Cant create certificate from Synology DSM


I have replaced my old Synology NAS with a new one and I cant get a certificate on the new one:
I have opened port 80 and 443 from Internet to the NAS (I can telnet to the public ip/hostname on the ports and it responds). I can also open the Synology hostname on browser and it opens DSM webserver.
Can you please help me?

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): DSM 6.2.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

None of this is relevant. When you enter your domain name in a browser, it should display the 'DSM webserver'. At the moment it displays a page about a parked domain. The Domain name system (DNS) is not configured to direct access to your NAS. This is a prerequirement to use Let's encrypt (or any certificate)

Perhaps OP meant that their domain is

If not, they will just need to update with an A record for

My domain name is, but my hostname for NAS device is and that hostname is DNS pointed to my NAS.
Do I need to point to my public IP to?
That was not needed last time I did this…

in this case your certificate should be for and that's what your domain is from this point of view. I checked and your last cert is from februar, that's the moment Let's encrypt changed the http certification method, maybe your NAS was not updated and/or a new certificate request should be created anew since the method has changed. So try to update your NAS so that it's up to date and try to recreate a new cert using the official way

Ah, ok, I used as domain name and as SAN.
Now it works, thanks!

If you set the 2 names on your certificates you can actually use the 'domain name' by creating a 'A' record in the DNS as explained by @_az

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.