Lets Encrypt Expiry Synology

My domain is: gjhitta.synology.me

The operating system my web server runs on is (include version): Mac osx Monterey

Hi I hope someone can help me. I am getting Lets Encrypt emails telling me that my domain for synonyms is expiring, now in 7 days, when I log into my Synology and try nd renew it, it fails. I recently moved house and changed internet provider and since then it's all not working well on the Synology front and maybe all connected.

Here's the email I've received;

Hello,

Your certificate (or certificates) for the names listed below will expire in 7 days (on 2023-09-25). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.

gjhitta.synology.me

I hope you can help.

Thanks!

Did you set up port forwarding? Do you have IPv6 support?

Using the online tool Unbound DNS checker gave these results for DNS A record (i.e. the IPv4 Address) https://unboundtest.com/m/A/gjhitta.synology.me/UIVOTUXP
Just so we can all agree the present IPv4 advertised Address is 87.224.76.10

Query results for A gjhitta.synology.me

Response:
;; opcode: QUERY, status: NOERROR, id: 19896
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: do; udp: 512

;; QUESTION SECTION:
;gjhitta.synology.me.	IN	 A

;; ANSWER SECTION:
gjhitta.synology.me.	0	IN	A	87.224.76.10

----- Unbound logs -----
Sep 20 20:16:42 unbound[1436134:0] notice: init module 0: validator

Your Ports 80 and 443 are filtered; of the Challenge Types - Let's Encrypt likely you are using HTTP-01 challenge which can only be done on port 80. Best Practice - Keep Port 80 Open

$ nmap -Pn -p80,443 gjhitta.synology.me
Starting Nmap 7.80 ( https://nmap.org ) at 2023-09-20 12:55 PDT
Nmap scan report for gjhitta.synology.me (87.224.76.10)
Host is up.
rDNS record for 87.224.76.10: 87-224-76-10.spitfireuk.net

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.60 seconds

Also using the online tool Let's Debug yields these results https://letsdebug.net/gjhitta.synology.me/1617292
Especially note the second ERROR contains Timeout during connect (likely firewall problem).

ANotWorking
Error
gjhitta.synology.me has an A (IPv4) record (87.224.76.10) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with gjhitta.synology.me/87.224.76.10: Get "http://gjhitta.synology.me/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://gjhitta.synology.me/.well-known/acme-challenge/letsdebug-test (using initial IP 87.224.76.10)
@0ms: Dialing 87.224.76.10
@10001ms: Experienced error: context deadline exceeded 

IssueFromLetsEncrypt
Error
A test authorization for gjhitta.synology.me to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
87.224.76.10: Fetching http://gjhitta.synology.me/.well-known/acme-challenge/5jMG33KNoQPcqXLH5kJBfqCC4lNpg88QzU4pTPNbwIQ: Timeout during connect (likely firewall problem) 

Also please read How to restart automatic renewals for a Synology certificate - #17 by MikeMcQ

Here are community forums for Synology that may be of assistance as well:

1. https://community.synology.com/enu
2. https://www.synoforum.com/
3. https://synocommunity.com/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.