Tracing Soon-to-Expire Federal .gov Certificates with CT Monitors

The US Government shutdown in December 2018 resulted in the expiration of TLS certificates on some .gov websites, highlighting a common issue on the internet - the usage of expired certificates and their erosion of trust. This situation emphasizes the importance of regularly updating and renewing these certificates to maintain website security and user trust. TechCrunch recently published a list of soon-to-expire certificates for .gov domains, using data from 18F, the federal government's digital services unit. Cloudflare's Certificate Transparency (CT) monitor, Merkle Town, is one example of a third-party tool that can help track expired .gov certificates. The Nitty-Gritty section explains how this process works and provides an example of unexpected misconfigurations found during the research. Automating certificate renewals is suggested as a solution to prevent expired certificates and misconfigured TLS in the future.