Can't create certificate for 1 domain on Synology others do work on same NAS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=welzijnsmasseur.nl), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: welzijnsmasseur.nl

I ran this command: Get a certificate via GUI from Synology NAS

It produced this output: Failed to connecto to Let’s Encrypt. Please make sure the domain name is valid.

My web server is (include version): Synology Webstation

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: mijndomein.nl

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I don’t know

On the same synology NAS I am running 2 different websites with a certificate from Let’s Encrypt without any problem. Only difference those domains are hosted by a different hosting company.

Hi @baspeels

there is a check of your domain ( https://check-your-website.server-daten.de/?q=welzijnsmasseur.nl ):

There you see the problem.

You have ipv4- and ipv6 addresses:

But your http + /.well-known/acme-challenge has different answers:

http + ipv4 is redirected to https, http + ipv6 not. And ipv6 answers with a http status 200, not the expected status 404 - Not Found.

So

• remove your ipv6, then create a certificate, then fix your ipv6 (or)
• fix your ipv6

But Letsencrypt prefers ipv6, so that's critical.

Thanks for pointing me in the right direction, I removed ipv6 settings at domain registrar under dns settings. Recreated the certificate and that worked. I will test it for some days and renew it in a few days. Then I will try to fix the ipv6 settings, but tried to find my ipv6 address, but can’t find it. I used whatsmyip.com

whatsmyip shows you the ip address of your local computer.

So if you don't have a configured ipv6, that can't work.

And that service looks wrong.

Your Public IPv4: 162.158.114.98
IPv6: 2a01:238:301b::1229

The ivp6 is correct, the ipv4 is completely wrong.

I get the same thing.

The website’s using Cloudflare, and the IPv4 IPs are Cloudflare IPs. It appears they’re failing to use the X-Forwarded-For header or whatever and reporting Cloudflare’s proxy server IP as “your” IP.

Yep - 162.158.114.98 is Cloudflare Berlin.

But I’m not Cloudflare and I don’t use it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.