Impossible to create certificate from my Synology


#1

Hi,

I have a DS213 and I try to create a certificate with Let’s Encrypt but it is not working.

I have the error : “No response form the destination server.”
I tried both with my domain and my sub domain, same issue.

  • Ports 80 and 443 are opened on NAS and router
  • Domain is responding fine
  • Web Station is installed and working fine, if I type the sub domain name I reach the page
  • I opened SSH and did a “sudo cat messages | grep letsencrypt” which is giving me : “100 [Server is not reachable.]”, which is wrong as my domain is reachable.

What can be the issue ??

Thank you.


#2

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

My domain is: secret
I ran this command: sudo cat messages | grep letsencrypt
It produced this output: 100 [Server is not reachable.]
My web server is (include version): Apache
The operating system my web server runs on is (include version): DSM 6.1.6
My hosting provider, if applicable, is: OVH (for the domain only)
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#4

Hi,

Have you run any of the programs like certbot ??

Also, if you refuse to provide your domain name, we have no way to help you.

Follow this to get an LE cert:

Thank you


#5

Hi,

No I haven’t run any programs. Just tried to make it from graphic interface of DSM, from “Security” and tab “Certificate”.

Yes I refuse but it doesn’t mean that you cannot help. What do you need about the domain name ?

Thanks.


#6

Withholding the domain name isn’t doing anything to increase secrecy, as it will be publicly and permanently logged to the certificate transparency logs once you issues a certificate anyway. There could be any number of factors preventing you from getting a certificate, including DNS issues, connectivity from areas outside your network, improper responses to specific SNI queries, etc. Withholding the name simply makes it really, really hard for us to help you and ends up just wasting a bunch of everyone’s time.

One thing I’d check, though, is that you can access https://acme-v01.api.letsencrypt.org/directory from the system you’re issuing a certificate to. That’s a pretty ambiguous error message, unfortunately, that doesn’t specify whether the client was unable to reach the server, or the server was unable to reach the client.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.