I got an email from Let’s Encrypt saying that my certificate is going to be expire in 20 days, then I got another one saying it will expire in 10 days, and now it’s saying it will expire in 1 day which will be on the Monday the 19th of August, 2019. Since I got those emails, I’ve tried to renew the certificate via DSM and have both ports open on my Linksys Velop Router, port 80 and 443. Every time I go to try to renew is says it cannot connect to Let’s Encrypt. How do I fix this before it expires on Monday?
I look forward to hearing from you as soon as possible!
You don't have ip addresses defined. Read the output:
Info: Creating a Letsencrypt certificate with that domain name isn't possible. To create a certificate you need a registered, worldwide unique domain name. The domain name ends with a public suffix, that's good (no Grade Z). But the domain isn't registered. If you want a certificate with that domain name, you have to proof that you are the domain owner.
An A- or AAAA record (ipv4 or ipv6) is required : Your domain name -> ipv4 or / and ipv6
Yes, I checked it yesterday evening, because I was trying to solve this. So, in order to “renew” the certificate, I have to purchase “my” domain listed above?
I don't use synology products. But there are a lot of other users with such subdomains. So it's possible to use such subdomains with a Letsencrypt certificate.
Check the synology documentation how to register such a subdomain and how to create a public visible A record.
Ok, so why did I get an email saying to renew this certificate for? What was it for? I never used the domain in the first place, I just used Synology’s QuickConnect feature to access my NAS remotely. If I do this https://www.synology.com/en-global/knowledgebase/DSM/tutorial/Network/What_Is_Synology_DDNS_Service will it create another certificate with Let’s Encrypt and then will I eventually have to renew it? Is it free as well? Also, what’s going to happen with my current certificate if I can’t renew it? Will anything change / not function? I have no option to remove it or delete from DSM.
It’s odd that thesimshouse.synology.me has no DNS records, but Synologies can obtain synology.me certificates using DNS validation, so A and AAAA records aren’t actually required.
I have no idea about anything beyond that, though.
But what's the problem? If you are the only user of your NAS, create an exception in your browser. Then you don't need a public trusted Letsencrypt certificate.
Or do it again. Maybe there is a missing step, so your setup is incomplete.
@mnordhoff - Thanks for your input, I have contacted Synology about this topic.
@JuergenAuer - I was thinking the QuickConnect feature created that certificate as well. I have more than one user for the NAS, so I don’t think the web browser exception would work. Should I just try doing the DDNS setting or set up QuickConnect again?
After doing much digging around, and help from you, @JuergenAuer, I found that I did not have my DDNS on my Synology NAS setup despite having the certificate from LetsEncrypt.
I now remember that I had the DDNS setup when I got my NAS, and then after for some reason I deleted the DDNS, and didn’t realize that was causing the issue. After I added the DDNS back on my Synology, I went back to renew the certificate with port 80 and 443 open on my Linksys Velop Router and it worked!
The only issues I have now is when I go to my NAS with its local IP address on the network, it says it’s not a secure connection on both Safari and Chrome after I say to proceed to the site, but Safari saves the information so I don’t have to keep telling it to proceed each time, and it shows an encrypted connection unlike Chrome, which does not do that. My question is, how do I fix this?
Also, when I go to the QuickConnect site to access my NAS I get a “not-secure” badging when loading that page until it reaches my NAS, in which that case it turns to an encrypted connection on Safari, but not Chrome. Do you know how I could fix this too or is it something on Synology’s end?
Finally, when I change some of the open ports and HTTP to HTTPS connections on the web link I go to access my NAS, like port 5000 or 5001, I get a server not found or a 404 Error page depending on how I mix those variables up. Do you know how I could fix this or should I ask Synology?
Anyways, I appreciate your help and information, and will be contacting Synology about those questions I asked you above as well.
I was able to connect to my domain with the port 5000 redirecting to 5001 when I put those ports on my router in the port forwarding settings, but then I decided to use the HSTS setting on the Network section in the subsection of DSM Settings (DSM Settings | DSM - Synology Knowledge Center) which removes the 5000 and 5001 ports when typing in the domain and removing from my router port forwarding settings too. Is this safer?
Should I be able to connect to all those domains if they worked? Or does each domain have conflicts with each other?
The URL to Synology’s QuickConnect is http://quickconnect.to/ which shows “not secure” when navigating to that page, but if I change the it to https://quickconnect.to/ it shows “secure”. Once I put in my specified QuickConnect ID, that redirects to my IP Address on my local network (which shows it’s “not secure” then goes to “secure” on Safari as said earlier above) but externally it goes right to the domain name with a “secure” badge.
Ok, so I should just disregard all of those other domains and just stick to “https://thesimshouse.synology.me/” despite them being active?
If you use the domain name, the certificate is valid.
This isn't "safer", it's - simple - easier. Port 5000/5001 are used if the standard ports are blocked. But if you have an own subdomain, you can use the standard ports.
You don't need a www version. It's not a public website, it's only a subdomain with a login. So the non-www version is enough.
http is always "not secure". That's not a problem, use the https version.
Alright, thanks for your help @JuergenAuer. It is much appreciated! Synology just got back to me and they said similar things to what you said. Take care.