Check DNS, Urls + Redirects, Certificates and Content of your Website



M

Misconfiguration - http-status 400 - 499

Checked:
09.08.2019 16:04:27


Older results


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
wp.pl


yes
9
9
www.wp.pl
A
212.77.98.9
Gdańsk/Pomerania/Poland (PL) - Wirtualna Polska Media S.A.
Hostname: www.wp.pl
yes
1
0

AAAA

yes


wp.pl
A
212.77.98.9
Gdańsk/Pomerania/Poland (PL) - Wirtualna Polska Media S.A.
No Hostname found
no



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 59944, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.08.2019, 00:00:00 +, Signature-Inception: 31.07.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: pl
pl
1 DS RR in the parent zone found



1 RRSIG RR to validate DS RR found



RRSIG-Owner pl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.08.2019, 05:00:00 +, Signature-Inception: 09.08.2019, 04:00:00 +, KeyTag 59944, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone



4 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 24243, Flags 256



Public Key with Algorithm 8, KeyTag 25412, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 39175, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 44893, Flags 256



3 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner pl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 07.09.2019, 12:00:00 +, Signature-Inception: 08.08.2019, 12:00:00 +, KeyTag 25412, Signer-Name: pl



RRSIG-Owner pl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 07.09.2019, 12:00:00 +, Signature-Inception: 08.08.2019, 12:00:00 +, KeyTag 39175, Signer-Name: pl



RRSIG-Owner pl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 07.09.2019, 12:00:00 +, Signature-Inception: 08.08.2019, 12:00:00 +, KeyTag 44893, Signer-Name: pl



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25412 used to validate the DNSKEY RRSet



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39175 used to validate the DNSKEY RRSet



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 44893 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 39175, DigestType 2 and Digest "B5M1Z3oGofQ1SbgcRAoeqMynU4ygz/ez8sQ+rtvFD8s=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: wp.pl
wp.pl
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "aa7hedjhtlkrj6abcbhbuosdj06eha31" between the hashed NSEC3-owner "aa799gap5u21075aqbqcjnallns92jcf" and the hashed NextOwner "aa7mu517nean0urq00rp73hdpad3ep9u". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner aa799gap5u21075aqbqcjnallns92jcf.pl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 07.09.2019, 12:00:00 +, Signature-Inception: 08.08.2019, 12:00:00 +, KeyTag 44893, Signer-Name: pl

Zone: www.wp.pl
www.wp.pl
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
www.wp.pl
  ns1.task.gda.pl


  ns1.wp.pl


  ns2.wp.pl

wp.pl
 

pl
  a-dns.pl / Polish ccTLD infrustructure


  b-dns.pl / b-decix


  c-dns.pl


  d-dns.pl / Polish ccTLD infrustructure


  e-dns.pl / Polish ccTLD infrastructure


  f-dns.pl


  g-dns.pl


T  h-dns.pl


  i-dns.pl


4. SOA-Entries


Domain:pl
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:pl
Zone-Name:
Primary:a-dns.pl
Mail:dnsmaster.nask.pl
Serial:1565330498
Refresh:900
Retry:300
Expire:2592000
TTL:3600
num Entries:8


Domain:wp.pl
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:www.wp.pl
Zone-Name:
Primary:ns1.wp.pl
Mail:dnsmaster.wp-sa.pl
Serial:2019080201
Refresh:900
Retry:600
Expire:86400
TTL:3600
num Entries:3


5. Screenshots

Startaddress: https://www.wp.pl, address used: https://www.wp.pl/, Screenshot created 2020-05-30 17:01:01 +00:0

Mobil (412px x 732px)

829 milliseconds

Screenshot mobile - https://www.wp.pl/
Mobil + Landscape (732px x 412px)

836 milliseconds

Screenshot mobile landscape - https://www.wp.pl/
Screen (1280px x 1680px)

1643 milliseconds

Screenshot Desktop - https://www.wp.pl/

Mobile- and other Chrome-Checks

widthheight
visual Viewport412732
content Size00

Chrome-Connection: secure. secure connection settings. The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_128_GCM.

Chrome-Resources : secure. all served securely. All resources on this page are served securely.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://wp.pl/
212.77.98.9
301
http://www.wp.pl/
0.050
D
Server: nginx
Date: Fri, 09 Aug 2019 14:06:01 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: http://www.wp.pl/

• http://www.wp.pl/
212.77.98.9
301
https://www.wp.pl/
0.050
A
Server: nginx
Date: Fri, 09 Aug 2019 14:06:01 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.wp.pl/

• https://wp.pl/
212.77.98.9
301
https://www.wp.pl/
3.180
B
Server: nginx
Date: Fri, 09 Aug 2019 14:06:04 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.wp.pl/

• https://www.wp.pl/
212.77.98.9
400

3.270
M
Bad Request
Server: nginx
Date: Fri, 09 Aug 2019 14:06:01 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 31
Connection: close
Cache-Control: private, no-store, no-cache
Set-Cookie: sgv=1565359561; Path=/; Domain=wp.pl; Expires=2020-08-08 16:06:01
X-Content-Type-Options: nosniff

• http://wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
212.77.98.9
301
http://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.050
D
Visible Content:
Server: nginx
Date: Fri, 09 Aug 2019 14:06:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: http://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• http://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
212.77.98.9
301
https://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.050
A
Visible Content:
Server: nginx
Date: Fri, 09 Aug 2019 14:06:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• https://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

301
http://www.wp.pl/
3.177
F
Visible Content:
Server: nginx
Date: Fri, 09 Aug 2019 14:06:08 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: http://www.wp.pl/
X-AB-Test: __notest
X-Request-Id: 27571f4c9a6875a55c47a38ed4a77b28
Set-Cookie: STabid=27571f4c9a6875a55c47a38ed4a77b28:1565359568.434:v1; Path=/; Domain=www.wp.pl; Expires=2020-08-08 16:06:09,STabnoid=1; Path=/; Domain=www.wp.pl

7. Comments


1. General Results, most used to calculate the result

Aname "wp.pl" is domain, public suffix is "pl", top-level-domain-type is "country-code", Country is Poland, tld-manager is "Research and Academic Computer Network"
Agood: All ip addresses are public addresses
Ahttp://www.wp.pl/ 212.77.98.9
301
https://www.wp.pl/
correct redirect http - https with the same domain name
Bhttps://wp.pl/ 212.77.98.9
301

Missing HSTS-Header
CError - no version with Http-Status 200
Dhttp://wp.pl/ 212.77.98.9
301
http://www.wp.pl/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 212.77.98.9
301
http://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Fhttps://www.wp.pl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
301
http://www.wp.pl/
wrong redirect https - http - never redirect https to http
Hfatal error: No https - result with http-status 200, no encryption
Mhttps://www.wp.pl/ 212.77.98.9
400

Misconfiguration - main pages should never send http status 400 - 499

2. DNS- and NameServer - Checks

AGood: Nameserver supports TCP connections: 9 good Nameserver
XNameserver Timeout checking Echo Capitalization: h-dns.pl
XNameserver Timeout checking EDNS512: h-dns.pl

Nameserver doesn't pass all EDNS-Checks: h-dns.pl: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: ok. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

3. Content- and Performance-critical Checks

AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 115427 milliseconds, 115.427 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
wp.pl
212.77.98.9
443
ok
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
supported
ok
wp.pl
212.77.98.9
443
ok
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
supported
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)
1CN=*.wp.pl

2CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US


www.wp.pl
212.77.98.9
443
ok
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
supported
ok

www.wp.pl
212.77.98.9
443
ok
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
supported
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)
1CN=*.wp.pl

2CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US


www.wp.pl
www.wp.pl
443
ok
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
supported
ok

www.wp.pl
www.wp.pl
443
ok
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
supported
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)
1CN=*.wp.pl

2CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US


9. Certificates

1.
1.
CN=*.wp.pl
24.12.2018
22.02.2020
212 days expired
*.wp.pl, wp.pl - 2 entries
1.
1.
CN=*.wp.pl
24.12.2018

22.02.2020
212 days expired
*.wp.pl, wp.pl - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0E950B9D53CE5960F49A9EF03820D2B0
Thumbprint:B3B49A0670EC19C3138DF8F7E2C7D9A3C2A5CD93
SHA256 / Certificate:KXkOxXowyejiR06ZIRrJo5EOMLG5E3JqAKYQYFIZbxQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):b8e462b7f8133db1ecfd8919eb3f3cdc849790f35e1ef2a722bf6901aeabbf8f
SHA256 hex / Subject Public Key Information (SPKI):147c9c112cc990b45a520704df165cb648caec6493fd1e2641b985e005a5ea79
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://status.rapidssl.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)


2.
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
06.11.2017
06.11.2027
expires in 2602 days


2.
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
06.11.2017

06.11.2027
expires in 2602 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:08A5A246CD4B5C8C83D702B4BBAB5349
Thumbprint:98C6A8DC887963BA3CF9C2731CBDD3F7DE05AC2D
SHA256 / Certificate:x5C0cShEfsC2DyK/y3ldccMm3ZEO4Sy7TMWoYZHrkbw=
SHA256 hex / Cert (DANE * 0 1):c790b47128447ec0b60f22bfcb795d71c326dd910ee12cbb4cc5a86191eb91bc
SHA256 hex / PublicKey (DANE * 1 1):9ca59cb18adcfb2e48f2f2dfd55181ca36edf879dab2397ef61f2534a272b681
SHA256 hex / Subject Public Key Information (SPKI):67d284ad78e776a395af75e14148579cd682f39ee09249842c9090d09ffa0133
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)


3.
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
10.11.2006
10.11.2031
expires in 4067 days


3.
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
10.11.2006

10.11.2031
expires in 4067 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:083BE056904246B1A1756AC95991C74A
Thumbprint:A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
SHA256 / Certificate:Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=
SHA256 hex / Cert (DANE * 0 1):4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
SHA256 hex / PublicKey (DANE * 1 1):aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SHA256 hex / Subject Public Key Information (SPKI):3286b9f475e53f685e0a6a41ce072a95e6a359b79f387a1c691caf50a756d5a3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
0
1
2

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1429564489
leaf cert
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
2020-02-13 00:00:00
2021-03-14 12:00:00
*.wp.pl, wp.pl - 2 entries


685507881
leaf cert
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
2018-12-24 00:00:00
2020-02-22 12:00:00
*.wp.pl, wp.pl - 2 entries



2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

Issuerlast 7 daysactivenum Certs
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
0
1
2

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
2461956437
leaf cert
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
2020-02-12 23:00:00
2021-03-14 11:00:00
*.wp.pl, wp.pl
2 entries


1072720213
leaf cert
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
2018-12-23 23:00:00
2020-02-22 11:00:00
*.wp.pl, wp.pl
2 entries



11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.wp.pl
0

no CAA entry found
1
0
pl



9
9


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
www.wp.pl

ok
1
0
_acme-challenge.www.wp.pl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.wp.pl.wp.pl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.wp.pl.www.wp.pl

Name Error - The domain name does not exist
1
0


15. Portchecks

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=ea8d6a35-5988-43d2-ae73-1f478f87c656


Last Result: https://check-your-website.server-daten.de/?q=wp.pl - 2020-05-30 16:58:55


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=wp.pl" target="_blank">Check this Site: wp.pl</a>