Changed LetsEncrypt cert to Synology cert by mistake

Hi!
I’m having issues with reinstating my Letsencrypt certificate.
I changed it to a Synology.com one by mistake. i want to switch is back to LetsEncrypt, but i can’t due to the request limit (domain name can only be found once so i dont know how that happened).

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
thehogwartsescape.com

I ran this command:
No command. DSM only

It produced this output: -

My web server is (include version): Apache HTTP 2.4

The operating system my web server runs on is (include version):
DSM 6.2.3-25426

My hosting provider, if applicable, is:
Self-hosting

I can login to a root shell on my machine (yes or no, or I don’t know):
no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): -

Hi @JaccoDW,

Can you share exactly what your Synology software is telling you about a rate limit? It looks like you’ve only ever issued one Let’s Encrypt certificate for your domain, so it doesn’t seem likely that you would have hit an issuance rate limit.

You might also have better luck at the Synology forum

because it’s full of experts on how to configure Synology devices (which a few people on this forum are familiar with, but most aren’t).

Hi @schoen,

Thanks for your reply!
I receive the following error when trying to apply for the certificate:

I’ll post the same error at the Synology forum as well. Thanks for taking a look!

Kind regards,

Jacco

This makes me think that there is now something in your network configuration that is blocking the Let’s Encrypt validation, but it’s hard to confirm that without more detailed error messages from the DSM.

Hi @JaccoDW

there is a hidden check of your domain via “check your website”.

With a lot of problems.

Your ipv4 + /.well-known/… has a Synology answer, that’s ok.

But your ipv6 + /.well-known/… has a Frame:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> The Hogwarts Escape
Info: Html-Content with frame found, may be a problem creating a Letsencrypt certificate using http-01 validation
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html><head><title>The Hogwarts Escape</title><link href="https://dewitt.synology.me/HogwartsEscape/hogwartsfavicon.ico" rel="icon" type="image/x-icon"></head><frameset><frame src="https://dewitt.synology.me/HogwartsEscape"></frameset></html> 

That can’t work. Checking your domain Letsencrypt prefers ipv6, so that’s critical.

All Grade K results (differences between ipv4 and ipv6) are bad.

Hi @JuergenAuer!

Wow. I’m an idiot.
I had a transparent forward via my domain host turned on… Can’t believe i missed that :sweat_smile: .
Certificate request worked and everything is working as intended :grin: .

Thanks for the support!

Kind regards,

Jacco

1 Like