TLS / SSL certificate

mc.hypixel.net TLS certificate

mc.hypixel.net port 443

TLS DOWN

TLS handshake failed: ECONNRESET.

TLS · 6ms

1s ago

What this means

TLS isn't reachable — connection refused, timed out, or the server returned a malformed handshake. The HTTP-only check at /check/mc.hypixel.net may still succeed if the host responds on port 80.

What to try next

Try /check/

/check/mc.hypixel.net probes HTTP and may succeed even when TLS is failing.

Check the host

If the host doesn't resolve, the issue is DNS, not TLS.

Reload

Transient handshake failures sometimes resolve on retry.

Methodology

Probe: We open a TLS handshake to port 443 with the supplied hostname as the SNI, read the peer certificate via getPeerCertificate(true), and validate the hostname against subjectAlternativeName via tls.checkServerIdentity.
Counts as DOWN: The TLS handshake fails entirely (TCP refused, handshake timeout, or rejected ClientHello) — we couldn't read a certificate at all.
Counts as DEGRADED: Reserved for soon-to-expire certificates and warning-only validation issues like a self-signed cert. Browsers may still warn even when our check labels the cert valid.
Detail: All certificate details come from getPeerCertificate(true) on the established socket. We do not enumerate cipher suites, test downgrade attacks, or scan for protocol-level weaknesses; this is read-only certificate inspection.
Cadence: Every 5 minutes, in parallel across 4 monitoring regions (US East Virginia, US West Oregon, Europe London, Asia Singapore).
Rate-limited targets: If a host returns 429 or consistently drops connections from our IPs, we cap retries at 3 and report the last observed status — we do not flood the target to confirm the outage.
Data source: Direct probes from our monitoring infrastructure. We do not aggregate crowd reports, Twitter mentions, or DownDetector signals — every result on this page is a live network request.