Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
duncanbruns.nl
I ran this command:
I recently bought a new NAS, and I want to secure it with a LE certificate. Within DSM I requested the certificate but this fails
It produced this output:
Maximal certificate requests reached for this domain
My web server is (include version):
The operating system my web server runs on is (include version):
DSM
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
DSM
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Well, that's not true for duncanbruns.nl in any case. Perhaps your NAS is trying to get a certificate for some kind of default hostname such as a subdomain under a domain owned by DSM, which the NAS software automatically requests? Perhaps your NAS has "forgotten" about your domain duncanbruns.nl?
It's a new device, so it would not even know about that domain.
In the certificate request, I entered the domain, my email (although mail is not yet configured on the device) and 2 SAN's, one for mail.duncanbruns.nl and one for autodiscover.duncanbruns.nl.
DSM is the software that is running on my Synology NAS, so I am not sure what you mean by this.
I've just tried again to create the certificate request, and now I got this error: Failed to connect to Let's Encrypt. Please make sure the domain name is valid.
I'd suggest waiting an hour (just to make sure that the failed validation rate limit has reset), making sure that the NAS has Internet access, making sure that port 80 is forwarded to it and is publicly reachable from the rest of the Internet, and then trying again—noting whether the error message changes at all, assuming it then doesn't succeed.
@schoen, I was already checking if something was wrong on my router. I had edited the port forwarding rules (as the new NAS has another IP-address than the old one). Probably my router didn't like this very much because when I checked the ports were being blocked. After adding new rules, the ports were no longer blocked, and I was able to request the certificate. Yeah!
@Osiris, is it possible to change the email address that is used in the cert request? Or, if I need to change that, delete the certificate and request a new one?
An e-mail address is coupled to an ACME account. The protocol allows to update an accounts e-mail address. This can be done with an ACME client. However, I don't know of the DSM ACME client supports this feature. It's not something Let's Encrypt can simply change for you.
