I recently bought a new domain via INWX: jeromehelzel.de.

Now, I want to create a new SSL certificate for my Synology NAS. I've done this several times before using a Google domain without issues. However, I'm now getting an error message that asks me to check my IP address, reverse proxy rules, and firewall settings.

My NAS is accessible under nas.jeromehelzel.de, and the domain is registered with the INWX DynamicDNS service.

I tried using both jeromehelzel.de and nas.jeromehelzel.de as the domain names, but I keep encountering the same error in both cases.

I've also checked my port forwarding and temporarily disabled my firewall for testing purposes, but nothing changed.

Any help would be greatly appreciated!

Thanks in advance!

image1021×630 33.5 KB

Those names have different IP addresses in the public DNS. Let's Encrypt will validate to the server indicated in the public DNS system. Usually you run the ACME Client program that requests the cert on the same machine as the IP for the domain requested.

nslookup nas.jeromehelzel.de
93.231.106.230

nslookup jeromehelzel.de
185.181.104.242

Hi Mike,

I’ve made the following changes: Previously, I had a DynDNS entry for nas.jeromehelzel.de at INWX. I deleted that entry and set jeromehelzel.de as the sole DynDNS entry. Before this, none of the subdomains were working, but now they all resolve correctly, and I have full access. The only thing left is the SSL certificate, but I’m still encountering the same error. Do you have any idea what might be causing this?

Thanks in advance!

image1151×641 35.2 KB

Please explain the multiple IPs [from different ISPs]:

Name:      jeromehelzel.de
Addresses: 185.181.104.242
           93.231.106.230
Aliases:   nas.jeromehelzel.de

ARIN Whois/RDAP - American Registry for Internet Numbers - 185.181.104.242
ARIN Whois/RDAP - American Registry for Internet Numbers - 93.231.106.230

This IP seems to be a Synology NAS:

curl 93.231.106.230
<!DOCTYPE html>
<html>
    <body>
        <input type="hidden" id="http" name="http" value="5000">
        <input type="hidden" id="https" name="https" value="5001">
        <input type="hidden" id="prefer_https" name="prefer_https" value="true">
    </body>
    <script type="text/javascript">
        var protocol="https:";
        var port=5001;
        var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search;
        location.replace(URL);
    </script>
</html>

This IP is NOT:

curl 185.181.104.242
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<! Managed by ansible role: inwx_inactive_domains >
<head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
    <title>185.181.104.242 has been registered</title>
</head>
<body>
        <p align="center">
        <font face="Verdana, Arial, Helvetica, serif" size=2>
        185.181.104.242 was successfully registered. There is no content yet.
        </font>
        </p>
</body>
</html>

Hi rg305,

Yes, I made a small mistake with the IP address configuration. As I mentioned earlier, everything is working now, including the subdomains. The only issue remaining is obtaining the SSL certificate for jeromehelzel.de via Let’s Encrypt. Ignore nas. I didn't use it anymore. Do you have any idea why this might still be failing?

Thanks for your time!

How/When did you correct that?
[it still looks incorrect to me - I see two IPs]

nas. is now a regular CNAME subdomain, but I haven’t made any changes to it recently. Currently, only jeromehelzel.de has a DynDNS entry.

I'm NOT talking about NAS.
Both names show two IPs.

Try:
dig jeromehelzel.de
nslookup jeromehelzel.de

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.