{"id":18868259,"url":"https://github.com/letsencrypt/ct-log-metadata","last_synced_at":"2025-04-14T14:31:48.736Z","repository":{"id":41154362,"uuid":"499320737","full_name":"letsencrypt/ct-log-metadata","owner":"letsencrypt","description":"Metadata regarding Let's Encrypt's Certificate Transparency Logs","archived":false,"fork":false,"pushed_at":"2024-10-22T02:18:30.000Z","size":1821,"stargazers_count":9,"open_issues_count":4,"forks_count":8,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-03-28T03:51:13.266Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/letsencrypt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-02T23:28:57.000Z","updated_at":"2024-12-01T00:43:35.000Z","dependencies_parsed_at":"2024-10-23T00:18:02.798Z","dependency_job_id":null,"html_url":"https://github.com/letsencrypt/ct-log-metadata","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fct-log-metadata","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fct-log-metadata/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fct-log-metadata/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/letsencrypt%2Fct-log-metadata/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/letsencrypt","download_url":"https://codeload.github.com/letsencrypt/ct-log-metadata/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248897210,"owners_count":21179557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T05:13:16.163Z","updated_at":"2025-04-14T14:31:46.883Z","avatar_url":"https://github.com/letsencrypt.png","language":"Python","readme":"# Let's Encrypt Certificate Transparency Logs\n\nThis repository contains all Root Certificate Authorities from whom [Let's Encrypt's Certificate Transparency Logs](https://letsencrypt.org/docs/ct-logs/) accept leaf certificates.\n\nLet's Encrypt operates two publicly-accessible [Certificate Transparency](https://www.certificate-transparency.org/what-is-ct) logs:\n* **Oak**\n* **Sapling**\n\n## Oak\n\nOak is a production log, containing only certificates which are trusted by the [Mozilla Root Program](https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/).\n\n## Sapling\n\nSapling is a preproduction log, intended for certificates which are not publicly trusted, but which are issued by Certificate Authorities who either issue or are expected to issue publicly trusted certificates. In other words, Sapling is used by trusted Certificate Authorities in their testing infrastructures.\n\n## Testflume\n\n[Testflume no longer exists](https://groups.google.com/a/chromium.org/g/ct-policy/c/CLBlt5rSsAk) and has been replaced by the Sapling test log.\n\n## ct-test-srv\n\nThe [Boulder](https://github.com/letsencrypt/boulder/tree/main/test/ct-test-srv) codebase contains a piece of software named `ct-test-srv` which  implements RFC6962 `add-chain` and `add-pre-chain` endpoints. This software is sufficient for development and other testing environments. It does not persist data.\n\n# Submitting a CA root for inclusion\n\nCreate a [New Issue](https://github.com/letsencrypt/ct-log-metadata/issues/new/choose) and fill out the provided template. All communication will be performed via responses to your Github Issue. Upon approval, Let's Encrypt staff will create a Pull Request to include your certificates and update our Certificate Transparency logs.\n\n# What roots does a log contain?\n\nCalling the `get-roots` endpoint for a [Trillian](https://github.com/google/trillian) backed log will return a JSON structure containing each root as base64 encoded DER.\n\nExample retrieving all the roots from a CT log and viewing certificate content:\n```\ncounter=1\nfor root in $(curl -sL https://oak.ct.letsencrypt.org/2023/ct/v1/get-roots | jq -r '.certificates[]'); do\n    echo -n \"${root}\" | base64 -d \u003e /tmp/${counter}.crt\n    counter=$((counter+1))\ndone\n\nopenssl x509 -inform DER -in /tmp/${counter}.crt -noout -issuer -serial\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fletsencrypt%2Fct-log-metadata","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fletsencrypt%2Fct-log-metadata","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fletsencrypt%2Fct-log-metadata/lists"}