I am a novice with encryption and am trying to encrypt data from my Synology NAS. I opened port 80 and setup seems to have worked. However, chrome reckons my cert is invalid:
Yet if I look at further information I can’t see a problem
Hi @chriswooff
I see, you have checked your domain via https://check-your-website.server-daten.de/?q=wooff.synology.me
But: http answers, there is a redirect to port 5001. But this port is invisible.
So it's impossible to check if the https port is correct.
Is it possible to open port 5001? Then you can check your configuration.
Or use port 5001 direct - wooff.synology.me:5001.
Timeout -> no check.
Juergen thanks for your response. I have now opened port 5001.
Ah, now there is a new check - https://check-your-website.server-daten.de/?q=wooff.synology.me
Partial, it's good (if it is not a public website, only your personal usage):
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://wooff.synology.me/ | ||||
| 81.141.63.234 | 400 | 0.083 | M | |
| Bad Request | ||||
| • http://www.wooff.synology.me/ | ||||
| 81.141.63.234 | 400 | 0.086 | M | |
| Bad Request | ||||
| • https://wooff.synology.me/ | ||||
| 81.141.63.234 | -14 | 10.023 | T | |
| Timeout - The operation has timed out | ||||
| • https://www.wooff.synology.me/ | ||||
| 81.141.63.234 | -14 | 10.027 | T | |
| Timeout - The operation has timed out | ||||
| • https://wooff.synology.me:80/ | ||||
| 81.141.63.234 | 200 | 1.050 | Q | |
| Visible Content: | ||||
| • https://www.wooff.synology.me:80/ | ||||
| 81.141.63.234 | 200 | 0.787 | Q | |
| Certificate error: RemoteCertificateNameMismatch | ||||
| Visible Content: |
http doesn't work, https has a timeout.
But https over port 80 and non-www - there is the correct certificate:
CN=wooff.synology.me
04.04.2019
03.07.2019
expires in 90 days wooff.synology.me - 1 entry
The connection is good, the chain is complete.
The www version is wrong, because the certificate doesn't has the www domain name. But you have a www dns entry.
There is no port 5001, perhaps you have created a wrong port forwarding.
You can create one certificate with both domain names (non-www and www) and use that. But it's a subdomain, so you can remove the www entry.
But with that configuration the creation of a new certificate may not work.
You should have a port forwarding
80 -> 80 (that's required to create a new certificate)
443 -> 443 (or 443 -> 5001).
Your current config looks like 80 -> 5001, that's wrong, because 80 isn't encrypted, your 5001 is.
1 Like
Hi Juergen, I really appreciate your help with this. I have endeavoured to make the cert valid for both wooff.synology.me and www.wooff.synology.me I have also modified the port forwarding as suggested but Chrome is still flagging up my certificate as invalid.
There is a new check - https://check-your-website.server-daten.de/?q=wooff.synology.me
05.04.2019 20:28:00
~~40 minutes old.
There is only the certificate with one domain name used:
CN=wooff.synology.me
04.04.2019
03.07.2019
expires in 89 days wooff.synology.me - 1 entry
But checking your urls manual there is a newer result.
So rechecking - yep, now there is a new certificate with both domain names:
CN=wooff.synology.me
05.04.2019
04.07.2019
expires in 90 days wooff.synology.me,
www.wooff.synology.me - 2 entries
And both connections are secure.
So I don't see a problem.
Your port 5001 doesn't answer, but you use the two standard ports 80 / 443.
Do you have a screenshot? My Chrome is happy, no certificate error.
The two lines are marked as I - Content problem. But that's the result of checking the form-action url
webman/modules/ControlPanel/modules/dsm.cgi
A browser doesn't check that.
It is working for me now to thanks Juergen. There must have been something stuck in the cache. I am very grateful to you.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.