I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA
I am having trouble getting the domain certified.
I have a Synology NAS running and I ca acces it via the domain.
So, I do not see why i get the message:
"ongeldig domein. zorg dat dit domein in een openbaar ip-adres kan worden geconverteerd" Witch translates to: "invalid domain. make sure this domain can be converted into a public ip address". Realy frustrating.
So I tried a couple of days. an now I get the message that i have made to many atempts to get certification.
If annyone has sugestions, I hope you will share them with me, becouse i am cleuless.
Hello @Driesum, welcome to the Let's Encrypt community.
When I try connecting to http://androla.nl with Firefox 107.0.1 (64-bit) on Windows I see nothing;
and then after several second (maybe 20 seconds) it seems to redirect to here http://androla.nl:5000/
and get "The connection has timed out".
Some investigative results
> androla.nl
Server: ns1.dynu.com.
Address: 162.216.242.2#53
Name: androla.nl
Address: 87.208.78.114
>
$ nmap androla.nl
Starting Nmap 7.91 ( https://nmap.org ) at 2022-12-09 07:55 PST
Nmap scan report for androla.nl (87.208.78.114)
Host is up (0.16s latency).
rDNS record for 87.208.78.114: 114-78-208-87.ftth.glasoperator.nl
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
5001/tcp open commplex-link
Nmap done: 1 IP address (1 host up) scanned in 11.15 seconds
$ curl -I http://androla.nl
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 15:56:50 GMT
Content-Type: text/html
Content-Length: 543
Last-Modified: Fri, 09 Dec 2022 12:28:28 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Accept-Ranges: bytes
e6430-i5$ curl -I http://androla.nl/.well-known/acme-challenge/testfile
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 09 Dec 2022 15:57:33 GMT
Content-Type: text/html
Content-Length: 11939
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
ETag: "62a83cc4-2ea3"
Using this online tool Rex Swain's HTTP Viewer with http://androla.nl as the input I see these results which does not indicate to me that I connecting to the Synology NAS
http://www.rexswain.com/httpview.html
Code last updated 21 March 2020
Request:
GET http://androla.nl HTTP/1.1
Host: androla.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
Referer: http://www.rexswain.com/httpview.html
Connection: Close
Response Header:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Dec 2022 15:59:08 GMT
Accept-Ranges: bytes
Server: nginx
Content-Length: 543
Content-Type: text/html
Last-Modified: Fri, 09 Dec 2022 12:28:28 GMT
Content (Length = 543):
<!DOCTYPE·html>(LF)
<html>(LF)
····<body>(LF)
········<input·type="hidden"·id="http"·name="http"·value="5000">(LF)
········<input·type="hidden"·id="https"·name="https"·value="5001">(LF)
········<input·type="hidden"·id="prefer_https"·name="prefer_https"·value="false">(LF)
····</body>(LF)
····<script·type="text/javascript">(LF)
········var·protocol=location.protocol;(LF)
········var·port=location.protocol·===·"https:"·?·5001·:·5000;(LF)
········var·URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search;(LF)
········location.replace(URL);(LF)
····</script>(LF)
</html>
Done
Total elapsed time: 1 seconds
See Rate Limits - Let's Encrypt, searching for request on that page will help you find which limit you are running up against and how long you will have to wait before attempting again.
Also testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).
Thank you for your help.
Androla.nl is a Zyxel T54 router.
On this router ports 5000 and 5001 are forwarded to the synology. An alias.androla.nl leads to the NAS.
Port 80 has been forwarded as well, since Let's encript requires it to be open to be able to certify the domain.
I hope this explains the ports.
I used telnet to check if the port 80 is open, and it is. I do not see why this message is being shown. and why certfication is not succesfull.
I hope someone can figure this out.
I can reach the NAS, but the FQDN domain is not certified.
Thanks for joining in. I see a lot of comments, however I am not an expert in this field. These tests and challenges is all abra cadabra for me.
The synology software allows aliasses to be certified together with the domain.
First it promts you to chose an action: in my case Add a new Certificate
second it prompts you to choose an action:
1 import a certificate
2 Get a certificate from Let's encript (Witch is my choice)
Then this pops up:
HI all,
I tried again leaving the [Subject Alterrnative Name] empty and managed to get it certified. I certified the alias separately.
Apparently it is not convenient to include the aliases in this field.