Check DNS, Urls + Redirects, Certificates and Content of your Website



N

No trusted Certificate

Checked:
13.01.2021 19:45:09


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
qa-store.dev.test.meetcircle-blue.co
A
52.42.93.63
Portland/Oregon/United States (US) - Amazon.com, Inc.
Hostname: ec2-52-42-93-63.us-west-2.compute.amazonaws.com
yes
1
0

A
54.69.147.50
Portland/Oregon/United States (US) - Amazon.com, Inc.
Hostname: ec2-54-69-147-50.us-west-2.compute.amazonaws.com
yes
1
0

AAAA

yes


www.qa-store.dev.test.meetcircle-blue.co

Name Error
yes
1
0
*.dev.test.meetcircle-blue.co
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


*.qa-store.dev.test.meetcircle-blue.co
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 42351, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.02.2021, 00:00:00 +, Signature-Inception: 11.01.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: co
co
2 DS RR in the parent zone found



DS with Algorithm 8, KeyTag 43834, DigestType 1 and Digest SVfKk+DWAprIv98DmtIumK1yGts=



DS with Algorithm 8, KeyTag 43834, DigestType 2 and Digest poYC7DDE5fXTOmJNNVSaf2osk5OdSyELqPpITzsOCE4=



1 RRSIG RR to validate DS RR found



RRSIG-Owner co., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 26.01.2021, 17:00:00 +, Signature-Inception: 13.01.2021, 16:00:00 +, KeyTag 42351, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 42351 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 43834, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 64278, Flags 256



2 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner co., Algorithm: 8, 1 Labels, original TTL: 518400 sec, Signature-expiration: 10.02.2021, 07:26:23 +, Signature-Inception: 11.01.2021, 06:28:06 +, KeyTag 43834, Signer-Name: co



RRSIG-Owner co., Algorithm: 8, 1 Labels, original TTL: 518400 sec, Signature-expiration: 10.02.2021, 07:26:23 +, Signature-Inception: 11.01.2021, 06:28:06 +, KeyTag 64278, Signer-Name: co



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 43834 used to validate the DNSKEY RRSet



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 64278 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 43834, DigestType 1 and Digest "SVfKk+DWAprIv98DmtIumK1yGts=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 43834, DigestType 2 and Digest "poYC7DDE5fXTOmJNNVSaf2osk5OdSyELqPpITzsOCE4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: meetcircle-blue.co
meetcircle-blue.co
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "psst0cepfju3ma3tkd9onp4t2rpt44r7" between the hashed NSEC3-owner "psrl8jktee9aph83e67f0fstkvt0bu93" and the hashed NextOwner "pst32s2g676blb8nvhdqcqb43740epmm". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner psrl8jktee9aph83e67f0fstkvt0bu93.co., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 10.02.2021, 11:20:05 +, Signature-Inception: 11.01.2021, 10:44:14 +, KeyTag 64278, Signer-Name: co



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "131vnuv1malje6dnud9fsaqdrqcs5i91" as Owner. That's the Hash of "co" with the NextHashedOwnerName "13231jf049n78ic4unvnpgram5f58372". So that domain name is the Closest Encloser of "meetcircle-blue.co". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 131vnuv1malje6dnud9fsaqdrqcs5i91.co., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.02.2021, 06:55:40 +, Signature-Inception: 10.01.2021, 06:01:59 +, KeyTag 64278, Signer-Name: co



0 DNSKEY RR found




Zone: test.meetcircle-blue.co
test.meetcircle-blue.co
0 DS RR in the parent zone found



0 DNSKEY RR found




Zone: dev.test.meetcircle-blue.co
dev.test.meetcircle-blue.co
0 DS RR in the parent zone found



0 DNSKEY RR found




Zone: qa-store.dev.test.meetcircle-blue.co
qa-store.dev.test.meetcircle-blue.co
0 DS RR in the parent zone found



0 DNSKEY RR found




Zone: www.qa-store.dev.test.meetcircle-blue.co
www.qa-store.dev.test.meetcircle-blue.co
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
www.qa-store.dev.test.meetcircle-blue.co
  ns-1882.awsdns-43.co.uk

qa-store.dev.test.meetcircle-blue.co
  ns-1882.awsdns-43.co.uk / 0ffb776b3cec944287c7cbcf3ccf42f7 -
205.251.199.90
Seattle/Washington/United States (US) - Amazon.com


 
2600:9000:5307:5a00::1
Seattle/Washington/United States (US) - Amazon.com

dev.test.meetcircle-blue.co
  ns-1882.awsdns-43.co.uk / e3fc9b2808eabb1791c00963e5c52f3d -
205.251.199.90
Seattle/Washington/United States (US) - Amazon.com


 
2600:9000:5307:5a00::1
Seattle/Washington/United States (US) - Amazon.com

test.meetcircle-blue.co
  ns-1161.awsdns-17.org / 1b0dd431bbab75f1ba38c5bd87648827 -
205.251.196.137
London/England/United Kingdom (GB) - Amazon.com


 
2600:9000:5304:8900::1
Seattle/Washington/United States (US) - Amazon.com


  ns-1882.awsdns-43.co.uk / 0ffb776b3cec944287c7cbcf3ccf42f7 -
205.251.199.90
Seattle/Washington/United States (US) - Amazon.com


 
2600:9000:5307:5a00::1
Seattle/Washington/United States (US) - Amazon.com


  ns-293.awsdns-36.com / f00369383ea087fd1c9f86e4234ee62b -
205.251.193.37
Paris/Île-de-France/France (FR) - Amazon.com


 
2600:9000:5301:2500::1
Seattle/Washington/United States (US) - Amazon.com


  ns-981.awsdns-58.net / c28f01bcad9cbd77679b025e8a166c0b -
205.251.195.213
Seattle/Washington/United States (US) - Amazon.com


 
2600:9000:5303:d500::1
Seattle/Washington/United States (US) - Amazon.com

meetcircle-blue.co
  ns-1075.awsdns-06.org / 9b373ed6a02010d8a39af476407142f3 -
205.251.196.51
London/England/United Kingdom (GB) - Amazon.com


 
2600:9000:5304:3300::1
Seattle/Washington/United States (US) - Amazon.com


  ns-1763.awsdns-28.co.uk / 2d37bee1a8c88e66d4b862b2e0698c32 -
205.251.198.227
Seattle/Washington/United States (US) - Amazon.com


 
2600:9000:5306:e300::1
Seattle/Washington/United States (US) - Amazon.com


  ns-57.awsdns-07.com / 0a079d7a9c401e496173872a7143c7fb -
205.251.192.57
Paris/Île-de-France/France (FR) - Amazon.com


 
2600:9000:5300:3900::1
Seattle/Washington/United States (US) - Amazon.com


  ns-678.awsdns-20.net / 1f3c38f1221f909b143f58a3d2591187 -
205.251.194.166
Seattle/Washington/United States (US) - Amazon.com


 
2600:9000:5302:a600::1
Seattle/Washington/United States (US) - Amazon.com

co
  ns1.cctld.co / dns4.frpar1


  ns2.cctld.co / dns2.defra1


  ns3.cctld.co / dns2.defra1


  ns4.cctld.co / TLD_Host2.New_York_Node1


  ns5.cctld.co / TLD_Host2.Frankfurt_Node1


  ns6.cctld.co / TLD_Host1.Paris_Node1


4. SOA-Entries


Domain:co
Zone-Name:co
Primary:ns1.cctld.co
Mail:hostmaster.neustar.biz
Serial:1610562958
Refresh:900
Retry:900
Expire:604800
TTL:86400
num Entries:6


Domain:meetcircle-blue.co
Zone-Name:meetcircle-blue.co
Primary:ns-1763.awsdns-28.co.uk
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:8


Domain:test.meetcircle-blue.co
Zone-Name:test.meetcircle-blue.co
Primary:ns-1882.awsdns-43.co.uk
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:8


Domain:dev.test.meetcircle-blue.co
Zone-Name:test.meetcircle-blue.co
Primary:ns-1882.awsdns-43.co.uk
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:2


Domain:qa-store.dev.test.meetcircle-blue.co
Zone-Name:test.meetcircle-blue.co
Primary:ns-1882.awsdns-43.co.uk
Mail:awsdns-hostmaster.amazon.com
Serial:1
Refresh:7200
Retry:900
Expire:1209600
TTL:86400
num Entries:2


Domain:www.qa-store.dev.test.meetcircle-blue.co
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


5. Screenshots

Startaddress: https://qa-store.dev.test.meetcircle-blue.co, address used: https://qa-store.dev.test.meetcircle-blue.co/, Screenshot created 2021-01-13 19:47:24 +00:0 url is insecure, certificate invalid

Mobil (412px x 732px)

452 milliseconds

Screenshot mobile - https://qa-store.dev.test.meetcircle-blue.co/
Mobil + Landscape (732px x 412px)

427 milliseconds

Screenshot mobile landscape - https://qa-store.dev.test.meetcircle-blue.co/
Screen (1280px x 1680px)

965 milliseconds

Screenshot Desktop - https://qa-store.dev.test.meetcircle-blue.co/

Mobile- and other Chrome-Checks

widthheight
visual Viewport412732
content Size412732

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

Chrome-Connection: secure. secure connection settings. The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_256_GCM.

Chrome-Resources : secure. all served securely. All resources on this page are served securely.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://qa-store.dev.test.meetcircle-blue.co/
52.42.93.63
308
https://qa-store.dev.test.meetcircle-blue.co/
Html is minified: 108.92 %
0.380
A
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:27 GMT
Content-Type: text/html
Content-Length: 171
Connection: close
Location: https://qa-store.dev.test.meetcircle-blue.co/

• http://qa-store.dev.test.meetcircle-blue.co/
54.69.147.50
308
https://qa-store.dev.test.meetcircle-blue.co/
Html is minified: 108.92 %
0.353
A
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:28 GMT
Content-Type: text/html
Content-Length: 171
Connection: close
Location: https://qa-store.dev.test.meetcircle-blue.co/

• https://qa-store.dev.test.meetcircle-blue.co/
52.42.93.63
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
4.443
N
Not Found
Certificate error: RemoteCertificateChainErrors
small visible content (num chars: 18)
404 page not found
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: close
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800; includeSubDomains

• https://qa-store.dev.test.meetcircle-blue.co/
54.69.147.50
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
4.303
N
Not Found
Certificate error: RemoteCertificateChainErrors
small visible content (num chars: 18)
404 page not found
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: close
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800; includeSubDomains

• http://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
52.42.93.63
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
308
https://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 108.92 %
0.353
A
Visible Content: 308 Permanent Redirect nginx/1.19.1
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:39 GMT
Content-Type: text/html
Content-Length: 171
Connection: close
Location: https://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• http://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
54.69.147.50
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
308
https://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 108.92 %
0.354
A
Visible Content: 308 Permanent Redirect nginx/1.19.1
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:39 GMT
Content-Type: text/html
Content-Length: 171
Connection: close
Location: https://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• https://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
4.603
N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: 404 page not found
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:50 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 19
Connection: close
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800; includeSubDomains

• https://52.42.93.63/
52.42.93.63
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
4.613
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small visible content (num chars: 21)
default backend - 404
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:40 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close
Strict-Transport-Security: max-age=15724800; includeSubDomains

• https://54.69.147.50/
54.69.147.50
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
4.273
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small visible content (num chars: 21)
default backend - 404
Server: nginx/1.19.1
Date: Wed, 13 Jan 2021 18:46:45 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Connection: close
Strict-Transport-Security: max-age=15724800; includeSubDomains

7. Comments


1. General Results, most used to calculate the result

Aname "qa-store.dev.test.meetcircle-blue.co" is subdomain, public suffix is ".co", top-level-domain is ".co", top-level-domain-type is "country-code", Country is Colombia, tld-manager is ".CO Internet S.A.S.", num .co-domains preloaded: 1518 (complete: 142558)
Agood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: qa-store.dev.test.meetcircle-blue.co has 2 different ip addresses (authoritative).
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: qa-store.dev.test.meetcircle-blue.co has no ipv6 address.
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
AGood: No cookie sent via http.
Agood: every https has a Strict Transport Security Header
Agood: HSTS has includeSubdomains - directive
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Ahttp://qa-store.dev.test.meetcircle-blue.co/ 52.42.93.63
308
https://qa-store.dev.test.meetcircle-blue.co/
correct redirect http - https with the same domain name
Ahttp://qa-store.dev.test.meetcircle-blue.co/ 54.69.147.50
308
https://qa-store.dev.test.meetcircle-blue.co/
correct redirect http - https with the same domain name
Bwarning: HSTS max-age is too short - minimum 31536000 = 365 days required, 15724800 seconds = 182 days found
CError - no version with Http-Status 200
Hfatal error: No https - result with http-status 200, no encryption
Mhttps://qa-store.dev.test.meetcircle-blue.co/ 52.42.93.63
404

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://qa-store.dev.test.meetcircle-blue.co/ 54.69.147.50
404

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://52.42.93.63/ 52.42.93.63
404

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://54.69.147.50/ 54.69.147.50
404

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://qa-store.dev.test.meetcircle-blue.co/ 52.42.93.63
404

Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://qa-store.dev.test.meetcircle-blue.co/ 54.69.147.50
404

Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://52.42.93.63/ 52.42.93.63
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://54.69.147.50/ 54.69.147.50
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain qa-store.dev.test.meetcircle-blue.co, 2 ip addresses.
Warning: More then one ip address per domain name found, checking all ip addresses the same http status, but different certificates found: Domain qa-store.dev.test.meetcircle-blue.co, 2 ip addresses, 2 certificates.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain qa-store.dev.test.meetcircle-blue.co, 2 ip addresses.

2. DNS- and NameServer - Checks

AInfo:: 16 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
AInfo:: 16 Queries complete, 14 with IPv6, 2 with IPv4.
Warning: Only some DNS Queries done via ipv6. IPv6 is the future, so the name servers of your name servers should have ipv6 addresses.
Ok (4 - 8):: An average of 4.0 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 4 different Name Servers found: ns-1161.awsdns-17.org, ns-1882.awsdns-43.co.uk, ns-293.awsdns-36.com, ns-981.awsdns-58.net, 4 Name Servers included in Delegation: ns-1161.awsdns-17.org, ns-1882.awsdns-43.co.uk, ns-293.awsdns-36.com, ns-981.awsdns-58.net, 4 Name Servers included in 1 Zone definitions: ns-1161.awsdns-17.org, ns-1882.awsdns-43.co.uk, ns-293.awsdns-36.com, ns-981.awsdns-58.net, 1 Name Servers listed in SOA.Primary: ns-1882.awsdns-43.co.uk.
AGood: Only one SOA.Primary Name Server found.: ns-1882.awsdns-43.co.uk.
AGood: SOA.Primary Name Server included in the delegation set.: ns-1882.awsdns-43.co.uk.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: ns-1161.awsdns-17.org, ns-1882.awsdns-43.co.uk, ns-293.awsdns-36.com, ns-981.awsdns-58.net
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 4 different Name Servers found
AGood: All name servers have ipv4- and ipv6-addresses.: 4 different Name Servers found
AGood: Name servers with different Top Level Domains / Public Suffix List entries found: 4 Name Servers, 4 Top Level Domains: org, net, com, co.uk
AGood: Name Servers with different domain names found.: 4 different Domains found
AGood: Name servers with different Country locations found: 4 Name Servers, 3 Countries: FR, GB, US
AInfo: Ipv4-Subnet-list: 4 Name Servers, 1 different subnets (first Byte): 205., 1 different subnets (first two Bytes): 205.251., 4 different subnets (first three Bytes): 205.251.193., 205.251.195., 205.251.196., 205.251.199.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 4 Name Servers with IPv6, 1 different subnets (first block): 2600:, 1 different subnets (first two blocks): 2600:9000:, 4 different subnets (first three blocks): 2600:9000:5301:, 2600:9000:5303:, 2600:9000:5304:, 2600:9000:5307:, 4 different subnets (first four blocks): 2600:9000:5301:2500:, 2600:9000:5303:d500:, 2600:9000:5304:8900:, 2600:9000:5307:5a00:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 2 good Nameserver
Nameserver doesn't pass all EDNS-Checks: ns-1882.awsdns-43.co.uk: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

3. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://qa-store.dev.test.meetcircle-blue.co/ 52.42.93.63
404
4.443 seconds
Warning: 404 needs more then one second
https://qa-store.dev.test.meetcircle-blue.co/ 54.69.147.50
404
4.303 seconds
Warning: 404 needs more then one second
https://qa-store.dev.test.meetcircle-blue.co/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
4.603 seconds
Warning: 404 needs more then one second
https://52.42.93.63/ 52.42.93.63
404
4.613 seconds
Warning: 404 needs more then one second
https://54.69.147.50/ 54.69.147.50
404
4.273 seconds
Warning: 404 needs more then one second
ADuration: 141870 milliseconds, 141.870 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
qa-store.dev.test.meetcircle-blue.co
52.42.93.63
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
qa-store.dev.test.meetcircle-blue.co
52.42.93.63
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=qa-store.dev.test.meetcircle-blue.co, O=cert-manager


qa-store.dev.test.meetcircle-blue.co
54.69.147.50
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok

qa-store.dev.test.meetcircle-blue.co
54.69.147.50
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=qa-store.dev.test.meetcircle-blue.co, O=cert-manager


qa-store.dev.test.meetcircle-blue.co
qa-store.dev.test.meetcircle-blue.co
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok

qa-store.dev.test.meetcircle-blue.co
qa-store.dev.test.meetcircle-blue.co
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=qa-store.dev.test.meetcircle-blue.co, O=cert-manager


52.42.93.63
52.42.93.63
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok

52.42.93.63
52.42.93.63
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co


54.69.147.50
54.69.147.50
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok

54.69.147.50
54.69.147.50
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
error checking OCSP stapling
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co


9. Certificates

1.
1.
CN=qa-store.dev.test.meetcircle-blue.co, O=cert-manager
12.01.2021
13.04.2021
expires in 81 days
qa-store.dev.test.meetcircle-blue.co - 1 entry
1.
1.
CN=qa-store.dev.test.meetcircle-blue.co, O=cert-manager
12.01.2021

13.04.2021
expires in 81 days
qa-store.dev.test.meetcircle-blue.co - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:
Serial Number:1234567890
Thumbprint:0E814A766750E100DDAC0A724CC5339ABF7BFC44
SHA256 / Certificate:jecl2Q/xBx6BzEUx4LorFA5HZgwDyTthQ9q2eF/Ur7k=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):629b803c9ef798df7ca316dcf029d887de5d898e14ca7a4968c5863df2830885
SHA256 hex / Subject Public Key Information (SPKI):0ae8884d712075eb89cc848dcb4d68287e8c24edac236624bc333477d6f1b405
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:

RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

2.
1.
CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
10.12.2020
10.12.2021
expires in 322 days
ingress.local - 1 entry
2.
1.
CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
10.12.2020

10.12.2021
expires in 322 days
ingress.local - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00F23B1C7FA7E17AF8343735B4B27C7114
Thumbprint:4E6E5CBD07EEABB9A8D402D726853AF4B23BC521
SHA256 / Certificate:hC0+Jg0xlL1UW6twat0taDWEfgTlmiWWPb3YIfmH0kY=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):e5526a25138769c6a08a02a9af3b98dead0bb5a72992204f7509859b45b162a5
SHA256 hex / Subject Public Key Information (SPKI):6c36185f70bb2e22166455424f4fc18e62660677bc0f0fbccd3408445e4cace9
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

3.
1.
CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
13.12.2020
13.12.2021
expires in 325 days
ingress.local - 1 entry
3.
1.
CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co
13.12.2020

13.12.2021
expires in 325 days
ingress.local - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:7EFCEAA3735DFCDE236C5D8632C079C0
Thumbprint:72A4D1BF0F88515856B1DAB303E2639D7F64054D
SHA256 / Certificate:hv7Gk7HuxVdPxGIqrhpg/X181j06DrCYJ/JtJFvFkwc=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):fff8983f08ce9c12d751d6782da15459f9185266488240196cf72f84f7ee1d5f
SHA256 hex / Subject Public Key Information (SPKI):a146ee388457e44231b8a7e54205a3dc1fc97e4ff50a5dd6808e74818c6bf841
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0 /0 new
0
3

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
3483075211
precert
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2020-10-08 17:04:53
2021-01-06 18:04:53
qa-store.dev.test.meetcircle-blue.co
1 entries


3215760564
leaf cert
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2020-08-09 18:02:49
2020-11-07 19:02:49
qa-store.dev.test.meetcircle-blue.co
1 entries


2954851031
leaf cert
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2020-06-10 19:00:52
2020-09-08 19:00:52
qa-store.dev.test.meetcircle-blue.co
1 entries



11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns-1161.awsdns-17.org, ns-1882.awsdns-43.co.uk, ns-293.awsdns-36.com, ns-981.awsdns-58.net

QNr.DomainTypeNS used
1
org
NS
d.root-servers.net (199.7.91.13)

Answer: a0.org.afilias-nst.info, a2.org.afilias-nst.info, b0.org.afilias-nst.org, b2.org.afilias-nst.org, c0.org.afilias-nst.info, d0.org.afilias-nst.org
2
ns-1161.awsdns-17.org
NS
a0.org.afilias-nst.info (2001:500:e::1)

Answer: g-ns-1044.awsdns-17.org, g-ns-145.awsdns-17.org, g-ns-1617.awsdns-17.org, g-ns-723.awsdns-17.org

Answer: g-ns-1044.awsdns-17.org
205.251.196.20, 2600:9000:5304:1400::1

Answer: g-ns-145.awsdns-17.org
205.251.192.145, 2600:9000:5300:9100::1

Answer: g-ns-1617.awsdns-17.org
205.251.198.81, 2600:9000:5306:5100::1

Answer: g-ns-723.awsdns-17.org
205.251.194.211, 2600:9000:5302:d300::1
3
uk
NS
g.root-servers.net (2001:500:12::d0d)

Answer: dns1.nic.uk, dns2.nic.uk, dns3.nic.uk, dns4.nic.uk, nsa.nic.uk, nsb.nic.uk, nsc.nic.uk, nsd.nic.uk
4
ns-1882.awsdns-43.co.uk
NS
dns1.nic.uk (2a01:618:400::1)

Answer: g-ns-1518.awsdns-43.co.uk, g-ns-1839.awsdns-43.co.uk, g-ns-363.awsdns-43.co.uk, g-ns-939.awsdns-43.co.uk

Answer: g-ns-1518.awsdns-43.co.uk
205.251.197.238, 2600:9000:5305:ee00::1

Answer: g-ns-1839.awsdns-43.co.uk
205.251.199.47, 2600:9000:5307:2f00::1

Answer: g-ns-363.awsdns-43.co.uk
205.251.193.107, 2600:9000:5301:6b00::1

Answer: g-ns-939.awsdns-43.co.uk
205.251.195.171, 2600:9000:5303:ab00::1
5
com
NS
e.root-servers.net (192.203.230.10)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
6
ns-293.awsdns-36.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: g-ns-1188.awsdns-36.com, g-ns-1764.awsdns-36.com, g-ns-37.awsdns-36.com, g-ns-612.awsdns-36.com

Answer: g-ns-1188.awsdns-36.com
205.251.196.164, 2600:9000:5304:a400::1

Answer: g-ns-1764.awsdns-36.com
205.251.198.228, 2600:9000:5306:e400::1

Answer: g-ns-37.awsdns-36.com
205.251.192.37, 2600:9000:5300:2500::1

Answer: g-ns-612.awsdns-36.com
205.251.194.100, 2600:9000:5302:6400::1
7
net
NS
a.root-servers.net (2001:503:ba3e::2:30)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
8
ns-981.awsdns-58.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: g-ns-1402.awsdns-58.net, g-ns-1978.awsdns-58.net, g-ns-507.awsdns-58.net, g-ns-828.awsdns-58.net

Answer: g-ns-1402.awsdns-58.net
205.251.197.122, 2600:9000:5305:7a00::1

Answer: g-ns-1978.awsdns-58.net
205.251.199.186, 2600:9000:5307:ba00::1

Answer: g-ns-507.awsdns-58.net
205.251.193.251, 2600:9000:5301:fb00::1

Answer: g-ns-828.awsdns-58.net
205.251.195.60, 2600:9000:5303:3c00::1
9
ns-1161.awsdns-17.org: 205.251.196.137
A
g-ns-1044.awsdns-17.org (2600:9000:5304:1400::1)
10
ns-1161.awsdns-17.org: 2600:9000:5304:8900::1
AAAA
g-ns-1044.awsdns-17.org (2600:9000:5304:1400::1)
11
ns-1882.awsdns-43.co.uk: 205.251.199.90
A
g-ns-1518.awsdns-43.co.uk (2600:9000:5305:ee00::1)
12
ns-1882.awsdns-43.co.uk: 2600:9000:5307:5a00::1
AAAA
g-ns-1518.awsdns-43.co.uk (2600:9000:5305:ee00::1)
13
ns-293.awsdns-36.com: 205.251.193.37
A
g-ns-1188.awsdns-36.com (2600:9000:5304:a400::1)
14
ns-293.awsdns-36.com: 2600:9000:5301:2500::1
AAAA
g-ns-1188.awsdns-36.com (2600:9000:5304:a400::1)
15
ns-981.awsdns-58.net: 205.251.195.213
A
g-ns-1402.awsdns-58.net (2600:9000:5305:7a00::1)
16
ns-981.awsdns-58.net: 2600:9000:5303:d500::1
AAAA
g-ns-1402.awsdns-58.net (2600:9000:5305:7a00::1)


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
qa-store.dev.test.meetcircle-blue.co
0

no CAA entry found
1
0
dev.test.meetcircle-blue.co
0

no CAA entry found
1
0
test.meetcircle-blue.co
0

no CAA entry found
1
0
meetcircle-blue.co
0

no CAA entry found
1
0
co
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
dev.test.meetcircle-blue.co

ok
1
0
qa-store.dev.test.meetcircle-blue.co
heritage=external-dns,external-dns/owner=routing-plane-external-dns,external-dns/resource=ingress/dev/dev-qa-store
ok
1
0
_acme-challenge.qa-store.dev.test.meetcircle-blue.co

Name Error - The domain name does not exist
1
0
_acme-challenge.qa-store.dev.test.meetcircle-blue.co.dev.test.meetcircle-blue.co

Name Error - The domain name does not exist
1
0
_acme-challenge.qa-store.dev.test.meetcircle-blue.co.qa-store.dev.test.meetcircle-blue.co

Name Error - The domain name does not exist
1
0


15. Portchecks

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=8d1c04fa-cc40-457f-8023-57092469148f


Last Result: https://check-your-website.server-daten.de/?q=qa-store.dev.test.meetcircle-blue.co - 2021-01-13 19:45:09


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=qa-store.dev.test.meetcircle-blue.co" target="_blank">Check this Site: qa-store.dev.test.meetcircle-blue.co</a>