Background. My webserver and LE certs have worked for over a year. I have had no issues updating the certs prior to October 1st (so 3 months ago). Right now I can renew and create certs for my NO-IP domain (readsds.read-books.org), and Synology DDNS (readsds.familyds.com). I used the same command below in all three cases and am currently using the cert for readsds.familyds.com, but that leaves my primary DDNS readsds.tzo.net down. The error at the end of the syno-letsencrypt new-cert -VV output about port 80 seems to be a synology thing (any error is port 80). port 80 is open and it does work for readsds.tzo.net. I normally keep port 80 closed and reroute all SSL traffic in though a non-standard port (not 443).
weird things:
DNS problem: SERVFAIL looking up CAA for readsds.tzo.net <<--- ????
DEBUG: [readsds.tzo.net] is not a subdomain of [readsds.familyds.com] <<<--- Clearly not true
DEBUG: DNS challenge failed, reason: {"error":203,"file":"client.cpp","msg":"Challenge setup is failed."}
DEBUG: Normal challenge failed, reason: {"error":107,"file":"client.cpp","msg":"readsds.tzo.net: DNS problem: SERVFAIL looking up CAA for readsds.tzo.net"}
STANDARD DEBUG INFO:
My domain is: readsds.tzo.net, ibb.readsds.tzo.net;readsds.familyds.com;readsds.read-books.org
I ran this command: sudo syno-letsencrypt new-cert -d readsds.tzo.net -m "icreadence@mailxhost.com" -vv
It produced this output:
DEBUG: ==== start to new cert ====
DEBUG: Server: https://acme-v01.api.letsencrypt.org/directory
DEBUG: Email: icreadence@com
DEBUG: Domain: readsds.tzo.net
DEBUG: ==========================
DEBUG: setup acme url https://acme-v01.api.letsencrypt.org/directory
DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/directory
DEBUG: Curl Reply: [200] Header: [HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 561
Replay-Nonce: dSyRmj4OfR6ooZIJQ3qkMBCpvzGbU_rlfjiliwL-xFU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Oct 2017 03:25:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:30 GMT
Connection: keep-alive] Body: [{
"Y2fAt3N7uQg": "Adding random entries to the directory",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}]
DEBUG: Found registed account. used old account. [/usr/syno/etc/letsencrypt/account/RTM4t3/]
DEBUG: strat to do new-authz for readsds.tzo.net
DEBUG: ==> start new authz.
DEBUG: new authz: do new-authz.
DEBUG: Post JWS Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: Post JWS value: {
"identifier" : {
"type" : "dns",
"value" : "readsds.tzo.net"
},
"resource" : "new-authz"
}DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: Post Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: Post value: {
"header" : {
"alg" : "RS256",
"jwk" : {
"e" : "AQAB",
"kty" : "RSA",
"n" : "1ITFPglst_skDB8XZMm_PrcsCDXxpXsVnkXhN-7D2qT8t1sLK_45jXHNN0y_OAgn1OwnRdwksp1ean_EKaPyJubFuegPspZq8rnbXVuDXm4xAm79hgn3-5jZ-tRC3wIhLn61qrCaceRLYXwF_lcYihfc5iNr6S86hObNdOO7_WCIvt6Nmpw22cwYrVk9jFHqCESv5_-67lNi-Zo5giSUkHkb8juOoMd0GCUhjh6mLhsNhTKEkakwy5KIVmsqgbhxVWUZzUoD3PQNhFUfhFj-o9aLLMwYSu4LLizoiiW7vM9vM44onElmZ4sVE2G5NgxH2YvGnhxZsnqOJUxpdN2sMQ"
}
},
"payload" : "eyJpZGVudGlmaWVyIjp7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InJlYWRzZHMudHpvLm5ldCJ9LCJyZXNvdXJjZSI6Im5ldy1hdXRoeiJ9Cg",
"protected" : "eyJub25jZSI6ImRTeVJtajRPZlI2b29aSUpRM3FrTUJDcHZ6R2JVX3JsZmppbGl3TC14RlUifQo",
"signature" : "QwOFDzuOXNK-MA5VY4f9YlegGPRsssT_gDzzBCaBgTOLQQHW1Ncve40f0_Lv4JsriO1AMR4uWeLgk_5yeQzpJ-fStsJTI6rI9D5Q4mTtPgcPPAGMR2pKu_gDUeY2UFLnatIAA-1KZna4XxmxSHRNrVrr238vMPFKNhIt9Vrh0lds1usxrr-K1VM0p2usgHWYI-LBfudyjWSDP3bPQ5VmqjuiJNr-KJFb8hsFZ5KsKjMijqsJybZoAFyckgX7QcuDe2qH7fgEGZ_INS0CCa2NpDju4pKvLoddLRtw9A_qtDoGzfzzth2Vma8tMb3HxuZErZGlujtXaKTNcTZdlQXceg"
}DEBUG: Curl Reply: [201] Header: [HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 993
Boulder-Requester: 8333082
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE
Replay-Nonce: vFHIjtnYKcKNL9b7YRE0T2B2DqM4phZi1BORO9_TVzE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Oct 2017 03:25:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:31 GMT
Connection: keep-alive] Body: [{
"identifier": {
"type": "dns",
"value": "readsds.tzo.net"
},
"status": "pending",
"expires": "2017-10-11T03:23:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401190",
"token": "8uhNark5Zh6x-nTM3P_BXqScaaEcpZeofBcVokV_v4o"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191",
"token": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401192",
"token": "gD_sX7VAboRtjxihYuX1f7aIBC0odAVVQgEzgWGDpmM"
}
],
"combinations": [
[
2
],
[
1
],
[
0
]
]
}]
DEBUG: new authz: setup challenge env.
DEBUG: new authz: http-01 challenge.
DEBUG: Post JWS Request: https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191
DEBUG: Post JWS value: {
"keyAuthorization" : "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc.iEt4z3AxFxKEk-7C4xVDVbtqpTFWNMk9MFpuZDKBIPU",
"resource" : "challenge",
"type" : "http-01"
}DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: Post Request: https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191
DEBUG: Post value: {
"header" : {
"alg" : "RS256",
"jwk" : {
"e" : "AQAB",
"kty" : "RSA",
"n" : "1ITFPglst_skDB8XZMm_PrcsCDXxpXsVnkXhN-7D2qT8t1sLK_45jXHNN0y_OAgn1OwnRdwksp1ean_EKaPyJubFuegPspZq8rnbXVuDXm4xAm79hgn3-5jZ-tRC3wIhLn61qrCaceRLYXwF_lcYihfc5iNr6S86hObNdOO7_WCIvt6Nmpw22cwYrVk9jFHqCESv5_-67lNi-Zo5giSUkHkb8juOoMd0GCUhjh6mLhsNhTKEkakwy5KIVmsqgbhxVWUZzUoD3PQNhFUfhFj-o9aLLMwYSu4LLizoiiW7vM9vM44onElmZ4sVE2G5NgxH2YvGnhxZsnqOJUxpdN2sMQ"
}
},
"payload" : "eyJrZXlBdXRob3JpemF0aW9uIjoiR1p2S1BIYVFubEg1TW91ZzNyQmZlV0E4ck1SUFpsOG9lRE5GcTNvMTFKYy5pRXQ0ejNBeEZ4S0VrLTdDNHhWRFZidHFwVEZXTk1rOU1GcHVaREtCSVBVIiwicmVzb3VyY2UiOiJjaGFsbGVuZ2UiLCJ0eXBlIjoiaHR0cC0wMSJ9Cg",
"protected" : "eyJub25jZSI6InZGSElqdG5ZS2NLTkw5YjdZUkUwVDJCMkRxTTRwaFppMUJPUk85X1RWekUifQo",
"signature" : "qmh89Pm55e78xLVNwDKxMeVtUjl28czPhcn1GXvwg57LgT8CLgWtvPTIBcTDor0vhSr0mN77KXszHsWu6JyyCIFAc_0xwCjVdgjsxVcPiA99G3RXBp8q9VR8Uy92jpfQiqOw5Fa1H-Q2XpGqz17XrMfcwW65R0V7UsSVlriGmTVC7TvGu3JHn4lCyYWhD63Uj8_SxyldaWS7KfF_im63uO3sB7vQgGuPF7AiWnDJCJI0GFA6pIxOEqD-8Ti5vWb28pyfOjZYFi_hDedkXOm7KJezlWsCjuisxng9AwLjYgXbRHCoFBEPeXhIyADT-2pNwox5HTDd7C_j3yw6LUPipA"
}DEBUG: Curl Reply: [202] Header: [HTTP/1.1 100 Continue
Expires: Wed, 04 Oct 2017 03:25:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cacheHTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 8333082
Link: https://acme-v01.api.letsencrypt.org/acme/authz/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191
Replay-Nonce: RD3yyIGrd30lkA0c12o23A4wyIhGqCUS6hvj1YIdDvI
Expires: Wed, 04 Oct 2017 03:25:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:31 GMT
Connection: keep-alive] Body: [{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191",
"token": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc",
"keyAuthorization": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc.iEt4z3AxFxKEk-7C4xVDVbtqpTFWNMk9MFpuZDKBIPU"
}]
DEBUG: new authz: http-01 check result.
DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/acme/authz/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE
DEBUG: Curl Reply: [200] Header: [HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 1110
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: eo_tHNwJnaJ_Xvp01gj2NY1CI4GCriZraiA9xRPz4UI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Oct 2017 03:25:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:31 GMT
Connection: keep-alive] Body: [{
"identifier": {
"type": "dns",
"value": "readsds.tzo.net"
},
"status": "pending",
"expires": "2017-10-11T03:23:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401190",
"token": "8uhNark5Zh6x-nTM3P_BXqScaaEcpZeofBcVokV_v4o"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191",
"token": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc",
"keyAuthorization": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc.iEt4z3AxFxKEk-7C4xVDVbtqpTFWNMk9MFpuZDKBIPU"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401192",
"token": "gD_sX7VAboRtjxihYuX1f7aIBC0odAVVQgEzgWGDpmM"
}
],
"combinations": [
[
2
],
[
1
],
[
0
]
]
}]
DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/acme/authz/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE
DEBUG: Curl Reply: [200] Header: [HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 1110
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: aIwHZaavbXnUSf2DTa44EBXaFtpcCcWqsNDSLWQkzrc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Oct 2017 03:25:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:34 GMT
Connection: keep-alive] Body: [{
"identifier": {
"type": "dns",
"value": "readsds.tzo.net"
},
"status": "pending",
"expires": "2017-10-11T03:23:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401190",
"token": "8uhNark5Zh6x-nTM3P_BXqScaaEcpZeofBcVokV_v4o"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191",
"token": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc",
"keyAuthorization": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc.iEt4z3AxFxKEk-7C4xVDVbtqpTFWNMk9MFpuZDKBIPU"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401192",
"token": "gD_sX7VAboRtjxihYuX1f7aIBC0odAVVQgEzgWGDpmM"
}
],
"combinations": [
[
2
],
[
1
],
[
0
]
]
}]
DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/acme/authz/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE
DEBUG: Curl Reply: [200] Header: [HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 1110
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: -vHZ1kOAHKs707zLHZwD0y-uoA_hmtOJeiMJbyjbqR0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Oct 2017 03:25:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:36 GMT
Connection: keep-alive] Body: [{
"identifier": {
"type": "dns",
"value": "readsds.tzo.net"
},
"status": "pending",
"expires": "2017-10-11T03:23:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401190",
"token": "8uhNark5Zh6x-nTM3P_BXqScaaEcpZeofBcVokV_v4o"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191",
"token": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc",
"keyAuthorization": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc.iEt4z3AxFxKEk-7C4xVDVbtqpTFWNMk9MFpuZDKBIPU"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401192",
"token": "gD_sX7VAboRtjxihYuX1f7aIBC0odAVVQgEzgWGDpmM"
}
],
"combinations": [
[
2
],
[
1
],
[
0
]
]
}]
DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/acme/authz/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE
DEBUG: Curl Reply: [200] Header: [HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 1666
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: HOOuR6EbdNGuLto8CIxiFpBKlDD-NCGnKj_PuDrgVf8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Oct 2017 03:25:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:38 GMT
Connection: keep-alive] Body: [{
"identifier": {
"type": "dns",
"value": "readsds.tzo.net"
},
"status": "invalid",
"expires": "2017-10-11T03:23:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401190",
"token": "8uhNark5Zh6x-nTM3P_BXqScaaEcpZeofBcVokV_v4o"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "DNS problem: SERVFAIL looking up CAA for readsds.tzo.net",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401191",
"token": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc",
"keyAuthorization": "GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc.iEt4z3AxFxKEk-7C4xVDVbtqpTFWNMk9MFpuZDKBIPU",
"validationRecord": [
{
"url": "http://readsds.tzo.net/.well-known/acme-challenge/GZvKPHaQnlH5Moug3rBfeWA8rMRPZl8oeDNFq3o11Jc",
"hostname": "readsds.tzo.net",
"port": "80",
"addressesResolved": [
"96.237.238.150"
],
"addressUsed": "96.237.238.150",
"addressesTried":
}
]
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/HiiMcfJeFlnXMTI0RNK6702YV74u-FZ2x82eJYSJZcE/2125401192",
"token": "gD_sX7VAboRtjxihYuX1f7aIBC0odAVVQgEzgWGDpmM"
}
],
"combinations": [
[
2
],
[
1
],
[
0
]
]
}]
DEBUG: ==> start new authz.
DEBUG: new authz: do new-authz.
DEBUG: Post JWS Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: Post JWS value: {
"identifier" : {
"type" : "dns",
"value" : "readsds.tzo.net"
},
"resource" : "new-authz"
}DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: Post Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: Post value: {
"header" : {
"alg" : "RS256",
"jwk" : {
"e" : "AQAB",
"kty" : "RSA",
"n" : "1ITFPglst_skDB8XZMm_PrcsCDXxpXsVnkXhN-7D2qT8t1sLK_45jXHNN0y_OAgn1OwnRdwksp1ean_EKaPyJubFuegPspZq8rnbXVuDXm4xAm79hgn3-5jZ-tRC3wIhLn61qrCaceRLYXwF_lcYihfc5iNr6S86hObNdOO7_WCIvt6Nmpw22cwYrVk9jFHqCESv5_-67lNi-Zo5giSUkHkb8juOoMd0GCUhjh6mLhsNhTKEkakwy5KIVmsqgbhxVWUZzUoD3PQNhFUfhFj-o9aLLMwYSu4LLizoiiW7vM9vM44onElmZ4sVE2G5NgxH2YvGnhxZsnqOJUxpdN2sMQ"
}
},
"payload" : "eyJpZGVudGlmaWVyIjp7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InJlYWRzZHMudHpvLm5ldCJ9LCJyZXNvdXJjZSI6Im5ldy1hdXRoeiJ9Cg",
"protected" : "eyJub25jZSI6IkhPT3VSNkViZE5HdUx0bzhDSXhpRnBCS2xERC1OQ0duS2pfUHVEcmdWZjgifQo",
"signature" : "BaMN5-HVIKBDAuJJ7I-pdTTYnMoeArpXiGW4EUheC_bRaAXqvl4UFnhZOeynAogdUYpY71JlFW8R1aadA-Yl5VGe6GiTqoEoGU4z5XZaYHDWDapw-nRkzFMJ_MGQqEpZv-STzJhy_mpXV779jMtkXjMhz7shs3_b8k8WhWIM0tEEVv2dbLQF5AyDooJt3z3QzFcdzyRj4j0NUvf0cAYESNY7d1VsbfjRBqhFYyQCk8wynp8Zjw5HswJSHibUAnXUxGhfzLhvasdZPXotPonQ-_Nj4Mzahmc-bgISp8dPDTqhJ_y0NsUArY4D0G_keZhuPWKpthVUKz0coRDPS7uV5A"
}DEBUG: Curl Reply: [201] Header: [HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1003
Boulder-Requester: 8333082
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/C-MX1m_TlJHFqfPn12y8y6m7m70XvKdEsk1FebPByto
Replay-Nonce: Ldf3fMA2Ljyc0HFRfj_hzvBDw_ELz7o3ncPm0wXMjg0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Oct 2017 03:25:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Oct 2017 03:25:38 GMT
Connection: keep-alive] Body: [{
"identifier": {
"type": "dns",
"value": "readsds.tzo.net"
},
"status": "pending",
"expires": "2017-10-11T03:25:38.828427608Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C-MX1m_TlJHFqfPn12y8y6m7m70XvKdEsk1FebPByto/2125410748",
"token": "MFZJorXA77t4UdMMEC3ApyCbfODACeV2mmmdm_u5DEs"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C-MX1m_TlJHFqfPn12y8y6m7m70XvKdEsk1FebPByto/2125410749",
"token": "u2DNGCgeXZUlnaIStMcUYJ1bTHSjCH52gnBFzQ0kwro"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C-MX1m_TlJHFqfPn12y8y6m7m70XvKdEsk1FebPByto/2125410750",
"token": "iCPU_3z_zfwZiYd56dG4cDXsCxuyVrGkIATmhB32hNA"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}]
DEBUG: new authz: setup challenge env.
DEBUG: [readsds.tzo.net] is not a subdomain of [readsds.familyds.com]
DEBUG: DDNS Curl: [https://ddns.synology.com/main.php?_=letsencrypt%2Fdelete&hostname=readsds.tzo.net&myds_id=32890&auth_key=96deaa1dd9f44a86e53ddd4e770575fc15dd05acbab59bdd1b04ef000a8914089b135443c00c92c8&serial=1660NZN318205&txt=]
DEBUG: szUserAgent: [synology_braswell_916+ DSM6.1-15152 Update 5 (DDNS)]
DEBUG: GET Request: https://ddns.synology.com/main.php?_=letsencrypt%2Fdelete&hostname=readsds.tzo.net&myds_id=32890&auth_key=96deaa1dd9f44a86e53ddd4e770575fc15dd05acbab59bdd1b04ef000a8914089b135443c00c92c8&serial=1660NZN318205&txt=
DEBUG: Curl Reply: [200] Header: [HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Wed, 04 Oct 2017 03:25:39 GMT
Server: synology
Content-Length: 19
Connection: keep-alive] Body: [{"code":"badparam"}]
DEBUG: Dns01 challenge: Teardown [{"code":"badparam"}].
DEBUG: DNS challenge failed, reason: {"error":203,"file":"client.cpp","msg":"Challenge setup is failed."}DEBUG: Normal challenge failed, reason: {"error":107,"file":"client.cpp","msg":"readsds.tzo.net: DNS problem: SERVFAIL looking up CAA for readsds.tzo.net"}
DEBUG: failed to open port 80.
DEBUG: close port 80.
{"error":101,"file":"client.cpp","msg":"failed to open port 80."}
My web server is (include version): WebStation, Apache 2.4
The operating system my web server runs on is (include version):Synology DS 6.1.3
My hosting provider, if applicable, is: DyDNS (failing), NO-IP (ok), and Synology (OK)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes DMS and no SSH
Thanks