[DSM 6.2.2-24922] Cannot renew subdomain

Hi,
I’m contacting you because I’m not able to renew my subdomain cert in DSM 6.2.2-24922 through interface. I’m using a 216 play.
My domain is: hpnotiq.synology.me

I’ve checked port 80 and 443 which are opened. I can create and renew my domain hpnotiq.synology.me but not my subdomains.

Here are logs from /var/log/messages :

2019-05-17T10:56:22+02:00 NAS synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_renew[8815]: certificate.cpp:973 syno-letsencrypt failed. 102 [Invalid response from https://sabnzbd.hpnotiq.synology.me/.well-known/acme-challenge/uQtcvEAI0pu1L07AKdGBUOwZcmx2NPz3LpjXoG4OGic [WW.XX.XX.XXX]: “\n\n \n <script type=“text/javascript”>\n <!–\n location.href = location.protocol + ‘//’ + location.ho”]
2019-05-17T10:56:22+02:00 NASsynoscgi_SYNO.Core.Certificate.LetsEncrypt_1_renew[8815]: certificate.cpp:1458 Failed to renew Let’sEncrypt certificate. [102][Invalid response from https://sabnzbd.hpnotiq.synology.me/.well-known/acme-challenge/uQtcvEAI0pu1L07AKdGBUOwZcmx2NPz3LpjXoG4OGic [WW.XX.XX.XXX]: “\n\n \n <script type=“text/javascript”>\n <!–\n location.href = location.protocol + ‘//’ + location.ho”]
2019-05-17T10:51:10+02:00 NAS
synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_renew[6504]: certificate.cpp:973 syno-letsencrypt failed. 102 [Invalid response from https://plex.hpnotiq.synology.me/.well-known/acme-challenge/8FGEEWFwvQL4PzSj1Qm3ytMyV9SRdLdy6JC9VAOhfyU [WW.XX.XX.XXX]: 401]
2019-05-17T10:51:10+02:00 NAS
synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_renew[6504]: certificate.cpp:1458 Failed to renew Let’sEncrypt certificate. [102][Invalid response from https://plex.hpnotiq.synology.me/.well-known/acme-challenge/8FGEEWFwvQL4PzSj1Qm3ytMyV9SRdLdy6JC9VAOhfyU [WW.XX.XX.XXX]: 401]

I can login to a root shell on my machine.

Hi @HpNoTiQ56

there is no answer ( https://check-your-website.server-daten.de/?q=sabnzbd.hpnotiq.synology.me ):

Domainname Http-Status redirect Sec. G
http://sabnzbd.hpnotiq.synology.me/
82.64.82.212 -2 4.650 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 82.64.82.212:80
http://www.sabnzbd.hpnotiq.synology.me/
82.64.82.212 -2 1.170 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 82.64.82.212:80
https://sabnzbd.hpnotiq.synology.me/
82.64.82.212 -2 1.157 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 82.64.82.212:443
https://www.sabnzbd.hpnotiq.synology.me/
82.64.82.212 -2 1.160 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 82.64.82.212:443
http://sabnzbd.hpnotiq.synology.me/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.64.82.212 -2 1.174 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 82.64.82.212:80
Visible Content:
http://www.sabnzbd.hpnotiq.synology.me/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.64.82.212 -2 1.163 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 82.64.82.212:80
Visible Content:

Looks like a blocking firewall.

Your error

looks like there is a script that answers. Not the content Letsencrypt need to validate your domain.

Was blocking port 80 to all except france and US (Lets encrypt servers used to be in US.).

Now, same problem with opened FW.

Now it looks ok ( https://check-your-website.server-daten.de/?q=sabnzbd.hpnotiq.synology.me ):

Domainname Http-Status redirect Sec. G
http://sabnzbd.hpnotiq.synology.me/
82.64.82.212 200 0.466 H
http://www.sabnzbd.hpnotiq.synology.me/
82.64.82.212 200 0.110 H
https://sabnzbd.hpnotiq.synology.me/
82.64.82.212 303 https://sabnzbd.hpnotiq.synology.me/login/ 0.974 B
https://www.sabnzbd.hpnotiq.synology.me/
82.64.82.212 200 0.870 N
Certificate error: RemoteCertificateNameMismatch
https://sabnzbd.hpnotiq.synology.me/login/ 200 3.000 B
http://sabnzbd.hpnotiq.synology.me/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.64.82.212 404 0.253 A
Not Found
Visible Content: © 2019 Synology Inc.
http://www.sabnzbd.hpnotiq.synology.me/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
82.64.82.212 404 0.116 A
Not Found
Visible Content: © 2019 Synology Inc.

Port 80 is open, no wrong redirect, the expected answer http status 404 - Not Found. So try to find the root parameter of your port 80 vHost and use it:

certbot run -a webroot -i nginx -w yourRoot -d sabnzbd.hpnotiq.synology.me

Here is the solution, I’ve redirected everything in https port.
I needed to add letsencrypt library to port 80 :
I’ve posted it in the Synology forum.


Thanks for help btw!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.