OK then we are in the right place.
Option #1:
move or delete the current messages log file
and redo the get cert option.
then show the messages file:
cat /var/log/messages
Option #2
tail the messages log file for the last XXX lines only
Like:
tail -n 99 /var/log/messages
[immediately after running the get cert option]
I am tailing, no worries. This seems to be âone tryâ without the dead domains:
2020-08-10T03:30:23-04:00 wolfden [ 612.135618] init: upnpd main process (21962) killed by KILL signal
2020-08-10T03:30:42-04:00 wolfden [ 630.618277] init: upnpd main process (23962) killed by KILL signal
2020-08-10T03:30:42-04:00 wolfden syno-letsencrypt: syno-letsencrypt.cpp:121 Failed to do new authorization, may retry with another type. [{"error":200,"file":"client_v2.cpp","msg":"Fetching http://wwolfden.cppexpert.net/.well-known/acme-challenge/tQpxoqETpv5DIwI1DzHzRcGoY9O-D0yMBiXOxMqFcMU: Timeout during connect (likely firewall problem)"}
]
2020-08-10T03:30:52-04:00 wolfden [ 641.372668] init: upnpd main process (24142) killed by KILL signal
2020-08-10T03:31:03-04:00 wolfden [ 652.265081] init: upnpd main process (24308) killed by KILL signal
2020-08-10T03:31:04-04:00 wolfden syno-letsencrypt: syno-letsencrypt.cpp:121 Failed to do new authorization, may retry with another type. [{"error":200,"file":"client_v2.cpp","msg":"do new auth by path: failed to do challenge."}
]
2020-08-10T03:31:04-04:00 wolfden synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[23811]: certificate.cpp:965 syno-letsencrypt failed. 102 [Failed to new certificate.]
2020-08-10T03:31:04-04:00 wolfden synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[23811]: certificate.cpp:1399 Failed to create Let's Encrypt certificate. [102][Failed to new certificate.]Maybe it did remove IPv6 from eth0 ⌠hmm ? ? ?
http://wwolfden.cppexpert.net/.well-known/acme-challenge/tQpxoqETpv5DIwI1DzHzRcGoY9O-D0yMBiXOxMqFcMU: Timeout during connect (likely firewall problem)
Ok, LE needs access to your NAS via port 80 to verify the token.
I get 404 for that file, so you are probably not blocking me.
But you are somehow blocking LE.
GeoLocation blocking enabled?
IP block list enabled?
curl -Iki http://wwolfden.cppexpert.net/.well-known/acme-challenge/tQpxoqETpv5DIwI1DzHzRcGoY9O-D0yMBiXOxMqFcMU
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 10 Aug 2020 07:35:44 GMT
Content-Type: text/html
Content-Length: 11939
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
ETag: "5eb9cbe6-2ea3"
Yeah. Trying to do that. In the meantime I have realized that while I was accessing the NAS from outside regularly, that was pre-COVID. And during the solitary confinement Verizon has killed the connection several times, which they then âmitigateâ with resetting anything they can touch. Long story short, my NAS reported port 80 forwarded/open on the router, but when I tested it, it wasnât⌠DUMB me.
EDIT: And I canât even explicit anymore. Once I unset, save, set, save again, now it works.
You need to limit your tests as there are limits
If you exceed a limit you will have to wait until the specified time-out period
OK if there are no other ways to block inbound HTTP connections, give it another try.
I did. I have the cert. Yay. Now I could sleep, but too excited. 
1 Like
Allâs well that ends well.
Glad to hear that.
gânite
Thank you! I now know a little more, so I now know more deeply how much I donât know. Well, I got the hum part down from humble. 
EDIT: I mean thank you for your help. If you need C++ help, lemme know.
1 Like
noted: âc++ expertâ
I do DNS/firewalls mainly.
And am the self-proclaimed:
âMaster Of The Totally Obviousâ
[That is my âM.O.T.T.O.â]
And if my âheartsâ were overlooked or misinterpretedâŚ
You are very welcomed.
Glad to have been of service.
1 Like
Yeah. In C++ there is no such thing anymore. Only for those of us obsessed enough. Unfortunately networking and admin stuff I have never done more than a drive-by-hacking manner, so I am probably lacking the basics.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.