I am unable to renew my certificate for tenyearsafter.myqnapcloud.com,kerrzone.com,musings.kerrzone.com using qnap built in app

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:kerrzone.com,tenyearsafter.myqnapcloud.com

I ran this command:control panel/ssl certificate & Private key/get lets encrypt

It produced this output:domain validation not recieved from acme server

My web server is (include version):apache http server

The operating system my web server runs on is (include version):QTS

My hosting provider, if applicable, is:n/a

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):qnap control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @sfkerr, and welcome to the LE community forum

Have you asked qnap support about this error?:

No, I have checked the qnap support forum and can’t find anything. I have been using these domains with a lets encrypt certificate for a number of years and this is the first time I cannot get it to renew.

Well @sfkerr, here is a list of issued certificates crt.sh | tenyearsafter.myqnapcloud.com, the latest being 2024-03-21 and a lot of them.

Here you can see Rate Limits are being exceeded;
try testing and debugging are best done using the Staging Environment.
https://tools.letsdebug.net/cert-search?m=domain&q=tenyearsafter.myqnapcloud.com&d=168

image1714×990 41.9 KB

Also presently both domains are serving the same self-signed certificate.

• https://decoder.link/sslchecker/tenyearsafter.myqnapcloud.com/443
• https://decoder.link/sslchecker/kerrzone.com/443

Thanks Bruce

I appreciate the information and it helps me understand a bit more of what could be happening.

Currently my QNAP NAS is defaulting to self signed certificates because I cannot get any Lets Encrypt ones installed.

To build on my problem explanation:
I recently implemented a new mail server on this machine and used lets encrypt for the domain mail.kerrzone.com.

On this same NAS I am running an apache http server (the QNAP default) with port 80 and 443 open and I had successfully installed a certificate for tenyearsafter.myqnapcloud.com including alternate sites kerrzone.com and musings.kerrzone.com.

After three months the mail server renewed automatically, no issues but when the web servers certificate auto renewed it dropped the alternate sites.

Unfortunately QNAP control panel interface for certificate management does not have an option to use the test environment. (The mail server does and I used test first no problem).

I tried adding the alternate sites back from control panel using kerrzone.com as the main domain with musings.kerrzone.com and tenyearsafter.myqnapcloud.com as alternates and received the error :A domain validation challenge was not received from the acme server. Ensure your router and QNAP device both accept inbound traffic on ports 80 and 443 which is a requirement from let's encrypt.

I have used a couple of online apps to confirm these ports are open.

I used the QNAP interface at my QNAP cloud to release the single tenyearsafter.myqnapcloud.com interface and then tried the control panel app to add it back with the alternative sites using kerrzone.com as main domain. It did not work still with the authentication issue.

I did then try both the control panel interface and the myqnapcloud interface to add the certificate using tenyearsafter.myqnapcloud.com as the main domain. I guess I tried this too many times and this gives the rate limit issue for this domain.

I wonder if the issue getting the alternate domains is related to the mail server certificate, although not sure how and it did work initially.

I am going to try moving the mail server to a different host machine and try and certify there. If this works, After March 28th I will try and add the qnap only cert to the tenyearsafter machine.

If you or anyone else on the forum have any thoughts about this considering the additional information please let know.

I just wanted to add to my last post.

I tried to get a lets encrypt cert 1 cert for three domains) using QNAP control panel on a different QNAP NAS (same O/S version) and was unsuccessful although in the past this method has worked for me.

I concluded the problem was not related to the introduction of the mail server, or the specific NAS, the process to get a lets encrypt certificate app using QNAP control panel appears to be not working anymore although as noted I have used it in the past.

So I installed LEgo acme/lets encrypt application on my qnap and got a certificate and then manually imported it. All is working now.

I note, though, there were some tricky moments using the LEgo app.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.