Getting a free certificate from synology

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mlempenau.synology.me

I ran this command: sudo certbot certonly --standalone -v

It produced this output: Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: mlempenau.synology.me
Type: connection
Detail: Fetching http://mlempenau.synology.me/.well-known/acme-challenge/-qzYdriQgJYy_A6Ot2FkD7oFx1ZO08jgQL7skKB-3Hs: Timeout during connect (likely firewall problem)

My web server is (include version): Synology DS220J

The operating system my web server runs on is (include version): DSM 7.0-41890

My hosting provider, if applicable, is: synology

I can login to a root shell on my machine (yes or no, or I don't know): I have admin privilages

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): The latest version -- I loaded it on my computer using sudo apt update.

Synology gives me the name mlempenau.synology.me and an ip address of 171.100.76.87. I have no clue what to do. Your help is much appreciated.

I have obtained a domain name before by paying for it. Is this the better option?

1 Like

Did you know that Synology has built-in support for getting a certificate? That works without even needing Certbot. Their page about it:
https://kb.synology.com/en-global/DSM/tutorial/How_to_enable_HTTPS_and_create_a_certificate_signing_request_on_your_Synology_NAS

2 Likes

You are correct. I forgot to mention one small detail. I have synology certificate but I can't use it with two factor authorization. With 2FA I need a registered domain. I want to use 2FA using my Yubiko. What am i missing to make this happen?

I do not mean to argue - just trying to help. If you are just missing a "registered domain" then another certificate will not help. These are different things.

I have not used 2FA with Synology but saw this Youtube video instructing on Yubico with Synology and it did not mention needing a different certificate.

Your certbot error is saying your NAS was not reachable from the internet. And, right now I do not see any ports open on your NAS.

I think you would get better assistance at the Synology forum - people there know the configuration of it better than we do here. Or, even a Yubico forum if there is one.

5 Likes

A functional HTTP site is a requirement to obtain a certificate via HTTP authentication.
http://mlempenau.synology.me fails :frowning:

3 Likes

They were trying --standalone to meet that but I agree much is missing here. Synology uses a variety of ports for its functions - music sharing, backup, ...

3 Likes

Maybe we have different meanings for "functional HTTP site".
My view is that includes the port forwarding - which seems to be missing from their solution.
[as shown by the failed --standalone request]

fix one, fix all

I have been rightfully accused of not using enough words on some occasions...
And also for using far too many on others.
This seems like a case where I could have used a few more words.

3 Likes

Ah Yes :slight_smile:
Vehement agreement ! (that much is missing)

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.