diff --git a/monitor/discoveredcert.go b/monitor/discoveredcert.go
index f09c878..9b39be0 100644
--- a/monitor/discoveredcert.go
+++ b/monitor/discoveredcert.go
@@ -28,7 +28,7 @@ type discoveredCert struct {
 	Info         *certspotter.CertInfo
 	Chain        []ct.ASN1Cert // first entry is the leaf certificate or precertificate
 	TBSSHA256    [32]byte      // computed over Info.TBS.Raw
-	LeafSHA256   [32]byte      // computed over Chain[0]
+	SHA256       [32]byte      // computed over Chain[0]
 	PubkeySHA256 [32]byte      // computed over Info.TBS.PublicKey.FullBytes
 	Identifiers  *certspotter.Identifiers
 	CertPath     string // empty if not saved on the filesystem
@@ -52,7 +52,7 @@ func (cert *discoveredCert) pemChain() []byte {
 func (cert *discoveredCert) json() []byte {
 	object := map[string]any{
 		"tbs_sha256":    hex.EncodeToString(cert.TBSSHA256[:]),
-		"cert_sha256":   hex.EncodeToString(cert.LeafSHA256[:]),
+		"cert_sha256":   hex.EncodeToString(cert.SHA256[:]),
 		"pubkey_sha256": hex.EncodeToString(cert.PubkeySHA256[:]),
 		"issuer_der":    cert.Info.TBS.Issuer.FullBytes,
 		"subject_der":   cert.Info.TBS.Subject.FullBytes,
@@ -103,8 +103,8 @@ func (cert *discoveredCert) Environ() []string {
 		"ENTRY_INDEX=" + fmt.Sprint(cert.LogEntry.Index),
 		"WATCH_ITEM=" + cert.WatchItem.String(),
 		"TBS_SHA256=" + hex.EncodeToString(cert.TBSSHA256[:]),
-		"CERT_SHA256=" + hex.EncodeToString(cert.LeafSHA256[:]),
-		"FINGERPRINT=" + hex.EncodeToString(cert.LeafSHA256[:]), // backwards compat with pre-0.15.0; not documented
+		"CERT_SHA256=" + hex.EncodeToString(cert.SHA256[:]),
+		"FINGERPRINT=" + hex.EncodeToString(cert.SHA256[:]), // backwards compat with pre-0.15.0; not documented
 		"PUBKEY_SHA256=" + hex.EncodeToString(cert.PubkeySHA256[:]),
 		"PUBKEY_HASH=" + hex.EncodeToString(cert.PubkeySHA256[:]), // backwards compat with pre-0.15.0; not documented
 		"CERT_FILENAME=" + cert.CertPath,
@@ -150,7 +150,7 @@ func (cert *discoveredCert) Text() string {
 	text := new(strings.Builder)
 	writeField := func(name string, value any) { fmt.Fprintf(text, "\t%13s = %s\n", name, value) }
 
-	fmt.Fprintf(text, "%x:\n", cert.LeafSHA256)
+	fmt.Fprintf(text, "%x:\n", cert.SHA256)
 	for _, dnsName := range cert.Identifiers.DNSNames {
 		writeField("DNS Name", dnsName)
 	}
@@ -171,7 +171,7 @@ func (cert *discoveredCert) Text() string {
 		writeField("Not After", fmt.Sprintf("[unable to parse: %s]", cert.Info.ValidityParseError))
 	}
 	writeField("Log Entry", fmt.Sprintf("%d @ %s", cert.LogEntry.Index, cert.LogEntry.Log.URL))
-	writeField("crt.sh", "https://crt.sh/?sha256="+hex.EncodeToString(cert.LeafSHA256[:]))
+	writeField("crt.sh", "https://crt.sh/?sha256="+hex.EncodeToString(cert.SHA256[:]))
 	if cert.CertPath != "" {
 		writeField("Filename", cert.CertPath)
 	}
diff --git a/monitor/process.go b/monitor/process.go
index 7c76795..4b78ccf 100644
--- a/monitor/process.go
+++ b/monitor/process.go
@@ -103,14 +103,14 @@ func processCertificate(ctx context.Context, config *Config, entry *logEntry, ce
 		Info:         certInfo,
 		Chain:        chain,
 		TBSSHA256:    sha256.Sum256(certInfo.TBS.Raw),
-		LeafSHA256:   sha256.Sum256(chain[0]),
+		SHA256:       sha256.Sum256(chain[0]),
 		PubkeySHA256: sha256.Sum256(certInfo.TBS.PublicKey.FullBytes),
 		Identifiers:  identifiers,
 	}
 
 	var notifiedPath string
 	if config.SaveCerts {
-		hexFingerprint := hex.EncodeToString(cert.LeafSHA256[:])
+		hexFingerprint := hex.EncodeToString(cert.SHA256[:])
 		prefixPath := filepath.Join(config.StateDir, "certs", hexFingerprint[0:2])
 
 		for _, suffix := range []string{".notified", ".cert.pem", ".precert.pem"} {
@@ -120,7 +120,7 @@ func processCertificate(ctx context.Context, config *Config, entry *logEntry, ce
 		}
 
 		if err := os.Mkdir(prefixPath, 0777); err != nil && !errors.Is(err, fs.ErrExist) {
-			return fmt.Errorf("error creating directory in which to save certificate %x: %w", cert.LeafSHA256, err)
+			return fmt.Errorf("error creating directory in which to save certificate %x: %w", cert.SHA256, err)
 		}
 
 		notifiedPath = filepath.Join(prefixPath, "."+hexFingerprint+".notified")
@@ -129,19 +129,19 @@ func processCertificate(ctx context.Context, config *Config, entry *logEntry, ce
 		cert.TextPath = filepath.Join(prefixPath, hexFingerprint+".txt")
 
 		if err := cert.save(); err != nil {
-			return fmt.Errorf("error saving certificate %x: %w", cert.LeafSHA256, err)
+			return fmt.Errorf("error saving certificate %x: %w", cert.SHA256, err)
 		}
 	} else {
 		// TODO-4: save cert to temporary files, and defer their unlinking
 	}
 
 	if err := notify(ctx, config, cert); err != nil {
-		return fmt.Errorf("error notifying about discovered certificate for %s (%x): %w", cert.WatchItem, cert.LeafSHA256, err)
+		return fmt.Errorf("error notifying about discovered certificate for %s (%x): %w", cert.WatchItem, cert.SHA256, err)
 	}
 
 	if notifiedPath != "" {
 		if err := os.WriteFile(notifiedPath, nil, 0666); err != nil {
-			return fmt.Errorf("error saving certificate %x: %w", cert.LeafSHA256, err)
+			return fmt.Errorf("error saving certificate %x: %w", cert.SHA256, err)
 		}
 	}