1. IP-Addresses

HostTIP-Addressis auth.∑ Queries∑ Timeout
sawmillers.kenyaforestservice.org
A
41.72.215.21
yes
1
0

AAAA

yes


www.sawmillers.kenyaforestservice.org

Name Error
yes
1
0


2. DNSSEC

Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 02.05.2019, 00:00:00, Signature-Inception: 11.04.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
org
2 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 28.04.2019, 05:00:00, Signature-Inception: 15.04.2019, 04:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

4 DNSKEY RR found

Public Key with Algorithm 7, KeyTag 9062, Flags 256

Public Key with Algorithm 7, KeyTag 9795, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 7, KeyTag 16454, Flags 256

Public Key with Algorithm 7, KeyTag 17883, Flags 257 (SEP = Secure Entry Point)

3 RRSIG RR to validate DNSKEY RR found

Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 30.04.2019, 15:27:52, Signature-Inception: 09.04.2019, 14:27:52, KeyTag 9062, Signer-Name: org

Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 30.04.2019, 15:27:52, Signature-Inception: 09.04.2019, 14:27:52, KeyTag 9795, Signer-Name: org

Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 30.04.2019, 15:27:52, Signature-Inception: 09.04.2019, 14:27:52, KeyTag 17883, Signer-Name: org

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 9062 used to validate the DNSKEY RRSet

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 9795 used to validate the DNSKEY RRSet

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 17883 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 9795, DigestType 1 and Digest "Nk36s9ryVMq0d7VnWxB2bdqiSYI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 9795, DigestType 2 and Digest "OSKzG286TqkrGet7UhIPAx/Y4F/wsDuvz5+JG/5/+OU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
kenyaforestservice.org
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


sawmillers.kenyaforestservice.org
0 DS RR in the parent zone found

0 DNSKEY RR found


www.sawmillers.kenyaforestservice.org
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
www.sawmillers.kenyaforestservice.org
  kenyaforestservice.org

sawmillers.kenyaforestservice.org
  kenyaforestservice.org

kenyaforestservice.org
  ns0.accesskenya.com


  ukns1.accesskenya.com

org
  a0.org.afilias-nst.info / ns000a.app31.mia2.afilias-nst.info


  a2.org.afilias-nst.info / 3.fra.pch


  b0.org.afilias-nst.org / ns000b.app5.ams2.afilias-nst.info


  b2.org.afilias-nst.org / 5.fra.pch


  c0.org.afilias-nst.info / ns000b.app13.ams2.afilias-nst.info


  d0.org.afilias-nst.org / ns000b.app5.lax1.afilias-nst.info


4. SOA-Entries


Domain:org
Primary:a0.org.afilias-nst.info
Mail:noc.afilias-nst.info
Serial:2013431680
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:org
Primary:a0.org.afilias-nst.info
Mail:noc.afilias-nst.info
Serial:2013431776
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:5


Domain:kenyaforestservice.org
Primary:kenyaforestservice.org
Mail:hostmaster.accesskenya.com
Serial:2019041211
Refresh:28800
Retry:7200
Expire:604800
TTL:38400
num Entries:2


5. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://sawmillers.kenyaforestservice.org/
41.72.215.21
301
https://sawmillers.kenyaforestservice.org/
0.316
A
Date: Mon, 15 Apr 2019 11:19:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 PHP/5.4.16 mod_python/3.5.0- Python/2.7.5 mod_wsgi/3.4
Location: https://sawmillers.kenyaforestservice.org/
Content-Length: 250
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://sawmillers.kenyaforestservice.org/
41.72.215.21
200

1.320
N
Certificate error: RemoteCertificateChainErrors
Date: Mon, 15 Apr 2019 11:19:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 PHP/5.4.16 mod_python/3.5.0- Python/2.7.5 mod_wsgi/3.4
X-Powered-By: PHP/5.4.16
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

• http://sawmillers.kenyaforestservice.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
41.72.215.21
404

0.370
A
Not Found
Visible Content: ERROR 404 - Not Found! The following error occurred: The requested URL was not found on this server. Please check the URL or contact the webmaster. Powered by ISPConfig
Date: Mon, 15 Apr 2019 11:19:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 PHP/5.4.16 mod_python/3.5.0- Python/2.7.5 mod_wsgi/3.4
Last-Modified: Mon, 15 Apr 2019 06:08:01 GMT
ETag: "70e-5868b798fc349"
Accept-Ranges: bytes
Content-Length: 1806
Connection: close
Content-Type: text/html; charset=UTF-8

6. Comments

Aname "sawmillers.kenyaforestservice.org" is subdomain, public suffix is "org", top-level-domain-type is "generic", tld-manager is "Public Interest Registry (PIR)"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Agood: destination is https
Agood - only one version with Http-Status 200
Agood: one preferred version: non-www is preferred
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Ahttp://sawmillers.kenyaforestservice.org/ 41.72.215.21
301
https://sawmillers.kenyaforestservice.org/
correct redirect http - https with the same domain name
Bhttps://sawmillers.kenyaforestservice.org/ 41.72.215.21
200

Missing HSTS-Header
Ihttps://sawmillers.kenyaforestservice.org/ 41.72.215.21
200

Content problems - mixed, files doesn't exist, different Content-Type definitions
Nhttps://sawmillers.kenyaforestservice.org/ 41.72.215.21
200

Error - Certificate isn't trusted, RemoteCertificateChainErrors
AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
Nameserver doesn't pass all EDNS-Checks: a2.org.afilias-nst.info: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: fatal timeout. V1DNSSEC: ok. NSID: ok (3.fra.pch). COOKIE: ok. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: kenyaforestservice.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: kenyaforestservice.org: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
ADuration: 43577 milliseconds, 43.577 seconds


7. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
sawmillers.kenyaforestservice.org
41.72.215.21
443
Certificate/chain invalid
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
sawmillers.kenyaforestservice.org
41.72.215.21
443
Certificate/chain invalid
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Self signed certificate
1CN=sawmillers.kenyaforestservice.org, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, C=--, emailAddress=root@sawmillers.kenyaforestservice.org

2CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US


8. Certificates

1.
1.
E=root@sawmillers.kenyaforestservice.org, CN=sawmillers.kenyaforestservice.org, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, S=SomeState, C=--
08.04.2019
07.04.2020
expires in 295 days

1.
1.
E=root@sawmillers.kenyaforestservice.org, CN=sawmillers.kenyaforestservice.org, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, S=SomeState, C=--
08.04.2019

07.04.2020
expires in 295 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:65E3
Thumbprint:DCBD4EADE1563F1006CDC6B9A139CD262D7CCA46
SHA256 / Certificate:EkWqvxXJIrN+/m6q2lW2WfvdY1BK2ZP89gCMKPZXMYo=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):cfba4d2ccfddfe74773f5a31bda1eef2da0a67bdc61ca7c321e9d8b6001e37db
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


9. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

No CertSpotter - Certificate-Transparency-Log informations found. The feature is new (startet 2019-05-07), so recheck this domain.


2. Source crt.sh - old and new certificates, sometimes very slow.

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
2
2

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1389844619
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-16 07:32:14
2019-07-15 07:32:14
sawmillers.kenyaforestservice.org
1 entries


1388028643
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-15 03:08:25
2019-07-14 03:08:25
sawmillers.kenyaforestservice.org
1 entries



10. Html-Content - Entries (BETA - mixed content and other checks)

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://sawmillers.kenyaforestservice.org/
41.72.215.21
a

2

0







form

1

0







img

1
25,143 Bytes
0







link
stylesheet
5
82,863 Bytes
2







meta
other
2

0







script

1

0






Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://sawmillers.kenyaforestservice.org/
41.72.215.21
a




2
ok



form
post

200

1
ok



img
src
public/images/logo.jpeg
200
25143 Bytes

1
ok



link
stylesheet
public/stylesheets/fontawesome-all.css
200
48548 Bytes

1
ok


Content loaded via url("...")

../webfonts/fa-brands-400.eot
1
../webfonts/fa-brands-400.eot?#iefix
1
../webfonts/fa-brands-400.svg#fontawesome
1
../webfonts/fa-brands-400.ttf
1
../webfonts/fa-brands-400.woff
1
../webfonts/fa-brands-400.woff2
1
../webfonts/fa-regular-400.eot
1
../webfonts/fa-regular-400.eot?#iefix
1
../webfonts/fa-regular-400.svg#fontawesome
1
../webfonts/fa-regular-400.ttf
1
../webfonts/fa-regular-400.woff
1
../webfonts/fa-regular-400.woff2
1
../webfonts/fa-solid-900.eot
1
../webfonts/fa-solid-900.eot?#iefix
1
../webfonts/fa-solid-900.svg#fontawesome
1
../webfonts/fa-solid-900.ttf
1
../webfonts/fa-solid-900.woff
1
../webfonts/fa-solid-900.woff2
1

link
stylesheet
public/stylesheets/forms.css
200
7643 Bytes

1
ok


Content loaded via url("...")

../images/forest1.JPG
3

link
stylesheet
public/stylesheets/style.css
404
1806 Bytes
Not Found
2
missing file



link
stylesheet
public/w3schol.css
200
23060 Bytes

1
ok



meta
Content-Type
text/html; charset=iso-8859-1


1
ok



meta
viewport
width=device-width, initial-scale=1


1
ok



script
src
/public/scripts/forms.js
200
0 Bytes

1
ok



11. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
sawmillers.kenyaforestservice.org
0

no CAA entry found
1
0
kenyaforestservice.org
0

no CAA entry found
1
0
org
0

no CAA entry found
1
0


12. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
sawmillers.kenyaforestservice.org

ok
1
0
_acme-challenge.sawmillers.kenyaforestservice.org

Name Error - The domain name does not exist
1
0
_acme-challenge.sawmillers.kenyaforestservice.org.sawmillers.kenyaforestservice.org

Name Error - The domain name does not exist
1
0



Permalink: https://check-your-website.server-daten.de/?i=9da82929-0d4e-454f-9fbb-c1a878522079


Last Result: https://check-your-website.server-daten.de/?q=sawmillers.kenyaforestservice.org - 2019-04-15 13:19:08