Check DNS, Urls + Redirects, Certificates and Content of your Website


Update: 2020-03-04 - now 90 days later. All affected Letsencrypt certificates should be renewed. Time to remove that Info.




W

wrong Web-Response

Checked:
22.05.2020 22:20:37


Older results


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
me.broscarusorin.eu
C
968a0966246c.sn.mynetname.net
yes
1
0

A
86.123.11.85
Sibiu/Romania (RO) - RCS & RDS
No Hostname found
yes


www.me.broscarusorin.eu

Name Error
yes
1
0
*.broscarusorin.eu
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


*.me.broscarusorin.eu
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 48903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2020, 00:00:00, Signature-Inception: 21.05.2020, 00:00:00, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: eu
eu
1 DS RR in the parent zone found



1 RRSIG RR to validate DS RR found



Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.06.2020, 17:00:00, Signature-Inception: 22.05.2020, 16:00:00, KeyTag 48903, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48903 used to validate the DS RRSet in the parent zone



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 9876, Flags 256



Public Key with Algorithm 8, KeyTag 58716, Flags 256



Public Key with Algorithm 8, KeyTag 59479, Flags 257 (SEP = Secure Entry Point)



2 RRSIG RR to validate DNSKEY RR found



Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2020, 09:00:00, Signature-Inception: 20.05.2020, 08:00:00, KeyTag 9876, Signer-Name: eu



Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2020, 09:00:00, Signature-Inception: 20.05.2020, 08:00:00, KeyTag 59479, Signer-Name: eu



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 9876 used to validate the DNSKEY RRSet



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59479 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 59479, DigestType 2 and Digest "XbqoG8C+/pIYhtjaKEmNn9RBtFf7DjZCoLL5gRyOFeA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: broscarusorin.eu
broscarusorin.eu
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "fl84la10vcgtl32fkh2klbk07um18lls" between the hashed NSEC3-owner "fl84evrqjvmi9efs0sja1nv72sdk11k3" and the hashed NextOwner "fl870j2gt2inu7l5k4ltmmmt1r5c77g9". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG Algorithm: 8, 2 Labels, original TTL: 600 sec, Signature-expiration: 27.05.2020, 10:48:50, Signature-Inception: 20.05.2020, 10:32:34, KeyTag 9876, Signer-Name: eu



0 DNSKEY RR found




Zone: me.broscarusorin.eu
me.broscarusorin.eu
0 DS RR in the parent zone found

Zone: www.me.broscarusorin.eu
www.me.broscarusorin.eu
0 DS RR in the parent zone found

Zone: (root)
(root)
1 DS RR published



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 48903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2020, 00:00:00, Signature-Inception: 21.05.2020, 00:00:00, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: net
net
1 DS RR in the parent zone found



1 RRSIG RR to validate DS RR found



Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.06.2020, 17:00:00, Signature-Inception: 22.05.2020, 16:00:00, KeyTag 48903, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48903 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 35886, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 36059, Flags 256



1 RRSIG RR to validate DNSKEY RR found



Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 29.05.2020, 16:28:30, Signature-Inception: 14.05.2020, 16:23:30, KeyTag 35886, Signer-Name: net



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35886 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest "eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: mynetname.net
mynetname.net
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "lhd8orimj4cfghu6bo5d16oo97gvqco6" between the hashed NSEC3-owner "lhd6abetd70c8io5c2c5bp55it9bnbjr" and the hashed NextOwner "lhde9uvu9ihc9lo56n7pvq2eoht64ql5". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 28.05.2020, 06:50:04, Signature-Inception: 21.05.2020, 05:40:04, KeyTag 36059, Signer-Name: net



0 DNSKEY RR found




Zone: sn.mynetname.net
sn.mynetname.net
0 DS RR in the parent zone found

Zone: 968a0966246c.sn.mynetname.net
968a0966246c.sn.mynetname.net
0 DS RR in the parent zone found



0 DNSKEY RR found




3. Name Servers

DomainNameserverNS-IP
www.me.broscarusorin.eu
  ns1.gazduire.net

broscarusorin.eu
  ns1.gazduire.net / dns1.gazduire.net
185.248.199.9
Satu Nou/Brasov/Romania (RO) - Pagini Europene SRL


 
2a0a:8880::216:3eff:fe13:e9df
Satu Nou/Brasov/Romania (RO) - Pagini Europe SRL - Gazduire Web


  ns2.gazduire.net / dns2.gazduire.net
178.62.207.207
Amsterdam/North Holland/Netherlands (NL) - DigitalOcean, LLC


 
2a03:b0c0:2:d0::364:9001
Amsterdam/North Holland/Netherlands (NL) - DigitalOcean, LLC

eu
  nl.dns.eu


  si.dns.eu


  w.dns.eu / tld-eu-fra1


  x.dns.eu / ns-2.eu.de8.bind


  y.dns.eu / s2.amx


968a0966246c.sn.mynetname.net
 

sn.mynetname.net
 

mynetname.net
U  ns1.kissthenet.net
159.148.147.201
Riga/Latvia (LV) - MIKROTIKLS


U 
2a02:610:7501:1000::201
Riga/Latvia (LV) - MIKROTIKLS


U  ns2.kissthenet.net
159.148.172.251
Riga/Latvia (LV) - MIKROTIKLS


U 
2a02:610:7501:4000::251
Riga/Latvia (LV) - MIKROTIKLS

net
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net


4. SOA-Entries


Domain:eu
Zone-Name:eu
Primary:nl.dns.eu
Mail:tech.eurid.eu
Serial:1062421082
Refresh:3600
Retry:1800
Expire:3600000
TTL:600
num Entries:2


Domain:eu
Zone-Name:eu
Primary:nl.dns.eu
Mail:tech.eurid.eu
Serial:1062421083
Refresh:3600
Retry:1800
Expire:3600000
TTL:600
num Entries:3


Domain:broscarusorin.eu
Zone-Name:broscarusorin.eu
Primary:ns1.gazduire.net
Mail:root.dns1.gazduire.net
Serial:2020041424
Refresh:3600
Retry:1800
Expire:1209600
TTL:86400
num Entries:2


Domain:broscarusorin.eu
Zone-Name:broscarusorin.eu
Primary:ns1.gazduire.net
Mail:root.dns1.gazduire.net
Serial:2020052206
Refresh:3600
Retry:1800
Expire:1209600
TTL:86400
num Entries:2


Domain:www.me.broscarusorin.eu
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1



Domain:net
Zone-Name:net
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1590178827
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:8


Domain:net
Zone-Name:net
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1590178842
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:5


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178868
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178868
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178868
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178870
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178870
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178870
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178873
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178873
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178873
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178875
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178875
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:mynetname.net
Zone-Name:mynetname.net
Primary:ns1.kissthenet.net
Mail:hostmaster.kissthenet.net
Serial:1590178875
Refresh:60
Retry:600
Expire:3600
TTL:60
num Entries:1


Domain:sn.mynetname.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:968a0966246c.sn.mynetname.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


5. Screenshots

No Screenshot listed, because no url-check with https + http status 200-299, 400-599 + not-ACME-check found.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://me.broscarusorin.eu/
86.123.11.85 GZip used - 832 / 1805 - 53.91 %
200

Html is minified: 100.00 %
0.086
H
small visible content (num chars: 82)
Warning! This application requires Javascript and your browser doesn't support it.
Server: nginx
Date: Fri, 22 May 2020 20:22:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 15 Apr 2020 05:51:59 GMT
ETag: W/"5e96a0ff-70d"
Content-Encoding: gzip
X-Served-By: me.broscarusorin.eu

• https://me.broscarusorin.eu/
86.123.11.85
-8

2.680
W
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

• http://me.broscarusorin.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
86.123.11.85 GZip used - 832 / 1805 - 53.91 %
Inline-JavaScript (∑/total): 1/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 100.00 %
0.120

Visible Content: Warning! This application requires Javascript and your browser doesn't support it.
Info: Html-Content with meta and/or script, may be a problem creating a Letsencrypt certificate using http-01 validation
Server: nginx
Date: Fri, 22 May 2020 20:22:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 15 Apr 2020 05:51:59 GMT
ETag: W/"5e96a0ff-70d"
Content-Encoding: gzip
X-Served-By: me.broscarusorin.eu

• https://86.123.11.85/
86.123.11.85
-8

2.653
W
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

7. Comments


1. General Results, most used to calculate the result

Aname "me.broscarusorin.eu" is subdomain, public suffix is "eu", top-level-domain-type is "country-code", Country is European Union, tld-manager is "EURid vzw/asbl"
Agood: All ip addresses are public addresses
Warning: Only one ip address found: me.broscarusorin.eu has only one ip address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: me.broscarusorin.eu has no ipv6 address.
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Agood - only one version with Http-Status 200
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (2 urls)
http://me.broscarusorin.eu/ 86.123.11.85


Url with incomplete Content-Type - header - missing charset
http://me.broscarusorin.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 86.123.11.85


Url with incomplete Content-Type - header - missing charset
Hfatal error: No https - result with http-status 200, no encryption
HFatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
Ihttp://me.broscarusorin.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 86.123.11.85
200

Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Not used to calculate the result because it's a http - check. But listed so you should fix it.
Nhttps://me.broscarusorin.eu/ 86.123.11.85
-8

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://86.123.11.85/ 86.123.11.85
-8

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
XFatal error: Nameserver doesn't support TCP connection: ns1.kissthenet.net / 159.148.147.201: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 159.148.147.201:53
XFatal error: Nameserver doesn't support TCP connection: ns1.kissthenet.net / 2a02:610:7501:1000::201: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte [2a02:610:7501:1000::201]:53
XFatal error: Nameserver doesn't support TCP connection: ns2.kissthenet.net / 159.148.172.251: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 159.148.172.251:53
XFatal error: Nameserver doesn't support TCP connection: ns2.kissthenet.net / 2a02:610:7501:4000::251: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte [2a02:610:7501:4000::251]:53
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain me.broscarusorin.eu, 1 ip addresses, 1 different http results.

2. DNS- and NameServer - Checks

AInfo:: 2 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 2 Name Servers.
AInfo:: 2 Queries complete, 2 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
AGood: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.ns1.gazduire.net (185.248.199.9, 2a0a:8880::216:3eff:fe13:e9df), ns2.gazduire.net (178.62.207.207, 2a03:b0c0:2:d0::364:9001)
AGood (1 - 3.0):: An average of 1.0 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 2 different Name Servers found: ns1.gazduire.net, ns2.gazduire.net, 2 Name Servers included in Delegation: ns1.gazduire.net, ns2.gazduire.net, 2 Name Servers included in 1 Zone definitions: ns1.gazduire.net, ns2.gazduire.net, 1 Name Servers listed in SOA.Primary: ns1.gazduire.net.
AGood: Only one SOA.Primary Name Server found.: ns1.gazduire.net.
AGood: SOA.Primary Name Server included in the delegation set.: ns1.gazduire.net.
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AInfo: Ipv4-Subnet-list: 2 Name Servers, 2 different subnets (first Byte): 178., 185., 2 different subnets (first two Bytes): 178.62., 185.248., 2 different subnets (first three Bytes): 178.62.207., 185.248.199.
AExcellent: Every Name Server IPv4-address starts with an unique Byte.
AInfo: IPv6-Subnet-list: 2 Name Servers with IPv6, 2 different subnets (first block): 2a03:, 2a0a:, 2 different subnets (first two blocks): 2a03:b0c0:, 2a0a:8880:, 2 different subnets (first three blocks): 2a03:b0c0:0002:, 2a0a:8880:0000:, 2 different subnets (first four blocks): 2a03:b0c0:0002:00d0:, 2a0a:8880:0000:0000:
AExcellent: Every Name Server IPv6-address starts with an unique Hex-block
AGood: Nameserver supports TCP connections: 4 good Nameserver
AGood: Nameserver supports Echo Capitalization: 4 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver


Nameserver doesn't pass all EDNS-Checks: ns1.gazduire.net: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

3. Content- and Performance-critical Checks

http://me.broscarusorin.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 86.123.11.85
200

Warning: Not existing ACME-file, but Server sends 200, not 404 or redirect. May be a problem creating a Letsencrypt certificate. Checking /.well-known/acme-challenge/random-filename - a http status 404 - Not Found - is expected. If your server sends content and a http status 200, the validation file (87 bytes, token, dot and the hash of the public part of the account key) may be invisible, so Letsencrypt can't validate your domain. If it is an application that sends this content, perhaps create an exception, so /.well-known/acme-challenge sends raw files. Or create a redirect to another domain and / or port 443, but your Letsencrypt client must support such a solution. Certbot: Use webroot as authenticator - https://certbot.eff.org/docs/using.html Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://me.broscarusorin.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 86.123.11.85
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 1 script elements without defer/async.
AGood: All CSS / JavaScript files are sent with GZip. That reduces the content of the files. 1 external CSS / JavaScript files found
Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 2 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 1 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 3 complete.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 128886 milliseconds, 128.886 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
me.broscarusorin.eu
86.123.11.85
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
me.broscarusorin.eu
86.123.11.85
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=localhost, OU=Dummy Certificate, O=Nginx Proxy Manager


86.123.11.85
86.123.11.85
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok

86.123.11.85
86.123.11.85
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=localhost, OU=Dummy Certificate, O=Nginx Proxy Manager


9. Certificates

1.
1.
CN=localhost, OU=Dummy Certificate, O=Nginx Proxy Manager
16.05.2020
14.05.2030
expires in 3629 days

1.
1.
CN=localhost, OU=Dummy Certificate, O=Nginx Proxy Manager
16.05.2020

14.05.2030
expires in 3629 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:7FFF3CCDFFC7DF5C9B1BF680C526A4FFE4A1F148
Thumbprint:C87477A7CAAB86C7857ABC402B15A8652160CD84
SHA256 / Certificate:zWw/RQWNJURxGS+GoHJA9wSzYPei/ViwBhxvhYEFyTE=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):7174ebd4894a2e50ea7d90c2cb8d3765331b6a4f1290529e8a26eda4e723ef61
SHA256 hex / Subject Public Key Information (SPKI):38b34c2e961b945c0f428c37ff65bc4b344368b73308b1d8e1a4cbedc54c137b
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

No CRT - CT-Log entries found


11. Html-Content - Entries

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
http://me.broscarusorin.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
86.123.11.85
link
stylesheet
2

1
1
1
1
0
0
-1

link
other
6

5
5
0
0
0
0


meta
apple
2

0


0
0
0


meta
other
10

1
1
0
0
0
0


script

1

1
1
0
0
0
0

Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
http://me.broscarusorin.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
86.123.11.85
link
apple-touch-icon
/images/favicons/apple-touch-icon.png
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.








link
icon
/images/favicons/favicon-16x16.png
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.








link
icon
/images/favicons/favicon-32x32.png
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.








link
manifest
/images/favicons/site.webmanifest


1
ok








link
mask-icon
/images/favicons/safari-pinned-tab.svg
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.








link
shortcut icon
/images/favicons/favicon.ico
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.








link
stylesheet
/css/main.css?v=2.2.3
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.








link
stylesheet
https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,300i,400,400i,500,500i,600,600i,700,700i&subset=latin-ext
200

1
ok
text/css; charset=utf-8, X-Content-Type-Options nosniff found

GZip: 370/2233 Bytes




Server-Header Access-Control-Allow-Origin: *
Cross-Origin Resource Sharing (CORS) supported

missing crossorigin=anonymous|use-credentials and integrity - attribute, possible hash-values:

sha256-xQ5PZaAc2hUAF8gU67tvSk+K5yAqAIFs9vELdyevjUU=
sha384-3VA6Jx0Kf1ogfXN9nF4HZdsRre737+05AfxIGqm0n5DKXQwI5cU1PJ55+njnyaWC
sha512-zXkmpMRxTgsS8EScDXW0xywC0OaWUFEOsiCF0qqIzFOXXdlkH0JVdLxHjq75OZjbT/8DVJw+N0fp1i1uGXR30g==

<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,300i,400,400i,500,500i,600,600i,700,700i&subset=latin-ext" crossorigin="anonymous" integrity="sha256-xQ5PZaAc2hUAF8gU67tvSk+K5yAqAIFs9vELdyevjUU=" />



Content loaded via url("...")

https://fonts.gstatic.com/s/sourcesanspro/v13/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDc.ttf1
https://fonts.gstatic.com/s/sourcesanspro/v13/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7g.ttf1
https://fonts.gstatic.com/s/sourcesanspro/v13/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdi18E.ttf1
https://fonts.gstatic.com/s/sourcesanspro/v13/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18E.ttf1
https://fonts.gstatic.com/s/sourcesanspro/v13/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18E.ttf1
https://fonts.gstatic.com/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdr.ttf1
https://fonts.gstatic.com/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdr.ttf1
https://fonts.gstatic.com/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRdr.ttf1

meta

utf-8


1
ok








meta
Content-Language
en


1
ok








meta
X-UA-Compatible
ie=edge


1
ok








meta
apple-mobile-web-app-capable
yes


1
ok








meta
apple-mobile-web-app-status-bar-style
black-translucent


1
ok








meta
HandheldFriendly
True


1
ok








meta
MobileOptimized
320


1
ok








meta
mobile-web-app-capable
yes


1
ok








meta
msapplication-config
/images/favicons/browserconfig.xml
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.








meta
msapplication-TileColor
#333333


1
ok








meta
theme-color
#ffffff


1
ok








meta
viewport
width=device-width,user-scalable=no,initial-scale=1,maximum-scale=1,minimum-scale=1


1
ok








script
src
/js/main.bundle.js?v=2.2.3
-8
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
1
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
Missing defer / async attribute.








12. Nameserver - IP-Adresses (alpha)

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns1.gazduire.net, ns2.gazduire.net

QNr.DomainTypeNS used
1
net
NS
b.root-servers.net (2001:500:200::b)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
ns1.gazduire.net: 185.248.199.9, 2a0a:8880::216:3eff:fe13:e9df
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns2.gazduire.net
178.62.207.207, 2a03:b0c0:2:d0::364:9001


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
968a0966246c.sn.mynetname.net
0

no CAA entry found
1
0
me.broscarusorin.eu



1
0
broscarusorin.eu
0

no CAA entry found
1
0
mynetname.net
0

no CAA entry found
1
0
net
0

no CAA entry found
1
0
eu
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
sn.mynetname.net

Name Error - The domain name does not exist
1
0
broscarusorin.eu

ok
1
0
me.broscarusorin.eu


1
0
968a0966246c.sn.mynetname.net

ok
1
0
_acme-challenge.me.broscarusorin.eu

Name Error - The domain name does not exist
1
0
_acme-challenge.968a0966246c.sn.mynetname.net

Name Error - The domain name does not exist
1
0
_acme-challenge.me.broscarusorin.eu.broscarusorin.eu

Name Error - The domain name does not exist
1
0
_acme-challenge.me.broscarusorin.eu.me.broscarusorin.eu

Name Error - The domain name does not exist
1
0
_acme-challenge.968a0966246c.sn.mynetname.net.sn.mynetname.net

Name Error - The domain name does not exist
1
0
_acme-challenge.968a0966246c.sn.mynetname.net.968a0966246c.sn.mynetname.net

Name Error - The domain name does not exist
1
0


15. Portchecks

Domain or IPPortDescriptionResultAnswer
me.broscarusorin.eu
21
FTP



me.broscarusorin.eu
21
FTP



me.broscarusorin.eu
22
SSH



me.broscarusorin.eu
22
SSH



me.broscarusorin.eu
25
SMTP



me.broscarusorin.eu
25
SMTP



me.broscarusorin.eu
53
DNS



me.broscarusorin.eu
53
DNS



me.broscarusorin.eu
110
POP3



me.broscarusorin.eu
110
POP3



me.broscarusorin.eu
143
IMAP



me.broscarusorin.eu
143
IMAP



me.broscarusorin.eu
465
SMTP (encrypted)



me.broscarusorin.eu
465
SMTP (encrypted)



me.broscarusorin.eu
587
SMTP (encrypted, submission)



me.broscarusorin.eu
587
SMTP (encrypted, submission)



me.broscarusorin.eu
993
IMAP (encrypted)



me.broscarusorin.eu
993
IMAP (encrypted)



me.broscarusorin.eu
995
POP3 (encrypted)



me.broscarusorin.eu
995
POP3 (encrypted)



me.broscarusorin.eu
1433
MS SQL



me.broscarusorin.eu
1433
MS SQL



me.broscarusorin.eu
2082
cPanel (http)



me.broscarusorin.eu
2082
cPanel (http)



me.broscarusorin.eu
2083
cPanel (https)



me.broscarusorin.eu
2083
cPanel (https)



me.broscarusorin.eu
2086
WHM (http)



me.broscarusorin.eu
2086
WHM (http)



me.broscarusorin.eu
2087
WHM (https)



me.broscarusorin.eu
2087
WHM (https)



me.broscarusorin.eu
2089
cPanel Licensing



me.broscarusorin.eu
2089
cPanel Licensing



me.broscarusorin.eu
2095
cPanel Webmail (http)



me.broscarusorin.eu
2095
cPanel Webmail (http)



me.broscarusorin.eu
2096
cPanel Webmail (https)



me.broscarusorin.eu
2096
cPanel Webmail (https)



me.broscarusorin.eu
2222
DirectAdmin (http)



me.broscarusorin.eu
2222
DirectAdmin (http)



me.broscarusorin.eu
2222
DirectAdmin (https)



me.broscarusorin.eu
2222
DirectAdmin (https)



me.broscarusorin.eu
3306
mySql



me.broscarusorin.eu
3306
mySql



me.broscarusorin.eu
5224
Plesk Licensing



me.broscarusorin.eu
5224
Plesk Licensing



me.broscarusorin.eu
5432
PostgreSQL



me.broscarusorin.eu
5432
PostgreSQL



me.broscarusorin.eu
8080
Ookla Speedtest (http)



me.broscarusorin.eu
8080
Ookla Speedtest (http)



me.broscarusorin.eu
8080
Ookla Speedtest (https)



me.broscarusorin.eu
8080
Ookla Speedtest (https)



me.broscarusorin.eu
8083
VestaCP http



me.broscarusorin.eu
8083
VestaCP http



me.broscarusorin.eu
8083
VestaCP https



me.broscarusorin.eu
8083
VestaCP https



me.broscarusorin.eu
8443
Plesk Administration (https)



me.broscarusorin.eu
8443
Plesk Administration (https)



me.broscarusorin.eu
8447
Plesk Installer + Updates



me.broscarusorin.eu
8447
Plesk Installer + Updates



me.broscarusorin.eu
8880
Plesk Administration (http)



me.broscarusorin.eu
8880
Plesk Administration (http)



me.broscarusorin.eu
10000
Webmin (http)



me.broscarusorin.eu
10000
Webmin (http)



me.broscarusorin.eu
10000
Webmin (https)



me.broscarusorin.eu
10000
Webmin (https)



86.123.11.85
21
FTP



86.123.11.85
21
FTP



86.123.11.85
22
SSH



86.123.11.85
22
SSH



86.123.11.85
25
SMTP



86.123.11.85
25
SMTP



86.123.11.85
53
DNS



86.123.11.85
53
DNS



86.123.11.85
110
POP3



86.123.11.85
110
POP3



86.123.11.85
143
IMAP



86.123.11.85
143
IMAP



86.123.11.85
465
SMTP (encrypted)



86.123.11.85
465
SMTP (encrypted)



86.123.11.85
587
SMTP (encrypted, submission)



86.123.11.85
587
SMTP (encrypted, submission)



86.123.11.85
993
IMAP (encrypted)



86.123.11.85
993
IMAP (encrypted)



86.123.11.85
995
POP3 (encrypted)



86.123.11.85
995
POP3 (encrypted)



86.123.11.85
1433
MS SQL



86.123.11.85
1433
MS SQL



86.123.11.85
2082
cPanel (http)



86.123.11.85
2082
cPanel (http)



86.123.11.85
2083
cPanel (https)



86.123.11.85
2083
cPanel (https)



86.123.11.85
2086
WHM (http)



86.123.11.85
2086
WHM (http)



86.123.11.85
2087
WHM (https)



86.123.11.85
2087
WHM (https)



86.123.11.85
2089
cPanel Licensing



86.123.11.85
2089
cPanel Licensing



86.123.11.85
2095
cPanel Webmail (http)



86.123.11.85
2095
cPanel Webmail (http)



86.123.11.85
2096
cPanel Webmail (https)



86.123.11.85
2096
cPanel Webmail (https)



86.123.11.85
2222
DirectAdmin (http)



86.123.11.85
2222
DirectAdmin (http)



86.123.11.85
2222
DirectAdmin (https)



86.123.11.85
2222
DirectAdmin (https)



86.123.11.85
3306
mySql



86.123.11.85
3306
mySql



86.123.11.85
5224
Plesk Licensing



86.123.11.85
5224
Plesk Licensing



86.123.11.85
5432
PostgreSQL



86.123.11.85
5432
PostgreSQL



86.123.11.85
8080
Ookla Speedtest (http)



86.123.11.85
8080
Ookla Speedtest (http)



86.123.11.85
8080
Ookla Speedtest (https)



86.123.11.85
8080
Ookla Speedtest (https)



86.123.11.85
8083
VestaCP http



86.123.11.85
8083
VestaCP http



86.123.11.85
8083
VestaCP https



86.123.11.85
8083
VestaCP https



86.123.11.85
8443
Plesk Administration (https)



86.123.11.85
8443
Plesk Administration (https)



86.123.11.85
8447
Plesk Installer + Updates



86.123.11.85
8447
Plesk Installer + Updates



86.123.11.85
8880
Plesk Administration (http)



86.123.11.85
8880
Plesk Administration (http)



86.123.11.85
10000
Webmin (http)



86.123.11.85
10000
Webmin (http)



86.123.11.85
10000
Webmin (https)



86.123.11.85
10000
Webmin (https)





Permalink: https://check-your-website.server-daten.de/?i=fa2af768-9076-41d0-86d1-5b7661a9e6aa


Last Result: https://check-your-website.server-daten.de/?q=me.broscarusorin.eu - 2020-05-22 22:20:37


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=me.broscarusorin.eu" target="_blank">Check this Site: me.broscarusorin.eu</a>