Error trying to get LE cert on Synology for custom domain

My domain is: maclloyd.com

I ran this command: built-in wizard in DSM 7.2/Control Panel/Security/Certificate/Create Certificate

It produced this output: "Invalid domain. Please make sure this domain can be resolved into a public IP address"

My web server is (include version):N/A

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:domain register is Porkbun. Domain is not hosted (no A record). Root domain ALIAS record points to maclloyd.synology.me

I can login to a root shell on my machine (yes or no, or I don't know):don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Synology DSM 7.2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):N/A?

I'm trying to setup a home server (web, media server etc.) using my Synology DS423+.

Because this is a home network my ISP WAN address is dynamic.

As a result I was thinking to use an ALIAS DNS record to point maclloyd.com.com (except mail MX which uses gmail) to Synology's DDNS using the host name I've got setup there (maclloyd.synology.me).

From there everything would use HTTPS (port 443) to hit my NAS and from there I'd use reverse proxy to reach the various services. (that's the plan anyway)

I'm running into trouble getting an LE cert for maclloyd.com. I error out ("Invalid domain. Please make sure this domain can be resolved into a public IP address") I'm guessing this is because I don't have an A record for maclloyd.com. Having said that running a HTTP-01 test at Let's Debug on maclloyd.com says all is ok

I don't host maclloyd.com anywhere (yet) so I don't have a public IP adder or DNS A record. I only an ALIAS record with Porkbun and a dynamic ISP-provided IP adder so I'm not sure what to do.

Hi @hamah, and welcome to the LE community forum :slight_smile:

com.com ? ? ?

The domain maclloyd.com does resolve to the same IP as the name maclloyd.synology.me:

Name:    maclloyd.com
Address: 24.87.135.123

Name:    maclloyd.synology.me
Address: 24.87.135.123

That said, your synology NAS system would still need to obtain a cert to cover the name you put into the browser.

If you type:

  • https://maclloyd.com/ then the cert needs to include that name
  • https://maclloyd.synology.me/ then the cert needs to include that name
3 Likes

Thanks for the welcome and the response.

After posting this I ran some tests at letsdebug.net and did an IP Lookup on maclloyd.com. All were able to resolve the domain and all tests passed.

I was then able to get an LE cert using the Synology DSM software after I removed all the SANs I wanted to use so there must be something wrong there. I'll troubleshoot that further.

Thanks again!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.