Error with 'acme.sh' on Synology DS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ce4nas.ce-maschinensysteme.de

I ran this command: ./acme.sh --issue --debug -k 4096 -d “ce4nas.ce-maschinensysteme.de” --accountemail “8qhcbi6xw4@ce-maschinensysteme.de” --webroot /var/services/homes/backupuser/v-webRoot

It produced this output: ce4nas.ce-maschinensysteme.de:Verify error:Fetching http://ce4nas.ce-maschinensysteme.de/.well-known/acme-challenge/-2WunF6qwwnzcX9qUuGdzXOyQQqrB_D2W5PJg-Yd7_w: Timeout during connect (likely firewall problem)

My web server is (include version): Synology DS

The operating system my web server runs on is (include version): nginx

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): The ‘GNOME-Terminal’ from ubuntu

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Im using acme.sh from https://github.com/Neilpang/acme.sh

Please look at the error message, try to fetch ‘http://ce4nas…-Yd7_w:’ ends with a ‘:’. If I follow this link, it is not available. If I remove the ‘:’ from the end I get the token.

Is there a mistake from Let’s Encrypt or is there something wrong with acme.sh?

Hi,

Your domain is not publicly accessible at this point. That’s what the error message said. Let’s Encrypt need to connect to your server before issue you a certificate (HTTP validation)
Both port 80 and 443 are “filtered” instead of “open” or “Not listening”.

Can you check if your ISP block access to the service, or there’s a firewall / port forwarding issue?

Thank you

Probably neither.

Can you access that token file from the Internet?
[I can't]

wget http://ce4nas.ce-maschinensysteme.de/.well-known/acme-challenge/-2WunF6qwwnzcX9qUuGdzXOyQQqrB_D2W5PJg-Yd7_w
--2019-12-06 00:05:47--  http://ce4nas.ce-maschinensysteme.de/.well-known/acme-challenge/-2WunF6qwwnzcX9qUuGdzXOyQQqrB_D2W5PJg-Yd7_w
Resolving ce4nas.ce-maschinensysteme.de (ce4nas.ce-maschinensysteme.de)... 37.81.9.204
Connecting to ce4nas.ce-maschinensysteme.de (ce4nas.ce-maschinensysteme.de)|37.81.9.204|:80... failed: Connection timed out.
Retrying.

Thank you for this anwer.
My domain is available, or? Please try
http://ce4nas.ce-maschinensysteme.de/.well-known/acme-challenge/-2WunF6qwwnzcX9qUuGdzXOyQQqrB_D2W5PJg-Yd7_w
You will see the old token.

Is there a firewall?
IPS?
Geo-Location blocking?

Can’t reach: http://ce4nas.ce-maschinensysteme.de/
Can’t reach: https://ce4nas.ce-maschinensysteme.de/

Whow, Thank you! Speed help.
Yes, my firewall blocks some Geo-Locations, I remove it.
I got the certifikate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.