Already had good experience with adding a LE certificate to my NAS, but this was on a Synology DDNS domain, so ended on .synology.me.
That was super easy and no problem at all, works like a charme!
Now I have bought a (regular) domain registration (oudisgoud.nl) and want to host this on my Synology NAS. I redirected the new domain towards my current home IP address.
The standard Synology setup for adding new certificate does not work, as it only works for synology DDNS domains.
How to get a LE certificate installed?
My domain is: oudisgoud.nl
Ports 80 + 443 are open
I ran this command: n/a
It produced this output: n/a
My web server is (include version): Apache HTTP Server 2.4 / PHP 8.0 / Wordpress
The operating system my web server runs on is (include version): Synology DSM 7.2.1
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know): YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not able to install certbot on Synology OS
Thanks MikeMcQ !
Correct, I just changed it back to the original (XEL hosting) as I was testing this.
Can you tell me what needs to be the right order of steps?
1 - domain name pointing to my home address
2 - setup the webportal on my NAS
3 - request the LE certificate
For now it feels a bit chicken-egg dilemma, as when I create the webportal (in WEBSTATION on NAS) with the hostname "oudisgoud.nl" it automatically gets added to my default synology DDNS name "fletnix.synology.me", so my gut-feeling tells me to wait with the webportal.
Does LE only checks if the IP address for the requested certificate has an open port 80/443?
Or does it also has to have a webportal?
You are probably better off asking on a Synology forum how to do this.
An ACME Client makes a request to the Let's Encrypt ACME Server. In your case it is using an HTTP Challenge.
Once the LE Server gets the request it makes HTTP requests to your domain (on port 80) using the IP address(es) in the public DNS.
Your server (or webportal) or whatever handles such HTTP inbound requests must reply correctly to be granted a certificate.
Your ACME Client should prepare your server (or whatever) to be able to make that response even before sending the request to the LE Server.
Something is likely going wrong in your setup to make these requests. Perhaps your Synology panel can't even support a cert like you are trying to get.
Are you able to run stand-alone commands and manually configure your Apache server? In that case you could use a different ACME Client to work with your Apache and maybe that would work. People on the Synology forum have probably done this many times.
Added CNAME "radio" and pointed towards my synology DDNS name.
So nslookup radio.oudisgoud.nl => home NAS.
Requesting an LE cert to domain "radio.oudisgoud.nl" was successfull now.
For now, the page is still not secure as it refers to my default certificate:
" This server could not prove that it is radio.oudisgoud.nl ; its security certificate is from fletnix.synology.me ."
Is this a matter of time?
Sorry, issue is solved now.
It was another Synology setting in the Certificate menu.
radio.oudisgoud.nl is now added to the correct certificate.
Thanks for your patience with me!