Configure https://searx.bar

[zevlee]

Hello, I maintain https://searx.bar and it looks like there's something that's causing the HTTPS check to trip up when scanning it. As far as I'm aware, users are able to access my instance, and other websites like the ones listed below are able to scan it just fine. Is there something that I need to do to my configuration to allow the HTTPS check to work properly? The instance is installed with searx-docker on Ubuntu Minimal 20.04. It has only what I needed to get the instance running.

Results from other websites:
Mozilla Observatory results
SSL Labs results
Security Headers results

[dalf]

• cryptcheck doesn't support x25519
• since your instance only support x25519, cryptcheck can't connect to your instance
• see TLS grade having a hard time to update searxng/searx-space#58 for more details.

[zevlee]

I'm not sure if that's the issue. The identical configuration happens to work for a different instance of mine: https://search.zevlee.me.

Cryptcheck results

Perhaps it has to do with the .bar TLD for whatever reason?

Edit: I just installed the cryptcheck program for myself and found that https://searx.bar is able to be resolved just fine. I think searx's cryptcheck might have blacklisted the https://searx.bar domain.

zev@zevlee:~$ sudo docker run aeris22/cryptcheck https searx.bar
129.213.118.27:443 [searx.bar]

Supported methods
  Method TLSv1_2

Supported ciphers
  Cipher TLSv1_2 ECDHE-ECDSA-AES128-GCM-SHA256 [aead]
    PFS : ECC 256 bits
  Cipher TLSv1_2 ECDHE-ECDSA-AES256-GCM-SHA384 [aead]
    PFS : ECC 256 bits
  Cipher TLSv1_2 ECDHE-ECDSA-CHACHA20-POLY1305 [aead]
    PFS : ECC 256 bits

Cipher suite preferences
  TLSv1_2  : ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-CHACHA20-POLY1305

Supported elliptic curves
  ECC curve secp256k1
  ECC curve prime256v1
Curves preference : prime256v1, secp256k1

Fallback SCSV : not applicable

Certificates
  Certificate /CN=searx.bar [284771186420546172516573984173817450912279] issued by /C=US/O=Let's Encrypt/CN=R3
    Key : ECC prime256v1 256 bits
    Identity : valid
    Trust : trusted
HSTS : 31536000

Grade : A+
{
    :critical => {
        :mdc2_sign => false,
         :md2_sign => false,
         :md4_sign => false,
         :md5_sign => false,
         :sha_sign => false,
        :sha1_sign => false,
              :ecc => false,
            :sslv2 => false,
            :sslv3 => false,
              :dss => false,
        :anonymous => false,
             :null => false,
           :export => false,
              :des => false,
              :md5 => false,
              :rc4 => false,
          :sweet32 => false
    },
       :error => {
            :ecc => false,
        :tlsv1_0 => false,
        :tlsv1_1 => false,
            :pfs => false
    },
     :warning => {
        :hsts => false,
         :ecc => false,
        :sha1 => false,
         :dhe => false
    },
        :good => {
        :fallback_scsv => nil,
                 :hsts => true,
                 :aead => true
    },
       :great => {
        :hsts => true
    },
        :best => {}
}

[zevlee]

I took the issue over to the cryptcheck repo, and they were able to solve the problem. The website https://cryptcheck.fr is able to scan https://searx.bar fine now, so hopefully the version used for this repo will be able to as well.
Cryptcheck Results