Synology - Domain name not valid

Hi there,

I’m trying to setup a certificate for a domain through my Synology NAS.
The message I got is “Unable to connect to Let’s Encrypt. Domain name not valid.”

This domain is registered as Type A to my public IP Address, where the Synology is.

I have check my port 80 and 443 with https://canyouseeme.org and they are working fine.
I have check my domain with https://letsdebug.net and all OK as well.
The domain is accessible in http and https from inside and outside my network.
I can’t ping my domain from the Synology itself or for any computers on my network, I have timeout (because pinging itself? )

Could you please provide hint to help me on this?
I can provide the domain by private message if really needed.

Thanks a lot for your kind help!

That reads like your Synology can't get to Let's Encrypt.
[not that LE can't get to your domain]

Check your DNS settings.

Thanks for your feedback, it's weird. Could you please let me know which are the domains used?
If I run this on my Synology:

nslookup letsencrypt.org

I got this:

Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: letsencrypt.org
Address: 104.248.63.248

That looks right …
What do these say?:
hostname
nslookup acme-v02.api.letsencrypt.org

The command hostname gives

NAS

The command nslookup acme-v02.api.letsencrypt.org gives

Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
acme-v02.api.letsencrypt.org canonical name = prod.api.letsencrypt.org.
prod.api.letsencrypt.org canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
Name: ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 172.65.32.248

NAS seems incomplete.
Maybe it should be set to the FQDN as in the cert you are requesting (not sure).

Also, do you have the latest Synology firmware version?

NAS is the name of the Server in the Network > General section.
I’m running DSM 6.2.2-24922 Update 4

That version seems good enough.
I don’t have enough information about the problem to help.
What are you doing exactly?
What is the error shown exactly?

I’m trying to request a LE certificate for a domain of mine, which is auto updated with my NAS public IP.

Yeah I think I know that - I mean that is implied.
What I don’t know is the name nor how you are interacting with the request form nor the exact error message it produces
[a picture paints a thousand words]
Not trying to be difficult - just need you to help me help you.

This is my current issue:

If you don’t show the domain name I can’t help you.

Is there any private message system here?

Yes, but I don’t see why you need to hide a domain name.
As soon as you registered the domain that became public information.
And every cert that gets issued is also public information.

But if you insist on believing it makes any difference, you can click my logo and then the “message” button to send me a direct and private message.

Hello rg305,
Thanks for your help. Here is the domain.
Best

Very difficult to read.
You are also covering something there that looks like “subject”?
What is behind that popup?

As far as connecting to the name, HTTPS seems to get through but HTTP times out.
You may need to open HTTP for authentication.

Thanks, I will look that way!

I read jellyfin.thelazyfox.xyz

@TLF, if you had completed the help template when you first opened this topic and answered the questions, you’d probably have had a solution within a couple of replies. It does make it hard to give advice when someone just says, “This is broke. How can I fix it,” without telling the repairman what is broke, what you were doing, etc…

Thanks for your feedback.
I’m trying now to make it work with another subdomain and I have the same issue.
I really don’t get it: dns.thelazyfox.xyz
Could you please let me know if you understand the issue?
Port 80 is answering…

Although port 80 is answering, the /.well-known/acme-challenge/ path appears to require authentication:

curl -Iki http://dns.thelazyfox.xyz/.well-known/acme-challenge/test
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Date: Wed, 29 Apr 2020 19:08:59 GMT
Content-Length: 9
Content-Type: text/plain; charset=utf-8