tools start at $50 to $100+ per month.

How to run it via API

curl -X POST "https://api.apify.com/v2/acts/scrapemint~ssl-subdomain-finder/run-sync-get-dataset-items?token=YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"domains": ["github.com"], "checkLiveCert": true}'

Run it on a schedule to catch certificates before they expire and spot new subdomains as they appear.

Frequently asked questions

Where do the subdomains come from? Public certificate transparency logs (SSLMate certspotter, with crt.sh as backup). Every time a site gets an SSL certificate it is logged publicly, which reveals the subdomain names. No scanning or guessing.

Will it find every subdomain? It finds those that have had their own SSL certificate, which is most of them on modern sites. The keyless data covers the most recent certificates per domain, so very large domains show their newest subdomains first. Subdomains that never used HTTPS will not appear.

Is this legal? Yes. It reads public certificate records and public certificates, the same data any browser sees. It does not log in or attack anything.

More tools from Scrapemint