Home SSL Cert Lookup

DNS lookup

ready

Search Certificate Transparency logs via crt.sh for any domain - all SSL certificates ever issued, issuer details, validity dates, and Subject Alternative Names.

last reviewed 2026-05-04.source: crt.sh Certificate Transparency logs

How it works

This tool queries crt.sh, the public Certificate Transparency log search service operated by Sectigo. CT logs record every SSL certificate issued by a public Certificate Authority. The tool returns the certificate history for the domain you enter - issuer, validity dates, and Subject Alternative Names.

FAQ

Where does the cert data come from?
crt.sh - the public Certificate Transparency log search service. CT is mandatory for all browser-trusted CAs since 2018. Every issued cert appears in CT logs.
Why see expired certs?
CT logs are append-only and historical. Expired certs are useful for security analysis (subdomain enumeration, abuse detection, key rotation tracking).
Why is the lookup slow sometimes?
crt.sh queries a Postgres database with hundreds of millions of rows. Common domains return fast; obscure searches may take 10-30 seconds.
How do I check the live cert on a server?
CT logs show certs ever issued, not the cert currently served by a specific server. To check the live cert use openssl s_client -connect host:443 -servername host or sslshopper.com.
Does this save my inputs?
Last query persists in localStorage. The query is sent to crt.sh; nothing is logged on JustKit.