Synology Aute renew Cert Lets encrypt nort working

Please fill out the fields below so we can help you better.

My domain is: lojo.eu

I ran this command: no command

It produced this output: Exclamation mark, - Exceeded

My web server is (include version): Synology DSM 6.1.3-15152 Update 3
./ Webstation /

The operating system my web server runs on is (include version):Wordpress

My hosting provider, if applicable, is: versio.nl

I can login to a root shell on my machine (yes or no, or I don’t know): i dont know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DSM

I used the certificate tool in dsm. i got a certificate from Lets encrypt free.
After 90 days it expires, that just happend a few days ago, its not renewed as it was me explained so. How or what do i need to do to re activate it ? i can make an export of key and crt file, but then dont know what to do with it. for verify. please help me to solve this.

Not sure but one possible reason why it can’t renew:
Name: lojo.eu
Addresses: 2a0b:7280:200:0:445:aeff:fe00:d97
24.132.246.150

You must ensure that IPv6 access to your site is fully functional as LE prefers IPv6 over IPv4.

Hello RG305,
Thank you for your reply.

I dont think i have any ipV6 enabled.
Even when i created the certificate i didnt have any troubs.
It was ok and worked for 90 days.

If automatic renew doesnt work, is it possible in to manualy do it ?
even when i try to create a new one i get an error message,

connection with Lets encrypt didnt work. Be sure your domain name is valid.

well its a valid domain as you can see…

please help.

thank you in advance,

Johân

This needs to be addressed and should fix the problem.

Do you have control of your DNS?
lojo.eu nameserver = ns92.axc.nl
lojo.eu nameserver = ns91.axc.nl
Registrar:
Name: AXC
Website: http://www.axc.eu/

Yes, i can manage that from within my hosting party.

i enabled ipv6 on my router.
How long does it takes to auto renew the certificate ? or do i need to do something manually?

Yes, retry the renew cert process.

how? :slight_smile: sorry if it sounds dumb, but i was teached it would auto renew after 90 days.
what do i need to do to do it manualy ?

  • when i do it by the manager in Synology, i get an archive file with a .crt and key file.
    dont know what to do with it

I’m not familiar with your setup.
Are there any menu choices relating to the certificate in the control panel?

i do the folowing:

  1. click on CSR
  2. 3 options: 1. Make a CSR
    2. Renew Certificate
    3. Request assignment CSR ( synology .com ) <- thats the Original one. cant select the lojo.eu one.

so i choose 2. (renew certificate )
then request is wich land: i choose NL

then i get , Click download,
and i receive an archive with the 2 files in it.

Open the archive.
One file should be a key (keep that private)
One file should be a (public) cert.

Paste the public cert file here.

[EDIT]
I still think there is a problem with the IPv6.
SSL Labs shows a "localhost" certificate on the IPv6 address.
Of course the IPv4 side is not far behind with an invalid "synology.com" certificate.

Here you go :slight_smile:

-----BEGIN CERTIFICATE REQUEST-----
MIICZDCCAUwCAQAwHzELMAkGA1UEBhMCTkwxEDAOBgNVBAMMB2xvam8uZXUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Pmyb0AI12cWN14UAmVeHtYcD
GWLY3O8MZpQj/Ja9+iV1mqXKbTgywTmsm6C2bTsj44wpimBxx4yNyihrOEvLSuN2
G8MU8HoaTmwpKBfXdezzbwMb4sXOq8/S9RaIyXPuX381QIlKlhxsezxVNST8WJAH
JepSYqUHctYnlhI66fHlvV24WTsOdRygDChAHiE0/alPoUOwoW7QZ4Qu9qJc9CeB
ClCHkAbVtg0E0sb+DUx6YUakchc4MWWHBrpJoCH6fQmzbs2FF2TPLOAeembV9eKw
ggQvLhgK7rwbpW9jt5K5zAvPeCy3pKNow7qPGdIRKCHuLhK4RZTZySYkMmJ/AgMB
AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAMmJ1gR9ngF0WvN2ZvbSCm4qUEvoIjxgO
LbhDIySNegAcy/T/BnRIVkM9SiSnh0CedNK1LIzaOLd+ws3N0pmadGH3sIGV/9vd
R760iXdJFMH0EOUs384s13F0vRWQR+/pupchNqrQbEhMQhFoT0VZsq5e7pTi7LbV
WTcWv7tI9hWlH3GbZRlUPmmotb4Bka3ZgsfMVaYLKQHWgEJUw6WOUvHOu/sBnLRb
zZmT2u1I6ztJlOK5aUnXcuV4BVYbGtYEaC0djNObrBkAEk/2uOEDgQh0qnaekYn+
d+CFsQdJ7Ng/3Ja9IAdKmTvQtSfHkNmFMIurnkMEIczxyTSD5NopuQ==
-----END CERTIFICATE REQUEST-----

OK that is a certificate request for “lojo.eu” - but not an actual certificate.
So the renewal process is definitely NOT working as expected.

Did you follow this guide (or similar steps)?

Yes i did that, and eventualy had the certificate, and it ran for 90 days. . sorry for the incorrect file,
i will paste the ( hopefully ) good one here:

-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgISA/iUtOHWJJAGLil+DwkesvwkMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA1MDcwMTIyMDBaFw0x
NzA4MDUwMTIyMDBaMBIxEDAOBgNVBAMTB2xvam8uZXUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC97tcn1SJIVqGWpIgAeii1VZW4eqh8vj8BlsMnikK5
wjvLG/vzL6r2dY+v5nDbMSscf2uTqkzjNsUIlDL9JRjfI0HSTVoHe7GKnv1wuMTv
k7XuKfDfTKcc3BKr2y2HmnJ20gFHyhIYCSeFYyZjOnUbtTjLnne0UHp7mnlU6/1i
VC1GXwA3hEL4g9HLBWq6oHmUCv7bPG0nyJ8sTlJ/iNB6c2DeW+LM9OrMvDFpA2Uq
1kMP/NjQC2WMdUnsUlH6lrCZU0nr5FehZH9oXcYHhYGFwfczz4nAZa33V39fPZqF
CGvTpOCeu/TZPW+0fY63iMDRimc7/B+1hEO9nXpTOIb9AgMBAAGjggIIMIICBDAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFEEXw2zYJ+7UOFtRIpe6Gqzv3jpDMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAvBggr
BgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYI
KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBIG
A1UdEQQLMAmCB2xvam8uZXUwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysG
AQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5
IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBh
Y2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBo
dHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsF
AAOCAQEAQ1X+Z97JlHlYGn+WDbqF8cHqK2z9VsQLDEQglk77mpaJZEADtgseeA8k
axdb7epSKp7ZP7mysuZfikpGe4aDxx/2/cl1bjHvNCY6oq90aZNUukGUdcc3ry1Z
3CzlOt5khGoSWCegZaFtq4J2H6vXElMk6iUqQtHWl9e7WMPg9XidUL2XSiHLwoJO
fFQbH+R5mYHY5+gJNn39oOycPJqm0nimpTAualZ3BlhNzRFPIjuDfV9GIKZw/UVO
at4j/FRQgSdAKSqzQi1gmKEEkSacascZyQJ1AwrbZV7GO740jw554BTy6p8646v4
6FGp2cJHLvIlnugJ1vmOjJc4RjljrQ==
-----END CERTIFICATE-----

these are from a folder with a :
cert - chain . and privkey .pem file

That cert expired on 2017/08/04:

True and that one i want to have renewd automaticly, but it didnt work :wink: so what to do now ?

I don’t think the problem is with LE.
Is there any support from Synology on this?

i havent find anything :(.

can i delete this certificate and request a new one ? even when i want to do that now i get the error with reply :connection with Lets encrypt didnt work. Be sure your domain name is valid.

stuck in this.

Short answer = yes.
How to properly delete it on DSM 6 = I don't know.

ok thank you i will inform at Synology :slight_smile: thank you for your time and effort.

You’re very welcomed and best of luck to you.
If you don find anything of use, feel free to update this post for others that may follow and have similar problems.