Certi is a python based SSL Transparency log monitoring tool that helps you keep tracking your issued certificates.
APACHE-2.0 License
Certi is a python based SSL Transparency log monitoring tool that helps you keep tracking your issued certificates.
Certificate logs are append-only ledgers of certificates. Because they're distributed and independent, anyone can query them to see what certificates have been included and when. Because they're append-only, they are verifiable by Monitors. Organisations and individuals with the technical skills and capacity can run a log.
Thanks to CT, domain owners, browsers, academics, and other interested people can analyse and monitor logs. Theyre able to see which CAs have issued which certificates, when, and for which domains.
Certi is using sslmate search API. The free API account has the following limitations:
A single-hostname query is a query which returns certificates for a single specific hostname. (The include_subdomains parameter is false.)
A full-domain query is a query which returns certificates for all descendant sub-domains of the queried domain. (The include_subdomains parameter is true.)
The section identifies all of the services supported by this library. Check out the wiki for more information on the supported modules here.
The table below identifies the services this tool supports and some example service urls you need to use in order to take advantage of it. Click on any of the services listed below to get more details on how you can configure Apprise to access them.
Notification Service | Service ID | Default Port | Example Syntax |
---|---|---|---|
Apprise API | apprise:// or apprises:// | (TCP) 80 or 443 | apprise://hostname/Token |
AWS SES | ses:// | (TCP) 443 | ses://user@domain/AccessKeyID/AccessSecretKey/RegionNameses://user@domain/AccessKeyID/AccessSecretKey/RegionName/email1/email2/emailN |
Boxcar | boxcar:// | (TCP) 443 | boxcar://hostnameboxcar://hostname/@tagboxcar://hostname/device_tokenboxcar://hostname/device_token1/device_token2/device_tokenNboxcar://hostname/@tag/@tag2/device_token |
Discord | discord:// | (TCP) 443 | discord://webhook_id/webhook_tokendiscord://avatar@webhook_id/webhook_token |
Emby | emby:// or embys:// | (TCP) 8096 | emby://user@hostname/emby://user:password@hostname |
Enigma2 | enigma2:// or enigma2s:// | (TCP) 80 or 443 | enigma2://hostname |
Faast | faast:// | (TCP) 443 | faast://authorizationtoken |
FCM | fcm:// | (TCP) 443 | fcm://project@apikey/DEVICE_IDfcm://project@apikey/#TOPICfcm://project@apikey/DEVICE_ID1/#topic1/#topic2/DEVICE_ID2/ |
Flock | flock:// | (TCP) 443 | flock://tokenflock://botname@tokenflock://app_token/u:useridflock://app_token/g:channel_idflock://app_token/u:userid/g:channel_id |
Gitter | gitter:// | (TCP) 443 | gitter://token/roomgitter://token/room1/room2/roomN |
Google Chat | gchat:// | (TCP) 443 | gchat://workspace/key/token |
Gotify | gotify:// or gotifys:// | (TCP) 80 or 443 | gotify://hostname/tokengotifys://hostname/token?priority=high |
Growl | growl:// | (UDP) 23053 | growl://hostnamegrowl://hostname:portnogrowl://password@hostnamegrowl://password@hostname:portNote: you can also use the get parameter version which can allow the growl request to behave using the older v1.x protocol. An example would look like: growl://hostname?version=1 |
Home Assistant | hassio:// or hassios:// | (TCP) 8123 or 443 | hassio://hostname/accesstokenhassio://user@hostname/accesstokenhassio://user:password@hostname:port/accesstokenhassio://hostname/optional/path/accesstoken |
IFTTT | ifttt:// | (TCP) 443 | ifttt://webhooksID/Eventifttt://webhooksID/Event1/Event2/EventNifttt://webhooksID/Event1/?+Key=Valueifttt://webhooksID/Event1/?-Key=value1 |
Join | join:// | (TCP) 443 | join://apikey/devicejoin://apikey/device1/device2/deviceN/join://apikey/groupjoin://apikey/groupA/groupB/groupNjoin://apikey/DeviceA/groupA/groupN/DeviceN/ |
KODI | kodi:// or kodis:// | (TCP) 8080 or 443 | kodi://hostnamekodi://user@hostnamekodi://user:password@hostname:port |
Kumulos | kumulos:// | (TCP) 443 | kumulos://apikey/serverkey |
LaMetric Time | lametric:// | (TCP) 443 | lametric://apikey@device_ipaddrlametric://apikey@hostname:portlametric://client_id@client_secret |
Mailgun | mailgun:// | (TCP) 443 | mailgun://user@hostname/apikeymailgun://user@hostname/apikey/emailmailgun://user@hostname/apikey/email1/email2/emailNmailgun://user@hostname/apikey/?name="From%20User" |
Matrix | matrix:// or matrixs:// | (TCP) 80 or 443 | matrix://hostnamematrix://user@hostnamematrixs://user:pass@hostname:port/#room_aliasmatrixs://user:pass@hostname:port/!room_idmatrixs://user:pass@hostname:port/#room_alias/!room_id/#room2matrixs://token@hostname:port/?webhook=matrixmatrix://user:token@hostname/?webhook=slack&format=markdown |
Mattermost | mmost:// or mmosts:// | (TCP) 8065 | mmost://hostname/authkeymmost://hostname:80/authkeymmost://user@hostname:80/authkeymmost://hostname/authkey?channel=channelmmosts://hostname/authkeymmosts://user@hostname/authkey |
Microsoft Teams | msteams:// | (TCP) 443 | msteams://TokenA/TokenB/TokenC/ |
MQTT | mqtt:// or mqtts:// | (TCP) 1883 or 8883 | mqtt://hostname/topicmqtt://user@hostname/topicmqtts://user:pass@hostname:9883/topic |
Nextcloud | ncloud:// or nclouds:// | (TCP) 80 or 443 | ncloud://adminuser:pass@host/Usernclouds://adminuser:pass@host/User1/User2/UserN |
NextcloudTalk | nctalk:// or nctalks:// | (TCP) 80 or 443 | nctalk://user:pass@host/RoomIdnctalks://user:pass@host/RoomId1/RoomId2/RoomIdN |
Notica | notica:// | (TCP) 443 | notica://Token/ |
Notifico | notifico:// | (TCP) 443 | notifico://ProjectID/MessageHook/ |
Office 365 | o365:// | (TCP) 443 | o365://TenantID:AccountEmail/ClientID/ClientSecreto365://TenantID:AccountEmail/ClientID/ClientSecret/TargetEmailo365://TenantID:AccountEmail/ClientID/ClientSecret/TargetEmail1/TargetEmail2/TargetEmailN |
OneSignal | onesignal:// | (TCP) 443 | onesignal://AppID@APIKey/PlayerIDonesignal://TemplateID:AppID@APIKey/UserIDonesignal://AppID@APIKey/#IncludeSegmentonesignal://AppID@APIKey/Email |
Opsgenie | opsgenie:// | (TCP) 443 | opsgenie://APIKeyopsgenie://APIKey/UserIDopsgenie://APIKey/#Teamopsgenie://APIKey/*Scheduleopsgenie://APIKey/^Escalation |
ParsePlatform | parsep:// or parseps:// | (TCP) 80 or 443 | parsep://AppID:MasterKey@Hostnameparseps://AppID:MasterKey@Hostname |
PopcornNotify | popcorn:// | (TCP) 443 | popcorn://ApiKey/ToPhoneNopopcorn://ApiKey/ToPhoneNo1/ToPhoneNo2/ToPhoneNoN/popcorn://ApiKey/ToEmailpopcorn://ApiKey/ToEmail1/ToEmail2/ToEmailN/popcorn://ApiKey/ToPhoneNo1/ToEmail1/ToPhoneNoN/ToEmailN |
Prowl | prowl:// | (TCP) 443 | prowl://apikeyprowl://apikey/providerkey |
PushBullet | pbul:// | (TCP) 443 | pbul://accesstokenpbul://accesstoken/#channelpbul://accesstoken/A_DEVICE_IDpbul://accesstoken/[email protected]pbul://accesstoken/#channel/#channel2/[email protected]/DEVICE |
Pushjet | pjet:// or pjets:// | (TCP) 80 or 443 | pjet://hostname/secretpjet://hostname:port/secretpjets://secret@hostname/secretpjets://hostname:port/secret |
Push (Techulus) | push:// | (TCP) 443 | push://apikey/ |
Pushed | pushed:// | (TCP) 443 | pushed://appkey/appsecret/pushed://appkey/appsecret/#ChannelAliaspushed://appkey/appsecret/#ChannelAlias1/#ChannelAlias2/#ChannelAliasNpushed://appkey/appsecret/@UserPushedIDpushed://appkey/appsecret/@UserPushedID1/@UserPushedID2/@UserPushedIDN |
Pushover | pover:// | (TCP) 443 | pover://user@tokenpover://user@token/DEVICEpover://user@token/DEVICE1/DEVICE2/DEVICENNote: you must specify both your user_id and token |
PushSafer | psafer:// or psafers:// | (TCP) 80 or 443 | psafer://privatekeypsafers://privatekey/DEVICEpsafer://privatekey/DEVICE1/DEVICE2/DEVICEN |
reddit:// | (TCP) 443 | reddit://user:password@app_id/app_secret/subredditreddit://user:password@app_id/app_secret/sub1/sub2/subN | |
Rocket.Chat | rocket:// or rockets:// | (TCP) 80 or 443 | rocket://user:password@hostname/RoomID/Channelrockets://user:password@hostname:443/#Channel1/#Channel1/RoomIDrocket://user:password@hostname/#Channelrocket://webhook@hostnamerockets://webhook@hostname/@User/#Channel |
Ryver | ryver:// | (TCP) 443 | ryver://Organization/Tokenryver://botname@Organization/Token |
SendGrid | sendgrid:// | (TCP) 443 | sendgrid://APIToken:FromEmail/sendgrid://APIToken:FromEmail/ToEmailsendgrid://APIToken:FromEmail/ToEmail1/ToEmail2/ToEmailN/ |
ServerChan | serverchan:// | (TCP) 443 | serverchan://token/ |
SimplePush | spush:// | (TCP) 443 | spush://apikeyspush://salt:password@apikeyspush://apikey?event=Apprise |
Slack | slack:// | (TCP) 443 | slack://TokenA/TokenB/TokenC/slack://TokenA/TokenB/TokenC/Channelslack://botname@TokenA/TokenB/TokenC/Channelslack://user@TokenA/TokenB/TokenC/Channel1/Channel2/ChannelN |
SMTP2Go | smtp2go:// | (TCP) 443 | smtp2go://user@hostname/apikeysmtp2go://user@hostname/apikey/emailsmtp2go://user@hostname/apikey/email1/email2/emailNsmtp2go://user@hostname/apikey/?name="From%20User" |
Streamlabs | strmlabs:// | (TCP) 443 | strmlabs://AccessToken/strmlabs://AccessToken/?name=name&identifier=identifier&amount=0¤cy=USD |
SparkPost | sparkpost:// | (TCP) 443 | sparkpost://user@hostname/apikeysparkpost://user@hostname/apikey/emailsparkpost://user@hostname/apikey/email1/email2/emailNsparkpost://user@hostname/apikey/?name="From%20User" |
Spontit | spontit:// | (TCP) 443 | spontit://UserID@APIKey/spontit://UserID@APIKey/Channelspontit://UserID@APIKey/Channel1/Channel2/ChannelN |
Syslog | syslog:// | (UDP) 514 (if hostname specified) | syslog://syslog://Facilitysyslog://hostnamesyslog://hostname/Facility |
Telegram | tgram:// | (TCP) 443 | tgram://bottoken/ChatIDtgram://bottoken/ChatID1/ChatID2/ChatIDN |
twitter:// | (TCP) 443 | twitter://CKey/CSecret/AKey/ASecrettwitter://user@CKey/CSecret/AKey/ASecrettwitter://CKey/CSecret/AKey/ASecret/User1/User2/User2twitter://CKey/CSecret/AKey/ASecret?mode=tweet | |
Twist | twist:// | (TCP) 443 | twist://pasword:logintwist://password:login/#channeltwist://password:login/#team:channeltwist://password:login/#team:channel1/channel2/#team3:channel |
XBMC | xbmc:// or xbmcs:// | (TCP) 8080 or 443 | xbmc://hostnamexbmc://user@hostnamexbmc://user:password@hostname:port |
XMPP | xmpp:// or xmpps:// | (TCP) 5222 or 5223 | xmpp://user:password@hostnamexmpps://user:password@hostname:port?jid=user@hostname/resourcexmpps://user:password@hostname/target@myhost, target2@myhost/resource |
Webex Teams (Cisco) | wxteams:// | (TCP) 443 | wxteams://Token |
Zulip Chat | zulip:// | (TCP) 443 | zulip://botname@Organization/Tokenzulip://botname@Organization/Token/Streamzulip://botname@Organization/Token/Email |
Certi is a docker based application that can be installed using docker compose:
version: "3.6"
services:
certi:
image: techblog/certi
container_name: certi
restart: always
ports:
- "8081:8081"
environment:
- API_KEY=
- SLEEP_TIME=
- NOTIFIERS=
- LOG_LEVEL=
volumes:
- ./data:/opt/certi/db
In order to prevent data loss, it's recomended to mount a volume for the application Database. "/opt/certi/db" is the path inside the container where the sqlite db is located. it will be created automatically upon application startup.
Certi has a managment api for the domains and certificates. by default the port is set to 8081.
Certi has a small REST API endpoint created for easy managment. by default the port is set to to 8081. Swagger documentation can be accessed by adding "/docs" to the end of the url [http://docker:8081/docs].
The api have the following endpoints: