Chrome says cert is invalid for synology NAS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: raynerfamily.synology.me

I ran this command: Opened NAS site in chrome

It produced this output:
Your connection is not private
Attackers might be trying to steal your information from 10.0.0.97 (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
Subject: raynerfamily.synology.me

Issuer: Let’s Encrypt Authority X3

Expires on: Apr 11, 2020

Current date: Jan 18, 2020

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISAwfAcSFylfWBeCZXRAW9KvsIMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAxMTMwNjM1MzZaFw0y
MDA0MTIwNjM1MzZaMCMxITAfBgNVBAMTGHJheW5lcmZhbWlseS5zeW5vbG9neS5t
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO5xeIQkhRWixgR5Qvug
lTjSR2r+96lwkEVa/7pOJjyDn0WcKwSXLaMqWGxYrWREkZI0OBX5QrJhzNc6eZcb
1H+4OFEo/dyrFES5cIxiKU2a5Ws5XtRSfzCYw/RNFHtSfqECqf3xxla3RYQPPXzz
QJ7+FPeGSpPKyw0FBvFCts0rLVSgeqeE9J7nhFCC1V/18pUGFrWoKF5e9Jw12fzi
YCWBvmRTABEkJ30qCfjh9h5dNaJRPO+ctDXETOHHSKIEL8Mtdboeesv2g6MjBu9D
zhHGWcd21Qh5aeviI5Dg5FkJliX5hraF74A6WQXWesTGYboxHhI9q4OS/Sk+9bw1
PJMCAwEAAaOCAm4wggJqMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQURK1F7D7mcp3d
dEU96MmhvuNz7hgwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYI
KwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0
c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0
c2VuY3J5cHQub3JnLzAjBgNVHREEHDAaghhyYXluZXJmYW1pbHkuc3lub2xvZ3ku
bWUwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQC
BIH2BIHzAPEAdwCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAW+d
1FbxAAAEAwBIMEYCIQCy5gu6wSm/4avVBNAaJtPiIuV1K5TNmRVIGQ8Dy4Y6rAIh
ANdfNt4Jj/3MUrQcdJudQZElr59+k5jVm3ZgR934mcS3AHYAb1N2rDHwMRnYmQCk
URX/dxUcEdkCwQApBo2yCJo32RMAAAFvndRXZQAABAMARzBFAiEAq1bqXefPuj7D
rLAFTJ2WTVFr9zTO73Wv2pdWbpL78rYCIAXqmjgPcdwLgtCYHGGCo2MqXRAm6ul8
KlUDS29DVdpJMA0GCSqGSIb3DQEBCwUAA4IBAQAQgR4vVf+EtcqeEYrCAoXdnuBD
FYiAiU+N+P5iNQLsIc3bQj/dTdmqToxhqWFC3Amg0ubE+CR0Gi0E9znf/PHrqrVz
E5Xo+jDmoQ/vIIk/WuvwzQzFp09Vth7WPZyGhEUnGR4u3ePbx/kSW9Pcca+rLkIv
GrBCN8vhhF9ymUMS3xBOS19VcBwDcmte04qwAeq2xji+wuc+hf1edgQwQx3u2/Sc
dzrLicea0iyGZldnUhOQ6l5PFVSVMRl43riIXzVV5d6466amDkoUFmqqN1BbR2lA
xCHyHiC/KX3OUmGH4yQx4gYptN+7ehcGUlJEjJ/Qfa9Da6/zKvcwX7En5eIJ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
Advanced
This server could not prove that it is 10.0.0.97 ; its security certificate is from raynerfamily.synology.me . This may be caused by a misconfiguration or an attacker intercepting your connection.

Proceed to 10.0.0.97 (unsafe)

My web server is (include version): Google Chrome Version 79.0.3945.130 (Official Build) (64-bit)

The operating system my web server runs on is (include version): Windows 10 Home Version: 1903 OS Build 18362.592

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Synology NAS control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Not using a Certbot, should I get one?

Hopefully this provides enough information for you guys. I got a new certificate to try and see if a newer one would work but I get the same results. I get alerts from comcast that attackers are trying to get into my NAS so I am trying to make sure it is secure, any help would be great. If you need more info don’t hesitate to ask, hopefully I can answer the question.

1 Like

Hi @at0msplat

if you use the ip address, you must have a certificate with the ip address as domain name.

Letsencrypt doesn’t create such certificates -> the result is expected.

Use your domain name.

2 Likes

Thank you for helping this noob! I was not aware of that and made a favorite when I initially set up the NAS, everything is working now. Hopefully this will help keep the attacks down and now I can actually access my server from outside the house.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.