Having trouble renewing my certificate

Hi there, there's a service to add a certificate through Let's Encrypt on my Asustor NAS. I originally did that, but then it expired. Then I deleted it trying to renew and it's not working. I'm wondering if I can get it renewed for my access domain.

Thanks for any help! Justin

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
"create certificate" (I deleted the expired Let's Encrypt certificate from my Asustor NAS)

It produced this output:
flyingj.myasustor.com is invalid. Please ensure that your domain name can be successfully connected to using port 80. (Ref. 5056)

My web server is (include version):
Asustor AS6604T
The operating system my web server runs on is (include version):
I'm not sure
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I don't know.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Asustor ADM version 3.5.5.RFC3

BIOS Version :
I don't know.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Hi @flyingj

please read your error message.

There is no answer. First check looked like a timeout. Second like a blocking firewall.

Find that instance and remove it. A working port 80 is required if you want to use http validation.


My observation:

Port 80 is open and returns a ping request.

PING flyingj.myasustor.com ( 56(84) bytes of data.
64 bytes from 097-082-119-085.res.spectrum.com ( icmp_seq=1 ttl=53 time=27.9 ms

However over http the server is sending an "empty response"

curl -Iki http://flyingj.myasustor.com
curl: (52) Empty reply from server

In the meantime port 443 is closed/filtered.


Ok, so what to I need to do? I don't understand this very well, my apologies.


In order for Let's Encrypt to issue you a certificate, it needs to verify that your device (the one requesting the certificate) actually owns the domain name that you want the certificate for. The most common approach (and the one that it looks like your device uses) is called an "HTTP-01" challenge, where Let's Encrypt asks the device to put a file in a particular path on its web server that's hosted at that name, and so it can verify that the device does in fact own that name.

However, when Let's Encrypt (or anyone else it seems, as at least @Rip and myself see the same issue from our testing) tries to connect to your name, instead of getting the expected file the connection just gets closed. In fact, usually problems people see are the port being open but the web server not serving the file, or the port just being closed, but in your case the port is open (a connection is established) but then immediately the connection is closed (before a web server response is received).

This means that something is blocking the connection, but it's really hard for us to know what. It might be some firewall on your device. It might be your ISP blocking the port since they don't want "residential" connections to serve web pages unless they pay to upgrade to a "commercial" Internet plan. It might be a bug in the program or web server that's built into your device that's trying to get the certificate.

I'm personally not familiar with that device, and that's likely the same for most if not all people here, so it might be hard for people here to assist you much further than that. You might try seeing if there's a support forum for users of your device. Or maybe somebody who does know about it will happen to come along here shortly.


OK, thank you very much @petercooperjr !


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.