I know about things like https://crt.sh but how could you be notified about something like this? Is there some service that allows you to be alerted whenever a new certificate is generated for a domain?
"Certificate Transparencyis an open framework which helps log, audit and monitor publicly-trusted TLS certificates on the Internet. This tool lets you search for certificates issued for a given domain and subscribe to notifications from Facebook regarding new certificates and potential phishing attacks."
You can set up your own certificate transparency listener, and get notified of every certificate created, in realtime, assuming you can handle the load. In my company we do this to scan new domains for potential phishing domains, to take them down before they become active.
The amount of json you get from it it terrifying. If you do play, I found when piping though jq it could not keep on on my machine, but a jq clone called jaq handled it with no problem.
There is free service called Certstream [0]. It does not provide notifications, you need to ingest the stream, look for the patterns of interest to you and handle notifications by yourself. But it's fairly easy and the service is commonly used by security teams.
"Certificate Transparencyis an open framework which helps log, audit and monitor publicly-trusted TLS certificates on the Internet. This tool lets you search for certificates issued for a given domain and subscribe to notifications from Facebook regarding new certificates and potential phishing attacks."
https://developers.facebook.com/tools/ct/search/