Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

A

 

Top config

 

Checked:
28.08.2019 21:09:43

 

Older results

No older results found

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
cbs.nl
A
185.63.20.44
Amsterdam/North Holland/Netherlands (NL) - Solvinity B.V.
No Hostname found
yes
1
0

AAAA
2a00:1558:2807:1::b93f:142c
Amsterdam/North Holland/Netherlands (NL) - Solvinity B.V.

yes


www.cbs.nl
A
185.63.20.44
Amsterdam/North Holland/Netherlands (NL) - Solvinity B.V.
No Hostname found
yes
1
0

AAAA
2a00:1558:2807:1::b93f:142c
Amsterdam/North Holland/Netherlands (NL) - Solvinity B.V.

yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






Status: Valid because published






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 59944, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.09.2019, 00:00:00 +, Signature-Inception: 20.08.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: nl

nl
1 DS RR in the parent zone found






1 RRSIG RR to validate DS RR found






RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 10.09.2019, 17:00:00 +, Signature-Inception: 28.08.2019, 16:00:00 +, KeyTag 59944, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 17593, Flags 256






Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2019, 22:04:06 +, Signature-Inception: 25.08.2019, 22:07:02 +, KeyTag 34112, Signer-Name: nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: cbs.nl

cbs.nl
1 DS RR in the parent zone found






1 RRSIG RR to validate DS RR found






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 01:28:11 +, Signature-Inception: 21.08.2019, 06:08:02 +, KeyTag 17593, Signer-Name: nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17593 used to validate the DS RRSet in the parent zone






4 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 26180, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 30174, Flags 256






Public Key with Algorithm 8, KeyTag 51505, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 59260, Flags 256






2 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 26180, Signer-Name: cbs.nl






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 30174, Signer-Name: cbs.nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26180 used to validate the DNSKEY RRSet






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30174 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26180, DigestType 2 and Digest "RRbzgwj8qMJpDNjJmoAJhX55+Mw3Wx8RuGh05CMiH1I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone






RRSIG Type 1 validates the A - Result: 185.63.20.44
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 16 validates the TXT - Result: MS=ms84063695 MS=FD936BDBA3E8034A3C49BD3B5D6D4AC48E42B64E 804bc80c-cca6-4d27-b5ae-e4ffb0f082a2-04072018 v=spf1 mx include:_spf_mx.solvinity.com include:_spf.salesforce.com include:spf.afas.online -all
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 28 validates the AAAA - Result: 2A00:1558:2807:0001:0000:0000:B93F:142C
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 52 validates the TLSA - Result (_443._tcp.cbs.nl): _443._tcp.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6
Validated: RRSIG-Owner _443._tcp.cbs.nl., Algorithm: 8, 4 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:rpgr@cbs.nl 5|issueletsencrypt.org 5|issuepkioverheid.nl 5|issuequovadisglobal.com
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA



Zone: www.cbs.nl

www.cbs.nl
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vhqrhvliaed1pj93338vkp9kdotr9rv1" between the hashed NSEC3-owner "vhqrhvliaed1pj93338vkp9kdotr9rv1" and the hashed NextOwner "vi85n7nkh90t7pc61biaid6gmr542331". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner vhqrhvliaed1pj93338vkp9kdotr9rv1.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 1 validates the A - Result: 185.63.20.44
Validated: RRSIG-Owner www.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 28 validates the AAAA - Result: 2A00:1558:2807:0001:0000:0000:B93F:142C
Validated: RRSIG-Owner www.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 52 validates the TLSA - Result (_443._tcp.www.cbs.nl): _443._tcp.www.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6
Validated: RRSIG-Owner _443._tcp.www.cbs.nl., Algorithm: 8, 5 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, AAAA, RRSIG






RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, AAAA, RRSIG






RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, AAAA, RRSIG

 

3. Name Servers

DomainNameserverNS-IP
www.cbs.nl
  dnsa4.cbs.nl

cbs.nl
  cbs01.dns.internl.net / cbs01.dns.internl.net
217.149.193.87
Amsterdam/North Holland/Netherlands (NL) - Tele2 Nederland B.V.


 
2a01:3a8:100:3::87
Amsterdam/North Holland/Netherlands (NL) - Tele2 Nederland B.V.


  dnsa3.cbs.nl
87.213.43.202
Utrecht/Provincie Utrecht/Netherlands (NL) - Tele 2 Nederland B.V.


 
2001:67c:14b0:1805::15
Liten/Central Bohemia/Czechia (CZ) - Tele 2 Nederland B.V.


  dnsa4.cbs.nl
87.213.43.203
Utrecht/Provincie Utrecht/Netherlands (NL) - Tele 2 Nederland B.V.


 
2001:67c:14b0:1805::16
Liten/Central Bohemia/Czechia (CZ) - Tele 2 Nederland B.V.

nl
  ns1.dns.nl / LHR2


  ns2.dns.nl / s2.amx


  ns3.dns.nl / tld-nl-fra2


  sns-pb.isc.org / pb-ams-ns2.sns.isc.org

 

4. SOA-Entries


Domain:nl
Zone-Name:
Primary:ns1.dns.nl
Mail:hostmaster.domain-registry.nl
Serial:2019082841
Refresh:3600
Retry:600
Expire:2419200
TTL:600
num Entries:4


Domain:cbs.nl
Zone-Name:
Primary:dnsa4.cbs.nl
Mail:postmaster.cbs.nl
Serial:2017034867
Refresh:14400
Retry:3600
Expire:1209600
TTL:7200
num Entries:6


Domain:www.cbs.nl
Zone-Name:
Primary:dnsa4.cbs.nl
Mail:postmaster.cbs.nl
Serial:2017034867
Refresh:14400
Retry:3600
Expire:1209600
TTL:7200
num Entries:1


5. Screenshots

No Screenshot listed, because no screenshot found. Perhaps the check is too old, the feature startet 2019-12-23.

 

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://cbs.nl/
185.63.20.44
301
https://cbs.nl/

0.037
A
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:19 GMT
Location: https://cbs.nl/
Connection: close
Content-Length: 0

• http://cbs.nl/
2a00:1558:2807:1::b93f:142c
301
https://cbs.nl/

0.036
A
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:20 GMT
Location: https://cbs.nl/
Connection: close
Content-Length: 0

• http://www.cbs.nl/
185.63.20.44
301
https://www.cbs.nl/

0.033
A
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:20 GMT
Location: https://www.cbs.nl/
Connection: close
Content-Length: 0

• http://www.cbs.nl/
2a00:1558:2807:1::b93f:142c
301
https://www.cbs.nl/

0.036
A
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:20 GMT
Location: https://www.cbs.nl/
Connection: close
Content-Length: 0

• https://cbs.nl/
185.63.20.44
301
https://www.cbs.nl/

2.123
A
Content-Type: text/html
Strict-Transport-Security: max-age=31536001; includeSubdomains
Date: Wed, 28 Aug 2019 19:10:20 GMT
Location: https://www.cbs.nl/
Connection: close
Content-Length: 0

• https://cbs.nl/
2a00:1558:2807:1::b93f:142c
301
https://www.cbs.nl/

2.103
A
Content-Type: text/html
Strict-Transport-Security: max-age=31536001; includeSubdomains
Date: Wed, 28 Aug 2019 19:10:25 GMT
Location: https://www.cbs.nl/
Connection: close
Content-Length: 0

• https://www.cbs.nl/
185.63.20.44
200


2.474
A
Cache-Control: private
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=31536000
Date: Wed, 28 Aug 2019 19:10:22 GMT
Access-Control-Allow-Origin: *
Connection: close
Set-Cookie: ASP.NET_SessionId=ysnlmpre5033eklxq1megr1a; Path=/; Domain=www.cbs.nl; HttpOnly; Secure,SC_ANALYTICS_GLOBAL_COOKIE=; Path=/; Domain=www.cbs.nl; Expires=2019-08-27 21:10:22; HttpOnly; Secure
X-Frame-Options: SAMEORIGIN
Content-Length: 43746

• https://www.cbs.nl/
2a00:1558:2807:1::b93f:142c
200


2.273
A
Cache-Control: private
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=31536000
Date: Wed, 28 Aug 2019 19:10:27 GMT
Access-Control-Allow-Origin: *
Connection: close
Set-Cookie: ASP.NET_SessionId=nnelgefkihkeg5314ermvisw; Path=/; Domain=www.cbs.nl; HttpOnly; Secure,SC_ANALYTICS_GLOBAL_COOKIE=; Path=/; Domain=www.cbs.nl; Expires=2019-08-27 21:10:28; HttpOnly; Secure
X-Frame-Options: SAMEORIGIN
Content-Length: 43368

• http://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.63.20.44
301
https://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.037
A
Visible Content:
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:30 GMT
Location: https://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• http://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:1558:2807:1::b93f:142c
301
https://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.040
A
Visible Content:
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:30 GMT
Location: https://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• http://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.63.20.44
301
https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.036
A
Visible Content:
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:30 GMT
Location: https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• http://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:1558:2807:1::b93f:142c
301
https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.040
A
Visible Content:
Content-Type: text/html
Date: Wed, 28 Aug 2019 19:10:30 GMT
Location: https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• https://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

301
https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

2.110
A
Visible Content:
Content-Type: text/html
Strict-Transport-Security: max-age=31536001; includeSubdomains
Date: Wed, 28 Aug 2019 19:10:30 GMT
Location: https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 0

• https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

404


2.193
A
Page not found
Visible Content:
Strict-Transport-Security: max-age=31536000
Date: Wed, 28 Aug 2019 19:10:33 GMT
Access-Control-Allow-Origin: *
Connection: close
X-Frame-Options: SAMEORIGIN
Content-Length: 22879

 

7. Comments


1. General Results, most used to calculate the result

Aname "cbs.nl" is domain, public suffix is "nl", top-level-domain-type is "country-code", Country is Netherlands (the), tld-manager is "SIDN (Stichting Internet Domeinregistratie Nederland)"
AGood: All ip addresses are public addresses
AGood: No asked Authoritative Name Server had a timeout
Ahttps://cbs.nl/ 185.63.20.44


Good: Valid DANE - entry found: signed Data _443._tcp.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6 confirms the Certificate with the same value
Ahttps://cbs.nl/ 2a00:1558:2807:1::b93f:142c


Good: Valid DANE - entry found: signed Data _443._tcp.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6 confirms the Certificate with the same value
Ahttps://cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Good: Valid DANE - entry found: signed Data _443._tcp.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6 confirms the Certificate with the same value
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: www is preferred
AGood: every cookie sent via https is marked as secure
AGood: every https has a Strict Transport Security Header
AGood: HSTS max-age is long enough, 31536000 seconds = 365 days
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
Ahttp://cbs.nl/ 185.63.20.44
301
https://cbs.nl/
Correct redirect http - https with the same domain name
Ahttp://cbs.nl/ 2a00:1558:2807:1::b93f:142c
301
https://cbs.nl/
Correct redirect http - https with the same domain name
Ahttp://www.cbs.nl/ 185.63.20.44
301
https://www.cbs.nl/
Correct redirect http - https with the same domain name
Ahttp://www.cbs.nl/ 2a00:1558:2807:1::b93f:142c
301
https://www.cbs.nl/
Correct redirect http - https with the same domain name

2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05)


3. DNS- and NameServer - Checks

AInfo: Nameserver mit different domain names found. May be a problem with DNS-Updates
AGood: Nameserver supports TCP connections: 6 good Nameserver
AGood: Nameserver supports Echo Capitalization: 6 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 6 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 6 good Nameserver
Nameserver doesn't pass all EDNS-Checks: sns-pb.isc.org: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (pb-ams-ns2.sns.isc.org). COOKIE: fatal timeout. CLIENTSUBNET: ok.
AGood: All SOA have the same Serial Number
AGood: CAA entries found, creating certificate is limited: letsencrypt.org is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: pkioverheid.nl is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: quovadisglobal.com is allowed to create certificates

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://www.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
2.193 seconds
Warning: 404 needs more then one second
ADuration: 92764 milliseconds, 92.764 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
cbs.nl
185.63.20.44
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
cbs.nl
185.63.20.44
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM


cbs.nl
2a00:1558:2807:1::b93f:142c
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok

cbs.nl
2a00:1558:2807:1::b93f:142c
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM


www.cbs.nl
185.63.20.44
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok

www.cbs.nl
185.63.20.44
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=www.cbs.nl, OU=BTS, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis EV SSL ICA G1, O=QuoVadis Limited, C=BM


www.cbs.nl
2a00:1558:2807:1::b93f:142c
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok

www.cbs.nl
2a00:1558:2807:1::b93f:142c
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=www.cbs.nl, OU=BTS, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis EV SSL ICA G1, O=QuoVadis Limited, C=BM


cbs.nl
cbs.nl
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok

cbs.nl
cbs.nl
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM


www.cbs.nl
www.cbs.nl
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok

www.cbs.nl
www.cbs.nl
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=www.cbs.nl, OU=BTS, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis EV SSL ICA G1, O=QuoVadis Limited, C=BM

 

9. Certificates

1.
1.
CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, S=Zuid-Holland, C=NL
06.09.2017
06.09.2020
1550 days expired
*.cbs.nl, cbs.nl - 2 entries
1.
1.
CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, S=Zuid-Holland, C=NL
06.09.2017

06.09.2020
1550 days expired


*.cbs.nl, cbs.nl - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:692B26EE8E01AC6713147E5AFA45F19AE6CA49A5
Thumbprint:5B2A4EB7FB96C6F9805D898EE3E727635577A067
SHA256 / Certificate:j1lrPQOkIvMS1I4i8eHEc/8pLULi4jr3O/2A5bzlpIQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):663b5b17a381f9ac1226019d0e5fa35d7c8f905b1a2467493a444ff2eef1a6e4
SHA256 hex / Subject Public Key Information (SPKI):663b5b17a381f9ac1226019d0e5fa35d7c8f905b1a2467493a444ff2eef1a6e4
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1)




2.
CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM
01.06.2013
01.06.2023
552 days expired


2.
CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM
01.06.2013

01.06.2023
552 days expired




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:48982DE2A92CB339E1C8F933358275D3E4F88255
Thumbprint:6036330E1643A0CEE19C8AF780E0F3E8F59CA1A3
SHA256 / Certificate:pIeewPNs+EtvLth65X7juUoHhcaGIjjNRUgQhNFS6xg=
SHA256 hex / Cert (DANE * 0 1):a4879ec0f36cf84b6f2ed87ae57ee3b94a0785c6862238cd45481084d152eb18
SHA256 hex / PublicKey (DANE * 1 1):b5891f14ddbb3f51948c7e4c135dbc042837d3674bda2c0e621cf9c301496f9d
SHA256 hex / Subject Public Key Information (SPKI):b5891f14ddbb3f51948c7e4c135dbc042837d3674bda2c0e621cf9c301496f9d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




3.
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
24.11.2006
24.11.2031
expires in 2546 days


3.
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
24.11.2006

24.11.2031
expires in 2546 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:0509
Thumbprint:CA3AFBCF1240364B44B216208880483919937CF7
SHA256 / Certificate:haDdfdcgrbf/Bfg9VCsgncf/RSj31nexg4n+peXEnoY=
SHA256 hex / Cert (DANE * 0 1):85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86
SHA256 hex / PublicKey (DANE * 1 1):8fd112c3c8370f147d5ccd3a7d865eb8dd540783bac69fc60088e3743ff33378
SHA256 hex / Subject Public Key Information (SPKI):8fd112c3c8370f147d5ccd3a7d865eb8dd540783bac69fc60088e3743ff33378
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




2.
1.
CN=www.cbs.nl, OU=BTS, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, S=Zuid-Holland, C=NL, SERIALNUMBER=51197073, OID.2.5.4.15=Government Entity, OID.1.3.6.1.4.1.311.60.2.1.1='s-Gravenhade, OID.1.3.6.1.4.1.311.60.2.1.2=Zuid-Holland, OID.1.3.6.1.4
03.10.2018
03.10.2020
1523 days expired
www.cbs.nl, cbs.nl - 2 entries
2.
1.
CN=www.cbs.nl, OU=BTS, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, S=Zuid-Holland, C=NL, SERIALNUMBER=51197073, OID.2.5.4.15=Government Entity, OID.1.3.6.1.4.1.311.60.2.1.1='s-Gravenhade, OID.1.3.6.1.4.1.311.60.2.1.2=Zuid-Holland, OID.1.3.6.1.4
03.10.2018

03.10.2020
1523 days expired


www.cbs.nl, cbs.nl - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:149A4A47B13E387669DF505F1C3D8824D6AA9F7C
Thumbprint:CFDE41DEEFA8762A17B01B0964497AC60EB792F0
SHA256 / Certificate:8Lbfj+uo6qCAo+V8cs/n36jVCzdmYPsBdl4xs0dMPo4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6
SHA256 hex / Subject Public Key Information (SPKI):d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ev.ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1)




2.
CN=QuoVadis EV SSL ICA G1, O=QuoVadis Limited, C=BM
13.01.2015
13.01.2025
expires in 40 days


2.
CN=QuoVadis EV SSL ICA G1, O=QuoVadis Limited, C=BM
13.01.2015

13.01.2025
expires in 40 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:73DA5AFA23D93FBA842E0A20F401C9D86E24FC5D
Thumbprint:628532B73DBB41A5862AE4AFF749E67ACBCBB560
SHA256 / Certificate:P+i+OSoIaEuZ9JfmGMfd9aAqQom/nQjllQRZMb+6gU8=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):d999c24cd401aca4a1af8735a2529fc0d1b9dca88beaaa0d7108bae58191067f
SHA256 hex / Subject Public Key Information (SPKI):d999c24cd401aca4a1af8735a2529fc0d1b9dca88beaaa0d7108bae58191067f
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2), OCSP Signing (1.3.6.1.5.5.7.3.9)




3.
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
24.11.2006
24.11.2031
expires in 2546 days


3.
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
24.11.2006

24.11.2031
expires in 2546 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:0509
Thumbprint:CA3AFBCF1240364B44B216208880483919937CF7
SHA256 / Certificate:haDdfdcgrbf/Bfg9VCsgncf/RSj31nexg4n+peXEnoY=
SHA256 hex / Cert (DANE * 0 1):85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86
SHA256 hex / PublicKey (DANE * 1 1):8fd112c3c8370f147d5ccd3a7d865eb8dd540783bac69fc60088e3743ff33378
SHA256 hex / Subject Public Key Information (SPKI):8fd112c3c8370f147d5ccd3a7d865eb8dd540783bac69fc60088e3743ff33378
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found

 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Small Code Update - wait one minute

 

11. Html-Content - Entries

Summary

No data found or small Code-update

 

Details

Small Code Update - wait one minute

 

12. Html-Parsing via https://validator.nu/ / https://validator.w3.org/nu/ (started 2024-09-28, 09:00, alpha)

  Unfortunately, there are differences between the first used validator.nu and validator.w3.org/nu/ - switched to validator.w3.org/nu/. Looks like some error messages (link - fetchpriority attribute) of validator.nu are obsolete, not seen in the w3.org-version and not found in the current specification: link may have a fetchpriority attribute.

Small Code update, wait one minute

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

 

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.cbs.nl
0

no CAA entry found
1
0
cbs.nl
5
issue
letsencrypt.org
1
0

5
iodef
mailto:rpgr@cbs.nl
1
0

5
issue
pkioverheid.nl
1
0

5
issue
quovadisglobal.com
1
0
nl
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
cbs.nl
804bc80c-cca6-4d27-b5ae-e4ffb0f082a2-04072018
ok
1
0
cbs.nl
MS=FD936BDBA3E8034A3C49BD3B5D6D4AC48E42B64E
ok
1
0
cbs.nl
MS=ms84063695
ok
1
0
cbs.nl
v=spf1 mx include:_spf_mx.solvinity.com include:_spf.salesforce.com include:spf.afas.online -all
ok
1
0
www.cbs.nl

ok
1
0
_acme-challenge.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.cbs.nl.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cbs.nl.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cbs.nl.www.cbs.nl

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

No DomainServiceEntries entries found

 

 

17. Cipher Suites

No Ciphers found

 

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

 

 

Permalink: https://check-your-website.server-daten.de/?i=3a227e7d-ff93-485a-b2e4-f3e38be6c20e

 

Last Result: https://check-your-website.server-daten.de/?q=cbs.nl - 2019-08-28 21:09:43

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=cbs.nl" target="_blank">Check this Site: cbs.nl</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=cbs.nl