Check DNS, Urls + Redirects, Certificates and Content of your Website



N

No trusted Certificate

Checked:
27.12.2018 12:57:18


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
webernet.spdns.org

91.16.46.157

yes
1
0
www.webernet.spdns.org

Name Error
yes
1
0


2. DNSSEC

No DNSSEC informations found. The feature is new (restartet 2018-12-31), so recheck this domain.


3. Name Servers

DomainNameserverNS-IP
www.webernet.spdns.org
  dyndns.securepoint.de

webernet.spdns.org
  dyndns.securepoint.de

spdns.org
  dns-001.securepoint.de


  dyndns.securepoint.de


  ns1.m-online.net


  ns2.m-online.net


  ns3.m-online.net


  ns4.m-online.net

org
  a0.org.afilias-nst.info


  a2.org.afilias-nst.info


  b0.org.afilias-nst.org


  b2.org.afilias-nst.org


  c0.org.afilias-nst.info


  d0.org.afilias-nst.org


4. SOA-Entries

No SOA informations found. The feature is new (startet 2019-02-05), so recheck this domain.

5. Screenshots

No Screenshot listed, because no screenshot found. Perhaps the check is too old, the feature startet 2019-12-23.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://webernet.spdns.org/
91.16.46.157
302
https://nc-webernet.spdns.org
0.043
E
Date: Thu, 27 Dec 2018 11:57:23 GMT
Server: Apache/2.4.29 (Ubuntu)
Location: https://nc-webernet.spdns.org
Content-Length: 297
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://nc-webernet.spdns.org

302
https://nc-webernet.spdns.org/login
1.323
A
Date: Thu, 27 Dec 2018 11:57:31 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-blFtMTExRm9POEhZMEJYMnFCTkE5Z0xuQldKNUVjUmR4SDAxRWtiV1RqTT06OTIrTi9DTXNkWXVlcW5LRDIzUnZzbWEwYkFVK2RZWXo4Q3RXUmh5eEJBYz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
Set-Cookie: oc5mhbhf56nu=95pl00qaskl9ka63ks1imh792p; Path=/; Domain=nc-webernet.spdns.org; HttpOnly; Secure,oc_sessionPassphrase=GeHqwdVzTg%2B9bGKKy5czjzDm%2Bk9vMmWGLNxzO0Nncx7oveTmdDiGsj5NWqf%2FX4sC1%2B5Y9hIisx7lVlb%2Bqk1VkjCI5J%2B%2FM%2B%2BhM7IznDPzrMhVLFUcB32vV88Rdota3WFC; Path=/; Domain=nc-webernet.spdns.org; HttpOnly; Secure,__Host-nc_sameSiteCookielax=true; Path=/; Domain=nc-webernet.spdns.org; Expires=2101-01-01 00:59:59; HttpOnly; Secure,__Host-nc_sameSiteCookiestrict=true; Path=/; Domain=nc-webernet.spdns.org; Expires=2101-01-01 00:59:59; HttpOnly; Secure
Upgrade: h2,h2c
Connection: Upgrade, close
Location: https://nc-webernet.spdns.org/login
Strict-Transport-Security: max-age=15768000;includeSubdomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: no-referrer
Content-Length: 0
Content-Type: text/html; charset=UTF-8

• https://webernet.spdns.org/
91.16.46.157
400

7.123
N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Date: Thu, 27 Dec 2018 11:57:25 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-b3I5UUFZaGJxMXp6UGswczJtUTFMQTJNMUEwMGtLTUtRUHlRZDBja1p0TT06MVBGL1kva0p5bXZjVHdGaGp6SnhXSDdnLzBwSDRaVnBjYmpSSFJNUE01OD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
Set-Cookie: oc5mhbhf56nu=oe6cccgris6u4ut7nitnrdcnmf; Path=/; Domain=webernet.spdns.org; HttpOnly; Secure,oc_sessionPassphrase=gOPru9w0%2FjFqHjpkjdtg%2FqQe4lNg%2FDfAfayxlxTMhoLCfSQxZymX%2BKs2aQI0e%2FkQCS%2FU0%2BaxUTkU11412OuKuZ10I5kLnxQJq%2FPthn%2FGdqdSfY6QiKXhRvPov%2FhohE3z; Path=/; Domain=webernet.spdns.org; HttpOnly; Secure,__Host-nc_sameSiteCookielax=true; Path=/; Domain=webernet.spdns.org; Expires=2101-01-01 00:59:59; HttpOnly; Secure,__Host-nc_sameSiteCookiestrict=true; Path=/; Domain=webernet.spdns.org; Expires=2101-01-01 00:59:59; HttpOnly; Secure
Upgrade: h2,h2c
Connection: Upgrade, close
Strict-Transport-Security: max-age=15768000;includeSubdomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: no-referrer
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

• https://nc-webernet.spdns.org/login

200

1.313
A
Date: Thu, 27 Dec 2018 11:57:32 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-eEtzWTk0aEpaZjJ3Q1pUeDRqRGtOem4yUWRwMUZ5QjJKV2N0M2diUzN2TT06bGN4UWc5b0hWci9VWjZXcmkyalFCMVNSTTRrMExrd0NIREJEbFcvbXNMbz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
Set-Cookie: oc5mhbhf56nu=2ephgi2t2lqeu26jcjv1j3n6eq; Path=/; Domain=nc-webernet.spdns.org; HttpOnly; Secure,oc_sessionPassphrase=fTJQ2QWeccMg16Uq%2BDLtQuEiCJ3rvG8jtazoa2jRmRr%2B%2B6DqdIXIdJeue7SdgG%2FX%2B73CdkVGKUHE19CAvdu6je2RoHtjYxK3x6ke%2FifrFp9azLQWBI2DUG4JtLbMXbOi; Path=/; Domain=nc-webernet.spdns.org; HttpOnly; Secure,__Host-nc_sameSiteCookielax=true; Path=/; Domain=nc-webernet.spdns.org; Expires=2101-01-01 00:59:59; HttpOnly; Secure,__Host-nc_sameSiteCookiestrict=true; Path=/; Domain=nc-webernet.spdns.org; Expires=2101-01-01 00:59:59; HttpOnly; Secure
Upgrade: h2,h2c
Connection: Upgrade, close
Content-Length: 13716
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000;includeSubdomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: no-referrer
Content-Type: text/html; charset=UTF-8

• http://webernet.spdns.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
91.16.46.157
302
https://nc-webernet.spdns.org.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.043
E
Visible Content:
Date: Thu, 27 Dec 2018 11:57:31 GMT
Server: Apache/2.4.29 (Ubuntu)
Location: https://nc-webernet.spdns.org.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Length: 366
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://nc-webernet.spdns.org.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

-1

0.017
R
NameResolutionFailure - The remote name could not be resolved: 'nc-webernet.spdns.org.well-known'
Visible Content:

7. Comments


1. General Results, most used to calculate the result

Aname "webernet.spdns.org" is domain, public suffix is "spdns.org", top-level-domain-type is "generic", tld-manager is "Public Interest Registry (PIR)"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Ahttps://nc-webernet.spdns.org
302
https://nc-webernet.spdns.org/login
correct redirect https to https
Agood: destination is https
Agood - only one version with Http-Status 200
Agood: one preferred version: non-www is preferred
Agood: every cookie sent via https is marked as secure
Agood: every https has a Strict Transport Security Header
Agood: HSTS has includeSubdomains - directive
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Bwarning: HSTS max-age is too short - minimum 31536000 = 365 days required, 15768000 seconds = 182 days found
Ehttp://webernet.spdns.org/ 91.16.46.157
302
https://nc-webernet.spdns.org
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Mhttps://webernet.spdns.org/ 91.16.46.157
400

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://webernet.spdns.org/ 91.16.46.157
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Rhttp://webernet.spdns.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 91.16.46.157
302
https://nc-webernet.spdns.org.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
redirect to not existing domain

2. DNS- and NameServer - Checks

AGood: Nameserver supports TCP connections: 1 good Nameserver
AGood: Nameserver supports Echo Capitalization: 1 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 1 good Nameserver
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

3. Content- and Performance-critical Checks

https://nc-webernet.spdns.org.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
-1

Fatal: Check of /.well-known/acme-challenge/random-filename redirects to not-existing domain. Creating a Letsencrypt certificate via http-01 challenge can't work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 15396 milliseconds, 15.396 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
webernet.spdns.org
91.16.46.157
443
name does not match
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
not supported
ok
webernet.spdns.org
91.16.46.157
443
name does not match
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
not supported
ok
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0


9. Certificates

1.
1.
CN=nc-webernet.spdns.org
29.11.2018
27.02.2019
1309 days expired
nc-webernet.spdns.org - 1 entry
1.
1.
CN=nc-webernet.spdns.org
29.11.2018

27.02.2019
1309 days expired
nc-webernet.spdns.org - 1 entry

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:03FB6C6F788E08F56B170B082B0378B9B6DE
Thumbprint:17F149D71D5A82BBFAA1E5DFC03C698DC5FB680E
SHA256 / Certificate:2c3aXnjoTzcrFKOk8VFGAyS2tEWdGOklzA3WW8rJ84A=
SHA256 hex / Cert (DANE * 0 1):d9cdda5e78e84f372b14a3a4f151460324b6b4459d18e925cc0dd65bcac9f380
SHA256 hex / PublicKey (DANE * 1 1):f42aaa7c9a6b6d712fc56467f5948850beff832d972ea369908132f4d39f4146
SHA256 hex / Subject Public Key Information (SPKI):f42aaa7c9a6b6d712fc56467f5948850beff832d972ea369908132f4d39f4146
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.int-x3.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)


2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016
17.03.2021
560 days expired


2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016

17.03.2021
560 days expired


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A0141420000015385736A0B85ECA708
Thumbprint:E6A3B45B062D509B3382282D196EFE97D5956CCB
SHA256 / Certificate:JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=
SHA256 hex / Cert (DANE * 0 1):25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
SHA256 hex / PublicKey (DANE * 1 1):60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
SHA256 hex / Subject Public Key Information (SPKI):60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://isrg.trustid.ocsp.identrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000
30.09.2021
363 days expired


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000

30.09.2021
363 days expired


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:44AFB080D6A327BA893039862EF8406B
Thumbprint:DAC9024F54D8F6DF94935FB1732638CA6AD77C13
SHA256 / Certificate:BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk=
SHA256 hex / Cert (DANE * 0 1):0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
SHA256 hex / PublicKey (DANE * 1 1):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
SHA256 hex / Subject Public Key Information (SPKI):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - Certificate-Transparency-Log informations found. The feature is new (startet 2019-05-07), so recheck this domain.


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No Certificate-Transparency-Log informations found. The feature is new (startet 2019-03-21), so recheck this domain.


11. Html-Content - Entries

No Html-Content informations found. The feature is new (startet 2019-01-22), so recheck this domain.


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
webernet.spdns.org
0

no CAA entry found
1
0
spdns.org
0

no CAA entry found
1
0
org
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
webernet.spdns.org

ok
1
0
_acme-challenge.webernet.spdns.org

Name Error - The domain name does not exist
1
0
_acme-challenge.webernet.spdns.org.webernet.spdns.org

Name Error - The domain name does not exist
1
0


15. DomainService - Entries (SSHFP Check is new - 2022-09-24, may be incomplete, alpha, some results are required)

No DomainServiceEntries entries found



16. Cipher Suites

No Ciphers found


17. Portchecks

No Port informations found. The feature is new (startet 2019-07-09), so recheck this domain.



Permalink: https://check-your-website.server-daten.de/?i=ef955e51-4f34-44c8-a890-3d6a0b5dc376


Last Result: https://check-your-website.server-daten.de/?q=webernet.spdns.org - 2018-12-27 12:57:18


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=webernet.spdns.org" target="_blank">Check this Site: webernet.spdns.org</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro