Let's Encrypt automatically issues domain-validated (DV) certificates to websites by checking the URL's phishing status against the Google Safe Browsing API. Once issued, Let's Encrypt does not monitor the certificates or take any action afterward. Even if Google later flags the domain as malicious, Let's Encrypt will not revoke certificates. As a result, many phishing websites are secured with SSL certifcates spoofing the legitimate clients name. By monitoring the certificate logs, you can dedect if your organisations name gets spoofed on SSL certificates. the reason why this is possible is that Let’s Encrypt submits all of the certificates into a certificate transparency log. This is a mechanism designed to increase public transparency into the activities of CAs. The logs can be accessed by Kaduu.

Setting up certificate monitoring is very simple. Navigate to the expert menu and click on certificates. You can enter a search term like "bank". Kaduu will show you all the results that contain the word "bank". If you want to get notified about new certificates containing the same word, you can go to alterts and setup your alert.