Certficate renew failed probably because my dns record is not available on your servers


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jdvl.nl

I ran this command: its a synlogy nas it has buikt in support for lets encrypt

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: my own synlogy NAS at 92.111.0,.20
I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):DSM 6.2

I am havjng problems renewing my certficates on my synology DS1813+ since some time. My ports 80 and 443 are all open and I even put my NAS in the DMZ.
However I have found out that my dns records do not riple through to all dns servers. my domain jdvl.nl is for instance not available on the google open dns servers ( and Until some time ago i had no problems until my provider erroneously had deleted my account and later restored it but I had to recreate al my dns zone records. Since then I am having all kind of problems like not receiving your confirmation emails to jan@jdvl.nl when trying to register on the community site. Could you check whether my domain jdvl.nl is available in your dns pointing to
Many thanks in advance.
Jan de Vries Lentsch


Your DNSSEC is busted.

Your domain has a DS record at the .nl zone (so DNSSEC is enabled for it), but your nameservers are not signing your domain.

Either setup your nameservers to properly serve DNSSEC for your domain or turn DNSSEC off for the domain at the registrar.