dnswatchdog.iodocs
Issues

Self-Signed Certificate

The certificate is self-signed and not trusted by browsers.

Severity: Info

What does this mean?

A self-signed certificate is one that was created and signed by the server itself, rather than by a trusted certificate authority (CA). Normally, certificates are issued by CAs like Let's Encrypt, DigiCert, or Comodo, which browsers and operating systems trust by default. A self-signed certificate provides encryption but no identity verification.

Why this is a problem

  • Browsers display a security warning because they cannot verify who issued the certificate
  • Visitors must manually accept the risk to proceed, which most will not do
  • Automated systems and API clients will reject the connection by default
  • It may indicate a development or test environment that is accidentally exposed to the internet

What you should do

  • Replace the self-signed certificate with one from a trusted CA
  • Let's Encrypt provides free, trusted certificates with automated renewal
  • If this is an internal service, consider using an internal CA and distributing the root certificate to your organization's devices
  • If this is a development or test environment, ensure it is not publicly accessible

Certificate Hostname Mismatch

The certificate does not match the hostname.

Weak Certificate Key

The certificate uses a weak cryptographic key.

On this page

What does this mean?Why this is a problemWhat you should do