ctail

Tail a Static CT log, printing a one-liner per new certificate or precertificate as it arrives.

Install

GOPRIVATE=git.ipng.ch go install git.ipng.ch/certificate-transparency/ctfetch/cmd/ctail@latest

Usage

ctail [flags] <log-url>

Example:

ctail https://halloumi2026h1.mon.ct.ipng.ch

By default ctail starts at the current tree tip and prints new entries as they appear. Use --from-leaf 0 to replay from the beginning.

Output format

One line per entry:

 leaf-index  type  validity-range            issuer (up to 40 chars)          subject name

Example:

1440154358 cert  2026-03-31..2026-06-29  Let's Encrypt R13                bereavementcounselling.uk
1440154359 pre   2026-03-31..2026-06-29  ZeroSSL ECC Domain Secured Ce... alpenglowforeverfilms.com

type: cert for a final certificate, pre for a precertificate
issuer: CommonName, prefixed with the organisation name when the CN alone is terse (e.g. R13 → Let's Encrypt R13)
subject name: first DNS SAN, falling back to the certificate's CommonName

Flags

Flag	Default	Description
`--interval`	`15s`	How often to poll the checkpoint (minimum 1s)
`--from-leaf`	`-1`	Start from this leaf index; `-1` means current tree tip
`--rate-limit`	`2s`	Minimum time between HTTP requests (minimum 100ms)
`--user-agent`	`ctail/VERSION (https://git.ipng.ch/certificate-transparency/)`	User-Agent header sent with every request

Notes

The interval timer starts when the checkpoint is fetched, so tile-fetch time counts against the interval and the next poll stays on schedule.
A tile is only fetched once the checkpoint confirms it is complete (256 entries). This avoids unnecessary 404s at the tree tip.
Status and error messages go to stderr; the entry one-liners go to stdout.

1.9 KiB Raw Blame History