Quick start
Your own CT stream, in three steps.
Run a certificate transparency streaming server and start receiving certificates in seconds.
Step 01
Run the server
Docker
docker run -d -p 8080:8080 ghcr.io/reloading01/certstream-server-rust:latest
The server is now streaming at ws://localhost:8080.
Step 02
Connect
Python
import certstream
def callback(message, context):
if message["message_type"] == "certificate_update":
domains = message["data"]["leaf_cert"]["all_domains"]
print(domains)
certstream.listen_for_events(callback, url="ws://localhost:8080/")
JavaScript
const ws = new WebSocket("ws://localhost:8080/");
ws.onmessage = (event) => {
const data = JSON.parse(event.data);
if (data.message_type === "certificate_update") {
console.log(data.data.leaf_cert.all_domains);
}
};
cURL
SSE
curl -N http://localhost:8080/sse
websocat
websocat ws://localhost:8080/
JavaScript
domains-only
const ws = new WebSocket("ws://localhost:8080/domains-only");
ws.onmessage = (event) => {
const msg = JSON.parse(event.data);
// msg.message_type === "dns_entries"
// msg.data is a bare string array — no nested object
if (msg.message_type === "dns_entries") {
console.log(msg.data); // ["example.com", "www.example.com"]
}
};
The /domains-only stream uses message_type: "dns_entries" and its data
is a bare string array. For SSE, use curl -N http://localhost:8080/sse?stream=domains.
Step 03
Production setup
Docker
with state persistence
docker run -d \ --name certstream \ --restart unless-stopped \ -p 8080:8080 \ -v certstream-state:/data \ -e CERTSTREAM_CT_LOG_STATE_FILE=/data/state.json \ ghcr.io/reloading01/certstream-server-rust:latest
See the API documentation for the full configuration reference.