QNAP LE won't work

Hey there,
tried to get LE running on my QNAP but unfortunately it won't work.
I already got: Port 80 forwarded on my router, QNAP Webserver running on port 80, .myqnapcloud.com domain registered and working

Domain info(got it blurred on a screenshot, sorry for that):

Getting a "Try again later" Message when I try to install the CA via MyQnapCloud App in the SSL-Tab

"Failed Authentication. Please check the DNS Server or see if Port 80 is working"
Both is working

09/21/21 14:38:56 - args: Namespace(account_key='/mnt/ext/opt/QcloudSSLCertificate/cert/account/key', acme_dir='/mnt/ext/opt/QcloudSSLCertificate/cert/.well-known/acme-challenge', ca='https://acme-v02.api.letsencrypt.org', cert_file='/mnt/ext/opt/QcloudSSLCertificate/cert/cert_tmp', chain_file='/mnt/ext/opt/QcloudSSLCertificate/cert/chain_tmp', contact=['mailto:f.drack@icloud.com'], csr='/mnt/ext/opt/QcloudSSLCertificate/cert/csr', directory_url='https://acme-v02.api.letsencrypt.org/directory', disable_check=False, qpkg_dir='/mnt/ext/opt/QcloudSSLCertificate', quiet=40, verify_type='http', web_document_root='/Web', well_known_dir='/mnt/ext/opt/QcloudSSLCertificate/cert/.well-known')

Traceback (most recent call last):
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 889, in main
    qpkg_path=args.qpkg_dir, challenge_type=challenge_type, ca_certs=ca_certs, web_document_root=web_document_root_list)
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 679, in get_crt
    order, _, order_headers = _send_signed_request(directory['newOrder'], order_payload, "Error creating new order")
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 590, in _send_signed_request
    return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
  File "/mnt/ext/opt/QcloudSSLCertificate/bin/acme-tiny/acme_tiny.py", line 576, in _do_request
    raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error creating new order:
Url: https://acme-v02.api.letsencrypt.org/acme/new-order
Data: {"protected": "eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJub25jZSI6ICIwMDAyZG8tekEwYkZUWmVmMnRHa2g4WS03LWl3ZTVZbU5OTzJSakR4Ul9wWVRsdyIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8yMDkxNjU2NTAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogImRyYWNrLm15cW5hcGNsb3VkLmNvbSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogIkRyYWNrIFFOQVAifV19", "signature": "YnulN8t7PmS_dc58RIbdWnzCDJPnZARbXBs447AqR_inpJ951zt0noVKj3YQ-Q-_IPgKjeyy_QNujCBIu66GvxtmNYIlAF7OQfj1yXoOqQxq5vd9q1oBXb1pJz1BCZJ-MwvuJP8fPBu6lUTjdh1h4aeSLzJzHned68f4pi4V5ENTXLY_nmjC5rY8FHSwwOiMKTKaSGTRWKQC1JlqjgjZgYx0y-9BunLFFp3xRP9PHD_nE9YSfqJzgbzd03xisLEC_fIjBTf31EFpq6No1WdtLyt8XjzHiZLBx-fXFyHoTFqPhzH8Z1eb6D1hmL30OAnRR-py6z1a15-0avJSrh_pPA"}
Response Code: 400
Response: {u'status': 400, u'type': u'urn:ietf:params:acme:error:rejectedIdentifier', u'detail': u'Error creating new order :: Cannot issue for "drack qnap": Domain name contains an invalid character'}

The "acme_error_log_http" in /mnt/ext/opt/QcloudSSLCertificate/log

Anybody got an idea how to fix this?

1 Like

Thank you for your comprehensive starting post, even including the log! We appreciate that immensely.

A hint to the origin of your troubles seems to be stated in the log, especially this part:

It seems for some reason your ACME client tries to get a certificate which includes the hostname
drack qnap, which of course is not a valid hostname.

Do you recognise the phrase "drack qnap" from your settings somewhere?


the domain is "drack.myqnapcloud.com". So yes I recognize it but I can't figure our why ACME has a problem with it. The domain is "valid" as I use it for accessing my QNAP

I think you don't understand: the ACME client somehow is instructed to get a certificate for literally the hostname "drack qnap". And that of course is not a hostname.


Alright got you. I'm pretty new to all this server and CA stuff, so please excuse my dumbness in that case. But I wonder how the ACME got the information that the hostname would be "drack qnap" when everywhere on the server itself its "drack.myqnapcloud.com" and I try to get the certificate through the server?

That's a very good question indeed! However, I cannot answer it for you I'm afraid.


Maybe "drack qnap" was entered somewhere in some hostname field? Maybe during the installation of the system? Does the GUI show you the system hostname somewhere?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.