crl-monitor

CRL-Monitor monitors CRLs

Architecture Diagram

sequenceDiagram
  participant churn as Certificate Churner<br />Lambda
  participant ca as Let's Encrypt<br />Certification Authority
  participant ddb as Pending Certificates<br />DynamoDB
  participant s3 as CRL Storage<br />S3 Bucket
  participant checker as CRL Checker<br />Lambda

  loop timer
    activate churn
    churn->>ca: Issue certificate
    churn->>ca: Revoke certificate
    churn->>ddb: Store certificate metadata
    ddb->>churn: Get previous revoked serials
    Note over churn: Alert if any<br />expected serials missed<br />inclusion deadline
    deactivate churn
  end

  loop New CRL
    ca->>s3: Publish CRL Shard
    activate checker
    s3->>checker: S3 Event
    checker->>s3: Read current CRL
    checker->>s3: Read previous CRL
    Note over checker: Alert if CRL<br />fails linting
    loop random selection of serials
      checker->>ca: Get Certificate
    end
    Note over checker: Alert if CRL had<br />serials leave early
    checker->>ddb: Get revoked serials
    checker->>ddb: Delete seen serials
    deactivate checker
  end

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
.github		.github
checker		checker
churner		churner
cmd		cmd
db		db
lambda		lambda
storage		storage
.gitignore		.gitignore
.golangci.yaml		.golangci.yaml
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
LICENSE		LICENSE
README.md		README.md
build-release.sh		build-release.sh
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

crl-monitor

Architecture Diagram

About

Releases 6

Packages

Contributors 2

Languages

License

letsencrypt/crl-monitor

Folders and files

Latest commit

History

Repository files navigation

crl-monitor

Architecture Diagram

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases 6

Packages 0

Contributors 2

Languages

Packages