Please forgive me, I am new to this; I have started using a Synology NAS two months ago.
I know this must be a VERY, ridiculously basic question -- but HOW do I renew a certificate?
The email "Let's Encrypt certificate expiration notice for domain ..." does not seem to mention this, nor does the page "Integration Guide - Let's Encrypt", it only talks about WHEN etc.
Also on the documentation page "Documentation - Let's Encrypt" searching for the term "renew", I cannot find something so simple as a link to a page where I can do the renewal (this is what I would expect), and the same happens here in the community/forum, where I looked at all occurrences of "renew", which all discussed special problems, not answering the simple question: HOW DO I DO THE RENEWAL OF A CERTIFICATE?
Thanks a lot in advance, and again apologies for taking your time with this. I must be blind or stupid, but I do not find the answer which everyone else is seeming to find easily. (If I did not overlook this, I suggest providing the answer right in the reminder email or on the landing page cited therein.)
1 Like
Welcome @tsepati
I'm guessing you used your Synology device's built-in option to get the original certificate. That would also do your renewal. I'm also guessing something changed in your configuration since you first got your cert otherwise it would have renewed. Maybe you closed off port 80. Your Synology should have a log somewhere with the failure reason. You would probably be better off posting this in the Synology forum.
There are other ways of getting certs. Most often we help people who installed an ACME Client and configured it to get a cert. Had you done that you probably would have been able to answer more of the questions on the form you were shown when opening a Help topic.
If you can't get help from the Synology forum please answer more of the questions on the form below. Even saying "I dont know" helps us understand your situation. Thanks
================================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
4 Likes
Dear MikeMcQ,
thanks so much for answering, and for being kind enough to take my certainly very basic request for help seriously and treat me with respect as you did.
Indeed, I used the standard procedures which came with the Synology NAS when I first acquired a certificate. And indeed, since then I changed my configuration -- for a number of reasons (exploring the possibilities of my NAS led me into a number of dead ends), I reset my NAS to the factory settings / reinstalled the Synology operating system, and in the process, I assume, acquired new certificates (with slightly different settings).
So I assume that the warning was sent in the context of the original certificates, which I will not use, and so I probably can safely ignore them.
If that assumption proves wrong, and I end up with other warnings or even without a valid certificate, I probably will first try do get support from the Synology crowd, as you propose, and only if that did not work, I would come back to this forum.
If I may, I would suggest (I am not sure whether the relevant people are reading this) that the remembering/warning emails include some paragraph that addresses cases like mine, where the end user is perhaps not even aware that, let alone how, they acquired a certificate, and have no clue what to do when reminded to renew their certificate. This might concern several Synology users, and possibly those from other such systems. The same holds for the principal documentation pages on the letsencrypt-site.
Thanks again for your kind support!
3 Likes
Yes, I assume that too. I'm guessing after you reset you got a new cert with a slightly different list of domain names than your prior cert. Let's Encrypt can't know that you obsoleted the earlier one versus wanting another for a different purpose and names so issues the warning email. Had you provided your domain name we would have checked and seen this as the likely cause. You can check your cert history yourself with various tools. The easiest to use is probably: Let's Debug Cert Search
I agree the warning email is not very friendly to novices. Especially with the first link being to the integration page which is complex. The link to the details of the email itself would probably be better as the first link (this link from the email). Complaints are common but solutions harder to come by. There are hundreds of ways to get certs and Let's Encrypt issues around 4 million a day. Such a broad audience is hard to address.
You can check your active cert with various tools. This one below is commonly used. It checks for many things in addition to the cert but you should get a good report. You could use this to monitor your situation rather than waiting for a failure 
3 Likes