Elderly Newbie Can't access with domain name

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: d54.synology.me

I ran this command: https://d54.synology.me:5001/ (I actually use a different port than the default 5001)
I also tried it using the external ip address

It produced this output:
In both cases I get

his site can’t be reached

d54.synology.me took too long to respond.

Try:

ERR_CONNECTION_TIMED_OUT

My web server is (include version): ?

The operating system my web server runs on is (include version): ?

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA

No matter what I do I can't seem to access my new Synology NAS (7.2 latest update) externally. At first I thought it was because port 80 wasn't open. I figured out how to do that but then I ran into the too many certificates limit. So I created a new certificate with the additional address of www.d54.synology.me. I am still having the same problem. I don't know what else to do.
When I look in the NAS control panel DDNS the status is Normal. In Advanced I have the port numbers I use instead of the defaults 5000 & 5001. I changed these on login portal page also and I put in my domain name on the same page. I also turned off the firewall to make sure that wasn't a problem. I also turned Warp off to see if that was a problem.
Please help! Also, please answer as if I don't know anything since as of two days ago I didn't. THANK YOU!

3 Likes

Welcome @daylight54

I connect to your domain just fine with HTTP (port 80) and HTTPS (port 443).

For using other ports than these you would be better off asking on a Synology forum. We focus on helping people get Let's Encrypt certs. We also often help with common server or comms configurations. And, maybe another volunteer will suggest something. Still, it is not the primary focus for us to help configure every possible product.

That said, the cert you use for your www domain is not correct (see here). It is using a cert for just the root name issued Dec12 at 01:08:43 GMT. This cert works fine for HTTPS (port 443) to your root domain but for some reason your Synology is not using your most recent cert. Again, you are able to get certs but the Synology config seems a problem that might get a better answer at their forum.

3 Likes

Hello,

I am confused as to what you mean by it being just for the root domain. I have no idea what the page you directed me to is showing me. What is the common name? Is the attached cert the correct one? I currently have 2 certs.

(Attachment d54.synology.me.cer is missing)

Your root domain is "d54.synology.me" and you have a "www" subdomain of that. The terminology is sometimes confusing for sure.

The "common name" is not meaningful. It is just a comment. The important names in your cert are the ones in the "SAN" list (Subject Alternative Names).

What I was saying is that requests to your root domain with HTTPS work fine. But, HTTPS requests to your www subdomain fail because for some reason your system is sending out a cert from Dec12 that only has that one name in it. The picture I show is your cert history.

You can view the cert your system is using for HTTPS connection with a test site like below. But, you mention using other ports so if you are not using port 443 maybe this does not matter. But, port usage and config is best directed at a Synology forum. You can still use the site below to check your other ports just by using the appropriate port number.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.