QNAP LE won't work

Komba · September 21, 2021, 1:04pm

Hey there,
tried to get LE running on my QNAP but unfortunately it won't work.
I already got: Port 80 forwarded on my router, QNAP Webserver running on port 80, .myqnapcloud.com domain registered and working

Domain info(got it blurred on a screenshot, sorry for that):
https://crt.sh/?q=drack.myqnapcloud.com

Getting a "Try again later" Message when I try to install the CA via MyQnapCloud App in the SSL-Tab

"Failed Authentication. Please check the DNS Server or see if Port 80 is working"
Both is working

09/21/21 14:38:56 - args: Namespace(account_key='/mnt/ext/opt/QcloudSSLCertificate/cert/account/key', acme_dir='/mnt/ext/opt/QcloudSSLCertificate/cert/.well-known/acme-challenge', ca='https://acme-v02.api.letsencrypt.org', cert_file='/mnt/ext/opt/QcloudSSLCertificate/cert/cert_tmp', chain_file='/mnt/ext/opt/QcloudSSLCertificate/cert/chain_tmp', contact=['mailto:f.drack@icloud.com'], csr='/mnt/ext/opt/QcloudSSLCertificate/cert/csr', directory_url='https://acme-v02.api.letsencrypt.org/directory', disable_check=False, qpkg_dir='/mnt/ext/opt/QcloudSSLCertificate', quiet=40, verify_type='http', web_document_root='/Web', well_known_dir='/mnt/ext/opt/QcloudSSLCertificate/cert/.well-known')

Traceback (most recent call last):
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 889, in main
    qpkg_path=args.qpkg_dir, challenge_type=challenge_type, ca_certs=ca_certs, web_document_root=web_document_root_list)
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 679, in get_crt
    order, _, order_headers = _send_signed_request(directory['newOrder'], order_payload, "Error creating new order")
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 590, in _send_signed_request
    return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 576, in _do_request
    raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error creating new order:
Url: https://acme-v02.api.letsencrypt.org/acme/new-order
Data: {"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJub25jZSI6ICIwMDAyZG8tekEwYkZUWmVmMnRHa2g4WS03LWl3ZTVZbU5OTzJSakR4Ul9wWVRsdyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8yMDkxNjU2NTAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogImRyYWNrLm15cW5hcGNsb3VkLmNvbSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogIkRyYWNrIFFOQVAifV19", "signature": "YnulN8t7PmS_dc58RIbdWnzCDJPnZARbXBs447AqR_inpJ951zt0noVKj3YQ-Q-_IPgKjeyy_QNujCBIu66GvxtmNYIlAF7OQfj1yXoOqQxq5vd9q1oBXb1pJz1BCZJ-MwvuJP8fPBu6lUTjdh1h4aeSLzJzHned68f4pi4V5ENTXLY_nmjC5rY8FHSwwOiMKTKaSGTRWKQC1JlqjgjZgYx0y-9BunLFFp3xRP9PHD_nE9YSfqJzgbzd03xisLEC_fIjBTf31EFpq6No1WdtLyt8XjzHiZLBx-fXFyHoTFqPhzH8Z1eb6D1hmL30OAnRR-py6z1a15-0avJSrh_pPA"}
Response Code: 400
Response: {u'status': 400, u'type': u'urn:ietf:params:acme:error:rejectedIdentifier', u'detail': u'Error creating new order :: Cannot issue for "drack qnap": Domain name contains an invalid character'}

The "acme_error_log_http" in /mnt/ext/opt/QcloudSSLCertificate/log

Anybody got an idea how to fix this?

Osiris · September 21, 2021, 1:28pm

Thank you for your comprehensive starting post, even including the log! We appreciate that immensely.

A hint to the origin of your troubles seems to be stated in the log, especially this part:

It seems for some reason your ACME client tries to get a certificate which includes the hostname
drack qnap, which of course is not a valid hostname.

Do you recognise the phrase "drack qnap" from your settings somewhere?

Komba · September 21, 2021, 2:13pm

the domain is "drack.myqnapcloud.com". So yes I recognize it but I can't figure our why ACME has a problem with it. The domain is "valid" as I use it for accessing my QNAP

Osiris · September 21, 2021, 4:02pm

I think you don't understand: the ACME client somehow is instructed to get a certificate for literally the hostname "drack qnap". And that of course is not a hostname.

Komba · September 22, 2021, 4:14pm

Alright got you. I'm pretty new to all this server and CA stuff, so please excuse my dumbness in that case. But I wonder how the ACME got the information that the hostname would be "drack qnap" when everywhere on the server itself its "drack.myqnapcloud.com" and I try to get the certificate through the server?

Osiris · September 22, 2021, 4:38pm

That's a very good question indeed! However, I cannot answer it for you I'm afraid.

Nummer378 · September 22, 2021, 5:40pm

Maybe "drack qnap" was entered somewhere in some hostname field? Maybe during the installation of the system? Does the GUI show you the system hostname somewhere?

system · October 22, 2021, 5:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't get QNAP to get LE SSL Help	2	2388	November 5, 2021
QNAP Box Fails to download CERT Help	12	2948	April 24, 2020
ASUS Router and QNAP NAS Let,s Encrypt problem Help	5	3185	July 2, 2018
Help getting certificate for QNAP NAS Help	2	4936	December 31, 2017
Renewing Certificate Failing on QNAP NAS Help	15	2770	March 8, 2024

QNAP LE won't work

Related topics