Synology DSM 5 - Renew Certificate failed

Let’s have a look at this file - not sure if that is where the secure site operates at.

That section seems to be missing a lot.
Plus I don’t see where it ends…
Try using 3 back ticks before and after your add text.
Like:
```
your text
```

I have edited my posts for insert 3 back ticks. I hope is helpfull

1 Like

I fail to find this location anywhere in your post:

I do see that is the cert path, no need to show the file.

Found it:

I guess you could put a test file in that location and see if it is accessible from the Internet.
echo "test" >> /var/lib/letsencrypt/.well-known/acme-challenge/test-file
http://your.domain/.well-known/acme-challenge/test-file

I test a file, on local network I access to them without problem.
From the internet I’ve a timeout, my NAS is very slowly. So i reboot it but after from internet i always a timeout.

Which internal IP does your router port forward ports 80 and 443 to?
Is that the same IP as the NAS?
[be sure your ISP is not blocking port 80]

I get this for port 80 from outside:

curl -Iki http://home.rolland.net/
curl: (7) Failed to connect to home.rolland.net port 80: No route to host

and these for port 443:

curl -Iki https://home.rolland.net/
curl: (7) Failed to connect to home.rolland.net port 443: Connection refused

curl -Iki https://home.rolland.net/
HTTP/1.1 403 Forbidden
Date: Thu, 04 Jun 2020 08:17:01 GMT
Server: Apache
Last-Modified: Tue, 26 Apr 2016 09:33:13 GMT
ETag: "1e5-5315ffb666840"
Accept-Ranges: bytes
Content-Length: 485
Vary: Accept-Encoding
Content-Type: text/html

I checked le nat configuration, internet port 80 is translate to a wrong IP on my local network
I changed the config and execute again the renew of the certificate

Now HTTP access changed but is still unable to find the test file:

curl -Iki http://home.rolland.net/.well-known/acme-challenge/test-file
HTTP/1.1 404 Not Found
Date: Thu, 04 Jun 2020 08:24:07 GMT
Server: Apache
Last-Modified: Tue, 26 Apr 2016 09:33:13 GMT
ETag: "1e5-5315ffb666840"
Accept-Ranges: bytes
Content-Length: 485
Vary: Accept-Encoding
Content-Type: text/html

The file name is : testMR.html

Don’t end it with .html
That doesn’t match the file type that will be used.

ok, the acme.sh script is in progress and I passed sucessfuly the check

Then the problem has been fixed.
You’re welcome.

Yes :

[Thr Jun  4 10:25:13 CEST 2020] Cert success.
[Thr Jun  4 10:25:13 CEST 2020] Your cert is in  /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.cer
[Thr Jun  4 10:25:13 CEST 2020] Your cert key is in  /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.key
[Thr Jun  4 10:25:13 CEST 2020] APP
[Thr Jun  4 10:25:13 CEST 2020] Your cert is in  /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.cer
[Thr Jun  4 10:25:13 CEST 2020] Your cert key is in  /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.key
[Thr Jun  4 10:26:04 CEST 2020] Run reload cmd: /usr/syno/sbin/synoservicecfg --reload httpd-sys
[Thr Jun  4 10:26:07 CEST 2020] Reload success

To resume :

  • my server wasn’t served the HTTP 80 requests => I launch webserver on port 80
  • The NAT on my Freebox haven’t translation port on 80 => I add it on Freebox admin console
  • I upgraded the acme.sh by command : ./acme.sh --upgrade
  • I copied my domain directory to the new directory of acme : cp -p -R home.rolland.net/ /volume1/homes/admin/acme
  • I renew my certificate with this command : ./acme.sh --renew -d home.rolland.net

Thank you very much for your time and attention

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.