Hello,
I have an issue to renew my LE certificates (I’m running a Synology NAS with DSM6.1).
I can successfully request new LE certificates (with new urls / subdomains) but I’m not abale to renew the ones that I had already created.
Note: now they have expired.
Here is what I get when running the renew command (I get “Fail to connect to Letsencrypt server” from the DSM UI).
My port 80 is open.
Im launching the command:
/usr/syno/sbin/syno-letsencrypt renew-all -v
DEBUG: check need to renew. [/usr/syno/etc/certificate/archive/A385Rk/]
DEBUG: start to renew [/usr/syno/etc/certificate/archive/A385Rk/].
DEBUG: setup acme url https://acme-v01.api.letsencrypt.org/directory
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/directory
DEBUG: strat to do new-authz for bureau.vinch-syno.synology.me
DEBUG: ==> start new authz.
DEBUG: new authz: do new-authz.
DEBUG: Post JWS Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: Post Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: new authz: setup challenge env.
DEBUG: new authz: http-01 challenge.
DEBUG: Post JWS Request: https://acme-v01.api.letsencrypt.org/acme/challenge/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4/186347594
DEBUG: Post Request: https://acme-v01.api.letsencrypt.org/acme/challenge/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4/186347594
DEBUG: new authz: http-01 check result.
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/acme/authz/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/acme/authz/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4
DEBUG: GET Request: https://acme-v01.api.letsencrypt.org/acme/authz/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4
DEBUG: ==> start new authz.
DEBUG: new authz: do new-authz.
DEBUG: Post JWS Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: Post Request: https://acme-v01.api.letsencrypt.org/acme/new-authz
DEBUG: new authz: setup challenge env.
DEBUG: Setup DDNS: TXT [acme-challenge.bureau.vinch-syno.synology.me][YEYpHv-IbB9gzcoJZRTDwSvAdNpsHhfMBExXO486kG0]
DEBUG: DDNS Curl: [https://ddns.synology.com/main.php?=letsencrypt%2Fcreate&hostname=bureau.vinch-syno.synology.me&myds_id=551889&auth_key=2da73fc1ba38c12d8d553fb2f5e55319b058e4f60418221874ffa6688339d888fd4d79896d8355a9&serial=13C0LAN003022&txt=YEYpHv-IbB9gzcoJZRTDwSvAdNpsHhfMBExXO486kG0]
DEBUG: GET Request: https://ddns.synology.com/main.php?=letsencrypt%2Fcreate&hostname=bureau.vinch-syno.synology.me&myds_id=551889&auth_key=2da73fc1ba38c12d8d553fb2f5e55319b058e4f60418221874ffa6688339d888fd4d79896d8355a9&serial=13C0LAN003022&txt=YEYpHv-IbB9gzcoJZRTDwSvAdNpsHhfMBExXO486kG0
DEBUG: Dns01 challenge: Setup [{“code”:“host_not_found”}].
DEBUG: DDNS Curl: [https://ddns.synology.com/main.php?=letsencrypt%2Fdelete&hostname=bureau.vinch-syno.synology.me&myds_id=551889&auth_key=2da73fc1ba38c12d8d553fb2f5e55319b058e4f60418221874ffa6688339d888fd4d79896d8355a9&serial=13C0LAN003022&txt=YEYpHv-IbB9gzcoJZRTDwSvAdNpsHhfMBExXO486kG0]
DEBUG: GET Request: https://ddns.synology.com/main.php?_=letsencrypt%2Fdelete&hostname=bureau.vinch-syno.synology.me&myds_id=551889&auth_key=2da73fc1ba38c12d8d553fb2f5e55319b058e4f60418221874ffa6688339d888fd4d79896d8355a9&serial=13C0LAN003022&txt=YEYpHv-IbB9gzcoJZRTDwSvAdNpsHhfMBExXO486kG0
DEBUG: Dns01 challenge: Teardown [{“code”:“host_not_found”}].
DEBUG: DNS challenge failed, reason: { “error”: 203, “msg”: “Challenge setup is failed.”, “file”: “client.cpp:278”}
DEBUG: Normal challenge failed, reason: { “error”: 200, “msg”: “Authorization timeout.”, “file”: “client.cpp:332”}
Here is the detail of the file https://acme-v01.api.letsencrypt.org/acme/authz/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4 file:
{
“identifier”: {
“type”: “dns”,
“value”: “bureau.vinch-syno.synology.me”
},
“status”: “valid”,
“expires”: “2017-05-16T14:13:04Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “valid”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4/186347592”,
“token”: “9g07e6WStWLjDZiPyAGIICRu9d3Wr8WFMpF9tW3eFU4”,
“keyAuthorization”: “9g07e6WStWLjDZiPyAGIICRu9d3Wr8WFMpF9tW3eFU4.J1Jo04uNFEEpBM7msAwBPtRo_i5V_xlQnwVQCWgpWq0”,
“validationRecord”: [
{
“Authorities”: [
“synology.me.\t842\tIN\tNS\tns1.synology.me.”,
“synology.me.\t842\tIN\tNS\tns2.synology.me.”
],
“hostname”: “bureau.vinch-syno.synology.me”,
“port”: “”,
“addressesResolved”: null,
“addressUsed”: “”
}
]
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4/186347593”,
“token”: “lSQrkdpRamEsfkJuqG-tEgWr4-pwxHWZZxIlaZ4X7Do”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/CoqHgnCwoFllF5hNE5pzo2zAdGPYcXU0lVYCSeO79l4/186347594”,
“token”: “Syz54j94qW8eViyTldpcFY0xYM8N7lltVKiH4IgZvtg”
}
],
“combinations”: [
[
0
],
[
2
],
[
1
]
]
}
It seems it is linked to some DNS Challenge error, but I don’ really understand what’s wrong ? My Certificates did renew (automatically with the DSM autorenewal) without any problem until this time.
And again, what is strange is that I’m able to create new certificates for the other sub-domains (ex: test.vinch-syno.synology.me) without problem.
Can anyone support me here to understand what’s wrong ?
Thank you !