Can't create certificate for 1 domain on Synology others do work on same NAS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: Get a certificate via GUI from Synology NAS

It produced this output: Failed to connecto to Let’s Encrypt. Please make sure the domain name is valid.

My web server is (include version): Synology Webstation

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I don’t know

On the same synology NAS I am running 2 different websites with a certificate from Let’s Encrypt without any problem. Only difference those domains are hosted by a different hosting company.

Hi @baspeels

there is a check of your domain ( ):

There you see the problem.

You have ipv4- and ipv6 addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A
Rhenen/Provincie Utrecht/NL yes 1 0
AAAA 2a00:4e40:1:1::2:20b
Lelystad/Flevoland/NL yes A
Rhenen/Provincie Utrecht/NL yes 1 0
AAAA 2a00:4e40:1:1::2:20b
Lelystad/Flevoland/NL yes

But your http + /.well-known/acme-challenge has different answers:

Domainname Http-Status redirect Sec. G 301 0.047 A
2a00:4e40:1:1::2:20b 200 0.047 H 200 0.063 H
2a00:4e40:1:1::2:20b 200 0.030 H 200 0.843 N
Certificate error: RemoteCertificateNameMismatch
2a00:4e40:1:1::2:20b -14 10.014 T
Timeout - The operation has timed out 200 0.563 N
Certificate error: RemoteCertificateNameMismatch
2a00:4e40:1:1::2:20b -14 10.016 T
Timeout - The operation has timed out 301 0.047 A
Visible Content: 301 Moved Permanently nginx
2a00:4e40:1:1::2:20b 200 0.030
Visible Content: 404 0.127 A
Not Found
Visible Content: © 2019 Synology Inc.
2a00:4e40:1:1::2:20b 200 0.046
Visible Content: -14 10.017 T
Timeout - The operation has timed out
Visible Content:

http + ipv4 is redirected to https, http + ipv6 not. And ipv6 answers with a http status 200, not the expected status 404 - Not Found.


  • remove your ipv6, then create a certificate, then fix your ipv6 (or)
  • fix your ipv6

But Letsencrypt prefers ipv6, so that's critical.

Thanks for pointing me in the right direction, I removed ipv6 settings at domain registrar under dns settings. Recreated the certificate and that worked. I will test it for some days and renew it in a few days. Then I will try to fix the ipv6 settings, but tried to find my ipv6 address, but can’t find it. I used

1 Like

whatsmyip shows you the ip address of your local computer.

So if you don't have a configured ipv6, that can't work.

And that service looks wrong.

Your Public IPv4:
IPv6: 2a01:238:301b::1229

The ivp6 is correct, the ipv4 is completely wrong.

I get the same thing.

The website’s using Cloudflare, and the IPv4 IPs are Cloudflare IPs. It appears they’re failing to use the X-Forwarded-For header or whatever and reporting Cloudflare’s proxy server IP as “your” IP.

Yep - is Cloudflare Berlin. :wink:

But I’m not Cloudflare and I don’t use it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.