Error message with third certificate


#1

I’m using Synology DSM 6.0.2. to create certs.
I got already two:
xyz.de for xyz.de;aa.xyz.de;bb.xyz.de

and a second one for more subdomains:
xyz.de for xyz.de;cc.xyz.de;dd.xyz.de

now I wanted to get a third one for two additional websites which are running on the same server:
xyz.de for xyz.de;zzz.de;yyy.de

No chance, always the same stupid error:
“Vorgang fehlgeschlagen. Bitte melden Sie sich erneut im DSM an und versuchen Sie es erneut.”
“Process failed. Logon again and try again.”

80/443 are still open an the three pages are accessible.

What can I do?
Help appreciated.

Regards,
Matis


#2

DSM has a “Log Center” app which might show more details about the exact problem it’s running into with these new domains, anything interesting in there?


#3

The protocol-center has just rudimentary useless info/log.
Or is there a special cert installation log?


#4

I guess I was being too optimistic thinking those logs would include their Let’s Encrypt plugin. :smile:

I’ve found a file that seems to contain more detailed logs. It’s stored in /var/log/messages and the relevant message looked like this in my case:

2016-11-22T01:55:53+01:00 nas synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[12120]: certificate.cpp:957 syno-letsencrypt failed. 1 [syno-letsencrypt output is not a json: { "error": 102, "msg": "Invalid response from http://example.com/.well-known/acme-challenge/{token}: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Auth"", "file": "client.cpp:320"}
]

I think the fact that my response contained quotes broke their client, which doesn’t seem to be handling JSON correctly (and which makes me worried about the quality of this client :thinking:). Anyway, hopefully whatever is in that log will point you in the right direction. You might have to enable and use SSH to read this file.


"The operation failed. Please log in to DSM again and retry"
#5

Wow thanks a lot, this log was what I was looking for. Thanks.
Found some hint there. Will evaluate and get back.

Regards,
Matis


#6

I could fix the issue for real subdomains. Thanks.
I have answer yet for a second and third domain which I want to run on the domain of the webserver:

2016-11-22T10:53:29+01:00 DS1515 synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[29502]: certificate.cpp:1359 Failed to create Let’sEncrypt certificate. [1][syno-letsencrypt output is not a json: { “error”: 102, “msg”: "Invalid response from http://xxx.de/.well-known/acme-challenge/jOTbgews_ndzIgnW_F2Nb5UJ25KH7qgAdJPmzfT5jvs: "

So far I have the domeian xxx.de certified,
yyy.de & zzz.de should run on xxx.de. So far I redirected by FRAME redirection on Strato. Does not work for Let’s Encrypt. HTTP redirection does also not work.
Any idea?


#7

The question remains:

How do I certify domains which run of the same webserver like another domain, means they have the same IP and the second domain redirects through FRAME redirection at Strato.
It works for http, but I do not get Let’s Encrypt to certify this:

domain 1: xxx.de
Certified for xxx.de, mail@xxx.de

domain 2: yyy.de
should be certified for yyy.de, mail@yyy.de

I tried certification also for xxx.de, mail@yyy.de, addition name: yyy.de
Does also not work!

Regards,
Matis


#8

Solved.
What I tried is not possible.
I deleted now the frame redirection and configured a DDNS update. With that I could get a certificate.
Thanks for your support, the logfile did point me the right direction.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.