N

No trusted Certificate

Checked:
14.06.2019 09:56:54


Older results


1. IP-Addresses

HostTIP-Addressis auth.∑ Queries∑ Timeout
nubeahorro.es
A
85.55.204.163
Valladolid/Castilla y Leon/ES
yes
1
0

AAAA

yes


www.nubeahorro.es
A
213.186.33.5
Roubaix/Nord-Pas-de-Calais/FR
yes
1
0

AAAA

yes



2. DNSSEC

Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.07.2019, 00:00:00, Signature-Inception: 10.06.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
es
2 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.06.2019, 05:00:00, Signature-Inception: 14.06.2019, 04:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 3753, Flags 256

Public Key with Algorithm 8, KeyTag 29450, Flags 257 (SEP = Secure Entry Point)

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 19.06.2019, 11:16:18, Signature-Inception: 05.06.2019, 08:11:18, KeyTag 29450, Signer-Name: es

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 29450 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 29450, DigestType 1 and Digest "QXvq+0ar80MLdcXCmu94XUdrYOE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 29450, DigestType 2 and Digest "i+wyosnP5C45O6+B/+cbUh0+lAYSpFkLR2OtxTnktWM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
nubeahorro.es
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


www.nubeahorro.es
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
www.nubeahorro.es
  dns17.ovh.net

nubeahorro.es
  dns17.ovh.net
213.251.188.137
Roubaix/Nord-Pas-de-Calais/FR


 
2001:41d0:1:4a89::1
Issy/Ile-de-France/FR


  ns17.ovh.net
213.251.128.137
Roubaix/Nord-Pas-de-Calais/FR


 
2001:41d0:1:1989::1
Issy/Ile-de-France/FR

es
  a.nic.es


  f.nic.es


  g.nic.es / 2.ber.pch


  ns1.cesca.es


  ns-es.nic.fr / dns.fra.nic.fr


  ns-ext.nic.cl / ns-ext.nic.cl 1


  sns-pb.isc.org / pb-ams-ns2.sns.isc.org


4. SOA-Entries


Domain:es
Primary:ns1.nic.es
Mail:hostmaster.nic.es
Serial:2019061402
Refresh:7200
Retry:7200
Expire:2592000
TTL:86400
num Entries:7


Domain:nubeahorro.es
Primary:dns17.ovh.net
Mail:tech.ovh.net
Serial:2019061300
Refresh:86400
Retry:3600
Expire:3600000
TTL:300
num Entries:4


Domain:www.nubeahorro.es
Primary:dns17.ovh.net
Mail:tech.ovh.net
Serial:2019061300
Refresh:86400
Retry:3600
Expire:3600000
TTL:300
num Entries:1


5. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://www.nubeahorro.es/
213.186.33.5
301
https://nubeahorro.es
0.063
E
Set-Cookie: rd=R3047008492; Path=/; Domain=www.nubeahorro.es; Expires=2019-06-16 22:09:28
Server: nginx
Date: Fri, 14 Jun 2019 07:57:40 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://nubeahorro.es

• http://nubeahorro.es/
85.55.204.163
-14

10.017
T
Timeout - The operation has timed out

• https://www.nubeahorro.es/
213.186.33.5
301
https://nubeahorro.es
0.437
N
Certificate error: RemoteCertificateNameMismatch
Set-Cookie: rd=R3047007403; Path=/; Domain=www.nubeahorro.es; Expires=2019-06-16 22:05:08
Server: nginx
Date: Fri, 14 Jun 2019 07:57:50 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://nubeahorro.es

• https://nubeahorro.es/
85.55.204.163
-14

10.030
T
Timeout - The operation has timed out

• https://nubeahorro.es

-14

10.034
T
Timeout - The operation has timed out

• http://www.nubeahorro.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
213.186.33.5
301
https://nubeahorro.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.047
E
Visible Content: 301 Moved Permanently nginx
Set-Cookie: rd=R3047006314; Path=/; Domain=www.nubeahorro.es; Expires=2019-06-16 22:11:50
Server: nginx
Date: Fri, 14 Jun 2019 07:58:01 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: https://nubeahorro.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• http://nubeahorro.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
85.55.204.163
-14

10.030
T
Timeout - The operation has timed out
Visible Content:

• https://nubeahorro.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

-14

10.013
T
Timeout - The operation has timed out
Visible Content:

6. Comments

Aname "nubeahorro.es" is domain, public suffix is "es", top-level-domain-type is "country-code", Country is Spain, tld-manager is "Red.es"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
Bhttps://www.nubeahorro.es/ 213.186.33.5
301

Missing HSTS-Header
Bhttps://www.nubeahorro.es/ 213.186.33.5
301
rd=R3047007403; Path=/; Domain=www.nubeahorro.es; Expires=2019-06-16 22:05:08
Cookie sent via https, but not marked as secure
CError - no version with Http-Status 200
Ehttp://www.nubeahorro.es/ 213.186.33.5
301
https://nubeahorro.es
wrong redirect one domain http to other domain https - first redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security).
Hfatal error: No https - result with http-status 200, no encryption
Nhttps://www.nubeahorro.es/ 213.186.33.5
301
https://nubeahorro.es
Error - Certificate isn't trusted, RemoteCertificateNameMismatch
OOld connection: Tls.1.0 is deprecated, Tls.1.2 should be supported
OOld connection: RSA Key Exchange is unsecure. Use Diffie-Hellman or Elliptic Curve Diffi-Hellmann Key Exchange to support Forward Secrecy
OOld connection: SHA1 as Hash Algorithm is deprecated. Switch to SHA256 or SHA384. If your certificate has SHA256, first check your domain via ssllabs.com and update weak Cipher Suites. Forward Secrecy support is required. If that doesn't help, check if there is an old Firewall / router or something else, that supports only SHA1. Update that component.
AGood: Nameserver supports TCP connections: 4 good Nameserver
AGood: Nameserver supports Echo Capitalization: 4 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
Nameserver doesn't pass all EDNS-Checks: ns-es.nic.fr: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (dns.fra.nic.fr). COOKIE: SOA expected, but NOT found, NOERR expected, BADVER found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: sns-pb.isc.org: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (pb-ams-ns2.sns.isc.org). COOKIE: fatal timeout. CLIENTSUBNET: ok.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
ADuration: 88080 milliseconds, 88.080 seconds


7. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
www.nubeahorro.es
213.186.33.5
443
name does not match
Tls
RsaKeyX
2048
Aes256
256
Sha1
error checking OCSP stapling
weak
www.nubeahorro.es
213.186.33.5
443
name does not match
Tls
RsaKeyX
2048
Aes256
256
Sha1
error checking OCSP stapling
weak
Chain (complete)
1CN=mailconfig.ovh.net, OU=PositiveSSL

2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester

3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


8. Certificates

1.
1.
CN=mailconfig.ovh.net, OU=PositiveSSL, OU=Domain Control Validated
18.01.2019
18.01.2021
expires in 581 days
mailconfig.ovh.net, www.mailconfig.ovh.net - 2 entries
1.
1.
CN=mailconfig.ovh.net, OU=PositiveSSL, OU=Domain Control Validated
18.01.2019

18.01.2021
expires in 581 days
mailconfig.ovh.net, www.mailconfig.ovh.net - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:3C243AC126E2568F6735DAAE0B0DFDD2
Thumbprint:94E3ADAD7741CE44BBABA0D440A39ADAEF359066
SHA256 / Certificate:2odpV6+JQ/s5iq1Ly9Ug6rXeIH1bGUyeN8o/zGy1OPU=
SHA256 hex / Cert (DANE * 0 1):da876957af8943fb398aad4bcbd520eab5de207d5b194c9e37ca3fcc6cb538f5
SHA256 hex / PublicKey (DANE * 1 1):362a2178558af19620ceda0c84e72c537d7afc6b4b53dc94e09af50b1b3030f6
OCSP - Url:http://ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes


2.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018
01.01.2031
expires in 4216 days


2.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018

01.01.2031
expires in 4216 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:7D5B5126B476BA11DB74160BBC530DA7
Thumbprint:33E4E80807204C2B6182A3A14B591ACD25B5F0DB
SHA256 / Certificate:f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=
SHA256 hex / Cert (DANE * 0 1):7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676
SHA256 hex / PublicKey (DANE * 1 1):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
30.05.2000
30.05.2020
expires in 348 days


3.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
30.05.2000

30.05.2020
expires in 348 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:13EA28705BF4ECED0C36630980614336
Thumbprint:EAB040689A0D805B5D6FD654FC168CFF00B78BE3
SHA256 / Certificate:GlF0mAopSlKKEQcm1YVWUCZsSNmIO+ppK2e21ybamMU=
SHA256 hex / Cert (DANE * 0 1):1a5174980a294a528a110726d5855650266c48d9883bea692b67b6d726da98c5
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no


4.
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
30.05.2000
30.05.2020
expires in 348 days


4.
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
30.05.2000

30.05.2020
expires in 348 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:01
Thumbprint:02FAF3E291435468607857694DF5E45B68851868
SHA256 / Certificate:aH+kUTgieP/wyLEfjUPVdmccbrK86rQT+4PZZdBtL/I=
SHA256 hex / Cert (DANE * 0 1):687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2
SHA256 hex / PublicKey (DANE * 1 1):942a6916a6e4ae527711c5450247a2a74fb8e156a8254ca66e739a11493bb445
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



9. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow.

No CRT - CT-Log entries found


10. Html-Content - Entries (BETA - mixed content and other checks)

No Html-Content entries found. Only checked if https + status 200/401/403/404


11. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.nubeahorro.es
0

no CAA entry found
1
0
nubeahorro.es
0

no CAA entry found
1
0
es
0

no CAA entry found
1
0


12. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
nubeahorro.es
v=spf1 include:mx.ovh.com ~all
ok
1
0
nubeahorro.es
1|www.nubeahorro.es
ok
1
0
www.nubeahorro.es
4|https://nubeahorro.es
ok
1
0
_acme-challenge.nubeahorro.es

Name Error - The domain name does not exist
1
0
_acme-challenge.www.nubeahorro.es

Name Error - The domain name does not exist
1
0
_acme-challenge.nubeahorro.es.nubeahorro.es

Name Error - The domain name does not exist
1
0
_acme-challenge.www.nubeahorro.es.nubeahorro.es

Name Error - The domain name does not exist
1
0
_acme-challenge.www.nubeahorro.es.www.nubeahorro.es

Name Error - The domain name does not exist
1
0



Permalink: https://check-your-website.server-daten.de/?i=0ea37622-efa6-4ae4-b240-cee07a64cb01


Last Result: https://check-your-website.server-daten.de/?q=nubeahorro.es - 2019-06-14 09:56:54