Can't create certificate on NAS SYNOLOGY

I can access to the URL without problem but let’s encrypt keep returning me an error.

My domain is: vtt.enzomuhlinghaus.com

I ran this command: I tried to create a certificate for this domain that has Dynamic DNS linked to my NAS SYNOLOGY.

It produced this output: Failed to connect to Let’s Encrypt. Make sure the domain name is valid.

My web server is (include version): My NAS SYNOLOGY

My hosting provider, if applicable, is: Infomaniak

I can login to a root shell on my machine (yes or no, or I don’t know): no

Welcome. :slightly_smiling_face:

Sorry no one responded sooner.

I’m not familiar with your setup, but I’m going to try to help you how I can. I’ll start off by sharing some information.

Looking at https://crt.sh/?q=enzomuhlinghaus.com, I can see that you have 7 unexpired certificates for various subdomains of enzomuhlinghaus.com. Did these certificates not work?

Thanks for your answer.
Indeed I have a website and some subdomains that have SSL working as i have created them on my provider interface (infomaniak).
But now i have created a subdomain on my provider that redirect with Dynamic DNS to my Synology IP.
And this subdomain is not recognized n’y let’s encrypt…
This time i made the demand through my NAS interface, not on Infomaniak Interface.

If I’m understanding correctly, you have a subdomain that is redirected to an internal network attached storage. Have you tried installing and serving a copy of the newest certificate directly from there? Since the certificate is a wildcard (*.) it should match the subdomain and thus be legitimized. Basically what I think I’m saying is that you have a valid cert for your subdomain and just need to install it (and its private key) on the device serving the subdomain. No need to get a new certificate.

The cert I am referring to has serial number 03:8c:ed:75:cd:1d:a2:b1:c4:cb:2d:07:7e:7c:0b:37:94:81 and expires on 11/12.

Here’s a link: https://crt.sh/?id=3236405306

It looks like that subdomain is configured to serve via https, but it is currently serving the following:

Oh I think that I understand much better.
Where can I find the private key ?

The certificate and private key are usually located in separate folders under a common folder. Often the filenames of both begin with your domain name. The certificate filename frequently ends in “.crt” while the key filename frequently ends in “.key”. Sometimes other extensions are used for both (eg “.pem”). It depends upon your system and the software managing the ssl for your webserver. There is also often a folder containing a ca certificate file.

If you open the certificate file, it should be text that begins with “-----BEGIN CERTIFICATE-----”. Similarly, if you open the private key file, the text will likely begin with “-----BEGIN RSA PRIVATE KEY-----”.

I’m noticing that enzomuhlinghaus.com is down for maintenance. Is this related to your certificate? By the by, you can always get a certificate issued solely for vtt.enzomuhlinghaus.com if it simplifies things (much like the one for foundry.enzomuhlinghaus.com). Acquiring the certificate can be performed by the same system that is handling enzomuhlinghaus.com using the same type of DNS challenge used for obtaining a certificate for *.enzomuhlinghaus.com. I state this in case there’s a security/isolation concern regarding copying the wildcard *. certificate.

I’m also noticing that http is not redirecting to https for vtt.enzomuhlinghaus.com, which may cause you issues.

It seems that the certificate being served by enzomuhlinghaus.com is also the old certificate (serial number 04:9a:36:22:f0:ab:46:65:70:ec:7c:64:41:20:7a:db:2b:d5). That certificate is still valid, but doesn’t include the wildcard *. or vtt.enzomuhlinghaus.com. It looks the the correct certificate (serial number 03:8c:ed:75:cd:1d:a2:b1:c4:cb:2d:07:7e:7c:0b:37:94:81) was generated but never installed anywhere.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.