Check DNS, Urls + Redirects, Certificates and Content of your Website


Update: 2020-03-04 - now 90 days later. All affected Letsencrypt certificates should be renewed. Time to remove that Info.




N

No trusted Certificate

Checked:
07.04.2020 11:41:51


Older results


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
dot0nine.ddns.net
A
82.32.187.125
Birmingham/England/United Kingdom (GB) - Virgin Media Limited
Hostname: cpc152599-smal20-2-0-cust380.19-1.cable.virginm.net
yes
1
0

AAAA

yes


www.dot0nine.ddns.net

Name Error
yes
1
0


2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 33853, Flags 256



Public Key with Algorithm 8, KeyTag 48903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2020, 00:00:00 +, Signature-Inception: 01.04.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: net
net
1 DS RR in the parent zone found



1 RRSIG RR to validate DS RR found



Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 20.04.2020, 05:00:00 +, Signature-Inception: 07.04.2020, 04:00:00 +, KeyTag 48903, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48903 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 24512, Flags 256



Public Key with Algorithm 8, KeyTag 35886, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 19.04.2020, 16:28:30 +, Signature-Inception: 04.04.2020, 16:23:30 +, KeyTag 35886, Signer-Name: net



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35886 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest "eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ddns.net
ddns.net
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.Bitmap: NS, DS, RRSIG



0 DNSKEY RR found





Zone: dot0nine.ddns.net
dot0nine.ddns.net
0 DS RR in the parent zone found



0 DNSKEY RR found





Zone: www.dot0nine.ddns.net
www.dot0nine.ddns.net
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
www.dot0nine.ddns.net
  nf1.no-ip.com

dot0nine.ddns.net
  nf1.no-ip.com / f2.fra.hv.as29997.net
194.62.182.53
City of London/England/United Kingdom (GB) - ARTEC


 
2a07:dc00:1820::53
Amsterdam/North Holland/Netherlands (NL) - Vitalwerks Internet Solutions, LLC

ddns.net
  nf1.no-ip.com / f2.fra.hv.as29997.net


  nf2.no-ip.com / f1.ams.hv.as29997.net


  nf3.no-ip.com / f1.fra.vr.as29997.net


  nf4.no-ip.com / localhost

net
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net


4. SOA-Entries


Domain:net
Zone-Name:
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1586252486
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:4


Domain:net
Zone-Name:
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1586252501
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:9


Domain:ddns.net
Zone-Name:
Primary:nf1.no-ip.com
Mail:hostmaster.no-ip.com
Serial:2304020607
Refresh:10800
Retry:1800
Expire:604800
TTL:1800
num Entries:4


Domain:dot0nine.ddns.net
Zone-Name:
Primary:nf1.no-ip.com
Mail:hostmaster.no-ip.com
Serial:2304020607
Refresh:10800
Retry:1800
Expire:604800
TTL:1800
num Entries:2


Domain:www.dot0nine.ddns.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


5. Screenshots

Startaddress: https://dot0nine.ddns.net:49639/, address used: http://dot0nine.ddns.net:49639/index.php/login, Screenshot created 2020-04-07 11:42:50 +00:0 url is insecure, certificate invalid

Mobil (412px x 732px)

9521 milliseconds

Screenshot mobile - http://dot0nine.ddns.net:49639/index.php/login
Mobil + Landscape (732px x 412px)

413 milliseconds

Screenshot mobile landscape - http://dot0nine.ddns.net:49639/index.php/login
Screen (1280px x 1680px)

3977 milliseconds

Mobile- and other Chrome-Checks

widthheight
visual Viewport412732
content Size412732

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://dot0nine.ddns.net:49639/
82.32.187.125
400

Html is minified: 100.23 %
0.110
M
Bad Request
Date: Tue, 07 Apr 2020 09:42:20 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 441
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://dot0nine.ddns.net:49639/
82.32.187.125
400

Html is minified: 106.14 %
2.766
N
Bad Request
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Date: Tue, 07 Apr 2020 09:42:20 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Set-Cookie: oc9zj5fubdu3=jbm72dfuvdv284phdjs32bu36k; Path=/; Domain=dot0nine.ddns.net; HttpOnly,oc_sessionPassphrase=bPH%2F05hPF%2BA9WN0sb%2FqYLJUUnQ5IFc9LQHNPDId1BPlExjH0h0iD3ONGjJHxiagHP7WT1qfdk0R1TaFNIKpU5N9Aod65%2Benm6AntDnvqM4Nc%2FsnoWyO59THSXwBDOsCx; Path=/; Domain=dot0nine.ddns.net; HttpOnly,nc_sameSiteCookielax=true; Path=/; Domain=dot0nine.ddns.net; Expires=2101-01-01 00:59:59; HttpOnly,nc_sameSiteCookiestrict=true; Path=/; Domain=dot0nine.ddns.net; Expires=2101-01-01 00:59:59; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-UTZqbmxyZ3ViY2I3enNlM21tSS9wTWxIbHBhdDBqRVNRcHhERWxYMEdNMD06TForVjdzRWJDN1N0aXI3NDFRRlFsSzB1dmYzY3FIeCtKZll3Y1NlOVlhUT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Content-Length: 3735
Connection: close
Content-Type: text/html; charset=UTF-8

• http://dot0nine.ddns.net:49639/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.32.187.125
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
400

Html is minified: 100.23 %
0.126
M
Bad Request
Visible Content: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Apache/2.4.29 (Ubuntu) Server at 192.168.0.19 Port 443
Date: Tue, 07 Apr 2020 09:42:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 441
Connection: close
Content-Type: text/html; charset=iso-8859-1

7. Comments


1. General Results, most used to calculate the result

Aname "dot0nine.ddns.net" is domain, public suffix is "ddns.net", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Warning: HSTS preload sent, but not in Preload-List. Never send a preload directive if you don't know what preload means. Check https://hstspreload.org/ to learn the basics about the Google-Preload list. If you send a preload directive, you should **immediately** add your domain to the HSTS preload list via https://hstspreload.org/ . If Google accepts the domain, so the status is "pending": Note that new entries are hardcoded into the Chrome source code and can take several months before they reach the stable version. So you will see this message some months. If you don't want that or if you don't understand "preload", but if you send a preload directive and if you have correct A-redirects, everybody can add your domain to that list. Then you may have problems, it's not easy to undo that. So if you don't want your domain preloaded, remove the preload directive.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
CError - no version with Http-Status 200
Hfatal error: No https - result with http-status 200, no encryption
Mhttp://dot0nine.ddns.net:49639/ 82.32.187.125
400

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://dot0nine.ddns.net:49639/ 82.32.187.125
400

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://dot0nine.ddns.net:49639/ 82.32.187.125
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors

2. DNS- and NameServer - Checks

AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 2 good Nameserver
Nameserver doesn't pass all EDNS-Checks: nf1.no-ip.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

3. Content- and Performance-critical Checks

http://dot0nine.ddns.net:49639/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 82.32.187.125
400

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status between 400 and 499, but not 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 63130 milliseconds, 63.130 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
dot0nine.ddns.net
82.32.187.125
49639
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
dot0nine.ddns.net
82.32.187.125
49639
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
no http/2 via ALPN 
Tls.1.2
Tls.1.1
Tls.1.0
no http/2 via ALPN
Tls.1.2
Tls.1.1
Tls.1.0
Self signed certificate
1CN=dot0nine-server


9. Certificates

1.
1.
CN=dot0nine-server
04.04.2020
02.04.2030
expires in 3591 days
dot0nine-server - 1 entry
1.
1.
CN=dot0nine-server
04.04.2020

02.04.2030
expires in 3591 days
dot0nine-server - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:09F84BFF366F8F2C5CE43FD68894B8D10030865F
Thumbprint:4A2318B7B6C1CB0A542C9C0A0F25FBCED3217D52
SHA256 / Certificate:rKtMu9oDeee0yUxnI8Rq8BPf5byA8XxHpkOYd1CKMQs=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):5cc29b63f30e9a64cad975984f93f97779c5a3bc87f61772745558ed62280ac7
SHA256 hex / Subject Public Key Information (SPKI):bb8d6a86e482182d4575f1f108d400b118fb8fc531913e67393bcab7e709d747
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

No CRT - CT-Log entries found


11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses (alpha)

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
dot0nine.ddns.net
0

no CAA entry found
1
0
ddns.net
0

no CAA entry found
1
0
net
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
dot0nine.ddns.net

ok
1
0
_acme-challenge.dot0nine.ddns.net

Name Error - The domain name does not exist
1
0
_acme-challenge.dot0nine.ddns.net.dot0nine.ddns.net

Name Error - The domain name does not exist
1
0


15. Portchecks

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=c80e1844-4c53-4d5d-b717-1aaae9d3d343


Last Result: https://check-your-website.server-daten.de/?q=dot0nine.ddns.net%3a49639 - 2020-04-07 11:41:51


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=dot0nine.ddns.net%3a49639" target="_blank">Check this Site: dot0nine.ddns.net:49639</a>