Lets encrypt fails to register certificate (on Synology DS 218+)

sathishbs · January 7, 2023, 7:48pm

Here is the nmap of Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-07 14:48 EST
Nmap scan report for sakshi.ddns.net (148.76.48.218)
Host is up (0.0012s latency).
rDNS record for 148.76.48.218: ool-944c30da.dyn.optonline.net
Not shown: 992 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
2601/tcp open zebra
10000/tcp open snet-sensor-mgmt
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown

Bruce5051 · January 7, 2023, 7:49pm

Requires Port 80 Challenge Types - Let's Encrypt
Best Practice - Keep Port 80 Open

Bruce5051 · January 7, 2023, 7:51pm

From where, you local LAN?
Or Publicly visible remote Internet Location?

Try Let's Debug.

Bruce5051 · January 7, 2023, 7:52pm

Here are the results https://letsdebug.net/sakshi.ddns.net/1327090

sathishbs · January 7, 2023, 7:57pm

I am not sure where the issue is if I key in http://sakshi.ddns.net/ in my browser it takes me to a page where "Your website is not set up yet." Which means port 80 is open and redirecting to webstation

barf7709 · January 7, 2023, 7:58pm

Please look at these for addition locations for help.

sathishbs · January 7, 2023, 7:59pm

Thankyou, I will try to explore them and will come back if I still fail. Thanks for the quick responses/

Bruce5051 · January 7, 2023, 8:01pm

You might ask on ddns.net forums as well.

Also if you have a cellphone try connecting to http://sakshi.ddns.net/ with Wi-Fi OFF from the cellphone.
This will force the cellphone to go over the carrier's IP Address and not your local net.

sathishbs · January 9, 2023, 12:27am

I am able to reach my website over my phone/laptop hotpotted to phone n/w, but still LE fails.

Bruce5051 · January 9, 2023, 12:35am

Elsewhere from around the world cannot reach http://sakshi.ddns.net using this online tool https://check-host.net/ with the Permanent link to this check report

And using Let's Debug with HTTP-01 Challenge has 2 ERRORs https://letsdebug.net/sakshi.ddns.net/1328448

Please click the links above and checkout how the rest of the world is presently viewing your website.

sathishbs · January 9, 2023, 12:42am

I just tried this on check-host.net and I am able to reach well
https://sakshi.ddns.net.

Can u check once

Bruce5051 · January 9, 2023, 12:46am

HTTPS is Port 443
HTTP is Port 80

You attempting to use HTTP-01 Challenge which requires Port 80
I had check with HTTP Port 80, please check for yourself. And reread below.

sathishbs · January 9, 2023, 12:50am

Bruce5051, I understand that. but I am not able to understand why LE fails to reach on port#80 while both 80 & 443 are opened on router and server

Bruce5051 · January 9, 2023, 12:52am

Please click on the BOLD links, I do not see anyone able to connect to your website via HTTP Port 80.

sathishbs · January 9, 2023, 12:53am

I have opened a ticket with Synology lets see, where the issue is. I will update this group so that we can understand this issue better.

Bruce5051 · January 9, 2023, 1:15am

And yes, the rest of the world can access your website via HTTPS Port 443 as shown below
https://www.ssllabs.com/ssltest/analyze.html?d=sakshi.ddns.net

sathishbs · January 9, 2023, 1:33am

I know this issue will come up as I failed to install the certificate, that is the main issue that we are trying to resolve.

rg305 · January 9, 2023, 1:52am

I can't reach your site via HTTP either:

curl -Ii http://sakshi.ddns.net/
curl: (56) Recv failure: Connection reset by peer

orangepizza · January 9, 2023, 5:36am

maybe better use TLS-ALPN challange? although not sure what client does that,: mostly because most webserver doesn't expose custom alpn setup to config
lego?

linkp · January 9, 2023, 6:14am

Apache mod_md can use TLS-ALPN, but I don't know of that is available on Synology DSM.