Could you elaborate on that forwarding a little? Basically I remember some topics discussed time ago about forwarding from some registrars done in an odd way (for example by serving your site in an iframe).
From what I can see, your site is not quite kamislookout.cloud. That one is merely a redirect to synology.me subdomain at high port. This is why it doesn't match.
I think it answers https connections. If you try to visit the URL outside of my network it wonât work. That tells me there is a port forwarding issue with my NAS at home, which I am waiting to hear back from support to figure out. This port forwarding issue all surfaced when I switched from dynamic > static > dynamic. Switched back because we figured out to fix my problem and manually import the cert so I didnât need port 80 anymore.
I wonder what could cause port failure from switching from dynamic > static > dynamic in my NAS. I realize this is probably outside the scope of your help. It just confuses me. Support should get back to me later today hopefully.
If it's like somethingsomething.synology.com, I think there will be rate limit issues if every customer tries to get a certificate for their own subdomain (LE won't be willing to issue that volume of certificates for a single registered domain), but I don't think there's a policy issue absolutely forbidding it.
I agree that the kamislookout.cloud name ought to be pointed at the Synology subdomain at the DNS level (CNAME is a great approach), not at the HTTP level. In response to a redirect at the HTTP level the web browser will make a request using the Synology subdomain name (which you don't have a certificate for). In response to a CNAME pointer at the DNS level the web browser will make a request using the kamislookout.cloud name (which you do have a certificate for).
One way of thinking of this is that if you have an HTTP redirect, the browser is told "oh, instead of going to kamislookout.cloud, I should go to somethingsomething.synology.com, which is a different site", while if you have a CNAME, the browser is told "oh, in order to go to kamislookout.cloud, I should connect to the IP address ofsomethingsomething.synology.com; that's where kamislookout.cloud is".
So, @iwantSSL, to sum it up: try the following - in the registrarâs interface for DNS, you can set your bought domain to be a CNAME to a synology subdomain (if they allow setting up TTL values, then set one as low as possible). Effectively what is going to happen that once the DNS changes are propagated, typing your .cloud name should actually use whatever address your .synology.me name points to. When you land there, that will be your device, which will hopefully be able to understand the request and serve .cloud certificate as expected. Keep us posted
Thanks for summarizing lol. Iâll look up instructions on changing my bought domain to CNAME, as I donât know how to readily do this. This is what my GoDaddy account shows.
I honestly am getting a headache. I am going to take a break until I can get the ports open for my NAS. So I am at the mercy of their tech support, which seems much less responsive than these forums. Thanks for everything, and as soon as these ports are open Iâll try these steps and update this post.
Btw, donât forget that at least one port there is likely open - the one you were HTTP-redirecting to. So once everything is set up, just try going to that cloud name while specifying that port. I hope that helps.
Iâm not sure what all of that means. Web station was a package I installed previous because a tutorial told me to. But I think itâs largely useless for my purposes. I assigned a DDNS through Synologyâs wizard, which refers to kamislookout.synolgoy.me:5090. 5090 is the https connection I established via port specification.
Have you created a virtual host for the same name as the one your certificate was issued for and with the appropriate port? I guess it would be similar to the image below (from http://www.webfoobar.com/node/8 guide related to dev setup on Synology)
No I havenât. Iâm not sure that would be necessary. Do you think I should require a third SSL cert through zeroSSL, and include in the URL my Synology DDNS as well as the domain I purchased?
My current SSL certification I only entered the domain I purchased, and not my Synology DDNS. My only concern is that Iâll be requesting a certification for a third time. Will I run into a limit issue for my domain?