Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: Update certificate automatically or manually
It produced this output: "Failed to connect DNS, look at port80..." and in log : "[myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain.
My web server is (include version):
The operating system my web server runs on is (include version): QNAP TS-269L - QTS 4.3.4.1652
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Hello all,
I didn't have any problems of automatic certificate update before december 2021.
In december 2021, i wasn't able to renew the certificate.
I found this explanation https://forum.qnap.com/viewtopic.php?f=313&t=144434&start=15#p800345 on Qnap forum and solved this issue, my certificate was updated for 3 months and 3 months later, i've got that new issue.
Thanks for your help.
44366 is the NAS https port. I use it to acces the webUI QTS interface.
8081 is the port configured for a web server on the NAS. I don't use it so i desabled the service but still have the certificate update issue.
Yes, that the point. I didn't have any problems before 12/21 and didn't change anything on my NAS config.
On 02/21/22 i received this mail :
Hello,
Your certificate (or certificates) for the names listed below will expire in 11 days (on 04 Mar 22 10:54 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See Integration Guide - Let's Encrypt for details.
Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443.
Right now I do not see port 80 open. Try using a tool like this to check any port:
Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443.
301 or 302 doesn't matter. What matters is that you use port 80 or 443.
And this means that you should complain to the NAS manufacturer, because they should not redirect port 80 requests for .well-known/acme-challenge and should pass it to the acme client instead, if they know what they are doing.
Your solution right now can be moving the service responsible for validation on port 443.
Hello all,
After the correction of my ports as explained here, i still had the same problem.
I found this explaination on the QNAP forum.
And it solved the issue. I could then update my certificate for 3 month. Hope that the automatic update will work fine in june...