I know this may be a bit late for your issue, but hopefully it can help others.
I had the same issue you are describing with revoked Letsencrypt certificates on both of by Synology systems. I turned off OCSP queries in Firefox and was ignoring the issue, but was hoping to find an actual fix instead of a workaround. Renewing the certificate did not resolve the issue, but after reading this thread I went in search of the software update @JuergenAuer mentioned and found a 6.2.2 Patch 4 that has resolved the issue for me. It is not showing up in the Update & Restore on the NAS. I had to download the PAT file from Synology and apply it manually. It’s only been out for about for a little over a week. I’m assuming it will eventually appear in the NAS interface, but manually applying it and then renewing my certificate resolved my issue and prevented needing to delete and recreate the certificate.
For those who have not done an update manually before, here’s the steps to find the patch:
- Go to Synology website and choose Download Center from under the Support menu.
- Choose NAS on the left and search for your NAS model. Click on it when it comes up in the list.
- Make sure Operating System is selected at the top, then find DSM 6.2.2 and choose All Downloads on the right.
- On the page that comes up, choose criticalupdate -> update_pack -> 24922-4
- Find the file that ends in .pat and has the correct model number for your NAS. The .md5 file can be used to validate your download, but is optional.
- Once you have the .pat file downloaded you can use the Manual DSM Update process through the Update & Restore module in Control Panel. Just choose that option and select the .pat file you downloaded.
- This will require a NAS reboot during the update process.
After updating the NAS to Patch 4, the certificate revoked issue will still exist, but renewing the certificate again through the Security module fixed the issue for me on both systems.
One thing to note, when you renew the certificate the NAS will go through the process and the say “Restarting the web server.” This step hung for me for a long time, I’m assuming because the certificate changed. Reloading the page corrected the issue and now everything is working.
Hope this helps.