Certificate generation failed on Asustor NAS, but kind of didn't?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: codynetnas.myasustor.com

I ran this command: I just clicked the generate button through the asustor web interface.

It produced this output: Cannot apply these setting. Ref. 5401

My web server is (include version): ADM version 4.1.0.RKM1

Last update: 9/19/2022

The operating system my web server runs on is (include version): I believe this is Linux under the hood.

My hosting provider, if applicable, is: Metronet Fiber optic. I have my own IP, and that resolved the double NAT issue.

I can login to a root shell on my machine (yes or no, or I don't know): Yes, if I checked the knowledge base for how to do so...

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Asustor web interface.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I am using the ACME client for Asustor, version 2.2.0.r14

When I try to generate a certificate through Asustor's interface, I always get the error above, and it does not complete. However, just the other day I got an email from Let's Encrypt Expiry Bot that my certificate was expiring and needed renewed soon. This raised a few questions for me:
1 - If the process worked, why is this certificate not listed under my certificate manager in the Asustor interface.
2 - If it did indeed work, how do i get this mystery certificate onto my NAS.
3 - There is an option for the NAS software to auto renew the certificate, so why is that part not working?

Thank you all very much for your help in this. Networking is one area I lack knowledge in, so a lot of this is all Greek to me. Which is why I bought a premade NAS instead of building my own home box.

1 Like

Hello @codemancode, welcome to the Let's Encrypt community. :slightly_smiling_face:

You might check here for some help:

1 Like

Excellent, thank you! I was able to follow that link that led to another link you posted in that one, to another link that really helped haha.

Once I went to incognito mode and logged in, I was immediately able to see the new certificate in my certificate manager. The SSL checker site now lists my LE certificate with all green check marks and shows everything is good, and i no longer get a warning in browser that shows it might be potentially unsafe ahead.

Let's debug still has an issue with port 80 not being opened, but I assume that is not an issue, or hopefully will not be when it comes time to renew?

3 Likes

If you are using an HTTP Challenge then port 80 must be open. A DNS Challenge does not require that. I don't know Asustor NAS systems so don't know which you use.

And, port 80 is often kept open to redirect people from http to https. But, if this is just for your use that may not be important.

8 Likes

Ah I see thank you. There was recently some issues with ransomware on Asustor NAS's, and it was recommended to keep port 80 closed.

I will keep it closed for now, since it didn't seem to cause an issue getting the certificate so shouldn't cause an issue with renewing. I also believe I can change the default port 80 to a different port within the software so if i have issues I will try that first.

Thank you all for your help! Customer support has been useless on this issue for a year, and in less than an hour now it seems to be all cleared up...

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.