QNAP 4.3.3 and renewal of certificate

Hello,
actually it is not a brand new theme, but there the issue is still not solved.
As I believe that a lot of QNAP users including me, do everything right (Port 80, etc.) but still receive the message, that the renewal can’t take place, I do have another question.
Is it possible to renew the certificate in another way, download it and install it into the QNAP?
Appreciate soon help, as I just have another 8 days left for renewal. Thank you.

Best regards,
Stephan

What client software are you using? qnap-letsencrypt or something else?

What specific error do you get?

You could use certbot or another client in manual mode on a different computer, or even https://zerossl.com or https://gethttpsforfree.com in a web browser. Since the client is not running on the device that Let's Encrypt is verifying, this would would require you to copy a file to the .well-known path on a running webserver on the QNAP or set up a DNS TXT record.

Thank you very much for your quick reply.
As pictures often tell more than words, I made some screenshots of my QNAP system and the port forwarding in my fritzbox. The QNAP is reachable from outside though port 80. And the funny thing IMO is, that the first install of the certificate worked out properly.
Did I get it right, that the certificate renewal button within the QNAP does not work at all?

Here are the screenshots:
www.familie-kohrt.com/screenshots.pdf

Best regards,
Stephan

As I believe that a lot of QNAP users including me, do everything right (Port 80, etc

If this was the case then you would be able to issue the certificates

any reasons why you didn’t fill out the questions as those are useful

My domain is:

I ran this command:

It produced this output:

This would save a lot of time answering theoretical what could be wrong.

Knowing what commands you are running and what the response is very useful for troubleshooting

Andrei

Hello again and thank you for tjis reply.
Actually I am just a user of my QNAP NAS.
I just run a small PHP-script on the webserver of the NAS. I do not rum any command. Therefore I can’t give you any details on that. My Domain is skohrt.selfhost.bz, but is this really important? I just installed the certificate via the user interface and now I try to renew it via the user interface. Thank you.

Best regards,
Stephan

I just searched for the first thing that came up for “QNAP Let’s Encrypt”. They should advertise that they support it natively better. :slight_smile:

The Let’s Encrypt servers usually return a detailed error message. Since your A record appears fine and you don’t have an AAAA record, it appears it is obscuring the real failure.

Use the QNAP Log Viewer and look for messages like “Validation failure” or “urn:acme:error:[something]” and paste the whole section here if you find one. Or if you can use a shell or filesystem viewer to browse /var/log, there may be a letsencrypt or acme log file within.

If you cannot find it, ask on the QNAP forum how to obtain the full error message returned by Let’s Encrypt. There’s not much we can do without knowing what is really wrong. :frowning:

I crawled the system logs which are accessible from the UI of the QNAP NAS for things like ‘letsencrypt’, ‘urn:acme:error:’, ‘acme’ without success and as well I jumped via SSH to the mentioned directory of the QNAP (/var/log). In there I just found this:
www.familie-kohrt.com/var_log_list.pdf
Again no hints towards ‘letsencrypt’ within.
However I just opened a ticket at QNAP service and asked if they have an idea, where the problem could be, but more over to pass me where I can find the full error message.
So I will be back. Thanks for now.

Best regards,
Stephan

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.