Ddns.net and my new Let's Encrypt certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
Try to open the site with installed Let's Encrypt certificate on my Synology NAS and blank page
It produced this output:
blank page
My web server is (include version):
Synology nas
The operating system my web server runs on is (include version):
synology DSM
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Don't know

I'm new to this certificate deal. The problem is: I obtained a Let's Encrypt certificate for resolving my Synology NAS with ssl and get a green lock on https address bar when me or a user connect to my NAS. I do have ddns.net as DNS provider. On Synology side I think my certificate is pretty valid, I completed with success all the steps needed to get the certificate, then ddns.net do not resolve it and I have no idea about how to handle this. I read on the net I should create like a TXT file to insert somewhere on ddns.net then I really have no idea how to do it. I obviously have all my Let's Encrypt certificate files, cert.pem, chain.pem, privkey.pem, they are correctly installed on my Synology (where I obtained the certificate), then ddns.net do not resolve.If someone can help me, I would be grateful.

You should check your firewall (or make sure that your server is actually serving on both the internal and external interface). And check your port forwarding as well.

1 Like

Why would you do this? You already have a valid Let's Encrypt certificate, as you say. I'm hoping you're not doing random stuff just because someone on the internet told you so, when you're not even sure what the effect and goal will be?

Also, your site on port 5001 isn't reachable from the world wide web. Maybe that's intentionally, but makes debugging your issue rather difficult.


Hi, no, it is ‘t intentionally. It happen after I installed and enabled my let’a encrypt valid certificate. If you want me i can disable it, it will load the site obviously with the ‘not secure’ indicarion.

I wont do stuff i found on the net, this is the rraspn becouae i’ here fir ad ise.

Juat ask me what it is needed to debig the problem and I will follow.

Ps: i have more pix to load then as a new user i’m sntitled to juat send one. I add the popmag2.ddns.net certificate is the default.

Is your router forwarding those ports?

1 Like

Absolitely yes in fa t id you try http://popmag2.ddns.net:5000 it will work in http not se ure mode. Tru it.

well... check again. it doesn't make sense for a port to work and another not to.

It work infact if i disable the let’s encrypt certificatw and i put the synology one it will load pn poet 5001 obviously in not se ure mode.

Try it now and see by toyrself?


Isn’t this related to dna propagation? How ddns.net can be put in the conditio. To know about my certificate?

I heard a out Car and atuff like that.

I don't see anything.

(Why are you using ports 5000 and 5001? The defaults are 80 and 443.)

1 Like

Hi, i solved it!

Thank you to this great community and thank you to let’s enceypt foe this fa tastic free certificates!

Port 5001 was closed on my router. Now I even redirected http ——->>>> https and I always got encrypted connection and green lock.

Very happy. Now I’m wondering: is it really so simpke to cinfigure a certificate? Now I will configure my OpenVPN access using my certificate in place of the synology default one.

What can I do more with this certificates to even more se ure my server?

The only downside is: every three montha I do need to remember to open port 80 and redirect it to server to automatically renew the certificate.

I think my server is pretty much secure: no standard porta, usera root and admin always disabled and now I enjoy this in redibly good certificate. I tested with every possible browser, from safari on this ipad to duck and go and i always got a strady green lock. This is not automatic becouse with another certificate of another not free authority with some browser, they complain about misconfiguration and my server pretendimg to be it.

If someone want to click on it and test my server:

http://popmag2.ddns.net:5000 (redirect to https)

This is my other server, same configuration, with another certificate and sometimes it complaiin like I said beforw.

http://popmag.ddns.net:5000 (also here redirect to https)

Ps: they will disappear aoon becouse I want to change synology standard ports 5000 and 5001 with something less standard.

1 Like

You can keep it open.

1 Like

Nahhh I just keep ports open fir strictly use.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.