This is an old revision of the document!
What is certificate monitoring about?
Let's Encrypt automatically issues domain-validated (DV) certificates to websites by checking the URL's phishing status against the Google Safe Browsing API. Once issued, Let's Encrypt does not monitor the certificates or take any action afterward. Even if Google later flags the domain as malicious, Let's Encrypt will not revoke certificates. As a result, many phishing websites are secured with SSL certifcates spoofing the legitimate clients name. By monitoring the certificate logs, you can dedect if your organisations name gets spoofed on SSL certificates. the reason why this is possible is that Let’s Encrypt submits all of the certificates into a certificate transparency log. This is a mechanism designed to increase public transparency into the activities of CAs. The logs can be accessed by Kaduu.
