I guess I was being too optimistic thinking those logs would include their Let’s Encrypt plugin. 
I’ve found a file that seems to contain more detailed logs. It’s stored in /var/log/messages and the relevant message looked like this in my case:
2016-11-22T01:55:53+01:00 nas synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[12120]: certificate.cpp:957 syno-letsencrypt failed. 1 [syno-letsencrypt output is not a json: { "error": 102, "msg": "Invalid response from http://example.com/.well-known/acme-challenge/{token}: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Auth"", "file": "client.cpp:320"}
]
I think the fact that my response contained quotes broke their client, which doesn’t seem to be handling JSON correctly (and which makes me worried about the quality of this client 
). Anyway, hopefully whatever is in that log will point you in the right direction. You might have to enable and use SSH to read this file.