Ignisfox
Tool

Certificate Transparency log search

Every publicly-trusted SSL certificate must be logged to Certificate Transparency. Paste a domain below to see every cert ever issued for it — useful for catching certs you didn't know existed.

Bare hostname. We search the domain and its subdomains across every public Certificate Transparency log.

Why this matters

If an attacker (or a rogue CA) issues a cert for your domain, it has to appear in CT logs within minutes — or Chrome / Safari / Firefox won't trust it. Scanning the logs is the fastest way to spot an unauthorized cert before it's actually used to phish your users.

What it covers

Every public CT log — Let's Encrypt, DigiCert, GoDaddy, Sectigo, Entrust, Cloudflare, and every other CA that logs to the public network. Not covered: private enterprise PKI (self-signed + internal CA certs that never hit the public logs).