As Juergen mentioned before the Let's Encrypt requires port 80 (HTTP) or port 443 (HTTPS) to work. Meaning port 80 and 443 have to be open on your router for this to work. Some ISPs block these ports. If yours does, no amount of port forwarding will help you.
Does your ISP block ports 80 & 443?
Since the Synology uses 5000 and 5001 on your internal network, you will have to port forward, as you've already done. Since this isn't working,
Before we go further, you're going to need to test the external access by connecting to the Internet via a connection that is NOT on your home network. One way to do this is to connect to your mobile phone using the hotspot function. Be sure the wifi connection of the mobile phone is off.
To test the connection via your home network, you would use http://talentedvoice.net:5000 or https://talentedvoice.net:5001.
From the external connection (mobile phone hotspot, Starbucks wifi, etc.) you'd connect via http://talentedvoice.net/ (port 80) and https://talentedvoice.net/ (Port 443)
If your port forwarding setup is correct, you "should" get a successful result.
You could also try a few other things:
1 - if your router has a DMZ feature, you could assign the IP address of the Synology to the DMZ. If you do this, the Synology will be in the "public" zone outside of your router, as if the NAS was connected directly to the Internet.
- doing this means that the port forwarding rules you created won't apply.
- you will have to change the default DSM ports to 80 and 443 respectively.
To change DSM ports to 80 for HTTP and 443 for HTTPS by going to Control Panel > General and in the DSM Ports section, change 5000 and 5001 accordingly to 80 & 443.
2 - if you don't have a DMZ feature, I'd still change the DSM ports to 80 & 443, and then update your port forwarding rules to match.
- First, test the port changes by connecting to the DSM UI on your local network using HTTP, and HTTPS.
- If that works, connect via your phone's hotspot and see if you can connect successfully to your DSM from the Internet. To test this, I'd use both the ISP public IP address as well as the DNS name.
This would verify the "plumbing" to the DSM.
If the DNS name doesn't work when connecting from the Internet, you likely have an issue with the DNS entries with your registrar or your Dynamic DNS service provider.
Once the end to end connectivity is working, we can then focus on the LE certificate issues.
Hope this helps.
Owner of 3 Synology DS1817+ devices, using LE certs, with remote access working externally.