Shortcuts: 1. Basic DNS | 2. Url-Checks | 3. Comments | 4. Connections | 5. Certificates | 6. CT-Logs | 7. Html-Content | 8. CAA | 9. TXT |


N

No trusted Certificate

Checked:
16.05.2019 11:07:00


Older results

1. Basic DNS and Nameserver Checks

HostTIP-Addressis auth.∑ Queries∑ Timeout
hchs-fragebogen.de
A
185.6.254.34
yes
1
0

AAAA
2a00:e400:4:1::130
yes


www.hchs-fragebogen.de
A
185.6.254.34
yes
1
0

AAAA
2a00:e400:4:1::130
yes



Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2019, 00:00:00, Signature-Inception: 11.05.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
de
1 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 29.05.2019, 05:00:00, Signature-Inception: 16.05.2019, 04:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 26298, Flags 256

Public Key with Algorithm 8, KeyTag 39227, Flags 257 (SEP = Secure Entry Point)

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 30.05.2019, 12:00:00, Signature-Inception: 09.05.2019, 12:00:00, KeyTag 39227, Signer-Name: de

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39227 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 39227, DigestType 2 and Digest "qrcwg7nvcOSl6UdppBisEuiH/DwIde8gbDRR3EC2xPo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
hchs-fragebogen.de
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


www.hchs-fragebogen.de
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.hchs-fragebogen.de
  ns1.akquinet.de

hchs-fragebogen.de
  ns1.akquinet.de
213.238.48.53

 
2a00:e400:0:50::53

  ns2.akquinet.de
91.208.244.11

 
2a00:e400:1:38::53
de
  a.nic.de / ns-2.de.de8.bind


  f.nic.de / ns-1.de.de1.bind


  l.de.net / ns-1.de.fr1.bind


  n.de.net / s3.amx


  s.de.net / ns-2.de.de9.bind


  z.nic.de / ns-1.de.de8.bind



SOA - records (beta)

Domain:de
Primary:f.nic.de
Mail:its.denic.de
Serial:2019051641
Refresh:7200
Retry:7200
Expire:3600000
TTL:7200
num Entries:6


Domain:hchs-fragebogen.de
Primary:ns1.akquinet.de
Mail:hostmaster.akquinet.de
Serial:2019021501
Refresh:3600
Retry:900
Expire:86400
TTL:3600
num Entries:4


Domain:www.hchs-fragebogen.de
Primary:ns1.akquinet.de
Mail:hostmaster.akquinet.de
Serial:2019021501
Refresh:3600
Retry:900
Expire:86400
TTL:3600
num Entries:1


2. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://hchs-fragebogen.de/
185.6.254.34
301
https://www.hchs-fragebogen.de/
0.063
E
Date: Thu, 16 May 2019 09:07:19 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6
Location: https://www.hchs-fragebogen.de/
Content-Length: 239
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.hchs-fragebogen.de/
185.6.254.34
301
https://www.hchs-fragebogen.de/
0.070
A
Date: Thu, 16 May 2019 09:07:19 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6
Location: https://www.hchs-fragebogen.de/
Content-Length: 239
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://hchs-fragebogen.de/
2a00:e400:4:1::130
-14

10.026
T
Timeout - The operation has timed out

• http://www.hchs-fragebogen.de/
2a00:e400:4:1::130
-14

10.026
T
Timeout - The operation has timed out

• https://hchs-fragebogen.de/
185.6.254.34
403

0.294
N
Forbidden
Certificate error: RemoteCertificateNameMismatch
Date: Thu, 16 May 2019 09:07:39 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6
Content-Length: 202
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://hchs-fragebogen.de/
2a00:e400:4:1::130
-14

10.030
T
Timeout - The operation has timed out

• https://www.hchs-fragebogen.de/
185.6.254.34
403

0.284
M
Forbidden
Date: Thu, 16 May 2019 09:07:40 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6
Content-Length: 202
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://www.hchs-fragebogen.de/
2a00:e400:4:1::130
-14

10.026
T
Timeout - The operation has timed out

• http://hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.6.254.34
301
https://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.050
E
Visible Content: Moved Permanently The document has moved here .
Date: Thu, 16 May 2019 09:08:00 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6
Location: https://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.6.254.34
301
https://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.053
A
Visible Content: Moved Permanently The document has moved here .
Date: Thu, 16 May 2019 09:08:00 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fastcgi/2.4.6
Location: https://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:e400:4:1::130
-14

10.030
T
Timeout - The operation has timed out
Visible Content:

• http://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:e400:4:1::130
-14

10.027
T
Timeout - The operation has timed out
Visible Content:

• https://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

-14

10.027
T
Timeout - The operation has timed out
Visible Content:

3. Comments

Aname "hchs-fragebogen.de" is domain, public suffix is "de", top-level-domain-type is "country-code", Country is Germany, tld-manager is "DENIC eG"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Ahttp://www.hchs-fragebogen.de/ 185.6.254.34
301
https://www.hchs-fragebogen.de/
correct redirect http - https with the same domain name
CError - no version with Http-Status 200
Ehttp://hchs-fragebogen.de/ 185.6.254.34
301
https://www.hchs-fragebogen.de/
wrong redirect one domain http to other domain https - first redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security).
Hfatal error: No https - result with http-status 200, no encryption
Khttp://hchs-fragebogen.de/ 185.6.254.34, Status 301

http://hchs-fragebogen.de/ 2a00:e400:4:1::130, Status -14
configuration problem - different ip addresses with different status
Khttp://www.hchs-fragebogen.de/ 185.6.254.34, Status 301

http://www.hchs-fragebogen.de/ 2a00:e400:4:1::130, Status -14
configuration problem - different ip addresses with different status
Khttps://hchs-fragebogen.de/ 185.6.254.34, Status 403

https://hchs-fragebogen.de/ 2a00:e400:4:1::130, Status -14
configuration problem - different ip addresses with different status
Khttps://www.hchs-fragebogen.de/ 185.6.254.34, Status 403

https://www.hchs-fragebogen.de/ 2a00:e400:4:1::130, Status -14
configuration problem - different ip addresses with different status
Khttp://hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 185.6.254.34, Status 301

http://hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:e400:4:1::130, Status -14
configuration problem - different ip addresses with different status
Khttp://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 185.6.254.34, Status 301

http://www.hchs-fragebogen.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:e400:4:1::130, Status -14
configuration problem - different ip addresses with different status
Mhttps://hchs-fragebogen.de/ 185.6.254.34
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://www.hchs-fragebogen.de/ 185.6.254.34
403

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://hchs-fragebogen.de/ 185.6.254.34
403

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
AGood: Nameserver supports TCP connections: 4 good Nameserver
AGood: Nameserver supports Echo Capitalization: 4 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
Nameserver doesn't pass all EDNS-Checks: n.de.net: OP100: ok. FLAGS: ok. V1: ok. V1OP100: fatal timeout. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: ok (s3.amx). COOKIE: ok. CLIENTSUBNET: ok.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
ADuration: 91750 milliseconds, 91.750 seconds


4. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
hchs-fragebogen.de
185.6.254.34
443
name does not match
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Chain (complete)
1CN=www.hchs-fragebogen.de

2CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
www.hchs-fragebogen.de
185.6.254.34
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Chain (complete)
1CN=www.hchs-fragebogen.de

2CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US


5. Certificates

1.
1.
CN=www.hchs-fragebogen.de
26.02.2019
27.05.2019
expires in 1 days
www.hchs-fragebogen.de - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:04FFD9BEBCD9E4AFA85053CF7811A28A7BF2
Thumbprint:D87E2A0AEB3525FCF9E7F6C0CF621CE16DD8CE15
SHA256 / Certificate:PSc7twwrxe/eCEZEX6XtRPAdVJfqYYcyVTwrwzLGqbE=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):fd91160f894b841965fe60ffc1ab71055f0929ef3c2ed33eeb112c5c24b969d6
OCSP - Url:http://ocsp.int-x3.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes


2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016
17.03.2021
expires in 661 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A0141420000015385736A0B85ECA708
Thumbprint:E6A3B45B062D509B3382282D196EFE97D5956CCB
SHA256 / Certificate:JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=
SHA256 hex / Cert (DANE * 0 1):25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
SHA256 hex / PublicKey (DANE * 1 1):60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
OCSP - Url:http://isrg.trustid.ocsp.identrust.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000
30.09.2021
expires in 858 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:44AFB080D6A327BA893039862EF8406B
Thumbprint:DAC9024F54D8F6DF94935FB1732638CA6AD77C13
SHA256 / Certificate:BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk=
SHA256 hex / Cert (DANE * 0 1):0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
SHA256 hex / PublicKey (DANE * 1 1):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



6. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
3
3

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
887513706
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-30 07:12:07
2019-07-29 07:12:07
wdav.hchs-fragebogen.de
1 entries


783814374
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-02-26 11:12:05
2019-05-27 11:12:05
wdav.hchs-fragebogen.de
1 entries


783764844
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-02-26 10:24:50
2019-05-27 10:24:50
www.hchs-fragebogen.de
1 entries



2. Source crt.sh - old and new certificates, sometimes very slow.

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
3
3

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1431730090
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-30 05:12:07
2019-07-29 05:12:07
wdav.hchs-fragebogen.de
1 entries


1242700322
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-02-26 10:12:05
2019-05-27 09:12:05
wdav.hchs-fragebogen.de
1 entries


1242647009
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-02-26 09:24:50
2019-05-27 08:24:50
www.hchs-fragebogen.de
1 entries



7. Html-Content - Entries (BETA - mixed content and other checks)

No Html-Content entries found. Only checked if https + status 200/401/403/404


8. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.hchs-fragebogen.de
0

no CAA entry found
1
0
hchs-fragebogen.de
0

no CAA entry found
1
0
de
0

no CAA entry found
1
0


9. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
hchs-fragebogen.de

ok
1
0
www.hchs-fragebogen.de

ok
1
0
_acme-challenge.hchs-fragebogen.de

Name Error - The domain name does not exist
1
0
_acme-challenge.www.hchs-fragebogen.de

Name Error - The domain name does not exist
1
0
_acme-challenge.hchs-fragebogen.de.hchs-fragebogen.de

Name Error - The domain name does not exist
1
0
_acme-challenge.www.hchs-fragebogen.de.hchs-fragebogen.de

Name Error - The domain name does not exist
1
0
_acme-challenge.www.hchs-fragebogen.de.www.hchs-fragebogen.de

Name Error - The domain name does not exist
1
0



Permalink: https://check-your-website.server-daten.de/?i=8c589c94-acce-4e6e-89d8-1a756cd09231


Last Result: https://check-your-website.server-daten.de/?q=hchs-fragebogen.de - 2019-05-16 11:07:00