Quickstart
CT Watch watches the public Certificate Transparency logs and tells you the moment a certificate is issued for something you care about. This page takes you from nothing to a live watch rule in a few minutes.
1. Search without an account
You don’t need to sign in to try a search. Head to the search page and type a domain:
example.comCT Watch answers from its local archive, and if it has nothing yet it lazily backfills from crt.sh and archives the result. Anonymous search is rate-limited — signing in lifts the cap and attributes the query to you.
2. Sign in
Sign-in is hosted by CT Watch itself (the site never sees your password). Click Sign in, create an account or log in on CT Watch’s pages, approve the consent screen, and you land on your dashboard. Set up two-factor while you’re there — TOTP, a passkey, or recovery codes — from Account & security.
3. Add a watch rule
On the dashboard, open Rules and add one:
- domain —
example.commatches the apex and its subdomains. - keyword —
acme-corpmatches that substring anywhere in a name.
From now on, CT Watch tails the logs and fires a webhook whenever a new certificate matches.
4. Point it at a webhook
Open Targets and add a URL CT Watch should call on a match. Each delivery is
signed (X-CT-Signature) so you can verify it came from CT Watch. See
webhooks for the payload shape and verification.
5. Or drive it from the terminal
Everything above works from the ctw CLI:
$ ctw login
$ ctw query example.com
$ ctw watch add example.com --kind domainThat’s the whole loop: search → watch → get alerted. Next, read the CLI reference or the search model.