Cannot Recover Certificate (lost when trying to get it to work properly)

AlanGaughran · May 29, 2019, 4:39pm

This relates to my Synology Disk Station DS214Play runing DSM 6.2.1-23824 Update 6

I am trying to use Photo Station and Audio Station

I access this via Windows 10 PC and android
…

Hello all. I’m not feeling very proud here as I seem to ave cocked up my DSM pretty effectively and need some guidance.

I use the DSM as home file server without difficulty.

I have always found Photo Station and Audio Station unreliable to access via Android because of the invalid certificates - initially using Synology self-signed certs. My family were getting browser alerts about security. Each person had to install ‘exceptions’ in each browser - this is getting harder and harder to do.

I used the built-in ‘Let’s Encrypt’ ‘wizard’ on the DSM. Same problem. Now the certificate.

I lost all access to these features after removing software that I had thought unrelated and had to re-install DSM. In this process I lost my ‘Let’s Encrypt’ certificate.

So, I have three problems to solve:

a) Can I recover my certificate or should I request a second one? If I request a second one, will I fall foul of the limitations of free certificates (i.e. should I revoke the validity of the lost certificate - and how?).

b) Whether I recover or replace my certificate, how do I get it to be automatically recognised as valid by browsers. Is ‘Let’s Encrypt’ able to achieve this?

c) The above domain name is a Synology DDNS domain. Is this a valid domain name for a certificate?

Thanks for your patience. Any help gratefully received,

Alan

JuergenAuer · May 29, 2019, 4:49pm

Hi @AlanGaughran

there are a lot of older certificates ( https://check-your-website.server-daten.de/?q=ahg.dscloud.me#ct-logs ):

CertSpotter-Id	Issuer	not before	not after	Domain names
879262945	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-04-24 18:04:26	2019-07-23 18:04:26	ahg.dscloud.me - 1 entries
791369350	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-03-03 11:39:38	2019-06-01 11:39:38	ahg.dscloud.me - 1 entries
791185697	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-03-03 08:15:23	2019-06-01 08:15:23	ahg.dscloud.me - 1 entries
791193949	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	2019-03-03 08:14:55	2019-06-01 08:14:55	ahg.dscloud.me - 1 entries

But that looks ok.

One thing is curious. I've expected a self signed Synology certificate. Instead there is a self signed

	CN=Vigor Router, OU=DrayTek Support, O=DrayTek Corp., 
L=HuKou, S=HsinChu, C=TW
	05.12.2016
	05.12.2046
expires in 10052 days

router certificate.

So:

Create one new Letsencrypt certificate.

The domain looks ok. Is this

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
ahg.dscloud.me	A	86.26.210.119	yes	1	0
	AAAA		yes
www.ahg.dscloud.me	A	86.26.210.119	yes	1	0
	AAAA		yes

your ip address? If yes, that should work.

The bigger problem: If the router comes with it's own certificate, the router is the problem, not the DSM.

Perhaps there is an option that the router doesn't use it's own certificate, instead a direct port forwarding

port 443 extern -> port 443 intern.

system · June 28, 2019, 4:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.