Not Able to Create a Certificate in Synology DSM

Appreciate any help or advice from the community. I have tried multiple times over multiple days to generate a Let's Encrypt certificate using the Add Certificate wizard on my Synology NAS, but i can't get it to work. I've tried multiple settings, but I can't figure out why it won't work.

My domain is: rocknas.net

I ran this command: Get a Certificate from Let's Encrypt through Synology DSM

It produced this output: Please check your IP address, reverse proxy rules, and firewall settings are configured correctly and try again.

My web server is (include version): I'm using my domain to provide access to my Synology NAS (DS224+) files and Plex Server

The operating system my web server runs on is (include version): Synology DSM v 7.2.2-72806 Update 3

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): Don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Synology DSM v 7.2.2-72806 Update 3

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

My network is using a Verizon G-3100 router. I opend port 80 and put my NAS in a DMZ, and turned off IPv6 support. Port forwarding Rules (four separate rules for each original and Fwd to port, respectively):

Original Port: 80 / 443 / 5000 / 5001
Protocol: TCP
Fwd to Addr: Local IP address of the NAS
Fwd to Port: 80 / 443 / 5001 / 5001
Schedule: Always

I created a CNAME listing on GoDaddy to point to my Synology NAS
I tested my ports using Yougetsignal.com Port 80 is showing open.
I tested HTTP, TLS, and DNS using Let's Debug. All indicated green

None of this is working and i'm still getting the same error.

What am I missing??

Hmm. You have two IP addresses for that domain name in your DNS. Do you have GoDaddy Domain Forwarding enabled? If so, you should disable that and ensure the IP A record is for the public IP of your system.

From the Let's Debug "verbose" output

A and AAAA records found for this domain
rocknas.net. 0 IN A 76.223.105.230
rocknas.net. 0 IN A 13.248.243.5

I know you said you used a CNAME but I don't see that. See below for GoDaddy DNS instructions

from my perspacetive I only see AWS cloudfront IP with something built with Godaddy website builder

Thank you, all!! I really appreciate your help. I am reveiweing the GoDaddy settings now. I did not have any forwarding rules, but I did notice ANAME and CNAME records that pointed to GoDaddy and other sites. I'm cleaning those up and will retry once the site has time to refresh. I'll let you know if that works.

Those are actually AWS Global Accelerator endpoints. GoDaddy uses that service for its Domain Fowarding feature.

Of course, people can use AWS Global Accelerator themselves. And, other services use it too. But, since they mentioned GoDaddy I made that guess about Domain Forwarding

PTR	a16e665f42988324c.awsglobalaccelerator.com.

Problem solved!! In addition to cleaning up the GoDaddy DNS records for my domain, I also had to add an ANAME record for the NAS. Once I did that and allowed the domain to propagate, everything worked. Thank you all again for your help!!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.