Can't renew certificate

Sawpel · December 5, 2018, 9:47pm

My domain is: no domain, just server IP: 86.63.73.169

I ran this command: I do not run any commands. I have qnap server, i simply click on “renew certificate”

It produced this output: authentication failure, check dns or if port 80 works

My web server is (include version): QNAP 4.3.4.0752?

The operating system my web server runs on is (include version): QNAP 4.3.4.0752?

My hosting provider, if applicable, is: none, its a physical server in the company.

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I am administrator and can log in, I am the only one that takes care of the server, I once got Lets Encrypt certificate, can’t remember how, now it won’t renew on itself.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I am logging into server directly through IP and use QNAP control panel.

I always used to set in the company PPPoE connection for users, but i red it is tottaly unsecure and I somehow got the certificate and set all PCs to work, but certificate got outdated and I think I should get a new one but I can’t

schoen · December 5, 2018, 9:49pm

Hi @Sawpel,

Let's Encrypt certificates have never been available for bare IP addresses, only for domain names. If you were previously using a Let's Encrypt certificate, it must have been requested and issued for some domain name.

Sawpel · December 5, 2018, 9:57pm

Ok, I just realized my mistake.

I can log through IP to administrator panel, but users log in through some kind of client installed on pc that sets connection. It works by using 3 files generated on QNAP. One of them “SSLcertificate” comes with a domain probably: “ekotop.myqnapcloud.com”

schoen · December 5, 2018, 10:01pm

If so, it has been a long time since your certificate was valid:

https://crt.sh/?Identity=ekotop.myqnapcloud.com&iCAID=16418

The most recent certificate for that site expired back in March.

If you’re aware of that but this is the certificate that you’re trying to renew now, the first problem to look into is that ekotop.myqnapcloud.com is no longer a publicly-visible DNS name (the DNS servers time out when asked about it). If you’re on a private LAN or WAN and have custom DNS or hosts files, people on your own network might not be aware of this, but in order to get a publicly-trusted certificate, the names (or at least some associated DNS TXT records) have to be publicly-visible in DNS. But yours isn’t at the moment.

Sawpel · December 5, 2018, 10:06pm

Shame on me I know this, i just did not have time to take care of it.

How do I change my DNS so it will be publicity-visible? Is it something i should do on my server?

schoen · December 5, 2018, 10:12pm

It looks like the entire myqnapcloud.com is down in its entirety. Do you know who's responsible for running that?

Sawpel · December 5, 2018, 10:21pm

Ha, that was it, it renewed Thank you SO MUCH!

Me, I am responsible, i do not remember why I turned it off and why

system · January 4, 2019, 10:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.