21Haz
Comparing ACME client logs against Certificate Transparency logs
Inspired by this comment from Can DDNS provider perform a MITM attack?, I was wondering if there is an automated way to check the Certificate Transparency logs for malicious/unexpected certificates.
For example, if I run some ACME client on my Linux server (to automatically get certificates from Let's Encrypt), can I install a tool to automatically compare the public CT logs with the log files from my ACME client, to find published certificates that were not requested by my server? And would that actually be a useful way to detect e.g. MITM attacks from my DNS provider?
