Check DNS, Urls + Redirects, Certificates and Content of your Website




N

No trusted Certificate

Checked:
09.09.2019 17:38:54


Older results


1. IP-Addresses

HostTIP-Addressis auth.∑ Queries∑ Timeout
2607:5300:120:25a::4
AAAA
2607:5300:120:25a::4
Montreal/Quebec/Canada (CA) - OVH SAS

yes



2. DNSSEC


No DNSSEC - Informations found


3. Name Servers


No Nameserver entries found


4. SOA-Entries


No SOA entries found

5. Url-Checks


:

:
Domainname Http-StatusredirectSec.G
• http://[2607:5300:0120:025a:0000:0000:0000:0004]/
2607:5300:120:25a::4
301
https://2607:5300:0120:025A:0000:0000:0000:0004/
Html is minified: 100.00 %
0.227
E
Date: Mon, 09 Sep 2019 15:38:59 GMT
Server: Apache
Location: https://[2607:5300:0120:025a:0000:0000:0000:0004]/
Content-Length: 258
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://[2607:5300:0120:025a:0000:0000:0000:0004]/
2607:5300:120:25a::4 GZip used - 483 / 906 - 46.69 %
200

Html is minified: 107.60 %
14.634
N
Certificate error: RemoteCertificateNameMismatch
Date: Mon, 09 Sep 2019 15:39:00 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2019 18:56:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 483
Connection: close
Content-Type: text/html

• http://[2607:5300:0120:025a:0000:0000:0000:0004]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2607:5300:120:25a::4
404

Html is minified: 100.00 %
0.217
A
Not Found
Visible Content:
Date: Mon, 09 Sep 2019 15:39:14 GMT
Server: Apache
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1

6. Comments

Aname "2607:5300:120:25a::4" is ipv6 address, public suffix is not defined
Agood: All ip addresses are public addresses
Agood: destination is https
Agood - only one version with Http-Status 200
Agood: one preferred version: non-www is preferred
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):1 complete Content-Type - header (2 urls)
https://[2607:5300:0120:025a:0000:0000:0000:0004]/ 2607:5300:120:25a::4


Url with incomplete Content-Type - header - missing charset
Bhttps://[2607:5300:0120:025a:0000:0000:0000:0004]/ 2607:5300:120:25a::4
200

Missing HSTS-Header
Ehttp://[2607:5300:0120:025a:0000:0000:0000:0004]/ 2607:5300:120:25a::4
301
https://2607:5300:0120:025A:0000:0000:0000:0004/
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Nhttps://[2607:5300:0120:025a:0000:0000:0000:0004]/ 2607:5300:120:25a::4
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
OOld connection: SHA1 as Hash Algorithm is deprecated. Switch to SHA256 or SHA384. If your certificate has SHA256, first check your domain via ssllabs.com and update weak Cipher Suites. Forward Secrecy support is required. The part "Cipher Suites" should have a preference. First Cipher Suite with SHA instead of SHA256 or higher - that's the problem, change that. If that doesn't help, check if there is an old Firewall / router or something else, that supports only SHA1. Update that component.
AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 19037 milliseconds, 19.037 seconds


7. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
[2607:5300:0120:025a:0000:0000:0000:0004]
2607:5300:120:25a::4
443
name does not match
Tls12
ECDH Ephermal
384
Aes256
256
Sha1
supported
weak
[2607:5300:0120:025a:0000:0000:0000:0004]
2607:5300:120:25a::4
443
name does not match
Tls12
ECDH Ephermal
384
Aes256
256
Sha1
supported
weak
Chain (complete)
1CN=en.gaysource.com

2CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US


8. Certificates

1.
1.
CN=en.gaysource.com
29.06.2019
27.09.2019
expires in 5 days
cn.gaysource.com, en.gaysource.com, www.cn.gaysource.com, www.en.gaysource.com - 4 entries
1.
1.
CN=en.gaysource.com
29.06.2019

27.09.2019
expires in 5 days
cn.gaysource.com, en.gaysource.com, www.cn.gaysource.com, www.en.gaysource.com - 4 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:03F2A51209AAA4E83899AFEDAFAB4472EA46
Thumbprint:0A66528ABFEC132A93D133828A3B01D165FF6C93
SHA256 / Certificate:LEeBUSfldE/Xjj4lxigOPB0Dyrv7e0eWtVyBBA9tINQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):b860b9939adcca0db385307d0b9470f46ce281bf8c29b7f1da108d8d72657ab9
OCSP - Url:http://ocsp.int-x3.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes


2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016
17.03.2021
expires in 542 days


2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016

17.03.2021
expires in 542 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A0141420000015385736A0B85ECA708
Thumbprint:E6A3B45B062D509B3382282D196EFE97D5956CCB
SHA256 / Certificate:JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=
SHA256 hex / Cert (DANE * 0 1):25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
SHA256 hex / PublicKey (DANE * 1 1):60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
OCSP - Url:http://isrg.trustid.ocsp.identrust.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000
30.09.2021
expires in 739 days


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000

30.09.2021
expires in 739 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:44AFB080D6A327BA893039862EF8406B
Thumbprint:DAC9024F54D8F6DF94935FB1732638CA6AD77C13
SHA256 / Certificate:BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk=
SHA256 hex / Cert (DANE * 0 1):0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
SHA256 hex / PublicKey (DANE * 1 1):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



9. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow.

No CRT - CT-Log entries found


10. Html-Content - Entries

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://[2607:5300:0120:025a:0000:0000:0000:0004]/
2607:5300:120:25a::4
meta
other
3

0






Details (GZip part is BETA, may be wrong / incomplete)

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://[2607:5300:0120:025a:0000:0000:0000:0004]/
2607:5300:120:25a::4
meta
Content-Type
text/html; charset=utf-8


1
ok



meta
description
Belsun.com the Import and export trading company


1
ok



meta
keywords
belsun.com,belsun,export business,import business, import and export business,import trading company,export trading company


1
ok



11. CAA - Entries

No CAA entries found


12. TXT - Entries

No TXT entries found


13. Portchecks (BETA)

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=74a09ac7-3019-46ae-b723-cbaf2f8a0ffb


Last Result: https://check-your-website.server-daten.de/?q=%5b2607%3a5300%3a120%3a25a%3a%3a4%5d - 2019-09-09 17:38:54


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=%5b2607%3a5300%3a120%3a25a%3a%3a4%5d" target="_blank">Check this Site: [2607:5300:120:25a::4]</a>