Synology - Domain name not valid

TLF · April 19, 2020, 11:15am

Hi there,

I’m trying to setup a certificate for a domain through my Synology NAS.
The message I got is “Unable to connect to Let’s Encrypt. Domain name not valid.”

This domain is registered as Type A to my public IP Address, where the Synology is.

I have check my port 80 and 443 with https://canyouseeme.org and they are working fine.
I have check my domain with https://letsdebug.net and all OK as well.
The domain is accessible in http and https from inside and outside my network.
I can’t ping my domain from the Synology itself or for any computers on my network, I have timeout (because pinging itself? )

Could you please provide hint to help me on this?
I can provide the domain by private message if really needed.

Thanks a lot for your kind help!

rg305 · April 19, 2020, 11:42am

That reads like your Synology can't get to Let's Encrypt.
[not that LE can't get to your domain]

Check your DNS settings.

TLF · April 19, 2020, 12:33pm

Thanks for your feedback, it's weird. Could you please let me know which are the domains used?
If I run this on my Synology:

nslookup letsencrypt.org

I got this:

Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: letsencrypt.org
Address: 104.248.63.248

rg305 · April 19, 2020, 2:21pm

That looks right …
What do these say?:
hostname
nslookup acme-v02.api.letsencrypt.org

TLF · April 19, 2020, 2:34pm

The command hostname gives

NAS

The command nslookup acme-v02.api.letsencrypt.org gives

Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
acme-v02.api.letsencrypt.org canonical name = prod.api.letsencrypt.org.
prod.api.letsencrypt.org canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
Name: ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 172.65.32.248

rg305 · April 19, 2020, 2:35pm

NAS seems incomplete.
Maybe it should be set to the FQDN as in the cert you are requesting (not sure).

Also, do you have the latest Synology firmware version?

TLF · April 19, 2020, 2:45pm

NAS is the name of the Server in the Network > General section.
I’m running DSM 6.2.2-24922 Update 4

rg305 · April 19, 2020, 2:47pm

That version seems good enough.
I don’t have enough information about the problem to help.
What are you doing exactly?
What is the error shown exactly?

TLF · April 19, 2020, 2:58pm

I’m trying to request a LE certificate for a domain of mine, which is auto updated with my NAS public IP.

rg305 · April 19, 2020, 3:02pm

Yeah I think I know that - I mean that is implied.
What I don’t know is the name nor how you are interacting with the request form nor the exact error message it produces
[a picture paints a thousand words]
Not trying to be difficult - just need you to help me help you.

TLF · April 19, 2020, 5:00pm

This is my current issue:

rg305 · April 19, 2020, 5:25pm

If you don’t show the domain name I can’t help you.

TLF · April 19, 2020, 5:46pm

Is there any private message system here?

rg305 · April 19, 2020, 9:36pm

Yes, but I don’t see why you need to hide a domain name.
As soon as you registered the domain that became public information.
And every cert that gets issued is also public information.

But if you insist on believing it makes any difference, you can click my logo and then the “message” button to send me a direct and private message.

TLF · April 20, 2020, 5:18am

Hello rg305,
Thanks for your help. Here is the domain.
Best
Capture

rg305 · April 20, 2020, 5:23am

Very difficult to read.
You are also covering something there that looks like “subject”?
What is behind that popup?

As far as connecting to the name, HTTPS seems to get through but HTTP times out.
You may need to open HTTP for authentication.

TLF · April 20, 2020, 10:12am

Thanks, I will look that way!

JimPas · April 20, 2020, 8:06pm

I read jellyfin.thelazyfox.xyz

@TLF, if you had completed the help template when you first opened this topic and answered the questions, you’d probably have had a solution within a couple of replies. It does make it hard to give advice when someone just says, “This is broke. How can I fix it,” without telling the repairman what is broke, what you were doing, etc…

TLF · April 29, 2020, 1:57pm

Thanks for your feedback.
I’m trying now to make it work with another subdomain and I have the same issue.
I really don’t get it: dns.thelazyfox.xyz
Could you please let me know if you understand the issue?
Port 80 is answering…

rg305 · April 29, 2020, 7:09pm

Although port 80 is answering, the /.well-known/acme-challenge/ path appears to require authentication:

curl -Iki http://dns.thelazyfox.xyz/.well-known/acme-challenge/test
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Date: Wed, 29 Apr 2020 19:08:59 GMT
Content-Length: 9
Content-Type: text/plain; charset=utf-8