Propagation seems to be rather painfully slow for this domain's NS switch. There are some responses from servers around the world (9 of 20), but most are still timing out. I checked A, AAAA, CNAME, MX, NS, SOA & TXT.
Running his domain name through @JuergenAuer's domain checker which returned a few interesting items. (After the first few pages of info I had to PageDown almost to the end for the rest of the report. He's added a lot of info between - mostly link checking, images (links/sources) and more (which is good to fine tune your site).
As long as the .com nameservers are still providing a DS record for nodokter.com, but the nodokter.com zone does not have a corresponding DNSKEY, all DNS lookups will result in a SERVFAIL due to bogus DNSSEC delegation from the .com zone to the nodokter.com zone.
Please see the check at nodokter.com | DNSViz already posted 14 hours ago by @griffin. It clearly shows DNSSEC errors all over the place, mostly due to the DS record in the .com zone.
You can read more about DNSSEC and the role of the DS record on many sites and pages, for example here:
I don't understand this. What is the actual problem with the DNSSEC and the DS record. It hasn't been changed since moving the name servers and was working fine previously. I also have DNSSEC on in GCP DNS
The DNSKEY ID 2371 (alg 13) was probably available at your previous DNS provider, but isn't available any longer at the current provider. The DS record at the .com zone needs to be updated to represent the DNSKEY present at the moment in the nodokter.com zone, i.e. id 53696 with algorithm 8.
It appears the DNS change is propagating. Now I can reach your site, but you have 2 problems:
You have TLS-v1 enabled Protocols | You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.
Once you correct these, you should be fine.
Note: There are 3 servers that must still be cached: one in India, Brazil & Argentina. The rest of the world says 'hello!"
By checking with https://www.whynopadlock.com. Such 'soft failures' will be at the bottom of the report. Just enter your domain name with https:// before it, complete the Captcha and click to test. Give it about a minute or less and you'll have your results.
