|
@mholt6 | |||||
|
Nice, I'd love to chat about an integration with Caddy 2 at some point. 👏
|
||||||
|
||||||
|
Andrew Ayer
@__agwa
|
20. stu |
|
ICYMI: last week I rolled out a HUGE upgrade to Cert Spotter. Now that the post-rollout craziness has subsided, let me tell you about my favorite new features... (1/9) twitter.com/SSLMate/status…
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
First: expiration monitoring! Cert Spotter now monitors every one of your domains and sub-domains found in CT logs and alerts you about expiring certificates - whether it's a forgotten manual certificate, or a broken automated certificate. (2/9) pic.twitter.com/ngOdiT0Dpe
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
If the endpoint is running a public HTTPS server, Cert Spotter checks the expiration date of the live certificate. Otherwise, it looks in CT logs to see if the certificate has been renewed. (Coming soon: monitoring for other installation errors, like missing intermediates.) (3/9)
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Second: say goodbye to alert fatigue! I know you're busy, so I only want to bother you when there's really a problem. If you trust some CAs, you can choose not to be alerted about their certificates. Trusting the 1-3 CAs that you use is WAY better than trusting all 100+. (4/9) pic.twitter.com/hzvYD5xkAo
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Or, if your issuance is automated, there's an API for telling Cert Spotter about your legitimate certificates so you won't be alerted about them. Imagine: plugins for Certbot, Caddy, etc. that automatically authorize all certs that they issue! sslmate.com/certspotter/wh… (5/9)
|
||
|
|
||
|
Andrew Ayer
@__agwa
|
20. stu |
|
Third: Cert Spotter now tells you who REALLY issued a certificate, and who you need to contact to get it revoked, which will reduce confusion and save you precious time responding to an unwanted certificate. (6/9) pic.twitter.com/SGBRJnpIX0
|
||
|
|
||