Synology DSM - cannot update LE certificate anymore


My domain is:

I ran this command: Update Certificate / Create certificate in Synology DSM (NAS operating system)

It produced this output: none - my LE certificate expired and even trying to get something to run via SHELL I cannot produce any output anymore (tried syno-letsencrypt new-cert -[…] -v)

My web server is (include version): Synology NAS

The operating system my web server runs on is (include version): DSM 6.2.1-23824 Update 4

My hosting provider, if applicable, is: for DynDNS it’s

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DSM 6.2.1-23824 Update 4

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): -

I updated my certificate every three months for like two years now, however with January 2019 the process failed. While being unable to change anything about the situation my certificate meantime expired.

Hope someone can help, pls?

PS: There is just the one “Honeypot” webpage with actually nothing behind it. Made it just to demo it works and can be reached.



Synology DSM is a “closed world”. So it’s difficult to find errors.

There was a global switch: Tls-sni-01 is deprecated, support ends 2019-02-13. Perhaps your DSM has used the deprecated method and now hangs.

So first step: Check, if there are updates.

Now, the preferred method to validate a domain is http-01 validation. I see, you have already checked your domain via

That looks good:

Domainname Http-Status redirect Sec. G 200 0.070 H 200 0.064 H 200 1.760 N
Certificate error: RemoteCertificateChainErrors 200 1.494 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors 404 0.086 A
Not Found 404 0.083 A
Not Found

Port 80 is open. An ACME-client creates a file in /.well-known/acme-challenge, Letsencrypt checks this file. So the answer http status 404 is good.

Mhm. Checking looks this is the newest version (I don’t use DSM). But it looks that there is an Update 5.


Thanks for the reply. unfortunately this update is for a few dedicated NAS only. not for my DS214+…

seems I can only hope for an update to fix whatever is broken.


Isn’t there an error log or something else with more information?


My original certificate expired, so I cannot work on that one anymore. No old logs in the system (it’s actually not logging in depth, it seems).

I tried to create a new cert via SSH. This happend:

syno-letsencrypt new-cert -d -m […] -v
DEBUG: ==== start to new cert ====
DEBUG: Server:
DEBUG: Email: […]
DEBUG: Domain:
DEBUG: ==========================
DEBUG: setup acme url
DEBUG: GET Request:
DEBUG: Not found registed account. do reg-new.
DEBUG: Post JWS Request:
DEBUG: Post Request:
DEBUG: Post JWS Request:
DEBUG: Post Request:
{“error”:202,“file”:“client.cpp”,“msg”:“Failed to create folder for account.”}

Is that a local error on my NAS?

(Sorry, needed to revoke original post, had my email in there… :frowning: )

closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.