Self-Host

Run your own instance for production workloads

1. Run the Server

Docker

docker run -d -p 8080:8080 ghcr.io/reloading01/certstream-server-rust:latest

Server is now running at ws://localhost:8080

2. Connect

Python

import certstream

def callback(message, context):
    if message["message_type"] == "certificate_update":
        domains = message["data"]["leaf_cert"]["all_domains"]
        print(domains)

certstream.listen_for_events(callback, url="ws://localhost:8080/")

JavaScript

const ws = new WebSocket("ws://localhost:8080/");

ws.onmessage = (event) => {
    const data = JSON.parse(event.data);
    if (data.message_type === "certificate_update") {
        console.log(data.data.leaf_cert.all_domains);
    }
};

cURL

curl -N http://localhost:8080/sse

websocat

websocat ws://localhost:8080/

                            JavaScript
                            Domains-only stream
                        

const ws = new WebSocket("ws://localhost:8080/domains-only");

ws.onmessage = (event) => {
    const msg = JSON.parse(event.data);
    // msg.message_type === "dns_entries"
    // msg.data is a bare string array — no nested object
    if (msg.message_type === "dns_entries") {
        console.log(msg.data); // ["example.com", "www.example.com"]
    }
};

The /domains-only stream uses message_type: "dns_entries" and data is a bare string array. For SSE, use curl -N http://localhost:8080/sse?stream=domains.

3. Production Setup

                            Docker
                            With state persistence
                        

docker run -d \
  --name certstream \
  --restart unless-stopped \
  -p 8080:8080 \
  -v certstream-state:/data \
  -e CERTSTREAM_CT_LOG_STATE_FILE=/data/state.json \
  ghcr.io/reloading01/certstream-server-rust:latest

Certstream Quick Start Guide

Self-Host

1. Run the Server

2. Connect

3. Production Setup