Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: zxsm.sg
I ran this command: control panel>security>certificate>renew
It produced this output: Ensure that port 80 is open
My web server is (include version): synology DSM 7.2.1-69057 Update 4
The operating system my web server runs on is (include version): DSM 7.2.1-69057 Update 4
My hosting provider, if applicable, is: self-hosted synology nas
I can login to a root shell on my machine (yes or no, or I don't know): I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not sure.
Your domain has two IP addresses. Is this intentional? Because that is rare for a self-hosted setup. And, requires special care to make work correctly.
Can you explain how you use them? If one is wrong just remove it.
I cannot consistently get results making requests to the IP ending in .107 if that is helpful. Requests to the .234 IP get page saying "Web Station has been enabled" but that the site is not yet setup.
zxsm.sg. 0 IN A 101.127.131.107
zxsm.sg. 0 IN A 101.127.131.234
Yes, I have 2 IP addresses due to my ISP subscription. They are connected to a multi-wan router, before connecting to another wifi router that does the DHCP within my LAN. Previously, I have successfully obtained the cert through Synology in this set up (i.e. a multi-wan then a wifi router).
But I have removed one of them (the .234) in the domain records to help in the troubleshooting.
This sounds like a Synology configuration problem. Probably better asked at the Synology forum.
But, I agree that HTTP request on port 80 often fail. From my own test server every other request fails even if I submit them instantly back to back. I would first work on getting reliable HTTP requests working at least with that IP. The other IP seemed to work better earlier but I might be remembering wrong.
curl -I zxsm.sg
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:18:32 GMT
curl -I zxsm.sg
curl: (28) Failed to connect to zxsm.sg port 80 after 133983 ms: Connection timed out
curl -I -m8 zxsm.sg
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:21:56 GMT
curl -I -m8 zxsm.sg
curl: (28) Connection timed out after 8001 milliseconds
The Let's Debug test shows different results. The first HTTP test it does from its own server times out. But, the Let's Encrypt staging system gets through but fails with a 404 (Not found). That means your server said it could not find the challenge token that your own server setup.