Can't setup a certificate with my Synology

Good evening,

I am trying to replace the almost expired certificate of my synology with a Let's encrypt copy. Unfortunately I am not successful. I am getting various messages in the procedure, which I have been working on since the weekend.

Tonight I keep getting the message check your IP address, firewall and reverse proxy.
Firewall is disabled
Port 80 is open.
Port 443 is open.
SSL check says there are no problems.

Earlier tonight I received a one-time message that the maximum number of requests had been reached.

Who can help me?

Hello @Rubensky, welcome to the Let's Encrypt community.

Two online tools that to assist are Let's Debug and https://unboundtest.com/

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

Please consider using the Staging Environment - Let's Encrypt until you've debugged the error; as the limits are much higher.

Also see:

• Rate Limits - Let's Encrypt
• Registrations Per IP Limit - Let's Encrypt
• Duplicate Certificate Limit - Let's Encrypt

Sorry, i remove that.

Let's Debug give All ok when i test my domain

That is not what I see here Open Port Check Tool - Test Port Forwarding on Your Router

image1090×799 50.6 KB

Hi @Rubensky,

This is what I see for that domain name, it looks like a web parking sight to me.
Is this what you expect to see?

image1402×960 160 KB

Thanks for your replay,

In my router (Fritzbox 7590) port 443 is open.

Schermafbeelding 2024-09-16 2343011257×451 16.3 KB

Yes this is what i expect to see. i don't use my domain only my domain name

Are you sure you used your Synology to get your last Let's Encrypt certificate?

Because the most recent is a wildcard cert. This requires a DNS Challenge. But, I don't believe Synology supports this except for subdomains of a Synology name (like example.synology.me).

image2304×255 48.5 KB

I have removed en rebuild te portforwarding for port 443. Now it's open.

I have a paid certificate. I want to replace it with a let's encrypt. Of course the used certificate has been removed.

Not from my test server in the USA. Did you know you have both IPv4 and IPv6 addresses in your DNS?

Both of them connect to an Apache server for HTTP (port 80) but neither works for HTTPS (port 443).

Only port 80 is needed for an HTTP Challenge.

Are you sure the public DNS is pointing to your Synology machine?

rubensky.com.           111     IN      A       213.249.67.10
rubensky.com.           108     IN      AAAA    2a01:448:2001::10

Are you running Apache on your Synology?

These are IPv4 and IPv6 tests (which get a "not found" for its home page)

curl -I4 -m8 http://rubensky.com
HTTP/1.1 404 Not Found
Server: Apache/2.4.56 (Debian)

curl -I6 -m8 http://rubensky.com
HTTP/1.1 404 Not Found
Server: Apache/2.4.56 (Debian)

Goodmorning,

I forward port 80 en 443 in my router as seen in the screenshot.

Apache is installed on my Synology.

Yes, the DNS is pointing to my nas.

I do not know Synology well enough to help more. Maybe visit a Synology forum as these problems are always some kind of configuration issue.

Or, maybe a different volunteer here will see something. You could wait.

If you are running Debian and Apache then why not try using a different ACME Client. These are the programs that request the cert from Let's Encrypt. I did not think Debian was a common system installed on Synology so maybe their panel does not work well with it. I just guess. Maybe try acme.sh or lego: ACME Client Implementations - Let's Encrypt

As for port 443, I still cannot connect to it. But, as noted, only HTTP is needed when using an HTTP Challenge. It just points to something acting different than you expect.

curl -I4 -m8 http://rubensky.com
HTTP/1.1 404 Not Found
Server: Apache/2.4.56 (Debian)

curl -I4 -m8 https://rubensky.com
curl: (28) Failed to connect to rubensky.com port 443 after 4001 ms: 
Connection timed out

I've buy a new certificate. I try everything to make it work with Let's Encrypt, but nothing solved the problem.

Buying a certificate won't solve fundamental connectivity problems.

I don't have connectivity problems. i can't use a free opensource certificate.

A what now? "open source" certificate? While Let's Encrypt indeed has their software open sourced, their certificates, while free of charge, are just as good as any other (payed) CA.

If you're still having some kind of trouble, please reiterate what exactly the problem is. Maybe we can help, but maybe not if your problem is not related to Let's Encrypt/ACME.

For problems with your recently acquired Sectigo certificate, please refer to the Sectigo support channel(s).

Maybe you don't...
But it seems that at least part of the Internet does have a connectivity problem to your site.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.