I ran this command: Creating cert using Synology DSM 6
It produced this output:
2019-01-07T13:13:20-05:00 asteroid synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[26559]: certificate.cpp:973 syno-letsencrypt failed. 102 [Invalid response from http://asteroid.trilliumbrewing.com/.well-known/acme-challenge/UUC3nzUu4xHzkauY-WcftepSG7zRpGmA9SBoU1uV788: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>300 Multiple Choices</title>\n</head><body>\n<h1>Multiple C"]
2019-01-07T13:13:20-05:00 asteroid synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[26559]: certificate.cpp:1392 Failed to create Let'sEncrypt certificate. [102][Invalid response from http://asteroid.trilliumbrewing.com/.well-known/acme-challenge/UUC3nzUu4xHzkauY-WcftepSG7zRpGmA9SBoU1uV788: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>300 Multiple Choices</title>\n</head><body>\n<h1>Multiple C"]
My web server is (include version): Synology DSM 6.2.1-23824 Update 2
The operating system my web server runs on is (include version): DSM 6.2.1-23824 Update 2
My hosting provider, if applicable, is: 1&1 IONOS
I can login to a root shell on my machine (yes or no, or I donât know): Into the Synology, yes. The TLD, no.
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): ? The host is 1&1, the A record of the TLD points to a Squarespace page.
Can someone help me decrypt the error message? Thank you!
Thanks for that information. I deleted the AAAA records and am still experiencing the issue, so thereâs some configuration error somewhere, but Iâm not sure where.
In my firewall, I have created a destination NAT rule that looks at HTTP+S traffic and forwards to the Synologyâs port 5001, the HTTPS port. Could this potentially be the problem? Or could it be something in the Synologyâs or web services configuration itself?
I made the change so that HTTP redirects to the correct HTTP port on the Synology and no longer am receiving the error 400 myself! So progress is being made. Thank you for pushing me towards that, @JuergenAuer âŚ
However, I am still receiving the failed to connect error in the DSM. In the logs, I receive the following error:
2019-01-07T14:13:56-05:00 asteroid synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[31204]: certificate.cpp:973 syno-letsencrypt failed. 102 [Invalid response from http://asteroid.trilliumbrewing.com/.well-known/acme-challenge/u3VMbVGtid14P5UIhUhF2CSLFSeWqs67bgBCatpW6a0: "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\">\n<style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"]
2019-01-07T14:13:56-05:00 asteroid synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[31204]: certificate.cpp:1392 Failed to create Let'sEncrypt certificate. [102][Invalid response from http://asteroid.trilliumbrewing.com/.well-known/acme-challenge/u3VMbVGtid14P5UIhUhF2CSLFSeWqs67bgBCatpW6a0: "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\">\n<style>body{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig"]
This was the problem. Your firewall sends http + https traffic to the same port, that can't work. Your firewall must send different traffic to different ports.
I changed the permissions to /www/.well-known/acme-challenge so that it can be accessed by everyone and created a âtext.txtâ file in that directory to see if I could navigate to it over the web but get the ânot foundâ error when I try to navigate to: http://asteroid.trilliumbrewing.com/.well-known/acme-challenge/text.txt âŚ
I can easily navigate to /volume2/www/.well-known/acme-challenge through the terminal and am not prompted for authentication to view the contents of these directories.
Iâm not sure the web server is configured correctly â I installed the Web Station package and it looks like itâs running on Nginx ⌠could there be some configuration error in the nginx.conf?
Iâm at a loss right now⌠Iâm guessing the /.well-known/acme-challenge directory is not in the correct place and thatâs why it canât be accessed⌠I just donât know where itâs supposed to go.
Thanks @JuergenAuer for helping me through this, Iâve got it figured out.
The problem was in the port forwarding in my firewall. From the internet, I was forwarding HTTP port 80 to Local NAS port 5000 â so it was directing traffic to the DSM login ⌠when I switched forwarding from external port 80 to Local port 80, I was able to successfully get the LE cert installed.