Check DNS, Urls + Redirects, Certificates and Content of your Website




X

DNS-problem - authoritative Nameserver refused, not defined or timeout

Checked:
02.04.2024 10:07:06


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
gatewaygrhum.insa-lyon.fr
CNAME
insa-frontscol-01.insa-lyon.fr
yes
1
0

A
134.214.181.115
Bron/Auvergne-Rhone-Alpes/France (FR) - ROCAD
Hostname: insa-frontscol-01.insa-lyon.fr
yes


www.gatewaygrhum.insa-lyon.fr

Name Error
yes
1
0
*.insa-lyon.fr
A
Name Error
yes



A
Name Error
yes



AAAA
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes



CNAME
Name Error
yes


*.gatewaygrhum.insa-lyon.fr
A
Name Error
yes



A
Name Error
yes



AAAA
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes



CNAME
Name Error
yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 5613, Flags 256



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 30903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2024, 00:00:00 +, Signature-Inception: 01.04.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: fr
fr
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 29133, DigestType 2 and Digest EwPo2o+2DbUA1b6h7l3JorzJPf4vxD00ZXZlj+zPV0k=



2 RRSIG RR to validate DS RR found



RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 15.04.2024, 05:00:00 +, Signature-Inception: 02.04.2024, 04:00:00 +, KeyTag 5613, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5613 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 29133, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 13, KeyTag 39312, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner fr., Algorithm: 13, 1 Labels, original TTL: 3600 sec, Signature-expiration: 01.06.2024, 00:08:19 +, Signature-Inception: 01.04.2024, 23:41:53 +, KeyTag 29133, Signer-Name: fr



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 29133 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 29133, DigestType 2 and Digest "EwPo2o+2DbUA1b6h7l3JorzJPf4vxD00ZXZlj+zPV0k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: insa-lyon.fr
insa-lyon.fr
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "o2v1ra25q7c79t0uiurjp4rdsg0ble8r" between the hashed NSEC3-owner "o2v1r66vuqd9iu3r7c8h9ol85vucln7n" and the hashed NextOwner "o2v57kqme7vl15rjdup5igccm9o9ingv". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner o2v1r66vuqd9iu3r7c8h9ol85vucln7n.fr., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 21.05.2024, 13:43:03 +, Signature-Inception: 22.03.2024, 12:48:56 +, KeyTag 39312, Signer-Name: fr



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "sfblg7nfatq81cqjgt5q91bqs3h9v6nd" as Owner. That's the Hash of "fr" with the NextHashedOwnerName "sfbn9rjnnuevsb0gner878n1gn41d23i". So that domain name is the Closest Encloser of "insa-lyon.fr". Opt-Out: True.
Bitmap: NS, SOA, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner sfblg7nfatq81cqjgt5q91bqs3h9v6nd.fr., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 22.05.2024, 21:00:15 +, Signature-Inception: 23.03.2024, 20:51:52 +, KeyTag 39312, Signer-Name: fr



0 DNSKEY RR found




Zone: gatewaygrhum.insa-lyon.fr
gatewaygrhum.insa-lyon.fr
0 DS RR in the parent zone found

Zone: www.gatewaygrhum.insa-lyon.fr
www.gatewaygrhum.insa-lyon.fr
0 DS RR in the parent zone found

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 5613, Flags 256



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 30903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2024, 00:00:00 +, Signature-Inception: 01.04.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: fr
fr
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 29133, DigestType 2 and Digest EwPo2o+2DbUA1b6h7l3JorzJPf4vxD00ZXZlj+zPV0k=



2 RRSIG RR to validate DS RR found



RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 15.04.2024, 05:00:00 +, Signature-Inception: 02.04.2024, 04:00:00 +, KeyTag 5613, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5613 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 29133, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 13, KeyTag 39312, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner fr., Algorithm: 13, 1 Labels, original TTL: 3600 sec, Signature-expiration: 01.06.2024, 00:08:19 +, Signature-Inception: 01.04.2024, 23:41:53 +, KeyTag 29133, Signer-Name: fr



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 29133 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 29133, DigestType 2 and Digest "EwPo2o+2DbUA1b6h7l3JorzJPf4vxD00ZXZlj+zPV0k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: insa-lyon.fr
insa-lyon.fr
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "o2v1ra25q7c79t0uiurjp4rdsg0ble8r" between the hashed NSEC3-owner "o2v1r66vuqd9iu3r7c8h9ol85vucln7n" and the hashed NextOwner "o2v57kqme7vl15rjdup5igccm9o9ingv". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner o2v1r66vuqd9iu3r7c8h9ol85vucln7n.fr., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 21.05.2024, 13:43:03 +, Signature-Inception: 22.03.2024, 12:48:56 +, KeyTag 39312, Signer-Name: fr



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "sfblg7nfatq81cqjgt5q91bqs3h9v6nd" as Owner. That's the Hash of "fr" with the NextHashedOwnerName "sfbn9rjnnuevsb0gner878n1gn41d23i". So that domain name is the Closest Encloser of "insa-lyon.fr". Opt-Out: True.
Bitmap: NS, SOA, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner sfblg7nfatq81cqjgt5q91bqs3h9v6nd.fr., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 22.05.2024, 21:00:15 +, Signature-Inception: 23.03.2024, 20:51:52 +, KeyTag 39312, Signer-Name: fr



0 DNSKEY RR found




Zone: insa-frontscol-01.insa-lyon.fr
insa-frontscol-01.insa-lyon.fr
0 DS RR in the parent zone found



0 DNSKEY RR found




3. Name Servers

DomainNameserverNS-IP
www.gatewaygrhum.insa-lyon.fr
  dns.univ-lyon1.fr

insa-lyon.fr
  dns.univ-lyon1.fr
134.214.100.6
Chateau-Gaillard/Auvergne-Rhone-Alpes/France (FR) - ROCAD


T 
2001:660:5001:100::6
Paris/Île-de-France/France (FR) - Renater


  dns2.univ-lyon1.fr
134.214.100.245
Chateau-Gaillard/Auvergne-Rhone-Alpes/France (FR) - ROCAD


T 
2001:660:5001:100::245
Paris/Île-de-France/France (FR) - Renater

fr
  a.nic.fr


  d.nic.fr / dns.ams.nic.fr


  e.ext.nic.fr / ops-nsext01-p.sidn.nl


  f.ext.nic.fr / s2.amx


  g.ext.nic.fr / 5.ams.pch


insa-frontscol-01.insa-lyon.fr
  dns.univ-lyon1.fr
134.214.100.6
Chateau-Gaillard/Auvergne-Rhone-Alpes/France (FR) - ROCAD


T 
2001:660:5001:100::6
Paris/Île-de-France/France (FR) - Renater

insa-lyon.fr
  dns.univ-lyon1.fr
134.214.100.6
Chateau-Gaillard/Auvergne-Rhone-Alpes/France (FR) - ROCAD


T 
2001:660:5001:100::6
Paris/Île-de-France/France (FR) - Renater


  dns2.univ-lyon1.fr
134.214.100.245
Chateau-Gaillard/Auvergne-Rhone-Alpes/France (FR) - ROCAD


T 
2001:660:5001:100::245
Paris/Île-de-France/France (FR) - Renater

fr
  a.nic.fr


  d.nic.fr / dns.ams.nic.fr


  e.ext.nic.fr / ops-nsext01-p.sidn.nl


  f.ext.nic.fr / s2.amx


  g.ext.nic.fr / 2.ams.pch


4. SOA-Entries


Domain:fr
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:fr
Zone-Name:fr
Primary:a.nic.fr
Mail:dnsmaster.afnic.fr
Serial:2238067151
Refresh:3600
Retry:1800
Expire:3600000
TTL:600
num Entries:4


Domain:insa-lyon.fr
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:2


Domain:insa-lyon.fr
Zone-Name:insa-lyon.fr
Primary:dns.univ-lyon1.fr
Mail:reseau.univ-lyon1.fr
Serial:2023206844
Refresh:21600
Retry:7200
Expire:6048000
TTL:14400
num Entries:1


Domain:insa-lyon.fr
Zone-Name:insa-lyon.fr
Primary:dns.univ-lyon1.fr
Mail:reseau.univ-lyon1.fr
Serial:2023206977
Refresh:21600
Retry:7200
Expire:6048000
TTL:14400
num Entries:1


Domain:www.gatewaygrhum.insa-lyon.fr
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1



Domain:fr
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:fr
Zone-Name:fr
Primary:a.nic.fr
Mail:dnsmaster.afnic.fr
Serial:2238067188
Refresh:3600
Retry:1800
Expire:3600000
TTL:600
num Entries:4


Domain:insa-lyon.fr
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:2


Domain:insa-lyon.fr
Zone-Name:insa-lyon.fr
Primary:dns.univ-lyon1.fr
Mail:reseau.univ-lyon1.fr
Serial:2023206844
Refresh:21600
Retry:7200
Expire:6048000
TTL:14400
num Entries:1


Domain:insa-lyon.fr
Zone-Name:insa-lyon.fr
Primary:dns.univ-lyon1.fr
Mail:reseau.univ-lyon1.fr
Serial:2023206983
Refresh:21600
Retry:7200
Expire:6048000
TTL:14400
num Entries:1


Domain:insa-frontscol-01.insa-lyon.fr
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:insa-frontscol-01.insa-lyon.fr
Zone-Name:insa-lyon.fr
Primary:dns.univ-lyon1.fr
Mail:reseau.univ-lyon1.fr
Serial:2023206989
Refresh:21600
Retry:7200
Expire:6048000
TTL:14400
num Entries:1


5. Screenshots

Startaddress: https://gatewaygrhum.insa-lyon.fr/, address used: https://gatewaygrhum.insa-lyon.fr/, Screenshot created 2024-04-02 10:23:05 +00:0 url is insecure, certificate invalid

Mobil (412px x 732px)

1052 milliseconds

Screenshot mobile - https://gatewaygrhum.insa-lyon.fr/
Mobil + Landscape (732px x 412px)

1049 milliseconds

Screenshot mobile landscape - https://gatewaygrhum.insa-lyon.fr/
Screen (1280px x 1680px)

1188 milliseconds

Screenshot Desktop - https://gatewaygrhum.insa-lyon.fr/

Mobile- and other Chrome-Checks

widthheight
visual Viewport412732
content Size412732

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://gatewaygrhum.insa-lyon.fr/
134.214.181.115
-14

10.010
T
Timeout - The operation has timed out.

• https://gatewaygrhum.insa-lyon.fr/
134.214.181.115
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
403

Html is minified: 110.61 %
3.656
N
Forbidden
Certificate error: RemoteCertificateChainErrors
Server: nginx
Date: Tue, 02 Apr 2024 08:18:50 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Permissions-Policy: interest-cohort=()
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip

• http://gatewaygrhum.insa-lyon.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
134.214.181.115
-14

10.017
T
Timeout - The operation has timed out.
Visible Content:

• https://134.214.181.115/
134.214.181.115
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/127
403

Html is minified: 144.30 %
3.370
N
Forbidden
Certificate error: RemoteCertificateNameMismatch
Server: nginx
Date: Tue, 02 Apr 2024 08:19:05 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip

7. Comments


1. General Results, most used to calculate the result

Aname "gatewaygrhum.insa-lyon.fr" is subdomain, public suffix is ".fr", top-level-domain is ".fr", top-level-domain-type is "country-code", Country is France, tld-manager is "Association Française pour le Nommage Internet en Coopération (A.F.N.I.C.)", num .fr-domains preloaded: 3414 (complete: 240622)
AGood: All ip addresses are public addresses
Warning: Only one ip address found: gatewaygrhum.insa-lyon.fr has only one ip address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: gatewaygrhum.insa-lyon.fr has no ipv6 address.
AGood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
CError - no version with Http-Status 200
HFatal error: No https - result with http-status 200, no encryption
Mhttps://gatewaygrhum.insa-lyon.fr/ 134.214.181.115
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://134.214.181.115/ 134.214.181.115
403

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://gatewaygrhum.insa-lyon.fr/ 134.214.181.115
403

Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://134.214.181.115/ 134.214.181.115
403

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
XFatal error: Nameserver doesn't support TCP connection: dns.univ-lyon1.fr / 2001:660:5001:100::6: Timeout
XFatal error: Nameserver doesn't support TCP connection: dns2.univ-lyon1.fr / 2001:660:5001:100::245: Timeout
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain gatewaygrhum.insa-lyon.fr, 1 ip addresses.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.gatewaygrhum.insa-lyon.fr

2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05)

Agatewaygrhum.insa-lyon.fr 134.214.181.115
Content-Security-Policy
Ok: Header without syntax errors found: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
F

Bad: default-src with "*" or a scheme found. That allows too much, don't use such a definition.
F

Bad: default-src with 'unsafe-inline' or 'unsave-eval'. That's dangerous, don't use it.
E

Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A

Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E

Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
E

Critical: No object-src defined, the default-src used as fallback allows too much. object / embed / applet shouldn't be able to load these resources.
E

Critical: No script-src defined, the default-src used as fallback allows too much. script-src should always restricted.
F

Dangerous: No script-src defined, but the default-src as fallback allows the data: schema. That allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
F

Dangerous: No frame-src defined, but the default-src used as fallback allows the data: schema. That allows hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
Referrer-Policy
Ok: Header without syntax errors found: no-referrer-when-downgrade
A
Permissions-Policy
Ok: Header without syntax errors found: interest-cohort=()
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block

3. DNS- and NameServer - Checks

AInfo:: 2 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 2 Name Servers.
AInfo:: 2 Queries complete, 2 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
AGood: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.dns.univ-lyon1.fr (134.214.100.6), dns2.univ-lyon1.fr (134.214.100.245, 2001:660:5001:100::245)
AGood (1 - 3.0):: An average of 1.0 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 2 different Name Servers found: dns.univ-lyon1.fr, dns2.univ-lyon1.fr, 2 Name Servers included in Delegation: dns.univ-lyon1.fr, dns2.univ-lyon1.fr, 2 Name Servers included in 1 Zone definitions: dns.univ-lyon1.fr, dns2.univ-lyon1.fr, 1 Name Servers listed in SOA.Primary: dns.univ-lyon1.fr.
AGood: Only one SOA.Primary Name Server found.: dns.univ-lyon1.fr.
AGood: SOA.Primary Name Server included in the delegation set.: dns.univ-lyon1.fr.
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AInfo: Ipv4-Subnet-list: 2 Name Servers, 1 different subnets (first Byte): 134., 1 different subnets (first two Bytes): 134.214., 1 different subnets (first three Bytes): 134.214.100.
XFatal: All Name Server IPv4 addresses from the same subnet. Check https://www.iana.org/help/nameserver-requirements to learn some basics about name server configurations. If you manage these name servers, fix it. If it's your provider, change your provider.:
AInfo: IPv6-Subnet-list: 2 Name Servers with IPv6, 1 different subnets (first block): 2001:, 1 different subnets (first two blocks): 2001:0660:, 1 different subnets (first three blocks): 2001:0660:5001:, 1 different subnets (first four blocks): 2001:0660:5001:0100:
Fatal: All Name Server IPv6 addresses from the same subnet.
XNameserver Timeout checking Echo Capitalization: dns.univ-lyon1.fr / 2001:660:5001:100::6
XNameserver Timeout checking Echo Capitalization: dns2.univ-lyon1.fr / 2001:660:5001:100::245
XNameserver Timeout checking EDNS512: dns.univ-lyon1.fr / 2001:660:5001:100::6
XNameserver Timeout checking EDNS512: dns2.univ-lyon1.fr / 2001:660:5001:100::245
Nameserver doesn't pass all EDNS-Checks: a.nic.fr: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: a.nic.fr: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: dns.univ-lyon1.fr: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: dns.univ-lyon1.fr / 2001:660:5001:100::6: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
Nameserver doesn't pass all EDNS-Checks: dns.univ-lyon1.fr / 2001:660:5001:100::6: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
Nameserver doesn't pass all EDNS-Checks: dns.univ-lyon1.fr / 2001:660:5001:100::6: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
Nameserver doesn't pass all EDNS-Checks: dns2.univ-lyon1.fr / 2001:660:5001:100::245: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
Nameserver doesn't pass all EDNS-Checks: dns2.univ-lyon1.fr / 2001:660:5001:100::245: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

http://gatewaygrhum.insa-lyon.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 134.214.181.115
-14

Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 979390 milliseconds, 979.390 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
gatewaygrhum.insa-lyon.fr
134.214.181.115
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
gatewaygrhum.insa-lyon.fr
134.214.181.115
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=gatewaygrhum.insa-lyon.fr, O=Institut National des Sciences Appliqu\C3\A9es de Lyon, C=FR, ST=Auvergne-Rh\C3\B4ne-Alpes

2CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL

3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey

4CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, C=GB, ST=Greater Manchester


134.214.181.115
134.214.181.115
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

134.214.181.115
134.214.181.115
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=ecandidat.insa-lyon.fr, O=Institut National des Sciences Appliqu\C3\A9es de Lyon, C=FR, ST=Auvergne-Rh\C3\B4ne-Alpes

2CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL

3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey

4CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, C=GB, ST=Greater Manchester


9. Certificates

1.
1.
CN=gatewaygrhum.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
20.03.2023
20.03.2024
173 days expired
gatewaygrhum.insa-lyon.fr, www.gatewaygrhum.insa-lyon.fr - 2 entries
1.
1.
CN=gatewaygrhum.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
20.03.2023

20.03.2024
173 days expired
gatewaygrhum.insa-lyon.fr, www.gatewaygrhum.insa-lyon.fr - 2 entries

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:00B5927C713CB1E3834440E068CA5745EA
Thumbprint:33A1F882F626A2898F90BDF3D2C2788725B5CF0B
SHA256 / Certificate:n4G7YRLFScPEHHbYayS75LuKMaOviS4Wew1PEQuzdxs=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):ae0c2a69330ae94a0944dd79cc8b1b740e7af799c3ebde77ba0aecaf5f5261ca
SHA256 hex / Subject Public Key Information (SPKI):ae0c2a69330ae94a0944dd79cc8b1b740e7af799c3ebde77ba0aecaf5f5261ca (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://GEANT.ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

2.
CN=gatewaygrhum.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
20.03.2023
20.03.2024
173 days expired
gatewaygrhum.insa-lyon.fr, www.gatewaygrhum.insa-lyon.fr - 2 entries

2.
CN=gatewaygrhum.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
20.03.2023

20.03.2024
173 days expired
gatewaygrhum.insa-lyon.fr, www.gatewaygrhum.insa-lyon.fr - 2 entries

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:00B5927C713CB1E3834440E068CA5745EA
Thumbprint:33A1F882F626A2898F90BDF3D2C2788725B5CF0B
SHA256 / Certificate:n4G7YRLFScPEHHbYayS75LuKMaOviS4Wew1PEQuzdxs=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):ae0c2a69330ae94a0944dd79cc8b1b740e7af799c3ebde77ba0aecaf5f5261ca
SHA256 hex / Subject Public Key Information (SPKI):ae0c2a69330ae94a0944dd79cc8b1b740e7af799c3ebde77ba0aecaf5f5261ca (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://GEANT.ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

3.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020
02.05.2033
expires in 3157 days


3.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020

02.05.2033
expires in 3157 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:00DA43BD139BD258BB4DD61CACC4F3DBE0
Thumbprint:C2826E266D7405D34EF89762636AE4B36E86CB5E
SHA256 / Certificate:N4NPpepA+/e2EZaVWWLhygVYhyQ15CBmU9P2IN2OmI4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SHA256 hex / Subject Public Key Information (SPKI):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


4.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020
02.05.2033
expires in 3157 days


4.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020

02.05.2033
expires in 3157 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:00DA43BD139BD258BB4DD61CACC4F3DBE0
Thumbprint:C2826E266D7405D34EF89762636AE4B36E86CB5E
SHA256 / Certificate:N4NPpepA+/e2EZaVWWLhygVYhyQ15CBmU9P2IN2OmI4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SHA256 hex / Subject Public Key Information (SPKI):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010
19.01.2038
expires in 4880 days


5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010

19.01.2038
expires in 4880 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:01FD6D30FCA3CA51A81BBC640E35032D
Thumbprint:2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
SHA256 / Certificate:55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=
SHA256 hex / Cert (DANE * 0 1):e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019
01.01.2029
expires in 1575 days


6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019

01.01.2029
expires in 1575 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:3972443AF922B751D7D36C10DD313595
Thumbprint:D89E3BD43D5D909B47A18977AA9D5CE36CEE184C
SHA256 / Certificate:aLnHYSGaWx8BMXhEdGZdthu9sQngDwXKn3QkTuX19Ss=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.comodoca.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004
01.01.2029
expires in 1575 days


7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004

01.01.2029
expires in 1575 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:01
Thumbprint:D1EB23A46D17D68FD92564C2F1F1601764D8E349
SHA256 / Certificate:16eg+11+JzHXcelITrze9x1fDD4KKUh4K8g+4OppnvQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SHA256 hex / Subject Public Key Information (SPKI):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


2.
1.
CN=ecandidat.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
13.11.2023
13.11.2024
expires in 65 days
ecandidat.insa-lyon.fr, www.ecandidat.insa-lyon.fr - 2 entries
2.
1.
CN=ecandidat.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
13.11.2023

13.11.2024
expires in 65 days
ecandidat.insa-lyon.fr, www.ecandidat.insa-lyon.fr - 2 entries

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:3F2580F84A6BFD87402D2A9A188AFD5A
Thumbprint:674B3C1B92774F8A4A22E9DD7B66A21698B6F2C2
SHA256 / Certificate:gRp+Fgb0bB5rf8FXMu72bwIsYxk5E+pzfKd6xGOFV7I=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):789d1e49e317647e7ea357715b5e178d4e4717eaf3b660cdf125de7f356ed8eb
SHA256 hex / Subject Public Key Information (SPKI):789d1e49e317647e7ea357715b5e178d4e4717eaf3b660cdf125de7f356ed8eb (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://GEANT.ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=ecandidat.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
13.11.2023
13.11.2024
expires in 65 days
ecandidat.insa-lyon.fr, www.ecandidat.insa-lyon.fr - 2 entries

2.
CN=ecandidat.insa-lyon.fr, O=Institut National des Sciences Appliquées de Lyon, S=Auvergne-Rhône-Alpes, C=FR
13.11.2023

13.11.2024
expires in 65 days
ecandidat.insa-lyon.fr, www.ecandidat.insa-lyon.fr - 2 entries

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:3F2580F84A6BFD87402D2A9A188AFD5A
Thumbprint:674B3C1B92774F8A4A22E9DD7B66A21698B6F2C2
SHA256 / Certificate:gRp+Fgb0bB5rf8FXMu72bwIsYxk5E+pzfKd6xGOFV7I=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):789d1e49e317647e7ea357715b5e178d4e4717eaf3b660cdf125de7f356ed8eb
SHA256 hex / Subject Public Key Information (SPKI):789d1e49e317647e7ea357715b5e178d4e4717eaf3b660cdf125de7f356ed8eb (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://GEANT.ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


3.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020
02.05.2033
expires in 3157 days


3.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020

02.05.2033
expires in 3157 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:00DA43BD139BD258BB4DD61CACC4F3DBE0
Thumbprint:C2826E266D7405D34EF89762636AE4B36E86CB5E
SHA256 / Certificate:N4NPpepA+/e2EZaVWWLhygVYhyQ15CBmU9P2IN2OmI4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SHA256 hex / Subject Public Key Information (SPKI):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


4.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020
02.05.2033
expires in 3157 days


4.
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
18.02.2020

02.05.2033
expires in 3157 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:00DA43BD139BD258BB4DD61CACC4F3DBE0
Thumbprint:C2826E266D7405D34EF89762636AE4B36E86CB5E
SHA256 / Certificate:N4NPpepA+/e2EZaVWWLhygVYhyQ15CBmU9P2IN2OmI4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SHA256 hex / Subject Public Key Information (SPKI):8f4a912bd4b4a146daf5be2db5974aa78d90e13d89f12e0514a3cd1b91531550
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010
19.01.2038
expires in 4880 days


5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010

19.01.2038
expires in 4880 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:01FD6D30FCA3CA51A81BBC640E35032D
Thumbprint:2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
SHA256 / Certificate:55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=
SHA256 hex / Cert (DANE * 0 1):e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019
01.01.2029
expires in 1575 days


6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019

01.01.2029
expires in 1575 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:3972443AF922B751D7D36C10DD313595
Thumbprint:D89E3BD43D5D909B47A18977AA9D5CE36CEE184C
SHA256 / Certificate:aLnHYSGaWx8BMXhEdGZdthu9sQngDwXKn3QkTuX19Ss=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.comodoca.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004
01.01.2029
expires in 1575 days


7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004

01.01.2029
expires in 1575 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:01
Thumbprint:D1EB23A46D17D68FD92564C2F1F1601764D8E349
SHA256 / Certificate:16eg+11+JzHXcelITrze9x1fDD4KKUh4K8g+4OppnvQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SHA256 hex / Subject Public Key Information (SPKI):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
0
0
1

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
8940292320
leaf cert
CN=GEANT OV RSA CA 4, O=GEANT Vereniging, C=NL
2023-03-19 23:00:00
2024-03-19 22:59:59
gatewaygrhum.insa-lyon.fr, www.gatewaygrhum.insa-lyon.fr
2 entries



11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: dns.univ-lyon1.fr, dns2.univ-lyon1.fr

QNr.DomainTypeNS used
1
fr
NS
l.root-servers.net (2001:500:9f::42)

Answer: d.nic.fr, e.ext.nic.fr, f.ext.nic.fr, g.ext.nic.fr
2
dns.univ-lyon1.fr: 134.214.100.6
NS
d.nic.fr (2001:678:c::1)

Answer: ccpntc3.in2p3.fr
134.158.69.191

Answer: ccpnvx.in2p3.fr
134.158.69.104

Answer: dns2.univ-lyon1.fr
134.214.100.245, 2001:660:5001:100::245


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
insa-frontscol-01.insa-lyon.fr
0

no CAA entry found
1
0
gatewaygrhum.insa-lyon.fr



1
0
insa-lyon.fr
0

no CAA entry found
1
0

0

no CAA entry found
1
0
fr
0

no CAA entry found
1
0

0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
insa-lyon.fr
2csn4cyzwdqkz72jjskmxs7sxz2fy18c
ok
1
0
insa-lyon.fr
ms=64a82e5fda6a11abf9cb801b190e50c1c8c42c39
ok
1
0
insa-lyon.fr
ms=c0b64fc43dda1629fe99dac4eacc41577066af06
ok
1
0
insa-lyon.fr
ms=ms41883901
ok
1
0
insa-lyon.fr
ms=ms74850109
ok
1
0
insa-lyon.fr
Sendinblue-code:7400d8e136db172b10aba27e4e8ffd54
ok
1
0
insa-lyon.fr
v=spf1 ip4:134.214.182.0/24 ip4:193.49.159.28 ip4:137.74.252.60 include:mx.ovh.com include:spf.partage.renater.fr include:spf.idfch.net include:spf.sendinblue.com include:_spf.netanswer.fr ~all
ok
1
0
gatewaygrhum.insa-lyon.fr


1
0
_acme-challenge.gatewaygrhum.insa-lyon.fr

Name Error - The domain name does not exist
1
0
_acme-challenge.insa-frontscol-01.insa-lyon.fr

Name Error - The domain name does not exist
1
0
_acme-challenge.gatewaygrhum.insa-lyon.fr.insa-lyon.fr

Name Error - The domain name does not exist
1
0
_acme-challenge.gatewaygrhum.insa-lyon.fr.gatewaygrhum.insa-lyon.fr

Name Error - The domain name does not exist
1
0
_acme-challenge.insa-frontscol-01.insa-lyon.fr.insa-frontscol-01.insa-lyon.fr

Name Error - The domain name does not exist
1
0


15. DomainService - Entries (SPF-Check is alpha - 2024-06-22, DMARC-Detailcheck is alpha - 2024-07-06, SMTP-TLS-Reporting is alpa - 2024-07-13)

No DomainServiceEntries entries found



16. Cipher Suites

Summary
DomainIPPortnum CipherstimeStd.ProtocolForward Secrecy
gatewaygrhum.insa-lyon.fr
134.214.181.115
443
5 Ciphers40.41 sec
0 without, 5 FS
100.00 %
Complete

1
5 Ciphers
5.00 Ciphers/Check
40.41 sec40.41 sec/Check
0 without, 5 FS
100.00 %

Details
DomainIPPortCipher (OpenSsl / IANA)
gatewaygrhum.insa-lyon.fr
134.214.181.115
443
ECDHE-RSA-CHACHA20-POLY1305
(Secure)
TLSv1.2
0xCC,0xA8
FS
5 Ciphers, 40.41 sec
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
ECDH
RSA
CHACHA20/POLY1305(256)
AEAD



ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDH
RSA
AESGCM(256)
AEAD



DHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0x00,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
DH
RSA
AESGCM(256)
AEAD



ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDH
RSA
AESGCM(128)
AEAD



DHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0x00,0x9E
FS

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
DH
RSA
AESGCM(128)
AEAD


17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=2a22b566-4052-42a5-8eeb-1ba3291de669


Last Result: https://check-your-website.server-daten.de/?q=gatewaygrhum.insa-lyon.fr - 2024-04-02 10:07:06


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=gatewaygrhum.insa-lyon.fr" target="_blank">Check this Site: gatewaygrhum.insa-lyon.fr</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/?d=gatewaygrhum.insa-lyon.fr