Script to check issued certificates by Let's Encrypt on CTL (Certificate Transparency Log) using https://crt.sh
Clone or download
sahsanu Modify pattern to allow searches using wildcards
grep pattern modified to allow searches using wildcard subdomains *.domain.tld. Keep in mind that using *.domain.tld searches literally for *.domain.tld and in this case * doesn't act as a wildcard. Thanks to @travisjeffery for requesting it and provide a pull a request.
Latest commit 0ca2008 Aug 23, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Mar 24, 2016
README.md Updated README to show last options Apr 16, 2018
lectl Modify pattern to allow searches using wildcards Aug 23, 2018

README.md

lectl

Script to check issued certificates by Let's Encrypt on CTL (Certificate Transparency Log) using https://crt.sh

Note: crt.sh is property of COMODO CA Limited 2015-2018

Usage

lectl [-h|--help] [-v|--version] [-l|--extraline] [-s|--sans] [-e|--expired] [-u|--utc] [-m] [-p|--pre] [-f|--final] domain

Options

 -h | --help      [Default: false] shows the help file.

 -v | --version   shows the script version.

 -l | --extraline [Default: false] adds extra line separator between found
                  certificates (when there are several certs with several
                  sans adding this extra line it's easier to read the output).

 -s | --sans      [Default: false] shows all domains included in the
                  certificate as SANs. If you don't use this option you will
                  only see the Common Name.

 -e | --expired   [Default: false] shows all certs issued for the specified
                  domain, including the certs that are already expired.

 -u | --utc       [Default: false] shows the dates in UTC (GMT) instead of
                  your machine time zone.

 -m               [Default: 100] searchs for more or less than 100 certificates
                  per domain OR subdomain. It means that if for example you use
                  option -m25 you could receive an output of max 50 certs (25 for
                  the domain and 25 for *.domain).
                  If this option is not used, lectl searchs only for last 100
                  certificates. If the option is used it searches by default
                  for last 1000 certificates.
                  If you want to search for more or less certificates, append
                  the number after the option with no spaces (Ex: -m500). If
                  you specify a number, then the option must be specified
                  independently.
                  Wrong: lectl -seulm500 domain.tld
                  Good: lectl -seul -m500 domain.tld

 -p | --pre       [Default: true] shows only logged pre certs.

 -f | --final     [Default: true] shows only logged final certs.

Examples

lectl letsencryt.org
lectl -s -e -u -l -p letsencryt.org
lectl -seulmf letsencryt.org
lectl -lumsep letsencryt.org
lectl -su --extraline letsencryt.org
lectl -u letsencryt.org -esm --final
lectl -seulp -m500 letsencryt.org
...and so on