Action required: Let's Encrypt certificate renewals

rvga · January 23, 2019, 2:45pm

Hi dear helpers
I’ve received the email speaking about the “certificate renewals breaking”

I don’t understand much about these things but if you tell me exactly where to search, I’ll do my best to give you all the information you need.

First, my server is a NAS Synology DS718

My domain is: https://twiners.fr/
I ran this command: I didn’t run any command. What command? Where? Like a PUTTY command?
It produced this output: No command, no output

My web server is (include version): Webstation(?) version 2.1.6-0146
The operating system my web server runs on is (include version): DSM(?) version 6.2.1-23824 Update 4

My hosting provider, if applicable, is: OVH(?) France

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I can connect to my server using PUTTY and a root account. Is this the reply you expected?

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I guess no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I have no idea about that question!

I hope it helps for a start,
but again please tell me where to search so I can provide detailed answers.
Hope to hear from you soon.

JuergenAuer · January 23, 2019, 2:56pm

Hi @rvga

ignore the mail.

Synology has it's own integrated system. They had used tls-sni in some situations, now they remove it.

Only thing: You need an open port 80. But your port 80 ( https://check-your-website.server-daten.de/?q=twiners.fr )

Domainname	Http-Status	redirect	Sec.	G
• http://twiners.fr/
82.64.51.131	301	https://twiners.fr/	0.100	A

• http://www.twiners.fr/
82.64.51.131	302	http://www.twiners.fr/login?back_url=http%3A%2F%2Fwww.twiners.fr%2F	0.110	D

• http://www.twiners.fr/login?back_url=http%3A%2F%2Fwww.twiners.fr%2F	200		0.123	H

• https://www.twiners.fr/
82.64.51.131	302	http://www.twiners.fr/login?back_url=http%3A%2F%2Fwww.twiners.fr%2F	1.537	F

• https://twiners.fr/
82.64.51.131	200		2.006	A

• http://twiners.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.64.51.131	404		0.097	A
Not Found

• http://www.twiners.fr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.64.51.131	404		0.100	A
Not Found

is already open, the test has the correct result 404.

rvga · January 23, 2019, 3:19pm

Hi Juergen thx for your fast reply,

Ok, but in the meantime I've created 2 other certificates that uses LetsEncrypt as shown in the attached screenshot. So should I do something?

You've mentioned that I need an open port 80.
And then you wrote that my port 80 is already open.
I am confused.
Is it good or not?
Should I do something with this port 80?

JuergenAuer · January 23, 2019, 3:34pm

So there is no problem.

If you have now the idea to close the port, then renew may not work.

Renew via http 01 validation works if you have an open port 80.

rvga · January 23, 2019, 3:52pm

I understand that every thing is fine for me and my system.
Thx Juergen for your time and support, I appreciated.

system · February 22, 2019, 3:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.