Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
I’m trying to use Synology Router to issue let’s encrypt certificate for this domain, which will point to a example.synology.me DDNS
It produced this output:
“Failed to connect to Let’s Encrypt. Please make sure the domain name is valid”. Namecheap.com CS says: “Unfortunately, we do not provide support with the Let’s Encrypt validation.”
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
You have DNSSEC enabled in registry level, but didn’t have the corresponding DNSSEC-signed records.
This would prevent record resolution. (Which means you can’t see the website)
After a long chat session with Namecheap CS, they didn’t see any problems on their end, suggested activating DNSSEC from their DNS domain management webpage. I did activate this, but don’t see any changes on the site you linked… Also, still getting the “Failed to connect” error from Synology when trying to connect to LE
Just did a recheck and your DNSSEC are enabled now.
What exactly are you trying to do?
You’ve mentioned CNAME to a Synology domain, did you do it? (Checking your DNS record there’s no IP address or CNAME found for both your root domain or www domain.)
I’m trying to secure a LE certificate using Synology Router.
LE works for certificate for Synology DDNS, but I want one for the FQDN blittbase.com, so I can use that site as well. This site will eventually link back to my router, server, and whatever else follows.
So namecheap says all I need is type: CNAME Record, host: router, and value: example.synology.me. I set this up, went back to RT2600 router and tried to get LE to issue certificate w/ Domain: blittbase.com, SAN: router.blittbase.com.
But I keep getting the same error. Again, tested it fine with DDNS, so the ports are open, and LE is issuing, just not to this domain name!
thanks so much!
If that succeed, add your IP /the IP in your CNAME record to your root domain, you can’t get a certificate for your root domain unless there are A/AAAA records for that domain.
I put router.blittbase.com in the domain name and the SAN. no luck. still fails to connect.
I don’t have an IP in the CNAME record or root domain with namecheap. The only record I have for the domain is the one pointing from router.blittbase.com the the Synology DDNS. No A/AAAA records because I don’t think I have a static IP address for the router…
This is all I have. Namecheap said it should work. It’s a CNAME on a subdomain (router.blittbase.com) . But I don’t have any a/aaaa attached to the domain.tld.
(sorry - I am totally daft about this stuff) — so the DNS stuff on namecheap is OK? That’s good. but I’m still not able to get LE to create the certificate or OK the domain…which is the original problem…
First of all, can you please check if your DSM is up to date?
Can you also enable port forwarding on your router, for port 5001?
(Port 80, 5000 and 5001 should all be open and forward to your DSM)
The LE certificate request is for my RT2600 router. …
But SRM and DSM are up to date. I spoke with Synology tech earlier, and they said ports are all good, esp since I was able to reach LE for certificate for the Synology DDNS . Basically, I am falling between the cracks — synology and namecheap are pointing fingers at the other…