What should I check first when a site will not open?

Start with DNS to confirm the domain resolves to the correct IP. If DNS is correct, move to SSL, then inspect HTTP responses and redirects.

If DNS looks fine but the browser still warns, what next?

Check certificate expiry, SAN coverage, and chain status. If TLS is healthy, continue with HTTP redirects and final response codes.

Why does the site work in one region but fail in another?

That usually points to propagation delay, ISP caching, CDN behavior, or regional proxy differences. Compare DNS propagation and HTTP behavior together.

DNS/SSL/HTTP Comprehensive Diagnostic Checklist

An operations-focused guide for isolating domain outages by checking DNS, SSL, and HTTP in a fixed order and narrowing the failing layer quickly.

Diagnose your site now

Problem

Your domain is failing for users, but it is not immediately clear whether the break is in DNS, SSL, or HTTP. When multiple layers interact, symptoms alone are misleading, so a fixed diagnostic order matters.

Symptoms

Browsers alternate between connection failure, security warnings, and 4xx/5xx errors.
The site works in some environments but not in others.
The incident started after a DNS change, certificate renewal, or proxy configuration update.
Server health looks normal, but real user traffic still fails.

Top 3 Causes

DNS layer issue - A/AAAA, CNAME, or NS configuration is wrong or not fully propagated.
SSL layer issue - The certificate is expired or does not match the current host and chain requirements.
HTTP layer issue - Redirect loops, 403/404/5xx responses, or proxy rules break the final request flow.

Diagnose with DechoNet

Comprehensive Lookup to gather high-level DNS, SSL, and HTTP signals in one pass.
DNS Lookup to verify A/AAAA, CNAME, and NS records against the intended target.
SSL Check to validate expiry, SAN coverage, and certificate chain status.
HTTP Check to inspect redirect hops and the final response code.

Resolution Checklist

Start with DNS Lookup and confirm the domain resolves to the expected IP and nameservers.
If DNS is correct, run SSL Check and verify expiry, SAN, and chain status.
If TLS is healthy, use HTTP Check to inspect redirects, 4xx, and 5xx outcomes.
Review recent DNS, certificate, and proxy changes in the order they were deployed.
Follow the specific issue guide for the failing layer once the problem is isolated.

When to Escalate

Escalate to the certificate or hosting provider if DNS and HTTP are healthy but TLS still fails.
Escalate to network or CDN operators if the issue is regional or resolver-dependent.
Escalate to infrastructure owners if origin logs or proxy configuration are outside your control.