Cannot renew certificate on Synology

Hi All,

I am using a DS414. On my Synology I always use to have the Let’s Encrypt certificates. Now, for some particular reason the Let’s encrypt certificate renewal process is not working anymore. it stopped a few months ago. .

I have tried so many things to get it running again; but still without any luck. My port 80 and 443 are open on the router. I have disabled the Synology Firewall; played around with the TLS settings on the security/advanced tab.
The strange thing is, if I create a Let’s Encrypt certificate on .synology.me it works; when I do the same with my own Domain name it doesn’t work (also when I use the Alternative name). But both names points to the same IP adress. It almost looks like something with the domain namespace itself is not working OK

The messages log shows me this (changed the domain name in the log):

DiskStation kernel: [4922553.662408] init: upnpd main process (5036) killed by KILL signal
DiskStation syno-letsencrypt: syno-letsencrypt.cpp:116 Failed to do new authorization, may retry with another type. [{“error”:202,“file”:“client_v2.cpp”,“msg”:“Failed to setup challegne for .nl of http-01”}
]
DiskStation kernel: [4922573.602793] init: upnpd main process (5325) killed by KILL signal
DiskStation syno-letsencrypt: syno-letsencrypt.cpp:116 Failed to do new authorization, may retry with another type. [{“error”:200,“file”:“client_v2.cpp”,“msg”:“do new auth by path: failed to do challenge.”}
]
DiskStation synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[4892]: certificate.cpp:973 syno-letsencrypt failed. 102 [Failed to new certificate.]
DiskStation synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[4892]: certificate.cpp:1392 Failed to create Let’sEncrypt certificate. [102][Failed to new certificate.]

Anyone got an idea where to look or how to fix this? Tried so many things that where suggested on sites but don’t know where to look next or how to fix this error… :slight_smile:

Thanks!

1 Like

Hi @rnollen

your domain names are required.

1 Like

My domain name is rnollen.synology.me and www.rnollen.nl; I want to create a certificate on the second one…:slight_smile:

1 Like

Looks like you need to “register” your domain, so Synology knows you use that domain. You don’t want to create a certificate with ‘nl’, looks like a general error of your configuration.

I’m not firm with Synology, perhaps ask in a Synology forum.

There is a blog, not the typical Synology login.

Checking your domain - https://check-your-website.server-daten.de/?q=rnollen.nl - the rnollen.nl doesn’t have an ip address. May be a problem, may be not.

1 Like

Unfortunately on the Synology forum they don’t know the answer; and I was redirected here.
I think the reason you don’t see an ip adress then. In the pas I always used a cname pointing to my A host record. Changed that because of these issue’s (also I don’t think I ever had a different IP yet)…

To register the domain on my synology; the problem is that I don’t know exactly what to do on the Synology for this? I don’t see anything written about this. :frowning:

1 Like

I don’t know if Synology supports that what you want.

Independend domain name -> same ip address -> Synology is able (or not able) to create a certificate.

1 Like

No; basically I want to use my own domain name only… the problem is that the DDNS domain name seems to work, but not my own domain name. It is not supported to have different domain names in the alternate name of the Synology.

have you tried following these instructions? https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_certificate

you can have one or both domains, one goes in Common Name, and ALL go in Subject Alternative Name.


is 83.82.46.203 your current ip address?

it doesn’t, I see a selfsigned cert.

That certificate is currently attached to the site (for now) :slight_smile: IP adress is correct. I have tried to create a certificate only for my domain name, but the problem is that this one fails… Don’t know why; it works when I create one only with the rnollen.synology.me name…don’t know what the difference could be. But this is as a test, in the end I only want to have my domain name assigned to the certificate :frowning:

Anyone? Or must I create a ticket at Synology support? Thanks!