Status update:
Although there's still more work for me to do to restore all of the crt.sh functionality that you all know and love(*), we have today made the new crt.sh front-end webservers publicly available. If you want to reach these new webservers instead of the old ones, for now please add the following entry to your "hosts" file:91.199.212.73 crt.sh
There's no port 5432 access yet, but this will follow soon.
The ct_monitor application has been running since Friday last week, but the backlog has grown slightly rather than gone down. I'm working on profiling the code to figure out what's slow and what can be optimized.
Hi Rob,It seems the backlog is continuing to grow- is there any relative timeline to when the backlog should start reduce/crt.sh fully chew through it?
Additionally, do you have an average trailing wait time for crt.sh? (ie. is it currently 7 days delayed, 14 days, etc.)?
I've just added a "Latest Entry Age" column to https://crt.sh/monitored-logs
value "<cert id>" is out of range for type integer
SQL statement "SELECT replace(encode(c.CERTIFICATE, 'base64'), chr(10), '') FROM certificate c WHERE c.ID = cert_identifier::integer" PL/pgSQL function download_cert(text) line 12 at SQL statement PL/pgSQL function web_apis(text,text[],text[]) line 177 at RETURN
I don't yet have ETAs for when we'll be ready to flip the A/AAAA records for crt.sh to point to the new servers, or for when we will then decommission the old servers.
--
You received this message because you are subscribed to the Google Groups "crt.sh" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crtsh+un...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/crtsh/46fb3e9b-c98e-4042-a5e5-9a3fd36ef56b%40googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to crtsh+unsubscribe@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to cr...@googlegroups.com.
SELECT DISTINCT lexemeFROM certificate, unnest(identities(certificate))WHERE identities(certificate) @@ 'wikipedia.org:*' and lexeme like '%wikipedia.org%';
--
You received this message because you are subscribed to the Google Groups "crt.sh" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crtsh+un...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/crtsh/532ce964-c1a4-4185-8826-384f45e223d3%40googlegroups.com.
For example, for a query on 'www.bad%oogle.com', I believe this works:
WHERE to_tsquery('www.bad:*') @@ identities(cai.CERTIFICATE)
AND to_tsquery('oogle.com') @@ identities(cai.CERTIFICATE)
AND cai.NAME_VALUE ILIKE ('www.bad%oogle.com')
And for 'bad.subdomain.%.%'
WHERE to_tsquery('bad.subdomain:*') @@ identities(cai.CERTIFICATE)
AND cai.NAME_VALUE ILIKE ('bad.subdomain.%.%')
For example, for a query on '%adgoogl%', I don't believe this will work:
WHERE to_tsquery('adgoogl:*') @@ identities(cai.CERTIFICATE)
AND cai.NAME_VALUE ILIKE ('%adgoogl%')
And it doesn't work for partial domain names:
WHERE to_tsquery('vil.com') @@ identities(cai.CERTIFICATE)
AND cai.NAME_VALUE ILIKE ('%vil.com')
And it doesn't work for common stems:
WHERE to_tsquery('security:*') @@ identities(cai.CERTIFICATE)
The old crt.sh service is still available at the IP addresses below. I anticipate that we'll start to decommission the old servers in a month or two.
OLD:> host crt.sh
crt.sh has address 91.199.212.48
crt.sh has IPv6 address 2a0e:ac00:c7:d430::5bc7:d430