crt.sh API — what works, what does not, what to use instead

Looking for the crt.sh API? There is not one — at least not officially. Here is what actually exists, what its limits are, and a fully documented REST alternative.

crt.sh does not have an official API

crt.sh is a single-instance PostgreSQL database fronted by a Perl CGI interface, maintained by Rob Stradling at Sectigo as a public good. There is no published API spec, no SDK, no rate-limit documentation, and no SLA. The closest thing to programmatic access is appending ?output=json to a search URL:

$ curl 'https://crt.sh/?q=example.com&output=json'
[{"issuer_ca_id": 16418, "issuer_name": "CN=Let's Encrypt R3, O=...", "common_name": "example.com", "name_value": "example.com\nwww.example.com", "id": 6735345729, ...}, ...]

This is unsupported, undocumented, and rate-limited to roughly 5 requests per minute per source IP. Heavy queries return empty results or 502 errors before timing out. The schema can change without notice.

Common crt.sh API workarounds

The community has built a long list of unofficial crt.sh API wrappers — Python (PaulSec/crt.sh, pycrtsh), Go (knqyf263/crtsh), a Steampipe plugin, a Rust crate, and dozens of one-off scrapers. They all hit the same upstream limits and break when crt.sh's HTML changes. None of them solve the rate-limit, the timeouts, or the lack of a stable contract.

Some teams run a self-hosted PostgreSQL replica of the CT log corpus to avoid the public crt.sh entirely. This works but costs hundreds of GB of storage, weeks of initial sync, and ongoing replication maintenance.

CT Radar API — a documented, stable REST alternative

CT Radar exposes the same Certificate Transparency data — indexed across 19 active CT logs — through a documented, key-authenticated REST endpoint. Free tier covers 100 searches per day; Pro and Enterprise lift quotas. Output is JSON by default and NDJSON via the CLI for streaming pipelines.

curl

$ curl -s -H "X-API-Key: $KEY" \
    "https://cert.imfht.com/api/search?q=example.com" \
  | jq '.results[].domain'

Go CLI

$ go install github.com/imfht/ct-radar@latest
$ export CT_RADAR_KEY=...
$ ct-radar example.com | httpx -silent | nuclei -t exposures/

Python

$ pip install ct-radar
$ ct-radar example.com --json | jq '.results[].domain'

Response shape

{
  "query": "example.com",
  "count": 23,
  "total": 487,
  "truncated": false,
  "results": [
    {
      "id": 287345672094,
      "domain": "api.example.com",
      "issuer": "Let's Encrypt R3",
      "fingerprint": "ab12cd34...",
      "valid_from": "2026-01-15T00:00:00Z",
      "valid_to": "2026-04-15T23:59:59Z"
    }
  ]
}

Get an API key

Sign in with GitHub. Free tier active immediately, no credit card.

Get API key →