New Certificates Not Displayed

278 views
Skip to first unread message

Lukas

unread,
Feb 21, 2025, 3:32:09 AMFeb 21
to crt.sh
Hello, I noticed crt.sh isn't showing certificates issued within the past 7 days across several domains using Let's Encrypt.
Is there a known outage or technical issue?

r...@sectigo.com

unread,
Feb 21, 2025, 7:23:03 AMFeb 21
to crt.sh
Hi Lukas.


As part of coping with the current infrastructure issues outlined in that thread, it has been necessary on several occasions over the past month or so to temporarily stop crt.sh's log ingestion process.  This has meant delays in certificates appearing in crt.sh even when those certificates have been included in logs for which crt.sh's ingestion backlog is relatively small.

r...@sectigo.com

unread,
Feb 21, 2025, 9:21:55 AMFeb 21
to crt.sh
Also, due to the combination of the current infrastructure issues and the volume of user requests hammering crt.sh:5432, replication from the crt.sh primary database to the crt.sh:5432 database replicas is lagging by several days at the moment.

Soledad Guerra Decono

unread,
Mar 12, 2025, 9:20:53 AMMar 12
to crt.sh

Hello everyone,

This issue hasn't been resolved yet, right? I noticed that some certificates issued 20 days ago (or even further) are still missing from crt.sh:5432

 Is there a way to retrieve those that haven't been logged in that particular database?  

thanks

r...@sectigo.com

unread,
Mar 12, 2025, 12:08:48 PMMar 12
to crt.sh
It's not yet resolved, but we are making progress towards a resolution.

The primary database has been migrated to the new storage array, and the log entry ingestion process is now performing well and chewing through the backlog.

The read-only replicas are currently struggling to keep up with the primary, but we expect this will be resolved once the read-only replicas have also been migrated to the new storage array.  This migration is in progress.

Soledad Guerra Decono

unread,
Mar 12, 2025, 3:00:30 PMMar 12
to crt.sh
Thank you so much, Rob, for taking the time to help me understand. I really appreciate it!
 In the meantime I was wondering if you know a way for me to search and retrieve all the certificates that weren t logged into the replicas? otherwise i´d have to go back and perform a new whole  search once  the migration is over. 
 Thanks in advance

Rob Stradling

unread,
Mar 13, 2025, 10:01:59 AMMar 13
to Soledad Guerra Decono, crt.sh
> In the meantime I was wondering if you know a way for me to search and retrieve all the certificates that weren t logged into the replicas?

Only the read-only replica DBs are accessible to the general public (via crt.sh:5432 and crt.sh:443).

> otherwise i´d have to go back and perform a new whole  search once  the migration is over. 

Newly added certificates always have larger ID values on the "certificate" table than certificates that were already present in the database.  So if you're using crt.sh:5432 and you keep track of the largest certificate ID value you processed in your original search, then you can add a "WHERE certificate.ID >" clause to your next search in order to avoid reprocessing the same data.

By the way, this is the approach taken by https://github.com/robstradling/CeRTSearcH.


From: cr...@googlegroups.com <cr...@googlegroups.com> on behalf of Soledad Guerra Decono <soled...@gmail.com>
Sent: 12 March 2025 19:00
To: crt.sh <cr...@googlegroups.com>
Subject: Re: New Certificates Not Displayed
 
This Message Is From an Untrusted Sender
You have not previously corresponded with this sender.
 
--
You received this message because you are subscribed to the Google Groups "crt.sh" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crtsh+un...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/crtsh/3184e896-0db3-4d53-9034-996694decfcfn%40googlegroups.com.

Soledad Guerra Decono

unread,
Mar 13, 2025, 10:34:58 AMMar 13
to crt.sh
Thank you so much Rob. 
I look forward to hearing from you once you have completed the migration. 
 Sincerely, Soledad

Reply all
Reply to author
Forward
0 new messages