Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

A

 

Top config

 

Checked:
28.08.2019 19:34:33

 

Older results

 

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
onderzoek2.cbs.nl
CNAME
adc3.cbs.nl
yes
1
0

A
87.213.43.243
Utrecht/Provincie Utrecht/Netherlands (NL) - Tele 2 Nederland B.V.
No Hostname found
yes



AAAA
2001:67c:14b0:1816::243
Liten/Central Bohemia/Czechia (CZ) - Tele 2 Nederland B.V.

yes


www.onderzoek2.cbs.nl

Name Error
yes
1
0

 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






Status: Valid because published






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 59944, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.09.2019, 00:00:00 +, Signature-Inception: 20.08.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: nl

nl
1 DS RR in the parent zone found






2 RRSIG RR to validate DS RR found






RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 10.09.2019, 05:00:00 +, Signature-Inception: 28.08.2019, 04:00:00 +, KeyTag 59944, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 17593, Flags 256






Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2019, 22:04:06 +, Signature-Inception: 25.08.2019, 22:07:02 +, KeyTag 34112, Signer-Name: nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: cbs.nl

cbs.nl
1 DS RR in the parent zone found






2 RRSIG RR to validate DS RR found






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 01:28:11 +, Signature-Inception: 21.08.2019, 06:08:02 +, KeyTag 17593, Signer-Name: nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17593 used to validate the DS RRSet in the parent zone






4 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 26180, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 30174, Flags 256






Public Key with Algorithm 8, KeyTag 51505, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 59260, Flags 256






2 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 26180, Signer-Name: cbs.nl






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 30174, Signer-Name: cbs.nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26180 used to validate the DNSKEY RRSet






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30174 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26180, DigestType 2 and Digest "RRbzgwj8qMJpDNjJmoAJhX55+Mw3Wx8RuGh05CMiH1I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: onderzoek2.cbs.nl

onderzoek2.cbs.nl
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "u0jhj7ahljc2i54obstdr2udqfa3ecgg" between the hashed NSEC3-owner "u0jhj7ahljc2i54obstdr2udqfa3ecgg" and the hashed NextOwner "u1bkje64vd3seo8n2phqqc0b8k51u6fc". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner u0jhj7ahljc2i54obstdr2udqfa3ecgg.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl



Zone: www.onderzoek2.cbs.nl

www.onderzoek2.cbs.nl
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "kb45kcnpggvk9f8u6j7h1gbpl3stcdu3" between the hashed NSEC3-owner "kaiulg7q854hd0s19d0faagpbjf9bb6b" and the hashed NextOwner "kculp24ebvs92c55a1jl3rsitr1mi70f". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner kaiulg7q854hd0s19d0faagpbjf9bb6b.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl



Zone: (root)

(root)
1 DS RR published






Status: Valid because published






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 59944, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.09.2019, 00:00:00 +, Signature-Inception: 20.08.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: nl

nl
1 DS RR in the parent zone found






2 RRSIG RR to validate DS RR found






RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 10.09.2019, 05:00:00 +, Signature-Inception: 28.08.2019, 04:00:00 +, KeyTag 59944, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 17593, Flags 256






Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2019, 22:04:06 +, Signature-Inception: 25.08.2019, 22:07:02 +, KeyTag 34112, Signer-Name: nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: cbs.nl

cbs.nl
1 DS RR in the parent zone found






2 RRSIG RR to validate DS RR found






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 01:28:11 +, Signature-Inception: 21.08.2019, 06:08:02 +, KeyTag 17593, Signer-Name: nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17593 used to validate the DS RRSet in the parent zone






4 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 26180, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 30174, Flags 256






Public Key with Algorithm 8, KeyTag 51505, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 59260, Flags 256






2 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 26180, Signer-Name: cbs.nl






RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 30174, Signer-Name: cbs.nl






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26180 used to validate the DNSKEY RRSet






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30174 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26180, DigestType 2 and Digest "RRbzgwj8qMJpDNjJmoAJhX55+Mw3Wx8RuGh05CMiH1I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: adc3.cbs.nl

adc3.cbs.nl
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "b2qhe2b01tlh4utoib52o69q6le1n2ut" between the hashed NSEC3-owner "b2qhe2b01tlh4utoib52o69q6le1n2ut" and the hashed NextOwner "b3hjmnu48nq1g9id21a910ven6njacoh". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner b2qhe2b01tlh4utoib52o69q6le1n2ut.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






0 DNSKEY RR found












RRSIG Type 1 validates the A - Result: 87.213.43.243
Validated: RRSIG-Owner adc3.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 16 validates the TXT - Result: v=spf1 mx -all
Validated: RRSIG-Owner adc3.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 28 validates the AAAA - Result: 2001:067C:14B0:1816:0000:0000:0000:0243
Validated: RRSIG-Owner adc3.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 52 validates the TLSA - Result (_443._tcp.adc3.cbs.nl): _443._tcp.adc3.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 663b5b17a381f9ac1226019d0e5fa35d7c8f905b1a2467493a444ff2eef1a6e4
Validated: RRSIG-Owner _443._tcp.adc3.cbs.nl., Algorithm: 8, 5 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl






RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, TXT, AAAA, RRSIG






RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, TXT, AAAA, RRSIG

 

3. Name Servers

DomainNameserverNS-IP
www.onderzoek2.cbs.nl
  dnsa4.cbs.nl

cbs.nl
  cbs01.dns.internl.net / cbs01.dns.internl.net


  dnsa3.cbs.nl


  dnsa4.cbs.nl

nl
  ns1.dns.nl / LHR2


  ns2.dns.nl / s2.amx


  ns3.dns.nl / tld-nl-fra2


  sns-pb.isc.org / pb-ams-ns2.sns.isc.org


adc3.cbs.nl
  dnsa4.cbs.nl
87.213.43.203
Utrecht/Provincie Utrecht/Netherlands (NL) - Tele 2 Nederland B.V.


 
2001:67c:14b0:1805::16
Liten/Central Bohemia/Czechia (CZ) - Tele 2 Nederland B.V.

cbs.nl
  cbs01.dns.internl.net / cbs01.dns.internl.net


  dnsa3.cbs.nl


  dnsa4.cbs.nl

nl
  ns1.dns.nl / LHR2


  ns2.dns.nl / s2.amx


  ns3.dns.nl / tld-nl-fra2


  sns-pb.isc.org / pb-ams-ns2.sns.isc.org

 

4. SOA-Entries


Domain:nl
Zone-Name:
Primary:ns1.dns.nl
Mail:hostmaster.domain-registry.nl
Serial:2019082838
Refresh:3600
Retry:600
Expire:2419200
TTL:600
num Entries:4


Domain:cbs.nl
Zone-Name:
Primary:dnsa4.cbs.nl
Mail:postmaster.cbs.nl
Serial:2017034867
Refresh:14400
Retry:3600
Expire:1209600
TTL:7200
num Entries:3


Domain:www.onderzoek2.cbs.nl
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1



Domain:nl
Zone-Name:
Primary:ns1.dns.nl
Mail:hostmaster.domain-registry.nl
Serial:2019082838
Refresh:3600
Retry:600
Expire:2419200
TTL:600
num Entries:4


Domain:cbs.nl
Zone-Name:
Primary:dnsa4.cbs.nl
Mail:postmaster.cbs.nl
Serial:2017034867
Refresh:14400
Retry:3600
Expire:1209600
TTL:7200
num Entries:3


Domain:adc3.cbs.nl
Zone-Name:
Primary:dnsa4.cbs.nl
Mail:postmaster.cbs.nl
Serial:2017034867
Refresh:14400
Retry:3600
Expire:1209600
TTL:7200
num Entries:2


5. Screenshots

No Screenshot listed, because no screenshot found. Perhaps the check is too old, the feature startet 2019-12-23.

 

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://onderzoek2.cbs.nl/
87.213.43.243
301
https://onderzoek2.cbs.nl/

0.047
A
Location: https://onderzoek2.cbs.nl/
Connection: close
Cache-Control: no-cache
Pragma: no-cache

• http://onderzoek2.cbs.nl/
2001:67c:14b0:1816::243
301
https://onderzoek2.cbs.nl/

0.063
A
Location: https://onderzoek2.cbs.nl/
Connection: close
Cache-Control: no-cache
Pragma: no-cache

• https://onderzoek2.cbs.nl/
87.213.43.243
200


2.233
A
Content-Type: text/html
Last-Modified: Tue, 03 Oct 2017 07:02:14 GMT
Accept-Ranges: bytes
ETag: "7513c68a153cd31:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 28 Aug 2019 17:35:13 GMT
Content-Length: 532
Strict-Transport-Security: max-age=31536000; includeSubDomains

• https://onderzoek2.cbs.nl/
2001:67c:14b0:1816::243
200


2.344
A
Content-Type: text/html
Last-Modified: Tue, 03 Oct 2017 07:02:14 GMT
Accept-Ranges: bytes
ETag: "7513c68a153cd31:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 28 Aug 2019 17:35:11 GMT
Content-Length: 532
Strict-Transport-Security: max-age=31536000; includeSubDomains

• http://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
87.213.43.243
301
https://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.063
A
Visible Content:
Location: https://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Cache-Control: no-cache
Pragma: no-cache

• http://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:67c:14b0:1816::243
301
https://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.063
A
Visible Content:
Location: https://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Cache-Control: no-cache
Pragma: no-cache

• https://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

404


2.234
A
Not Found
Visible Content:
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 28 Aug 2019 17:35:16 GMT
Content-Length: 1245
Strict-Transport-Security: max-age=31536000; includeSubDomains

 

7. Comments


1. General Results, most used to calculate the result

Aname "onderzoek2.cbs.nl" is subdomain, public suffix is "nl", top-level-domain-type is "country-code", Country is Netherlands (the), tld-manager is "SIDN (Stichting Internet Domeinregistratie Nederland)"
AGood: All ip addresses are public addresses
AGood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: non-www is preferred
AGood: every https has a Strict Transport Security Header
AGood: HSTS max-age is long enough, 31536000 seconds = 365 days
AGood: HSTS has includeSubdomains - directive
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (3 urls)
https://onderzoek2.cbs.nl/ 87.213.43.243


Url with incomplete Content-Type - header - missing charset
https://onderzoek2.cbs.nl/ 2001:67c:14b0:1816::243


Url with incomplete Content-Type - header - missing charset
https://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Url with incomplete Content-Type - header - missing charset
Ahttp://onderzoek2.cbs.nl/ 87.213.43.243
301
https://onderzoek2.cbs.nl/
Correct redirect http - https with the same domain name
Ahttp://onderzoek2.cbs.nl/ 2001:67c:14b0:1816::243
301
https://onderzoek2.cbs.nl/
Correct redirect http - https with the same domain name

2. Header-Checks


3. DNS- and NameServer - Checks

AGood: Nameserver supports TCP connections: 6 good Nameserver
AGood: Nameserver supports Echo Capitalization: 6 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 6 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 6 good Nameserver
Nameserver doesn't pass all EDNS-Checks: dnsa4.cbs.nl: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: sns-pb.isc.org: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (pb-ams-ns2.sns.isc.org). COOKIE: fatal timeout. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: sns-pb.isc.org: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (pb-ams-ns2.sns.isc.org). COOKIE: fatal timeout. CLIENTSUBNET: ok.
AGood: All SOA have the same Serial Number
AGood: CAA entries found, creating certificate is limited: letsencrypt.org is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: pkioverheid.nl is allowed to create certificates
AGood: CAA entries found, creating certificate is limited: quovadisglobal.com is allowed to create certificates

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://onderzoek2.cbs.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
2.234 seconds
Warning: 404 needs more then one second
ADuration: 63673 milliseconds, 63.673 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
onderzoek2.cbs.nl
87.213.43.243
443
ok
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
onderzoek2.cbs.nl
87.213.43.243
443
ok
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain - too much certificates, don't send root certificates

1CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM


3CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM


onderzoek2.cbs.nl
2001:67c:14b0:1816::243
443
ok
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok

onderzoek2.cbs.nl
2001:67c:14b0:1816::243
443
ok
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain - too much certificates, don't send root certificates

1CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM


3CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM


onderzoek2.cbs.nl
onderzoek2.cbs.nl
443
ok
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok

onderzoek2.cbs.nl
onderzoek2.cbs.nl
443
ok
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
error checking OCSP stapling
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain - too much certificates, don't send root certificates

1CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, C=NL, ST=Zuid-Holland


2CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM


3CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM

 

9. Certificates

1.
1.
CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, S=Zuid-Holland, C=NL
06.09.2017
06.09.2020
1621 days expired
*.cbs.nl, cbs.nl - 2 entries
1.
1.
CN=*.cbs.nl, OU=BTB, O=Centraal Bureau voor de Statistiek, L='s-Gravenhage, S=Zuid-Holland, C=NL
06.09.2017

06.09.2020
1621 days expired


*.cbs.nl, cbs.nl - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:692B26EE8E01AC6713147E5AFA45F19AE6CA49A5
Thumbprint:5B2A4EB7FB96C6F9805D898EE3E727635577A067
SHA256 / Certificate:j1lrPQOkIvMS1I4i8eHEc/8pLULi4jr3O/2A5bzlpIQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):663b5b17a381f9ac1226019d0e5fa35d7c8f905b1a2467493a444ff2eef1a6e4
SHA256 hex / Subject Public Key Information (SPKI):663b5b17a381f9ac1226019d0e5fa35d7c8f905b1a2467493a444ff2eef1a6e4
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1)




2.
CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM
01.06.2013
01.06.2023
623 days expired


2.
CN=QuoVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM
01.06.2013

01.06.2023
623 days expired




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:48982DE2A92CB339E1C8F933358275D3E4F88255
Thumbprint:6036330E1643A0CEE19C8AF780E0F3E8F59CA1A3
SHA256 / Certificate:pIeewPNs+EtvLth65X7juUoHhcaGIjjNRUgQhNFS6xg=
SHA256 hex / Cert (DANE * 0 1):a4879ec0f36cf84b6f2ed87ae57ee3b94a0785c6862238cd45481084d152eb18
SHA256 hex / PublicKey (DANE * 1 1):b5891f14ddbb3f51948c7e4c135dbc042837d3674bda2c0e621cf9c301496f9d
SHA256 hex / Subject Public Key Information (SPKI):b5891f14ddbb3f51948c7e4c135dbc042837d3674bda2c0e621cf9c301496f9d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




3.
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
24.11.2006
24.11.2031
expires in 2475 days


3.
CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
24.11.2006

24.11.2031
expires in 2475 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:0509
Thumbprint:CA3AFBCF1240364B44B216208880483919937CF7
SHA256 / Certificate:haDdfdcgrbf/Bfg9VCsgncf/RSj31nexg4n+peXEnoY=
SHA256 hex / Cert (DANE * 0 1):85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86
SHA256 hex / PublicKey (DANE * 1 1):8fd112c3c8370f147d5ccd3a7d865eb8dd540783bac69fc60088e3743ff33378
SHA256 hex / Subject Public Key Information (SPKI):8fd112c3c8370f147d5ccd3a7d865eb8dd540783bac69fc60088e3743ff33378
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found

 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Small Code Update - wait one minute

 

11. Html-Content - Entries

Summary

No data found or small Code-update

 

Details (currently limited to 500 rows - some problems with spam users)

Small Code Update - wait one minute

 

12. Html-Parsing via https://validator.w3.org/nu/

Small Code update, wait one minute

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

 

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
onderzoek2.cbs.nl



1
0
adc3.cbs.nl
0

no CAA entry found
1
0
cbs.nl
5
issue
letsencrypt.org
1
0

5
issue
letsencrypt.org
1
0

5
iodef
mailto:rpgr@cbs.nl
1
0

5
iodef
mailto:rpgr@cbs.nl
1
0

5
issue
pkioverheid.nl
1
0

5
issue
pkioverheid.nl
1
0

5
issue
quovadisglobal.com
1
0

5
issue
quovadisglobal.com
1
0
nl
0

no CAA entry found
1
0

0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
cbs.nl
804bc80c-cca6-4d27-b5ae-e4ffb0f082a2-04072018
ok
1
0
cbs.nl
804bc80c-cca6-4d27-b5ae-e4ffb0f082a2-04072018
ok
1
0
cbs.nl
MS=FD936BDBA3E8034A3C49BD3B5D6D4AC48E42B64E
ok
1
0
cbs.nl
MS=FD936BDBA3E8034A3C49BD3B5D6D4AC48E42B64E
ok
1
0
cbs.nl
MS=ms84063695
ok
1
0
cbs.nl
MS=ms84063695
ok
1
0
cbs.nl
v=spf1 mx include:_spf_mx.solvinity.com include:_spf.salesforce.com include:spf.afas.online -all
ok
1
0
cbs.nl
v=spf1 mx include:_spf_mx.solvinity.com include:_spf.salesforce.com include:spf.afas.online -all
ok
1
0
adc3.cbs.nl
v=spf1 mx -all
ok
1
0
onderzoek2.cbs.nl
v=spf1 mx -all
ok
1
0
_acme-challenge.adc3.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.onderzoek2.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.adc3.cbs.nl.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.adc3.cbs.nl.adc3.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.onderzoek2.cbs.nl.cbs.nl

Name Error - The domain name does not exist
1
0
_acme-challenge.onderzoek2.cbs.nl.onderzoek2.cbs.nl

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

No DomainServiceEntries entries found

 

 

17. Cipher Suites

No Ciphers found

 

18. Portchecks

DomainIPPortDescriptionResultAnswer
onderzoek2.cbs.nl
87.213.43.243
21
FTP



onderzoek2.cbs.nl
87.213.43.243
21
FTP



onderzoek2.cbs.nl
87.213.43.243
22
SSH



onderzoek2.cbs.nl
87.213.43.243
22
SSH



onderzoek2.cbs.nl
87.213.43.243
25
SMTP



onderzoek2.cbs.nl
87.213.43.243
25
SMTP



onderzoek2.cbs.nl
87.213.43.243
53
DNS



onderzoek2.cbs.nl
87.213.43.243
53
DNS



onderzoek2.cbs.nl
87.213.43.243
110
POP3



onderzoek2.cbs.nl
87.213.43.243
110
POP3



onderzoek2.cbs.nl
87.213.43.243
143
IMAP



onderzoek2.cbs.nl
87.213.43.243
143
IMAP



onderzoek2.cbs.nl
87.213.43.243
465
SMTP (encrypted)



onderzoek2.cbs.nl
87.213.43.243
465
SMTP (encrypted)



onderzoek2.cbs.nl
87.213.43.243
587
SMTP (encrypted, submission)



onderzoek2.cbs.nl
87.213.43.243
587
SMTP (encrypted, submission)



onderzoek2.cbs.nl
87.213.43.243
993
IMAP (encrypted)



onderzoek2.cbs.nl
87.213.43.243
993
IMAP (encrypted)



onderzoek2.cbs.nl
87.213.43.243
995
POP3 (encrypted)



onderzoek2.cbs.nl
87.213.43.243
995
POP3 (encrypted)



onderzoek2.cbs.nl
87.213.43.243
1433
MS SQL



onderzoek2.cbs.nl
87.213.43.243
1433
MS SQL



onderzoek2.cbs.nl
87.213.43.243
2082
cPanel (http)



onderzoek2.cbs.nl
87.213.43.243
2082
cPanel (http)



onderzoek2.cbs.nl
87.213.43.243
2083
cPanel (https)



onderzoek2.cbs.nl
87.213.43.243
2083
cPanel (https)



onderzoek2.cbs.nl
87.213.43.243
2086
WHM (http)



onderzoek2.cbs.nl
87.213.43.243
2086
WHM (http)



onderzoek2.cbs.nl
87.213.43.243
2087
WHM (https)



onderzoek2.cbs.nl
87.213.43.243
2087
WHM (https)



onderzoek2.cbs.nl
87.213.43.243
2089
cPanel Licensing



onderzoek2.cbs.nl
87.213.43.243
2089
cPanel Licensing



onderzoek2.cbs.nl
87.213.43.243
2095
cPanel Webmail (http)



onderzoek2.cbs.nl
87.213.43.243
2095
cPanel Webmail (http)



onderzoek2.cbs.nl
87.213.43.243
2096
cPanel Webmail (https)



onderzoek2.cbs.nl
87.213.43.243
2096
cPanel Webmail (https)



onderzoek2.cbs.nl
87.213.43.243
2222
DirectAdmin (http)



onderzoek2.cbs.nl
87.213.43.243
2222
DirectAdmin (http)



onderzoek2.cbs.nl
87.213.43.243
2222
DirectAdmin (https)



onderzoek2.cbs.nl
87.213.43.243
2222
DirectAdmin (https)



onderzoek2.cbs.nl
87.213.43.243
3306
mySql



onderzoek2.cbs.nl
87.213.43.243
3306
mySql



onderzoek2.cbs.nl
87.213.43.243
5224
Plesk Licensing



onderzoek2.cbs.nl
87.213.43.243
5224
Plesk Licensing



onderzoek2.cbs.nl
87.213.43.243
5432
PostgreSQL



onderzoek2.cbs.nl
87.213.43.243
5432
PostgreSQL



onderzoek2.cbs.nl
87.213.43.243
8080
Ookla Speedtest (http)



onderzoek2.cbs.nl
87.213.43.243
8080
Ookla Speedtest (http)



onderzoek2.cbs.nl
87.213.43.243
8080
Ookla Speedtest (https)



onderzoek2.cbs.nl
87.213.43.243
8080
Ookla Speedtest (https)



onderzoek2.cbs.nl
87.213.43.243
8083
VestaCP http



onderzoek2.cbs.nl
87.213.43.243
8083
VestaCP http



onderzoek2.cbs.nl
87.213.43.243
8083
VestaCP https



onderzoek2.cbs.nl
87.213.43.243
8083
VestaCP https



onderzoek2.cbs.nl
87.213.43.243
8443
Plesk Administration (https)



onderzoek2.cbs.nl
87.213.43.243
8443
Plesk Administration (https)



onderzoek2.cbs.nl
87.213.43.243
8447
Plesk Installer + Updates



onderzoek2.cbs.nl
87.213.43.243
8447
Plesk Installer + Updates



onderzoek2.cbs.nl
87.213.43.243
8880
Plesk Administration (http)



onderzoek2.cbs.nl
87.213.43.243
8880
Plesk Administration (http)



onderzoek2.cbs.nl
87.213.43.243
10000
Webmin (http)



onderzoek2.cbs.nl
87.213.43.243
10000
Webmin (http)



onderzoek2.cbs.nl
87.213.43.243
10000
Webmin (https)



onderzoek2.cbs.nl
87.213.43.243
10000
Webmin (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
21
FTP



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
21
FTP



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
22
SSH



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
22
SSH



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
25
SMTP



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
25
SMTP



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
53
DNS



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
53
DNS



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
110
POP3



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
110
POP3



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
143
IMAP



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
143
IMAP



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
465
SMTP (encrypted)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
465
SMTP (encrypted)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
587
SMTP (encrypted, submission)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
587
SMTP (encrypted, submission)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
993
IMAP (encrypted)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
993
IMAP (encrypted)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
995
POP3 (encrypted)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
995
POP3 (encrypted)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
1433
MS SQL



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
1433
MS SQL



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2082
cPanel (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2082
cPanel (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2083
cPanel (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2083
cPanel (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2086
WHM (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2086
WHM (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2087
WHM (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2087
WHM (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2089
cPanel Licensing



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2089
cPanel Licensing



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2095
cPanel Webmail (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2095
cPanel Webmail (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2096
cPanel Webmail (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2096
cPanel Webmail (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2222
DirectAdmin (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2222
DirectAdmin (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2222
DirectAdmin (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
2222
DirectAdmin (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
3306
mySql



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
3306
mySql



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
5224
Plesk Licensing



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
5224
Plesk Licensing



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
5432
PostgreSQL



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
5432
PostgreSQL



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8080
Ookla Speedtest (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8080
Ookla Speedtest (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8080
Ookla Speedtest (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8080
Ookla Speedtest (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8083
VestaCP http



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8083
VestaCP http



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8083
VestaCP https



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8083
VestaCP https



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8443
Plesk Administration (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8443
Plesk Administration (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8447
Plesk Installer + Updates



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8447
Plesk Installer + Updates



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8880
Plesk Administration (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
8880
Plesk Administration (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
10000
Webmin (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
10000
Webmin (http)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
10000
Webmin (https)



onderzoek2.cbs.nl
2001:67c:14b0:1816::243
10000
Webmin (https)



 

 

Permalink: https://check-your-website.server-daten.de/?i=2bafd9b5-7132-46a0-baf6-75525219b7af

 

Last Result: https://check-your-website.server-daten.de/?q=onderzoek2.cbs.nl - 2019-08-28 19:34:33

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=onderzoek2.cbs.nl" target="_blank">Check this Site: onderzoek2.cbs.nl</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=onderzoek2.cbs.nl