Failed to connect to let’s encrypt. Please make sure the domain name is valid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.cajncs.com

I ran this command: domain: cajncs.com; E-mail: support@cajncs.com; Alternative: mail.cajncs.com

It produced this output: Failed to connect to let’s encrypt. Please make sure the domain name is valid.

My web server is (include version): Apache HTTP Server 2.4

The operating system my web server runs on is (include version): Synology DSM 6.2.3-25426

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, I log into Synology and manage the NAS.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): no Certbot that I know of.

Synology Support said:

1 Like

There seems to be some DNS/FQDN confusion:

Name: www.cajncs.com
Address: 76.72.93.182

Name: mail.cajncs.com
Address: 76.72.8.21

Which is the IP and FQDN that the Synology DSM device uses?

You mention:

But both of those names are being serviced by NGINX:

curl -Iki mail.cajncs.com
HTTP/1.1 302 Moved Temporarily
Server: nginx

curl -Iki www.cajncs.com
HTTP/1.1 301 Moved Permanently
Server: nginx
1 Like

The domain www.cajncs.com points to the IP address where the website resides (NAS1).
The mail.cajncs.com points to the IP address where the mail server resides (NAS2).
Those are both pointing to the correct place.

I am not sure why it’s stating nginx when on the NAS it shows:

1 Like

No one out there has any idea’s they can contribute?

Hi @CAJN

please: How should that work? @rg305 wrote that already.

You can’t create one certificate with both domain names via http validation, if they have different ip addresses (and without special setups like redirects etc.).

Create two different certificates, one per device.

1 Like

You can’t create one certificate with both domain names via http validation, if they have different ip addresses (and without special setups like redirects etc.).

Create two different certificates, one per device.

Thank you, that was what I was looking for. I wasn’t sure how to resolve the issue, but this makes perfect sense.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.