Can't get updated cert

Sidewinder · September 18, 2018, 7:26am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: crystobal.net

I ran this command: Built in Synology Let’s Encrypt Certificate Creation Tool

It produced this output: Cannot connect to server

My web server is (include version): Synology DSM 6.2-23739 Update 2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Synology DS2413+ on premises on suitable web connection

I can login to a root shell on my machine (yes or no, or I don’t know): I can, but, I don’t know much about SSH

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Use Wordpress on Synology on domain, and have access to Synology file folders.

I originally had this working for some things, but just setting up a rudimentary website for some family things & I found that www.crystobal.net was being re-directed to crystobal.net and the “www” didn’t have a valid SSL certificate, I don’t really know much about creating them to be honest, it was luck that I got the first one working for the mail server (mail.crystobal.net) which has been going ok until just now.
This also worked for https on the other built in Synology applications.
I tried to edit the existing certificate in the Synology front end and failed, so created a self-signed cert and moved everything over to that.
In my moment of madness, I then deleted the Let’s Encrypt certificate, thinking I could re-create it and add www.crystobal.net into the new one.
That’s where it stopped!
I can’t create a new Let’s Encrypt certificate.
This is pushing my knowledge on these things to and past its limits!

Any ideas please?
Thanks in advance for any help.

jared.m · September 18, 2018, 4:12pm

I’m also unable to connect to your web server. For whatever reason, it’s not accessible via the public internet over port 80. Perhaps a firewall or port forwarding issue, or an ISP that doesn’t allow port 80 access? Is 213.123.189.13 the correct IP?

$ nc 213.123.189.13 80
Ncat: Connection timed out.

$ curl -v crystobal.net
* About to connect() to crystobal.net port 80 (#0)
*   Trying 213.123.189.13...
* Connection timed out
* Failed connect to crystobal.net:80; Connection timed out
* Closing connection 0
curl: (7) Failed connect to crystobal.net:80; Connection timed out

Sidewinder · September 18, 2018, 6:26pm

Hello jared.m,
Thank you for checking the domain and the reply.

Ironically as this unit is at home, I don’t have it on a UPS that will last for weeks or even days, the unit it is on, is only lasts a couple of hours, and today at home we have been having electrical work done, so unfortunately the power has been off for most of the day (UK time).
It has only just been turned back on 19:15 UK time, so it should be back on line soon!

I do have port 80 open normally and the website was, running fine, until, I decided to try it on iOS devices which would not accept the existing Let’s Encrypt certificate in Safari because it did not relate to www.crystobal.net, rather it related to mail.crystobal.net & .crystobal.net, as I didn’t know how to put in *.crystobal.net which I would have liked to do.

In fact to be honest, I don’t, really, understand how to do these SSL certificates so I am grateful for the Synology wizard.

The rest of the tale is in my original post I think.

system · October 18, 2018, 6:26pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.