Enterno.io How-to Guides
Step-by-step guides: check SSL, DNS, ports, monitor uptime, fix errors. Each guide — 3-7 steps, no fluff, real examples and commands.
SSL / TLS 9
How to Check a Site's SSL Certificate Online
TL;DR: To check a site's SSL certificate: open the Enterno.io SSL checker, enter a domain (example.com), click "Check". In 1-2 seconds you get a full picture — expiry, issuer, chai…
Read →How to Debug a TLS Handshake
Key idea: TLS handshake failures are among the hardest debug categories. Tools: openssl s_client for shell, Wireshark with TLS decryption for deep analysis, curl -v for application…
Read →How to Enable HTTP/2 on Your Site
Key idea: HTTP/2 is a binary multiplexed protocol that speeds up 10-30% of sites with no code changes. Requirements: HTTPS (mandatory), nginx ≥ 1.9.5, Apache ≥ 2.4.17 with mod_http…
Read →How to Fix SSL Errors in Chrome/Firefox/Safari
TL;DR: To fix browser SSL errors: (1) check the certificate via SSL checker — see the exact cause; (2) reissue via certbot/Let's Encrypt; (3) configure fullchain + TLS 1.2/1.3 on t…
Read →How to Generate a CSR for Your SSL Certificate
Key idea: CSR (Certificate Signing Request) is a file with your public key and organisation data that you send to a CA to obtain an SSL certificate. Generated with openssl, require…
Read →How to Migrate from HTTP to HTTPS
TL;DR: HTTP to HTTPS migration: (1) get SSL certificate via certbot (free); (2) configure nginx/Apache for HTTPS + TLS 1.2/1.3; (3) add 301 redirect from all http:// to https://; (…
Read →How to Auto-Renew a Let's Encrypt Certificate
TL;DR: Let's Encrypt auto-renewal: sudo certbot renew --dry-run — test. Then cron: 0 3 * * * certbot renew --quiet --post-hook "systemctl reload nginx". Let's Encrypt is valid 90 d…
Read →How to Rotate an SSL Certificate Zero-Downtime
Key idea: SSL rotation = replacing the cert before expiry. Correct flow: 30 days before expiry obtain a new cert, drop it next to the old one, hot-reload the web server. Clients in…
Read →How to Enable OCSP Stapling
Key idea: OCSP Stapling — the server fetches the OCSP response from the CA ahead of time and "staples" it to the TLS handshake. Without stapling, every client queries OCSP themselv…
Read →Performance 4
How to Check Website Speed (Core Web Vitals)
TL;DR: To check speed: Enterno.io PageSpeed — Google-methodology analysis returning Core Web Vitals (LCP, CLS, INP) + a 0-100 performance score for Mobile and Desktop. Free, no sig…
Read →How to Enable Brotli in nginx
Key idea: Brotli (brotli.org, Google) is a compression algorithm 15-25% better than gzip for text (HTML/CSS/JS). Client support 95%+ by 2026. Install in nginx: compile ngx_brotli m…
Read →How to Improve Site LCP
Key idea: LCP (Largest Contentful Paint) — when the main visible element (usually hero image or H1+paragraph) paints. "Good" threshold ≤ 2.5s. Typical LCP killers: heavy hero image…
Read →How to Reduce Time to First Byte
TL;DR: To reduce TTFB: (1) deploy a CDN (Cloudflare/Fastly) — edge caching for static assets; (2) enable server-level cache (Redis/Memcached for DB queries); (3) optimise slow SQL …
Read →Other 3
How to Check API CORS Headers
TL;DR: To check API CORS: use /en/cors Enterno.io checker — enter endpoint and origin, get all CORS headers + preflight test. Diagnoses common issues: missing Allow-Origin, wildcar…
Read →How to Configure CORS Correctly
Key idea: CORS (Cross-Origin Resource Sharing) is the mechanism letting JavaScript from one origin (domain:port:scheme) request resources from another. Without CORS, browsers block…
Read →How to Fix CORS Preflight
Key idea: CORS preflight — an OPTIONS request browser sends before a non-simple request (custom headers, non-GET). If the server does not answer 200/204 with proper CORS headers, t…
Read →DNS & Domains 3
How to Check DNS Records for a Domain
TL;DR: To check DNS records: open the Enterno.io DNS checker, enter a domain, click "Check". Get every record type (A/AAAA/MX/NS/TXT/SOA/CAA) from a Russia-hosted resolver in 1-2 s…
Read →How to Check DNSSEC for a Domain
Key idea: DNSSEC (Domain Name System Security Extensions) protects DNS from spoofing. Verification = confirm the domain publishes DNSKEY and a DS record in the TLD, and the signatu…
Read →How to Set Up an SPF Record for Your Domain
Key idea: SPF (Sender Policy Framework) is a DNS TXT record listing IPs and servers allowed to send mail on behalf of your domain. Without SPF, Gmail/Yandex.Mail/Mail.ru drop mail …
Read →Security 3
How to Enable HSTS on nginx and Apache
TL;DR: To enable HSTS: add the header Strict-Transport-Security: max-age=31536000; includeSubDomains; preload in nginx (add_header) or Apache (Header set). For hstspreload.org incl…
Read →How to Configure Fail2Ban for Server Defence
Key idea: Fail2Ban is an open-source IDS blocking IPs after N failed attempts. Linux-server security standard. Protects: SSH brute-force, web-app login bruteforce, CMS scanning. Se…
Read →How to Set Up an OAuth 2.0 Provider
Key idea: OAuth 2.0 provider setup enables "Login with Google/GitHub/VK" in your app. For web: Authorization Code flow. For SPA/mobile: Authorization Code + PKCE (RFC 7636). Proces…
Read →Other 13
How to Inspect HTTP Response Headers of a Site
TL;DR: To inspect HTTP headers: (1) Enterno.io HTTP checker — online, no signup, shows all response headers; (2) curl -I https://example.com in terminal; (3) Chrome DevTools → Netw…
Read →How to Configure Content-Security-Policy with Nonce
TL;DR: To protect from XSS, configure CSP with nonce: (1) generate nonce each request ($nonce = base64_encode(random_bytes(16))); (2) add to header script-src 'nonce-{$nonce}'; (3)…
Read →How to Configure CSP Nonce
Key idea: CSP nonce — a random value, generated per request, included in the CSP header script-src 'nonce-XXX' and as the attribute <script nonce="XXX">. Lets a specific inli…
Read →How to Check Which Ports Are Open on a Host
TL;DR: To check open ports: Enterno.io port-checker — enter host and port, get status (open/closed/filtered) in 1-2 seconds. For a full scan (top-100 ports) use the Port Scanner.
Read →How to Find and Fix 404 Errors
TL;DR: To fix 404s: (1) find broken URLs via /en/broken-links; (2) set up 301 redirects to relevant content; (3) create a custom 404 page with search and popular links; (4) monitor…
Read →How to Fix the Mixed Content Error
Key idea: Mixed Content happens when an HTTPS page loads HTTP resources (images, scripts, iframes). Chrome blocks active (scripts/iframes) fully, passive (images) triggers a warnin…
Read →How to Set Up Free Website Uptime Monitoring
TL;DR: To set up uptime monitoring: sign up at Enterno.io (free, 5 monitors forever), add the site URL, pick an interval (1-5 min), connect Telegram/Slack/Email for alerts. Done — …
Read →How to Redirect www to non-www
Key idea: A single canonical domain is SEO rule #1. Pick one (usually non-www) and 301-redirect the other. Setup: nginx — separate server block for www with return 301; Apache — Re…
Read →How to Configure Cache Headers for Your Site
Key idea: Cache-Control is an HTTP header controlling browser and CDN caching. For immutable assets (JS/CSS/images with hash) — public, max-age=31536000, immutable (1 year). For HT…
Read →How to Connect a CDN to Your Site
Key idea: CDN (Content Delivery Network) — geographically distributed servers serving static content from the node closest to the user. For a standard site setup takes 30 min: regi…
Read →How to Configure DKIM for Your Domain
Key idea: DKIM (DomainKeys Identified Mail) is a cryptographic signature proving a message truly originated from your domain and was not altered in transit. Without DKIM Gmail/Yand…
Read →How to Configure DMARC for Your Domain
Key idea: DMARC (Domain-based Message Authentication, Reporting & Conformance) is a policy telling recipients what to do with messages failing SPF/DKIM. Published as a _dmarc.examp…
Read →How to Configure DMARC Record
TL;DR: To set up DMARC: (1) ensure SPF and DKIM already work; (2) add TXT record _dmarc.example.com with value v=DMARC1; p=none; rua=mailto:reports@example.com; (3) after 2-4 weeks…
Read →