Hi,
I bought my domain name and I'm hosting one simple website on my NAS (DS418) with http connection.
Browsing this website is fine, so dyndns works. There is no submain.
As I'd like to have secure connection instead, I tried to get one cert from DSM let's encrypt embedded feature (to be installed on the NAS).
However, "doman non valid" is displayed as error message. https://check-your-website.server-daten.de/?q=guill2v.fr looks file (green)
However, due to dydns, there is one A entry associated to my private ISP address behind (otherwise browsing my domain wouldn't work).
What do I miss more ?
Got it ! My ISP recently changed my connection to IPv4 CGNAT, so my external IP makes no sense as shared between several people.
Let me try to skip this and find the right IP address.
(and I forgot that 10.x.x.x IPs aren't routable )
For IPv4 CGNAT, that's not possible. Incoming connections to that ISP routers which has the "public" IPv4 configured wouldn't know where to send it. To you? Your neighbour?
AFAIK there is no such thing as CGNAT portmapping.
For IPv6 it's a different story. CGNAT isn't required for IPv6. And luckily Let's Encrypt prefers IPv6 over IPv4.
If I try it from my end (which will of course ultimately fail), I'm getting an "incorrect challenge" error (as expected as my client here of course cannot add such a challenge file to your NAS) and not an incorrect domain error. Perhaps the DNS change didn't propogate yet? Could you try again?
Maybe your client checks for an A record? Or only supports IPv4 for some reason? You now have only the AAAA record. I also can reach your site just fine (with IPv6).
Looks better and better. After retried the cert request from the NAS, I could get one 90-day cert as expected !
Thanks all for your support.
As summary, I'd say that removing dyndns (that doesn't support IPv4 CGNAT) and adding one redirection to my IP v6 NAS address in DNS were the trick.
You got one but your NAS is still not sending it out. I see the Synology self-signed cert still. Also see the check-your-website tests or SSL Labs to see this. Maybe you need to restart your NAS?
No need to restart the NAS, I had to use this new cert (instead of default Synology one) on the web server.
Now, my domain is all green. I really appreciate your support guys.