Accessing NAS WebUI

I recently added a Let's Encrypt certificate for my NAS to use SSL.
Logging in via the NAS's IP address all the applications that uses a WebUI works

However, once I begin to use the below domain name for SSL, I'm getting the below error for any application that uses a WebUI like Plex, Portainer etc

I tried making Chrome accept the certificate by using the link below, but it did not work.
https://www.attachmate.com/documentation/gateway-1-1/gateway-admin-guide/data/fxg_add_untrusted_cert.htm

Capture1

My domain is: (remove #)
pham#ine.myasustor.com

Your connection is not private

Attackers might be trying to steal your information from [redacted] (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_COMMON_NAME_INVALID

To get Chrome’s highest level of security, turn on enhanced protection

Reload Hide advanced

[redacted] normally uses encryption to protect your information. When Google Chrome tried to connect to [redacted] this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be [redacted], or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit [redacted] right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

2 Likes

Hi @phamine,

It looks right to me on port 443. Are there different services on port 443 and some other higher port number that you redacted here?

3 Likes

Synology NAS user here.

What I used on my NAS is I ask Synology to "reverse proxy" everything that needed a certificate or have a webUI. If you didn't have that setup in your NAS, then you probably need to provide certificate to each instance of webUI application and keep it updated. I'm guessing the certificate served (in that error) is one that self-signed or provided by the application, not intended for production use.

It's just like running a Nginx or whatever web server on port 80 and 443, proxy everything on that server. It's much easier to manage certificate and diagnose issues with the proxy than digging into each application.

2 Likes

Welcome to the Let's Encrypt Community, Jake :slightly_smiling_face:

While the following was written based on Synology NAS, you may still find many of its principles and tools useful:

2 Likes

I believe the certificate is self signed SSL/TLS?
https://www.asustor.com/online/College_topic?topic=324

#1
I should be using something like this to add reverse proxy for my Dockers?(Radarr, Sonarr)

#2
And use Asustors reverse proxy manager for any application that uses WebUI (Plex, Portainer) through Asustors OS?
https://www.asustor.com/en/online/College_topic?topic=325

Would this be the right track?

1 Like

I'm using Nginx Proxy Manager and I'm receiving this error when I try to request a certificate.

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-7" --agree-tos --email "[redacted]@gmail.com" --preferred-challenges "dns,http" --domains "pham#ine.myasustor.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for pha#mine.myasustor.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain pha#mine.myasustor.com
http-01 challenge for pha#mine.myasustor.com
Cleaning up challenges
Some challenges have failed.

at ChildProcess.exithandler (node:child_process:326:12)
at ChildProcess.emit (node:events:369:20)
at maybeClose (node:internal/child_process:1067:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Bump. Anyone know what the error means?

Hi @phamine

please read your output:

If webroot fails, you use the wrong webroot.

Find your correct webroot.

PS: You have created a certificate 2021-05-05.

Why do you want to create a new certificate?

Please use that 60 - 85 days, then create the next.

And if it had worked 2021-05-05: Undo your changes.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.