Everyone can see my domains at https://crt.sh/
DNS records
Creating a new subdomain and issuing a cert shows up in https://crt.sh/ is there a way to hide it with a wildcard cert?
When you create a new subdomain and issue a certificate for it, it will likely show up in public certificate transparency logs. This is part of the security and transparency mechanism.
Wildcard do help secure multiple subdomains, but they don’t inherently hide these subdomains from certificate transparency logs and public service such as crt.sh.
If you’re considering to block access to crt.sh by their IP’s or ASN using Cloudflare WAF, I am afraid it won’t prevent the certificate information from being logged in the first place.
The logs are maintained by multiple public log servers, and they store information about issued certificates. When a certificate is issued, it is logged in these transparency logs and made available publicly, often including the domain name, issuer, and the certificate details.
I know wildcard will not deny access, but it will still hide it. How can I make it work? I tried but it seems like I am not doing it right in the DNS settings of CF.
How are you doing this exactly?
I added an Edge certificate that is a wildcard like *.mydomain.com
Is there anything else I need to do? or a feature I need to buy in CF for it to work?