I am no longer able to create a certificate from my Synology NAS for my domain

grego · April 12, 2025, 10:26am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: boushi.fr

I ran this command: Using graphic interface from the NAS

It produced this output: "Please check that your IP address, reverse proxy rules, and firewall settings are configured correctly and try again."

The operating system my web server runs on is (include version): DSM (SYNOLOGY)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): DSM 7

From my point of view, port 443 and 80 are open and redirected to the NAS.
Able to connect from outside using these ports.

Let's debug produces an error using http-01 (not for DNS) but I don't understand really the meaning.

MikeMcQ · April 12, 2025, 12:24pm

Welcome @grego

Your apex domain name boushi.fr has an IP address in your DNS that is different than the IP you have for all your subdomains.

Specifically, your apex domain IP is for a Hostinger page but the others use a CNAME to a boushi.synology.me

To get a certificate with all those names they should all use the same IP

Since Dec27 did you change your DNS for your apex domain? Because that was the last successful certificate you got: crt.sh | 15903073265

grego · April 13, 2025, 1:30pm

Hello @MikeMcQ and thank you for the welcome.

Yes I have changed to hostinger recently.

I have checked the previous configuration and my apex domain name was in the same configuration than today. It was a misconfiguration.

Nevertheless, I removed the A record for the apex domain and added an ALIAS record for it, with the same IP than the subdomains.

Thank you for this, I'm waiting for the propagation and make another test.

Come back to you then.

MikeMcQ · April 13, 2025, 1:56pm

You are ready for another test now. Let's Encrypt checks your authoritative DNS Servers directly. It is not affected by TTL propogation.

See: https://unboundtest.com/m/A/boushi.fr/JLIHJGHX

grego · April 13, 2025, 3:21pm

You're a master!

It was the issue, renewal is ok now!

Thank you for the help

Topic		Replies	Views
Requesting a certificate for my new NAS fails Help	12	629	January 9, 2021
Aide pour Création certificat sur NAS Synology Help	5	1465	August 14, 2021
Can't create certificate for 1 domain on Synology others do work on same NAS Help	7	749	July 16, 2019
Certificate with no domain Help	6	8723	May 31, 2018
How obtain a certificate for Synology NAS Help	2	1165	April 5, 2018

I am no longer able to create a certificate from my Synology NAS for my domain

Related topics