Question 1

How do I set up Cert Spotter to monitor all subdomains of my domain?

Accepted Answer

Add a domain prefixed with a dot to your watchlist file, like '.example.com'. This tells Cert Spotter to monitor the domain and all its subdomains, as explained in the Quickstart section of the README.

Question 2

Cert Spotter vs. other CT monitors like CertStream: which is better for real-time monitoring?

Accepted Answer

Cert Spotter prioritizes robustness and security with its parsing approach, but may have higher latency due to CT log monitoring. CertStream might offer faster alerts, but Cert Spotter is designed for reliability and no missed certificates, as highlighted in its features.

Question 3

Can Cert Spotter send alerts to Slack or Microsoft Teams without custom scripting?

Accepted Answer

No, the open-source version only supports email and executable hooks; for direct Slack integration, you need the hosted service or to write custom scripts, as mentioned in the README's comparison with SSLMate's hosted offering.

Question 4

How does Cert Spotter handle false positives from legitimate certificates?

Accepted Answer

Use the certspotter-authorize command to whitelist known certificates, preventing notifications for authorized issuances and reducing false alarms, as detailed in the Authorizing Known Certificates section.

Question 5

What are the system requirements for running Cert Spotter in production?

Accepted Answer

Requires Go 1.21 or higher for installation, a working sendmail command for email notifications, and a daemon setup for continuous monitoring, as outlined in the Quickstart and documentation links.

CertSpotter

What is CertSpotter?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions