Dev Ops · n8n
Detect Rogue Certificates Issued for Your Domain
An unauthorized SSL certificate for your domain signals a possible compromise or phishing setup. Monitor Certificate Transparency logs and alert on any cert you didn't issue.
difficulty Advancedsetup 35 minresult Any unauthorized certificate for your domain surfaces within hours — impersonation and compromise get caught early.—
- 1
Monitor CT Logs
Add a
Schedule TriggerandHTTP Requestquerying CT logs for your domains. - 2
Compare to Known-Good
Add a
Codenode flagging certificates you didn't authorize. - 3
Alert on Rogues
Add a
Slacknode reporting unexpected certificates with their issuer. - 4
Track the Baseline
Update your known-good list as you issue legitimate certs.
- 5
Activate and Test
Activate the workflow with a test cert. Confirm unexpected ones flag.
Frequently asked questions
Why monitor CT logs?
A rogue cert is often the first visible sign of a domain compromise or a phishing clone — hours matter.
Subdomain coverage?
Monitor wildcards and subdomains too — attackers often target a forgotten subdomain.
About this recipe. Recipes on FlowRecipesHub are written for business owners, not developers, and are tested before publishing — how recipes get made. Some ingredient links are affiliate links that cost you nothing — full disclosure.