Check DNS, Urls + Redirects, Certificates and Content of your Website




N

No trusted Certificate

Checked:
26.05.2023 06:01:52


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
taskify.czagrzebski.dev
CNAME
ghs.googlehosted.com
yes
1
0

A
142.250.186.83
Frankfurt am Main/Hesse/Germany (DE) - Google LLC
Hostname: fra24s05-in-f19.1e100.net
yes



AAAA
2a00:1450:4001:828::2013
Frankfurt am Main/Hesse/Germany (DE) - Google LLC

yes


www.taskify.czagrzebski.dev
CNAME
ghs.googlehosted.com
yes
1
0

A
142.250.186.83
Frankfurt am Main/Hesse/Germany (DE) - Google LLC
Hostname: fra24s05-in-f19.1e100.net
yes



AAAA
2a00:1450:4001:828::2013
Frankfurt am Main/Hesse/Germany (DE) - Google LLC

yes


taskify.czagrzebski.dev
A
142.250.186.51
Frankfurt am Main/Hesse/Germany (DE) - Google LLC
No Hostname found
no


www.taskify.czagrzebski.dev
A
142.250.186.51
Frankfurt am Main/Hesse/Germany (DE) - Google LLC
No Hostname found
no


*.czagrzebski.dev
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


*.taskify.czagrzebski.dev
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 60955, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2023, 00:00:00 +, Signature-Inception: 21.05.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: dev
dev
1 DS RR in the parent zone found



DS with Algorithm 8, KeyTag 60074, DigestType 2 and Digest uULizlrr9i/KWdBXB+bbt5UhHVQNitugLp6J6DNCR4U=



1 RRSIG RR to validate DS RR found



RRSIG-Owner dev., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 07.06.2023, 21:00:00 +, Signature-Inception: 25.05.2023, 20:00:00 +, KeyTag 60955, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60955 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 50940, Flags 256



Public Key with Algorithm 8, KeyTag 60074, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner dev., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 15.06.2023, 22:45:31 +, Signature-Inception: 24.05.2023, 22:45:31 +, KeyTag 60074, Signer-Name: dev



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60074 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 60074, DigestType 2 and Digest "uULizlrr9i/KWdBXB+bbt5UhHVQNitugLp6J6DNCR4U=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: czagrzebski.dev
czagrzebski.dev
1 DS RR in the parent zone found



DS with Algorithm 8, KeyTag 10049, DigestType 2 and Digest DhYUNgNf/t+MgteTDQMFxIm6iT91rXoFIj13bLkXH74=



1 RRSIG RR to validate DS RR found



RRSIG-Owner czagrzebski.dev., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.06.2023, 22:45:31 +, Signature-Inception: 24.05.2023, 22:45:31 +, KeyTag 50940, Signer-Name: dev



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 50940 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 10049, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 36940, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner czagrzebski.dev., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 14.06.2023, 20:30:26 +, Signature-Inception: 23.05.2023, 20:30:26 +, KeyTag 10049, Signer-Name: czagrzebski.dev



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 10049 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 10049, DigestType 2 and Digest "DhYUNgNf/t+MgteTDQMFxIm6iT91rXoFIj13bLkXH74=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: taskify.czagrzebski.dev
taskify.czagrzebski.dev
0 DS RR in the parent zone found



RRSIG Type 5 validates the CNAME - Result: ghs.googlehosted.com
Validated: RRSIG-Owner taskify.czagrzebski.dev., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 14.06.2023, 20:30:26 +, Signature-Inception: 23.05.2023, 20:30:26 +, KeyTag 36940, Signer-Name: czagrzebski.dev

Zone: www.taskify.czagrzebski.dev
www.taskify.czagrzebski.dev
0 DS RR in the parent zone found



RRSIG Type 5 validates the CNAME - Result: ghs.googlehosted.com
Validated: RRSIG-Owner www.taskify.czagrzebski.dev., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 14.06.2023, 20:30:26 +, Signature-Inception: 23.05.2023, 20:30:26 +, KeyTag 36940, Signer-Name: czagrzebski.dev

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 60955, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2023, 00:00:00 +, Signature-Inception: 21.05.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com
1 DS RR in the parent zone found



DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=



1 RRSIG RR to validate DS RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 07.06.2023, 21:00:00 +, Signature-Inception: 25.05.2023, 20:00:00 +, KeyTag 60955, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60955 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 46551, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.06.2023, 17:24:21 +, Signature-Inception: 20.05.2023, 17:19:21 +, KeyTag 30909, Signer-Name: com



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: googlehosted.com
googlehosted.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "6ngrlhc9jj422bkr9n40uv7rmmq82nva" between the hashed NSEC3-owner "6ngrin33o48pqfmgrpvveo3pkg8lrpe5" and the hashed NextOwner "6ngrs2ttjpll9mfm49cttodgkn27a0hq". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 6ngrin33o48pqfmgrpvveo3pkg8lrpe5.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 29.05.2023, 04:39:44 +, Signature-Inception: 22.05.2023, 03:29:44 +, KeyTag 46551, Signer-Name: com



DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q2d6ni4i7eqh8na30ns61o48ul8g5". So that domain name is the Closest Encloser of "googlehosted.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 30.05.2023, 04:25:12 +, Signature-Inception: 23.05.2023, 03:15:12 +, KeyTag 46551, Signer-Name: com



0 DNSKEY RR found




Zone: ghs.googlehosted.com
ghs.googlehosted.com
0 DS RR in the parent zone found



0 DNSKEY RR found




3. Name Servers

DomainNameserverNS-IP
czagrzebski.dev
  ns-cloud-e1.googledomains.com
216.239.32.110
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:32::6e
Montreal/Quebec/Canada (CA) - Google LLC


  ns-cloud-e2.googledomains.com
216.239.34.110
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:34::6e
Montreal/Quebec/Canada (CA) - Google LLC


  ns-cloud-e3.googledomains.com
216.239.36.110
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:36::6e
Montreal/Quebec/Canada (CA) - Google LLC


  ns-cloud-e4.googledomains.com
216.239.38.110
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:38::6e
Montreal/Quebec/Canada (CA) - Google LLC

dev
  ns-tld1.charlestonroadregistry.com


  ns-tld2.charlestonroadregistry.com


  ns-tld3.charlestonroadregistry.com


  ns-tld4.charlestonroadregistry.com


  ns-tld5.charlestonroadregistry.com


ghs.googlehosted.com
  ns1.google.com
216.239.32.10
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:32::a
Montreal/Quebec/Canada (CA) - Google LLC

googlehosted.com
  ns1.google.com
216.239.32.10
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:32::a
Montreal/Quebec/Canada (CA) - Google LLC


  ns2.google.com
216.239.34.10
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:34::a
Montreal/Quebec/Canada (CA) - Google LLC


  ns3.google.com
216.239.36.10
Allentown/Pennsylvania/United States (US) - Google LLC


 
2001:4860:4802:36::a
Montreal/Quebec/Canada (CA) - Google LLC


  ns4.google.com
216.239.38.10
Mountain View/California/United States (US) - Google LLC


 
2001:4860:4802:38::a
Montreal/Quebec/Canada (CA) - Google LLC

com
  a.gtld-servers.net / nnn1-defra-5


  b.gtld-servers.net / nnn1-elpar7


  c.gtld-servers.net / nnn1-defra-5


  d.gtld-servers.net / nnn1-defra-5


  e.gtld-servers.net / nnn1-stk4


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-nlams-1e


  k.gtld-servers.net / nnn1-nlams-1c


  l.gtld-servers.net / nnn1-lon5


  m.gtld-servers.net / nnn1-nlams-1b


4. SOA-Entries


Domain:dev
Zone-Name:dev
Primary:ns-tld1.charlestonroadregistry.com
Mail:cloud-dns-hostmaster.google.com
Serial:1
Refresh:21600
Retry:3600
Expire:259200
TTL:300
num Entries:5


Domain:czagrzebski.dev
Zone-Name:czagrzebski.dev
Primary:ns-cloud-e1.googledomains.com
Mail:cloud-dns-hostmaster.google.com
Serial:25
Refresh:21600
Retry:3600
Expire:259200
TTL:300
num Entries:8



Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1685073718
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:12


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1685073733
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:googlehosted.com
Zone-Name:googlehosted.com
Primary:ns1.google.com
Mail:dns-admin.google.com
Serial:535191584
Refresh:900
Retry:900
Expire:1800
TTL:60
num Entries:8


Domain:ghs.googlehosted.com
Zone-Name:googlehosted.com
Primary:ns1.google.com
Mail:dns-admin.google.com
Serial:535191584
Refresh:900
Retry:900
Expire:1800
TTL:60
num Entries:2


5. Screenshots

No Screenshot listed, because Chrome (used to create the Screenshot) could not load the url. Instead, there was a redirect to "chrome-error://chromewebdata/", so the content of your website isn't visible.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://taskify.czagrzebski.dev/
142.250.186.51
302
http://66.190.13.30/
Html is minified: 101.40 %
0.040
D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/
142.250.186.83
302
http://66.190.13.30/
Html is minified: 101.40 %
0.043
D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/
2a00:1450:4001:828::2013
302
http://66.190.13.30/
Html is minified: 101.40 %
0.040
D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/
142.250.186.51
302
http://66.190.13.30/
Html is minified: 101.40 %
0.047
D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/
142.250.186.83
302
http://66.190.13.30/
Html is minified: 101.40 %
0.047
D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/
2a00:1450:4001:828::2013
302
http://66.190.13.30/
Html is minified: 101.40 %
0.040
D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://66.190.13.30/

301
https://66.190.13.30/
Html is minified: 109.03 %
0.297
A
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:01 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Location: https://66.190.13.30/

• https://taskify.czagrzebski.dev/
142.250.186.51
302
http://66.190.13.30/
Html is minified: 101.40 %
2.107
N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:38 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://taskify.czagrzebski.dev/
142.250.186.83
302
http://66.190.13.30/
Html is minified: 101.40 %
1.896
N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:42 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://taskify.czagrzebski.dev/
2a00:1450:4001:828::2013
302
http://66.190.13.30/
Html is minified: 101.40 %
1.807
N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:44 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://www.taskify.czagrzebski.dev/
142.250.186.51
302
http://66.190.13.30/
Html is minified: 101.40 %
1.810
N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:53 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://www.taskify.czagrzebski.dev/
142.250.186.83
302
http://66.190.13.30/
Html is minified: 101.40 %
2.013
N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:47 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://www.taskify.czagrzebski.dev/
2a00:1450:4001:828::2013
302
http://66.190.13.30/
Html is minified: 101.40 %
1.800
N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:50 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://66.190.13.30/
No GZip used - 481 / 642 - 74.92 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 100.00 %
5.486
N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small visible content (num chars: 46)
You need to enable JavaScript to run this app.
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 642
Connection: close
X-Powered-By: Express
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 26 May 2023 02:51:18 GMT
ETag: W/"282-18855f7ba65"

• http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
142.250.186.51
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 101.06 %
0.046
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
142.250.186.83
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 101.06 %
0.040
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:1450:4001:828::2013
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 101.06 %
0.043
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
142.250.186.51
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 101.06 %
0.074
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
142.250.186.83
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 101.06 %
0.043
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a00:1450:4001:828::2013
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 101.06 %
0.040
D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.03 %
0.296
A
Visible Content: 301 Moved Permanently nginx/1.21.6
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:02 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Location: https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
4.690
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Visible Content: 404 NOT FOUND
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: close
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"d-9cDc1x9S0CgmdX/8mukTB8yQ/hY"

• https://142.250.186.51/
142.250.186.51
-10

0.050
P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

• https://142.250.186.83/
142.250.186.83
-10

0.043
P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

• https://[2a00:1450:4001:0828:0000:0000:0000:2013]/
2a00:1450:4001:828::2013
-10

0.046
P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

7. Comments


1. General Results, most used to calculate the result

Aname "taskify.czagrzebski.dev" is subdomain, public suffix is ".dev", top-level-domain is ".dev", top-level-domain-type is "generic", tld-manager is "Charleston Road Registry Inc.", num .dev-domains preloaded: 13 (complete: 221801)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: taskify.czagrzebski.dev has 2 different ip addresses (authoritative).
AGood: Minimal 2 ip addresses per domain name found: www.taskify.czagrzebski.dev has 2 different ip addresses (authoritative).
AGood: Ipv4 and Ipv6 addresses per domain name found: taskify.czagrzebski.dev has 1 ipv4, 1 ipv6 addresses
AGood: Ipv4 and Ipv6 addresses per domain name found: www.taskify.czagrzebski.dev has 1 ipv4, 1 ipv6 addresses
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: non-www is preferred
AGood: No cookie sent via http.
AExcellent: Main Domain is in the Google-Preload-List
AExcellent: Main Domain is in the Mozilla/Firefox-Preload-List
AHSTS-Preload-Status: Preloaded. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Bhttps://taskify.czagrzebski.dev/ 142.250.186.51
302

Missing HSTS-Header
Bhttps://taskify.czagrzebski.dev/ 142.250.186.83
302

Missing HSTS-Header
Bhttps://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302

Missing HSTS-Header
Bhttps://66.190.13.30/
200

Missing HSTS-Header
Bhttps://www.taskify.czagrzebski.dev/ 142.250.186.51
302

Missing HSTS-Header
Bhttps://www.taskify.czagrzebski.dev/ 142.250.186.83
302

Missing HSTS-Header
Bhttps://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302

Missing HSTS-Header
Bhttps://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Missing HSTS-Header
Dhttp://taskify.czagrzebski.dev/ 142.250.186.51
302
http://66.190.13.30/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://taskify.czagrzebski.dev/ 142.250.186.83
302
http://66.190.13.30/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302
http://66.190.13.30/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.taskify.czagrzebski.dev/ 142.250.186.51
302
http://66.190.13.30/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.taskify.czagrzebski.dev/ 142.250.186.83
302
http://66.190.13.30/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302
http://66.190.13.30/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.51
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.83
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:1450:4001:828::2013
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.51
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.83
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:1450:4001:828::2013
302
http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Fhttps://taskify.czagrzebski.dev/ 142.250.186.51
302
http://66.190.13.30/
Wrong redirect https - http - never redirect https to http
Fhttps://taskify.czagrzebski.dev/ 142.250.186.83
302
http://66.190.13.30/
Wrong redirect https - http - never redirect https to http
Fhttps://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302
http://66.190.13.30/
Wrong redirect https - http - never redirect https to http
Fhttps://www.taskify.czagrzebski.dev/ 142.250.186.51
302
http://66.190.13.30/
Wrong redirect https - http - never redirect https to http
Fhttps://www.taskify.czagrzebski.dev/ 142.250.186.83
302
http://66.190.13.30/
Wrong redirect https - http - never redirect https to http
Fhttps://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302
http://66.190.13.30/
Wrong redirect https - http - never redirect https to http
Nhttps://taskify.czagrzebski.dev/ 142.250.186.51
302
http://66.190.13.30/
Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://taskify.czagrzebski.dev/ 142.250.186.83
302
http://66.190.13.30/
Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302
http://66.190.13.30/
Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://66.190.13.30/
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://www.taskify.czagrzebski.dev/ 142.250.186.51
302
http://66.190.13.30/
Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://www.taskify.czagrzebski.dev/ 142.250.186.83
302
http://66.190.13.30/
Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013
302
http://66.190.13.30/
Error - Certificate isn't trusted, RemoteCertificateChainErrors
Nhttps://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Otaskify.czagrzebski.dev / 142.250.186.83 / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 5 Cipher Suites without Forward Secrecy found
Otaskify.czagrzebski.dev / 2a00:1450:4001:828::2013 / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 3 Cipher Suites without Forward Secrecy found
Owww.taskify.czagrzebski.dev / 142.250.186.83 / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 5 Cipher Suites without Forward Secrecy found
Owww.taskify.czagrzebski.dev / 2a00:1450:4001:828::2013 / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 5 Cipher Suites without Forward Secrecy found
Phttps://142.250.186.51/ 142.250.186.51
-10

Error creating a TLS-Connection: No more details available.
Phttps://142.250.186.83/ 142.250.186.83
-10

Error creating a TLS-Connection: No more details available.
Phttps://[2a00:1450:4001:0828:0000:0000:0000:2013]/ 2a00:1450:4001:828::2013
-10

Error creating a TLS-Connection: No more details available.
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain taskify.czagrzebski.dev, 2 ip addresses.
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.taskify.czagrzebski.dev, 2 ip addresses.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain taskify.czagrzebski.dev, 2 ip addresses.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain www.taskify.czagrzebski.dev, 2 ip addresses.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.taskify.czagrzebski.dev

2. Header-Checks

F66.190.13.30
Content-Security-Policy
Critical: Missing Header:
F66.190.13.30
X-Content-Type-Options
Critical: Missing Header:
F66.190.13.30
Referrer-Policy
Critical: Missing Header:
F66.190.13.30
Permissions-Policy
Critical: Missing Header:

3. DNS- and NameServer - Checks

AInfo:: 13 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
AInfo:: 13 Queries complete, 13 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Ok (4 - 8):: An average of 3.3 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 4 different Name Servers found: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 4 Name Servers included in Delegation: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 4 Name Servers included in 1 Zone definitions: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 1 Name Servers listed in SOA.Primary: ns-cloud-e1.googledomains.com.
AGood: Only one SOA.Primary Name Server found.: ns-cloud-e1.googledomains.com.
AGood: SOA.Primary Name Server included in the delegation set.: ns-cloud-e1.googledomains.com.
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AInfo: Ipv4-Subnet-list: 4 Name Servers, 1 different subnets (first Byte): 216., 1 different subnets (first two Bytes): 216.239., 4 different subnets (first three Bytes): 216.239.32., 216.239.34., 216.239.36., 216.239.38.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 4 Name Servers with IPv6, 1 different subnets (first block): 2001:, 1 different subnets (first two blocks): 2001:4860:, 1 different subnets (first three blocks): 2001:4860:4802:, 4 different subnets (first four blocks): 2001:4860:4802:0032:, 2001:4860:4802:0034:, 2001:4860:4802:0036:, 2001:4860:4802:0038:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 8 good Nameserver
AGood: Nameserver supports Echo Capitalization: 8 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 8 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 8 good Nameserver
AGood: All SOA have the same Serial Number
AGood: CAA entries found, creating certificate is limited: pki.goog is allowed to create certificates

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: No https + http status 200 with inline CSS / JavaScript found
AGood: Every https result with status 200 has a minified Html-Content with a quota lower then 110 %.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AGood: All script Elements (type text/javascript) and src-Attribute have a defer / async - Attribute. So loading and executing these JavaScripts doesn't block parsing and rendering the Html-Output.
Warning: CSS / JavaScript found without GZip support. Send these ressources with GZip. 2 external CSS / JavaScript files without GZip found - 0 with GZip, 2 complete
Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 2 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 2 complete.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
4.690 seconds
Warning: 404 needs more then one second
AInfo: Different Server-Headers found
ADuration: 478440 milliseconds, 478.440 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
66.190.13.30
66.190.13.30
443
Certificate/chain invalid and wrong name
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
66.190.13.30
66.190.13.30
443
Certificate/chain invalid and wrong name
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain - too much certificates, don't send root certificates
1CN=mcsm.czagrzebski.dev

2CN=R3, O=Let's Encrypt, C=US

3CN=ISRG Root X1, O=Internet Security Research Group, C=US


taskify.czagrzebski.dev
142.250.186.51
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

taskify.czagrzebski.dev
142.250.186.51
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=taskify.czagrzebski.dev

2CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

3CN=GTS Root R1, O=Google Trust Services LLC, C=US


taskify.czagrzebski.dev
142.250.186.83
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

taskify.czagrzebski.dev
142.250.186.83
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=taskify.czagrzebski.dev

2CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

3CN=GTS Root R1, O=Google Trust Services LLC, C=US


taskify.czagrzebski.dev
2a00:1450:4001:828::2013
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

taskify.czagrzebski.dev
2a00:1450:4001:828::2013
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=taskify.czagrzebski.dev

2CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

3CN=GTS Root R1, O=Google Trust Services LLC, C=US


www.taskify.czagrzebski.dev
142.250.186.51
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

www.taskify.czagrzebski.dev
142.250.186.51
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=www.taskify.czagrzebski.dev

2CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

3CN=GTS Root R1, O=Google Trust Services LLC, C=US


www.taskify.czagrzebski.dev
142.250.186.83
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

www.taskify.czagrzebski.dev
142.250.186.83
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=www.taskify.czagrzebski.dev

2CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

3CN=GTS Root R1, O=Google Trust Services LLC, C=US


www.taskify.czagrzebski.dev
2a00:1450:4001:828::2013
443
Certificate/chain invalid
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

www.taskify.czagrzebski.dev
2a00:1450:4001:828::2013
443
Certificate/chain invalid
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=www.taskify.czagrzebski.dev

2CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

3CN=GTS Root R1, O=Google Trust Services LLC, C=US


9. Certificates

1.
1.
CN=taskify.czagrzebski.dev
26.05.2023
24.08.2023
238 days expired
taskify.czagrzebski.dev - 1 entry
1.
1.
CN=taskify.czagrzebski.dev
26.05.2023

24.08.2023
238 days expired
taskify.czagrzebski.dev - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00F890523726F8F70410D6D1EF17A85C7A
Thumbprint:BF46C1E3A6EEB2AF05854C303DE20D125448A5CC
SHA256 / Certificate:uiPuGvuyHYekNaUYXbUIvUXj3pqEu8vsHjkqL18GvCM=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):0a2814e736c1dc9f29b2b7a30753f3f94e00cceeb8c21ca01f07e990bc4ec8fc
SHA256 hex / Subject Public Key Information (SPKI):0a2814e736c1dc9f29b2b7a30753f3f94e00cceeb8c21ca01f07e990bc4ec8fc (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/s/gts1d4/Z_D0wb1zBno
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

Revoked: The certificate is revoked.

2.
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
13.08.2020
30.09.2027
expires in 1260 days


2.
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
13.08.2020

30.09.2027
expires in 1260 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:02008EB2023336658B64CDDB9B
Thumbprint:349C385FF8E330F20EAD733CD36FB435FEE0B403
SHA256 / Certificate:ZOKGt2BjYCo3Lv1gzejbJlaknuFehCVLPW61/jj0KIs=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SHA256 hex / Subject Public Key Information (SPKI):7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/gtsr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


3.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
19.06.2020
28.01.2028
expires in 1380 days


3.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
19.06.2020

28.01.2028
expires in 1380 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:77BD0D6CDB36F91AEA210FC4F058D30D
Thumbprint:08745487E891C19E3078C1F2A07E452950EF36F6
SHA256 / Certificate:PuAnjfcfo8ElxM1IfwHXdGlOb8V+DNlMJO/XaRM5GOU=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SHA256 hex / Subject Public Key Information (SPKI):871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/gsr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


4.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998
28.01.2028
expires in 1380 days


4.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998

28.01.2028
expires in 1380 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:040000000001154B5AC394
Thumbprint:B1BC968BD4F49D622AA89A81F2150152A41D829C
SHA256 / Certificate:69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk=
SHA256 hex / Cert (DANE * 0 1):ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA256 hex / PublicKey (DANE * 1 1):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SHA256 hex / Subject Public Key Information (SPKI):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


2.
1.
CN=www.taskify.czagrzebski.dev
26.05.2023
24.08.2023
238 days expired
www.taskify.czagrzebski.dev - 1 entry
2.
1.
CN=www.taskify.czagrzebski.dev
26.05.2023

24.08.2023
238 days expired
www.taskify.czagrzebski.dev - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:20A1BE8552E7973109474E9D07ADAA82
Thumbprint:7AD03F8CB53B36AD83198CC955BD3BF150E460C4
SHA256 / Certificate:NrQNZdfl79vml9P3IF+Kt1ysrEnlQLQ8E+WZnuHc/Js=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):d93ead19666030b7602af15dc2be1f465b18c00e4a8f4adf1ca52f92ed4184bd
SHA256 hex / Subject Public Key Information (SPKI):d93ead19666030b7602af15dc2be1f465b18c00e4a8f4adf1ca52f92ed4184bd (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/s/gts1d4/GACZZnkRzlM
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

Revoked: The certificate is revoked.

2.
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
13.08.2020
30.09.2027
expires in 1260 days


2.
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
13.08.2020

30.09.2027
expires in 1260 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:02008EB2023336658B64CDDB9B
Thumbprint:349C385FF8E330F20EAD733CD36FB435FEE0B403
SHA256 / Certificate:ZOKGt2BjYCo3Lv1gzejbJlaknuFehCVLPW61/jj0KIs=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SHA256 hex / Subject Public Key Information (SPKI):7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/gtsr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


3.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
19.06.2020
28.01.2028
expires in 1380 days


3.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
19.06.2020

28.01.2028
expires in 1380 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:77BD0D6CDB36F91AEA210FC4F058D30D
Thumbprint:08745487E891C19E3078C1F2A07E452950EF36F6
SHA256 / Certificate:PuAnjfcfo8ElxM1IfwHXdGlOb8V+DNlMJO/XaRM5GOU=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SHA256 hex / Subject Public Key Information (SPKI):871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/gsr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


4.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998
28.01.2028
expires in 1380 days


4.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998

28.01.2028
expires in 1380 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:040000000001154B5AC394
Thumbprint:B1BC968BD4F49D622AA89A81F2150152A41D829C
SHA256 / Certificate:69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk=
SHA256 hex / Cert (DANE * 0 1):ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA256 hex / PublicKey (DANE * 1 1):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SHA256 hex / Subject Public Key Information (SPKI):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


3.
1.
CN=mcsm.czagrzebski.dev
15.03.2022
13.06.2022
675 days expired
mcsm.czagrzebski.dev, www.mcsm.czagrzebski.dev - 2 entries
3.
1.
CN=mcsm.czagrzebski.dev
15.03.2022

13.06.2022
675 days expired
mcsm.czagrzebski.dev, www.mcsm.czagrzebski.dev - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:03B7EC58DFE7E31050CD652BC3B01A68E5B9
Thumbprint:58FDB13B71D79B8D8B01DA31C5F8337D1498F32B
SHA256 / Certificate:9UKFUC6I3QeUn6vI99GcprPdvPPtD4Ayixmy3ZSbOJ4=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):0845c53a89d8a73c97ec0a52af66e7cfbd28134985de9aa13b20a265e29b3dd0
SHA256 hex / Subject Public Key Information (SPKI):0845c53a89d8a73c97ec0a52af66e7cfbd28134985de9aa13b20a265e29b3dd0 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 515 days


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 515 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 4064 days


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 4064 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
0
0
2

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
5287753016
precert
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
2023-05-26 01:27:03
2023-08-24 02:12:31
taskify.czagrzebski.dev - 1 entries


5287757727
precert
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
2023-05-26 01:26:34
2023-08-24 02:13:03
www.taskify.czagrzebski.dev - 1 entries



2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found


11. Html-Content - Entries

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://66.190.13.30/
link
stylesheet
1
379 Bytes
0
1
0
0
0
0


link
other
3
9,217 Bytes
0
2
0
0
0
0


meta
other
4

0


0
0
0


script

1
951,410 Bytes
0
1
0
0
0
0

Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://66.190.13.30/

link
apple-touch-icon
/logo192.png
200

1
ok
image/png, missing X-Content-Type-Options nosniff

Cache-Control: public, max-age=0 - max-age too short.
No GZip - 5347 Bytes






link
icon
/favicon.ico
200

1
ok
image/x-icon, missing X-Content-Type-Options nosniff

Cache-Control: public, max-age=0 - max-age too short.
No GZip - 3870 Bytes






link
manifest
/manifest.json


1
ok








link
stylesheet
/static/css/main.6d40566d.css
200

1
ok
text/css; charset=UTF-8, missing X-Content-Type-Options nosniff

Cache-Control: public, max-age=0 - max-age too short.
GZip required: 379 Bytes




local SRI possible, possible hash-values:

sha256-jbLSYV62uiVV/vB6RP/pLGLRU6p5MNl3f2bjEtfYNVk=
sha384-FhrBSRYA/FH1b3bh/FYUBvY0bAaYMhmLbsn6TgsSVUjR5zOjjJfQoVmZe1KUZ3mB
sha512-FNU12FhJmZbwyYEFJiFExkKoFUgOOeg8TPmPSOkoGfV+yYX2KPUdkw1RQEAwlTlR79cl+Han3fSwwCPxdyLqqw==

<link rel="stylesheet" href="/static/css/main.6d40566d.css" crossorigin="anonymous" integrity="sha256-jbLSYV62uiVV/vB6RP/pLGLRU6p5MNl3f2bjEtfYNVk=" />




meta

utf-8


1
ok








meta
description
Web site created using create-react-app


1
ok








meta
theme-color
#000000


1
ok








meta
viewport
width=device-width,initial-scale=1


1
ok








script
src
/static/js/main.df8ac66c.js
200

1
ok
defer attribute found application/javascript; charset=UTF-8, missing X-Content-Type-Options nosniff

Cache-Control: public, max-age=0 - max-age too short.
GZip required: 951410 Bytes




local SRI possible, possible hash-values:

sha256-Wiu6q+4RBlezm4O+0hwGqztWzguqHhv/+EYRb2D3GwI=
sha384-uRUGXf4Fs3TjV2IEuslwpLjLIlrZy/wkyDCzvcEcYmtXLD3h8dzcSjPc++KolUJ6
sha512-5DUsrqexiu3qzb0EqWJtlV69nKmEKY2ztJ2pfEqZNEsNqQ3wbwDY9n1KX6wfAEGekaaoLO00nMn9iJMqh0dfIw==

<script src="/static/js/main.df8ac66c.js" crossorigin="anonymous" integrity="sha256-Wiu6q+4RBlezm4O+0hwGqztWzguqHhv/+EYRb2D3GwI=" />




12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com

QNr.DomainTypeNS used
1
com
NS
m.root-servers.net (2001:dc3::35)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
ns-cloud-e1.googledomains.com
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
3
ns-cloud-e2.googledomains.com
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
4
ns-cloud-e3.googledomains.com
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
5
ns-cloud-e4.googledomains.com
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
6
ns-cloud-e1.googledomains.com: 216.239.32.110
A
ns5.googledomains.com (2001:4860:4802:32::a)
7
ns-cloud-e1.googledomains.com: 2001:4860:4802:32::6e
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)
8
ns-cloud-e2.googledomains.com: 216.239.34.110
A
ns5.googledomains.com (2001:4860:4802:32::a)
9
ns-cloud-e2.googledomains.com: 2001:4860:4802:34::6e
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)
10
ns-cloud-e3.googledomains.com: 216.239.36.110
A
ns5.googledomains.com (2001:4860:4802:32::a)
11
ns-cloud-e3.googledomains.com: 2001:4860:4802:36::6e
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)
12
ns-cloud-e4.googledomains.com: 216.239.38.110
A
ns5.googledomains.com (2001:4860:4802:32::a)
13
ns-cloud-e4.googledomains.com: 2001:4860:4802:38::6e
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.taskify.czagrzebski.dev



1
0
taskify.czagrzebski.dev



1
0
ghs.googlehosted.com
0

no CAA entry found
1
0
googlehosted.com
5
issue
pki.goog
1
0
czagrzebski.dev
0

no CAA entry found
1
0
dev
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
czagrzebski.dev

ok
1
0
taskify.czagrzebski.dev


1
0
www.taskify.czagrzebski.dev


1
0
_acme-challenge.ghs.googlehosted.com


1
0
_acme-challenge.taskify.czagrzebski.dev

Name Error - The domain name does not exist
1
0
_acme-challenge.www.taskify.czagrzebski.dev

Name Error - The domain name does not exist
1
0
_acme-challenge.taskify.czagrzebski.dev.czagrzebski.dev

Name Error - The domain name does not exist
1
0
_acme-challenge.ghs.googlehosted.com.ghs.googlehosted.com


1
0
_acme-challenge.taskify.czagrzebski.dev.taskify.czagrzebski.dev

Name Error - The domain name does not exist
1
0
_acme-challenge.www.taskify.czagrzebski.dev.taskify.czagrzebski.dev

Name Error - The domain name does not exist
1
0
_acme-challenge.www.taskify.czagrzebski.dev.www.taskify.czagrzebski.dev

Name Error - The domain name does not exist
1
0


15. DomainService - Entries

No DomainServiceEntries entries found



16. Cipher Suites

DomainIPPortCipher (OpenSsl / IANA)
taskify.czagrzebski.dev
142.250.186.83
443
ECDHE-RSA-CHACHA20-POLY1305
(Secure)
TLSv1.2
0xCC,0xA8
FS
10 Ciphers, 51.03 sec
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
ECDH
RSA
CHACHA20/POLY1305(256)
AEAD



ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDH
RSA
AESGCM(256)
AEAD



ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDH
RSA
AESGCM(128)
AEAD



AES256-GCM-SHA384
(Weak)
TLSv1.2
0x00,0x9D
No FS

TLS_RSA_WITH_AES_256_GCM_SHA384
RSA
RSA
AESGCM(256)
AEAD



AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256
RSA
RSA
AESGCM(128)
AEAD



ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH
RSA
AES(256)
SHA1



ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDH
RSA
AES(128)
SHA1



AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA
RSA
RSA
AES(256)
SHA1



DES-CBC3-SHA
(Weak)
SSLv3
0x00,0x0A
No FS

TLS_RSA_WITH_3DES_EDE_CBC_SHA
RSA
RSA
3DES(168)
SHA1



AES128-SHA
(Weak)
SSLv3
0x00,0x2F
No FS

TLS_RSA_WITH_AES_128_CBC_SHA
RSA
RSA
AES(128)
SHA1

2a00:1450:4001:828::2013
443
ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS
6 Ciphers, 35.37 sec
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDH
RSA
AESGCM(128)
AEAD



AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256
RSA
RSA
AESGCM(128)
AEAD



ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH
RSA
AES(256)
SHA1



ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDH
RSA
AES(128)
SHA1



AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA
RSA
RSA
AES(256)
SHA1



DES-CBC3-SHA
(Weak)
SSLv3
0x00,0x0A
No FS

TLS_RSA_WITH_3DES_EDE_CBC_SHA
RSA
RSA
3DES(168)
SHA1
www.taskify.czagrzebski.dev
142.250.186.83
443
ECDHE-RSA-CHACHA20-POLY1305
(Secure)
TLSv1.2
0xCC,0xA8
FS
10 Ciphers, 49.61 sec
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
ECDH
RSA
CHACHA20/POLY1305(256)
AEAD



ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDH
RSA
AESGCM(256)
AEAD



ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDH
RSA
AESGCM(128)
AEAD



AES256-GCM-SHA384
(Weak)
TLSv1.2
0x00,0x9D
No FS

TLS_RSA_WITH_AES_256_GCM_SHA384
RSA
RSA
AESGCM(256)
AEAD



AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256
RSA
RSA
AESGCM(128)
AEAD



ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH
RSA
AES(256)
SHA1



ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDH
RSA
AES(128)
SHA1



AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA
RSA
RSA
AES(256)
SHA1



DES-CBC3-SHA
(Weak)
SSLv3
0x00,0x0A
No FS

TLS_RSA_WITH_3DES_EDE_CBC_SHA
RSA
RSA
3DES(168)
SHA1



AES128-SHA
(Weak)
SSLv3
0x00,0x2F
No FS

TLS_RSA_WITH_AES_128_CBC_SHA
RSA
RSA
AES(128)
SHA1

2a00:1450:4001:828::2013
443
ECDHE-RSA-CHACHA20-POLY1305
(Secure)
TLSv1.2
0xCC,0xA8
FS
10 Ciphers, 45.65 sec
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
ECDH
RSA
CHACHA20/POLY1305(256)
AEAD



ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDH
RSA
AESGCM(256)
AEAD



ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDH
RSA
AESGCM(128)
AEAD



AES256-GCM-SHA384
(Weak)
TLSv1.2
0x00,0x9D
No FS

TLS_RSA_WITH_AES_256_GCM_SHA384
RSA
RSA
AESGCM(256)
AEAD



AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256
RSA
RSA
AESGCM(128)
AEAD



ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH
RSA
AES(256)
SHA1



ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDH
RSA
AES(128)
SHA1



AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA
RSA
RSA
AES(256)
SHA1



DES-CBC3-SHA
(Weak)
SSLv3
0x00,0x0A
No FS

TLS_RSA_WITH_3DES_EDE_CBC_SHA
RSA
RSA
3DES(168)
SHA1



AES128-SHA
(Weak)
SSLv3
0x00,0x2F
No FS

TLS_RSA_WITH_AES_128_CBC_SHA
RSA
RSA
AES(128)
SHA1


17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=759da625-e6f2-4335-9dd3-0a6da69bdf89


Last Result: https://check-your-website.server-daten.de/?q=taskify.czagrzebski.dev - 2023-05-26 06:01:52


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=taskify.czagrzebski.dev" target="_blank">Check this Site: taskify.czagrzebski.dev</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro