Certificat créé mais site toujours non sécurisé

Bonjour

(Je peux lire des réponses en Anglais :slight_smile:)

Je suis sur un NAS synology DS218play, le DSM est a jour (6.X)

Mon nom de domaine est :pdapelo.synology.me
En pointant sur mon site via Virtual host ou autre), j’ai un “non sécurisé” dans le navigateur (chrome)
(Je l’ai désactivé en attendant de résoudre le probleme, l’erreur 403 est donc normale)

Pour creer le certificat : j’ai créé le domaine sur le NAS,puis synology m’a proposé de creer le certificat avec letsencrypt. Ce que j’ai fait. Et c’est tout. Le port 80 est bien ouvert (sinon, mon site ne serait pas accessible

J’ai également besoin de certifier les services de mon NAS pour Plex…

Voila,voila…

Synology instructions are straight forward and simple to follow:
https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_certificate

Let us know if you have trouble with anything relating to LE.

thanks.

I did all this

To get certificates from Let’s Encrypt:

You can get free and secure SSL/TLS certificates automatically from Let’s Encrypt, an open and well-trusted certificate authority.

  1. Click Add .
  2. Select Add a new certificate and click Next .
  3. Select Get a certificate from Let’s Encrypt .
  4. Specify the following information:
  • Domain name : Enter the domain you have registered from the domain provider.
  • Email : Enter the email address used for certificate registration.
  • Subject Alternative Name : To allow one certificate to cover multiple domains, enter the other domain names here.
  1. Click Apply to save the settings. Once confirmed, the certificate will be instantly imported into your Synology NAS.

And here is the result
http://pdapelo.synology.me/

I must say that i did no received any confimation by Email from letsencrypt. Should i ?

No, emails are not send for that.

HTTP shows 403 error.
HTTPS never connects.

Have you opened the firewall (and port forwarding, if needed) to allow HTTPS connections?

Hi @Maitresinh

I don’t use Synology. But that sounds that you didn’t install the certificate. That may be the required second step.

I did that to install the given certificate (key, cert)
the server has rebooted

then i’ve opened the port 403 and 443 (UDP/TCP) on my router

Still the same

Is the router forwarding the connections (port forwarding)?
Can you verify (locally) that 443 is operational on the Synology device?

Works your https internal?

From that machine:

curl https://pdapelo.synology.me/

yes, i’ve checked, 443 & 403 UDP/TCP are open.
Still the same

I see you saying “open” ports.
But allowing a port is only part of the process.
Once the port is allowed the connection must be forwarded to a specific internal IP.
If you just said to your router “open port 1234”, where would those connections go?
So…

  1. Are you forwarding 443 to the internal IP of the Synology device?
  2. Can you connect directly to the internal IP of the Synology device on port 443?

1/ Yes, i’ve forwarded the port 443 from the internet to my local ip (nas)
2/ i’ve checked the port from the nas. It’s open

It looks like you were able to get a cert:

Is everything working now?

It seems to be missing the intermediate cert:
image

1 Like

Thanks for the reply. No, it still don’t work.
but maybe the lack of the intermédiate certificat could be the cause. I did add it because i though it wasn’t necessary (and i did not know how to name it “.xxx” assuming it’s the third file in the rar package.

I’ve re-done the import of the certificate, including the intermediate one (chain.perm renammed in chain.cert). still the same.

Do you see a “fullchain” file?
If so, try using that one.