Add new cert synology

Hi there
I’m just trying to create a new cert from my nas.
I tried yesterday many time and I received always an error “Failed to connect to Let’s Encrypt”, but now maybe I have fixed but now I receive the message “too many failed authorizations recently”. but I didn’t create no cert yet…I have to waiting for the time delay or is there any other issue?

Domain: tdnas.troppodel.com

Logs:
2020-05-24T10:34:08+02:00 TROPPODELNAS synomustache: synomustache.cpp:88 Failed to load /var/packages/Spreadsheet/target/etc/Spreadsheet.mustache [No such file or directory]
2020-05-24T10:38:15+02:00 TROPPODELNAS syno-letsencrypt: syno-letsencrypt.cpp:121 Failed to do new authorization, may retry with another type. [{“error”:200,“file”:“client_v2.cpp”,“msg”:“Invalid response from http://tdnas.troppodel.com/.well-known/acme-challenge/1_M6sVAWHJdm79jzfrVcONH-rsZxZlVYOJY7RbHXr0M [93.38.56.172]: 470”}
]
2020-05-24T10:38:16+02:00 TROPPODELNAS syno-letsencrypt: syno-letsencrypt.cpp:121 Failed to do new authorization, may retry with another type. [{“error”:200,“file”:“client_v2.cpp”,“msg”:“do new auth by path: failed to do challenge.”}
]
2020-05-24T10:38:16+02:00 TROPPODELNAS synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[13963]: certificate.cpp:965 syno-letsencrypt failed. 102 [Failed to new certificate.]
2020-05-24T10:38:16+02:00 TROPPODELNAS synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[13963]: certificate.cpp:1399 Failed to create Let’s Encrypt certificate. [102][Failed to new certificate.]
2020-05-24T10:44:35+02:00 TROPPODELNAS synocrtregister: synocrtregister.cpp:163 Register certificate for system/FQDN
2020-05-24T10:44:39+02:00 TROPPODELNAS synomustache: synomustache.cpp:88 Failed to load /var/packages/Spreadsheet/target/etc/Spreadsheet.mustache [No such file or directory]
2020-05-24T10:45:44+02:00 TROPPODELNAS syno-letsencrypt: syno-letsencrypt.cpp:121 Failed to do new authorization, may retry with another type. [{“error”:200,“file”:“client_v2.cpp”,“msg”:“Invalid response from http://tdnas.troppodel.com/.well-known/acme-challenge/I_Q4Dl8SAitZSWZbcevAMuFEFGx_Uvse8pkYR42ufAM [93.38.56.172]: 470”}
]
2020-05-24T10:45:44+02:00 TROPPODELNAS synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[19148]: certificate.cpp:965 syno-letsencrypt failed. 104 [Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/]
2020-05-24T10:45:44+02:00 TROPPODELNAS synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[19148]: certificate.cpp:1399 Failed to create Let’s Encrypt certificate. [104][Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/]

Regards

1 Like

Hi @troppodel

the limit is an one-hour - limit, so that's not really a problem.

But your config:

Rechecked via https://check-your-website.server-daten.de/?q=tdnas.troppodel.com

Domainname Http-Status redirect Sec. G
http://tdnas.troppodel.com/ 93.38.56.172 470 0.073 M
Connection Authorization Required
https://tdnas.troppodel.com/ 93.38.56.172 GZip used - 729 / 1474 - 50,54 % Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 1/610 200 Html is minified: 174,44 % 2.553 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small visible content (num chars: 114)
Web Station has been enabled. To finish setting up your website, please see the "Web Service" section of DSM Help.
http://tdnas.troppodel.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
93.38.56.172 470 0.077 M
Connection Authorization Required

Why is there a http status 470? Normally, 404, 401, 403 is expected.

Checked the table from "check-your-website" with these detail checks: No other result with http status 470.

Is there an additional firewall / router or something else? The content is expected, there is a "Web Station has been enabled." info.

1 Like

Hi
yes web station enabled from NAS I have to disabled it now, but same 470 status, can you confirm it?
yes firewall from nas enabled I have to disable it before create cert?

Regards

1 Like

A working port 80 is required.

There are new checks of your domain - https://check-your-website.server-daten.de/?q=tdnas.troppodel.com - now with a redirect to port 5001.

Domainname Http-Status redirect Sec. G
http://tdnas.troppodel.com/ 93.38.56.172 470 0.073 M
Connection Authorization Required
https://tdnas.troppodel.com/ 93.38.56.172 302 https://tdnas.troppodel.com:5001/ Html is minified: 111,29 % 2.536 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://tdnas.troppodel.com:5001/ GZip used - 2411 / 9345 - 74,20 % Inline-JavaScript (∑/total): 12/0 Inline-CSS (∑/total): 2/2408 200 Html is minified: 137,45 % 2.940 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small visible content (num chars: 0)
http://tdnas.troppodel.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 93.38.56.172 470 0.077 M
Connection Authorization Required

Port 80 is blocked, you have to change that. And 470 isn't an official http status, why is there such a completely wrong configuration?

Read

1 Like

the redirect option is disabled

image

router ip forwarding

image

If I can’t open the Port 80 from my Nas can I use acme protocol?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.