Can't create certificate for my domain

BillG · January 10, 2021, 5:10pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
gayler.uk

I ran this command:
"Get a certificate from Let's Encrypt" via DSM Security tool on a Synology NAS.

It produced this output:
Failed to connect to Let's Encrypt. Please make sure domain name is valid

My web server is (include version):
Synology Web Station (Synology DSM 6.3.2)

The operating system my web server runs on is (include version):
Synology DSM 6.3.2

My hosting provider, if applicable, is:
NAMESCO

I can login to a root shell on my machine (yes or no, or I don't know):
I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
N/A

JuergenAuer · January 10, 2021, 5:28pm

Hi @BillG

your configuration can't work, see the check - https://check-your-website.server-daten.de/?q=gayler.uk

Domainname	Http-Status	redirect	Sec.	G
• http://gayler.uk/ 5.71.31.45	-14		10.017	T
Timeout - The operation has timed out

• http://www.gayler.uk/ 5.71.31.45	-14		10.030	T
Timeout - The operation has timed out

• https://gayler.uk/ 5.71.31.45 No GZip used - 895 / 1474 - 60,72 % possible Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 1/610	200	Html is minified: 174,44 %	2.770	N
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 114)
Web Station has been enabled. To finish setting up your website, please see the "Web Service" section of DSM Help.

• https://www.gayler.uk/ 5.71.31.45 No GZip used - 895 / 1474 - 60,72 % possible Inline-JavaScript (∑/total): 2/0 Inline-CSS (∑/total): 1/610	200	Html is minified: 174,44 %	2.540	N
Certificate error: RemoteCertificateNameMismatch

https answers.

But http has a timeout.

If you want to use http validation, an open and working port 80 / http is required.

Open your firewall or / and configure your router, so the DSM answers port 80.

rg305 · January 10, 2021, 6:10pm

That seems to indicate that the NAS can not reach LE.
Make sure it has outbound access for DNS and HTTP(S) as well.

BillG · January 31, 2021, 10:29pm

Wow Juergen that was unbelievably fast support and exactly the right solution. Wasn't aware from the Synology docs I had to have port 80 open.

11/10 for customer service. Thanks!

system · March 2, 2021, 10:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.