Multiple certificates with Synology DSM 7.1.1

I had a working certificate for NAS8791.synology.me. I reset my NAS certificates, which delete the synology.me certificate.

I wanted to ADD/Replace that certificate for my new Google domain jigsawpix.com at the same external IP address.

When I try to do that via the Synology control panel, it comes up with an IP error, or a reverse proxy setup error. Both setups are correct.

Why does Let's Encrypt let me install a certificate for jigsawpix.com?

Does Let's Encrypt allow two certificates for the same IP address? Is there a way to disable/remove the certificate for nas8791.synology.me? Or how do I fix this?

My domain is: jigsawpix.com

I ran this command:

It produced this output:

My web server is (include version): Synology DS118

The operating system my web server runs on is (include version): DSM 7.1.1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I believe so

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Don't know

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ???

You might want to check the https://community.synology.com/enu
Here is one of interest https://community.synology.com/enu/forum/1/post/155761?reply=482780
and links to this video How to Configure HTTPS on Synology NAS Using Let's Encrypt - YouTube

2 Likes

It begs to differ.

???

No, you can't get an LE cert for an IP.
Yes, you can get multiple LE certs where all the names on them resolve to the same IP.

Yes, just stop using it.

(with the small amount of problem info provided) It seems that the NAS (or the ACME process) isn't able to properly resolve the IP to the given name.
I'd start by checking that the name was spelled correctly [not the first time a TYPO has delayed things].
Then I'd check the logs on the NAS for clues.

4 Likes

Synology's DSM software installs the Let's Encrypt certificate automatically. For some reason, it is not working.

Is there a way to get a Let's Encrypt cert, which would allow me to import it into the NAS manually?

I suggest that Synology's forum would be a better place to get answers as to why their automatic process is not working for you. Since Let's Encrypt certificates expire every 90 days, an automatic process will increase your security and simplify your life.

Please continue to check and ask your questions on this forum as well, we have people with a wide variety of usages (such as Synology's devices) and knowledge. :slightly_smiling_face:

2 Likes