NAS SSL Help - Synology

Hi,

I have been trying to set up the SSL certificates on my Synology DS420+ and having some errors.

I have read multiple pages here in the community for help, including this detailed one here: Clarification of Synology NAS DiskStation Manager (DSM) Documentation of Let's Encrypt Integration

And thus far I've not been able to sort the issue, any help would be greatly appreciated.

I will explain in detail.

Last week after first setting up my NAS, I set up all the port forwards and set up a ddns domain through synology: "zypher.synology.me". The set up of this was successful and a certificate was issued.

However, I was advised that this was a security risk due to publicity of all subdomains on synology.me, and I was told it is better to register my own domain name. I did that today and registered "truesdell.family" on Google Domains and set up the ddns in their system with all appropriate synthetic records. I configured this on the NAS and it worked correctly and updated the Google DDNS with my current IP Address.

All required ports are still open and forwarded (port 80 and port 443, as well as the standard Disk Station ports). I can access the NAS over a browser, on port 80 for HTTP and HTTPS on port 443, only receiving a certificate issue on port 443.

Today while trying to get a certificate for this new domain I have had nothing but errors. I have tried with both the root domain "truesdell.family" and with a subdomain "zypher.truesdell.family" and neither have had any success.

Initially I was getting the all too common error of "Failed to connect to Let's Encrypt. Please make sure your Synology NAS and router have port 80 open to Let's Encrypt domain validation from the internet". Now I am getting that I have have had too many requests.

I am unsure why it is failing to connect when the port forwards are working through the browser and nothing has changed since I set the initial certificate up on the zypher.synology.me domain.

I have not disabled / deleted the zypher.synology.me certificate, it is still the default certificate so I can still access the system until I get my own domain correctly running. Would this be an issue?

Any advise would be greatly appreciated to point me in the right direction as I am struggling to find the correct solution here. Any further data I can provide please let me know.

Thank you!

Welcome to the Let's Encrypt Community, Shawn

I'm showing via Open Port Check Tool - Test Port Forwarding on Your Router that both ports 80 and 443 are closed for truesdell.family, zypher.truesdell.family, and zypher.synology.me.

Hi Griffin,

Thank you for the assistance. That is really odd, given they are all currently working over browser and zypher.synology.me worked getting it's certificate last week. Hmm.

If the ports were not open, wouldn't they be blocked from working via web browser? eg. Going directly to http://truesdell.family:80 for example?

I will dig around further in the router and see if for some reason something else is blocking them.

Here is the current port forwarding set up in my router.

Success! Sorry for the bother, turns out my ISP turned on a block of those Ports. Given the process worked last week but not this week I can only assume they did it since then. I have asked them to remove the block and the last certificate request went through successfully.

Thank you for the help Griffin, if not for your port checks I wouldn't have figured that out without again exceeding the number of requests.

Glad things worked out so straightforwardly!

No bother at all and you're quite welcome. It happens more often than you might think.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.