Check DNS, Urls + Redirects, Certificates and Content of your Website



N

No trusted Certificate

Checked:
08.04.2021 07:51:29


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
ri-ma-coding.ml
A
195.20.54.213
Amsterdam/North Holland/Netherlands (NL) - OpenTLD Web Network
No Hostname found
yes
1
0

AAAA

yes


www.ri-ma-coding.ml
CNAME
ri-ma-coding.ml
yes
1
0

A
195.20.54.213
Amsterdam/North Holland/Netherlands (NL) - OpenTLD Web Network
No Hostname found
yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 14631, Flags 256



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 42351, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2021, 00:00:00 +, Signature-Inception: 01.04.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ml
ml
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "ml" and the NextOwner "mlb". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: NS, RRSIG, NSEC



0 DNSKEY RR found




Zone: ri-ma-coding.ml
ri-ma-coding.ml
0 DS RR in the parent zone found



0 DNSKEY RR found




Zone: www.ri-ma-coding.ml
www.ri-ma-coding.ml
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
ri-ma-coding.ml
  a.ns.ml / prg
185.21.168.1
Amsterdam/North Holland/Netherlands (NL) - OpenTLD AnyCast Cloud


 
2a04:1b00::1
Amsterdam/North Holland/Netherlands (NL) - OpenTLD AnyCast Cloud

ml
  a.ns.ml / prg


  b.ns.ml / prg


  c.ns.ml / prg


  d.ns.ml / slc


4. SOA-Entries


Domain:ml
Zone-Name:ml
Primary:a.ns.ml
Mail:info.malidili.com
Serial:1617861046
Refresh:10800
Retry:3600
Expire:604800
TTL:5
num Entries:3


Domain:ml
Zone-Name:ml
Primary:a.ns.ml
Mail:info.malidili.com
Serial:1617861078
Refresh:10800
Retry:3600
Expire:604800
TTL:5
num Entries:1


Domain:ri-ma-coding.ml
Zone-Name:ml
Primary:a.ns.ml
Mail:info.malidili.com
Serial:1617861078
Refresh:10800
Retry:3600
Expire:604800
TTL:5
num Entries:2


5. Screenshots

No Screenshot listed, because no url-check with https + http status 200-299, 400-599 + not-ACME-check found.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://ri-ma-coding.ml/
195.20.54.213
301
https://68.183.120.227:80/
0.057
E
Server: nginx
Date: Thu, 08 Apr 2021 05:51:54 GMT
Content-Length: 0
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: https://68.183.120.227:80/
Pragma: no-cache

• http://www.ri-ma-coding.ml/
195.20.54.213
301
https://68.183.120.227:80/
0.280
E
Server: nginx
Date: Thu, 08 Apr 2021 05:51:55 GMT
Content-Length: 0
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: https://68.183.120.227:80/
Pragma: no-cache

• https://68.183.120.227:80/

302
https://ri-ma-coding.ml/tree?
3.360
N
Certificate error: RemoteCertificateChainErrors
Server: TornadoServer/6.1
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Apr 2021 05:52:25 GMT
Location: /tree?
Content-Length: 0
Connection: close

• https://ri-ma-coding.ml/
195.20.54.213
-14

10.026
T
Timeout - The operation has timed out

• https://www.ri-ma-coding.ml/
195.20.54.213
-14

10.023
T
Timeout - The operation has timed out

• https://ri-ma-coding.ml/tree?

-14

10.020
T
Timeout - The operation has timed out

• http://ri-ma-coding.ml/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
195.20.54.213
301
https://68.183.120.227:80/
0.057
E
Visible Content:
Server: nginx
Date: Thu, 08 Apr 2021 05:52:15 GMT
Content-Length: 0
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: https://68.183.120.227:80/
Pragma: no-cache

• http://www.ri-ma-coding.ml/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
195.20.54.213
301
https://68.183.120.227:80/
0.243
E
Visible Content:
Server: nginx
Date: Thu, 08 Apr 2021 05:52:15 GMT
Content-Length: 0
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: https://68.183.120.227:80/
Pragma: no-cache

• https://195.20.54.213/
195.20.54.213
-14

10.027
T
Timeout - The operation has timed out

7. Comments


1. General Results, most used to calculate the result

Aname "ri-ma-coding.ml" is domain, public suffix is ".ml", top-level-domain is ".ml", top-level-domain-type is "country-code", Country is Mali, tld-manager is "Agence des Technologies de l’Information et de la Communication", num .ml-domains preloaded: 1925 (complete: 151507)
Agood: All ip addresses are public addresses
Warning: Only one ip address found: ri-ma-coding.ml has only one ip address.
Warning: Only one ip address found: www.ri-ma-coding.ml has only one ip address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: ri-ma-coding.ml has no ipv6 address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: www.ri-ma-coding.ml has no ipv6 address.
Agood: No asked Authoritative Name Server had a timeout
AGood: No cookie sent via http.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
Bhttps://68.183.120.227:80/
302

Missing HSTS-Header
CError - no version with Http-Status 200
Ehttp://ri-ma-coding.ml/ 195.20.54.213
301
https://68.183.120.227:80/
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Ehttp://www.ri-ma-coding.ml/ 195.20.54.213
301
https://68.183.120.227:80/
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Hfatal error: No https - result with http-status 200, no encryption
Nhttps://68.183.120.227:80/
302
https://ri-ma-coding.ml/tree?
Error - Certificate isn't trusted, RemoteCertificateChainErrors
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain ri-ma-coding.ml, 1 ip addresses.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain www.ri-ma-coding.ml, 1 ip addresses.

2. DNS- and NameServer - Checks

A
A
AInfo:: 4 different Name Servers found: a.ns.ml, b.ns.ml, c.ns.ml, d.ns.ml, 4 Name Servers included in Delegation: a.ns.ml, b.ns.ml, c.ns.ml, d.ns.ml, 4 Name Servers included in 1 Zone definitions: a.ns.ml, b.ns.ml, c.ns.ml, d.ns.ml, 1 Name Servers listed in SOA.Primary: a.ns.ml.
AGood: Only one SOA.Primary Name Server found.: a.ns.ml.
AGood: SOA.Primary Name Server included in the delegation set.: a.ns.ml.
AGood: All Name Server Domain Names have a Public Suffix.
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: ns.ml
A
AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 2 good Nameserver
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

3. Content- and Performance-critical Checks

Fatal: All checks of /.well-known/acme-challenge/random-filename have a redirect, destination doesn't have the random filename. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
AInfo: Different Server-Headers found
ADuration: 92250 milliseconds, 92.250 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
68.183.120.227
68.183.120.227
80
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
68.183.120.227
68.183.120.227
80
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
no http/2 via ALPN 
Tls.1.2
no Tls.1.1
no Tls.1.0
no http/2 via ALPN
Tls.1.2
no Tls.1.1
no Tls.1.0
Self signed certificate
1CN=jupyter, OU=py4fi, O=supernakanishi, L=Takarazuka, C=JP, emailAddress=supernakanishi@gmail.com


9. Certificates

1.
1.
E=supernakanishi@gmail.com, CN=jupyter, OU=py4fi, O=supernakanishi, L=Takarazuka, S=Hyogo, C=JP
06.04.2021
04.04.2031
expires in 3641 days
68.183.120.227 - 1 entry
1.
1.
E=supernakanishi@gmail.com, CN=jupyter, OU=py4fi, O=supernakanishi, L=Takarazuka, S=Hyogo, C=JP
06.04.2021

04.04.2031
expires in 3641 days
68.183.120.227 - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:73D8295977A56C3559C43F4CF8E38FFA2202694D
Thumbprint:4F0C7DE50CC974D15D151545B8B5DD8AB724B47B
SHA256 / Certificate:m0p3WbBQNf86KQxF3qE0sHv53IG5Z2hUrs/46YaiFaQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c9228da7e42cb894fde764d23d6325c8f24a3e90bac2db02696da83d689e8924
SHA256 hex / Subject Public Key Information (SPKI):ca4d17c2fe96dc1ebdfd617b4becca29800b206596a036151e1b83fe891dc79d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

No CRT - CT-Log entries found


11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:


No NameServer - IP address - Informations found


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.ri-ma-coding.ml



1
0
ri-ma-coding.ml
0

no CAA entry found
1
0
ml
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
ri-ma-coding.ml

ok
1
0
www.ri-ma-coding.ml


1
0
_acme-challenge.ri-ma-coding.ml


1
0
_acme-challenge.www.ri-ma-coding.ml


1
0
_acme-challenge.ri-ma-coding.ml.ri-ma-coding.ml


1
0
_acme-challenge.www.ri-ma-coding.ml.ri-ma-coding.ml


1
0
_acme-challenge.www.ri-ma-coding.ml.www.ri-ma-coding.ml


1
0


15. Portchecks

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=b1f88c19-caaf-4998-8a37-11cf3d1a5649


Last Result: https://check-your-website.server-daten.de/?q=ri-ma-coding.ml - 2021-04-08 07:51:29


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=ri-ma-coding.ml" target="_blank">Check this Site: ri-ma-coding.ml</a>