Dev Ops · n8n

Detect Rogue Certificates Issued for Your Domain

An unauthorized SSL certificate for your domain signals a possible compromise or phishing setup. Monitor Certificate Transparency logs and alert on any cert you didn't issue.

difficulty Advancedsetup 35 minresult Any unauthorized certificate for your domain surfaces within hours — impersonation and compromise get caught early.
  1. 1

    Monitor CT Logs

    Add a Schedule Trigger and HTTP Request querying CT logs for your domains.

  2. 2

    Compare to Known-Good

    Add a Code node flagging certificates you didn't authorize.

  3. 3

    Alert on Rogues

    Add a Slack node reporting unexpected certificates with their issuer.

  4. 4

    Track the Baseline

    Update your known-good list as you issue legitimate certs.

  5. 5

    Activate and Test

    Activate the workflow with a test cert. Confirm unexpected ones flag.

Frequently asked questions

Why monitor CT logs?

A rogue cert is often the first visible sign of a domain compromise or a phishing clone — hours matter.

Subdomain coverage?

Monitor wildcards and subdomains too — attackers often target a forgotten subdomain.

About this recipe. Recipes on FlowRecipesHub are written for business owners, not developers, and are tested before publishing — how recipes get made. Some ingredient links are affiliate links that cost you nothing — full disclosure.