Synology et domaine "non valide" (+ english version)


  • Je peux lire des réponses en Anglais : oui
  • Mon nom de domaine est :
  • J’ai exécuté cette commande : sur DSM synology
  • Elle a produit cette sortie : Echec de connection à Letsencrypt. Assurez vous que le nom de domaine est valide
  • Mon serveur Web est (inclure la version) : apache 2.4
  • Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) : DSM
  • Mon hébergeur, le cas échéant, est : OVH (uniquement le nom de domaine)
  • Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : oui
  • J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : DSM 6.2.2-24922 Update 4

Depuis plusieurs jours je galère à installer un certificat LE afin de sécuriser l’accès à mon NAS.
J’ai commandé le nom de domaine, ai ajouté une zone DNS A qui pointe vers mon adresse IP publique.

La connection en http fonctionne.

Lorsque j’utilise l’utilitaire de DSM pour créer un certificat LE, il m’indique l’erreur décrite ci-dessus.

J’ai ouvert les ports de ma box (80,443,778-888,5000,5001), désactivé le pare-feu de mon NAS

Je ne sais plus quoi faire… Quelqu’un pour m’aider ? Je n’arrive pas à comprendre les erreurs indiquées ici :


For several days I have been struggling to install an LE certificate in order to secure access to my NAS.
I ordered the domain name, added a DNS A zone that points to my public IP address.

The http connection works.

When I use the DSM utility to create an LE certificate, it tells me the error :
Failed to connect to Letsencrypt. Make sure that the domain name is valid

I forwarded the ports on my box (80,443,778-888,5000,5001), disabled the firewall on my NAS, all those access ports seem to be reachable >

I don’t know what to do anymore… Anyone to help me? I can’t figure out the errors listed here:

1 Like

Can you please try clearing your “Allow/Block List” in Synology DSM?

More info here:


Thanks @_az for your suggestion, unfortunatly that didn’t made the trick :frowning:

Allways the same error message

Should I add some IP adress in the “white list” ? I don’t get how it would help but I’m looking for anything to help me ^^

Hi @guilhem

that’s curious:

Your http + / has a timeout. But http + /.well-known/acme-challenge/random-filename answers with a (wrong) Forbidden and a Synology page.

Same with your www version. There is no server header.

Looks like there is another instance that blocks /, but allows /.well-known/acme-challenge.

What says


same with or another domain?

1 Like

I’m currently uninstalling Apache / PhpMyadmin / Web station on my NAS, because I think that maybe a previous install of Nextcloud maybe made a mess ^^

Here the commands :

$ nslookup

Non-authoritative answer:	canonical name =	canonical name =

$ tracert
-sh: tracert: command not found

$ curl
<!DOCTYPE html>
<html lang="en">
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content=
  "width=device-width, initial-scale=1">

  <title>Boulder: The Let's Encrypt CA</title>
  <link href=
  rel="stylesheet" type="text/css">
  <link href=
  rel="stylesheet" type="text/css">

  <div class="container-fluid">
<div class="row">
  <div class="col-xs-6 text-right">
    <p style="font-size: 90px;">
    <i class="fa fa-barcode"></i></p>

  <div class="col-xs-6 text-left">
    <small>The Let's Encrypt CA</small></h1>

<div class="row">
  <div class="col-xs-8 col-xs-offset-2 text-center">
    <h3>This is an <a href="">ACME</a> Certificate Authority running <a href="">Boulder</a>.</h3>
    <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href=""><tt></tt></a> for help.</p>
    <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href=""><tt></a></tt>.</p>
<div class="row">
  <div class="col-xs-4 col-xs-offset-2 text-center">
    <p><a href="" title="Twitter">
      <i class="fa fa-area-chart"></i>
      Service Status (
  <div class="col-xs-4 text-center">
    <p><a href="" title="Twitter">
      <i class="fa fa-twitter"></i>
      Check with us on Twitter
</div> <!-- row -->


If tracert doesn’t work, use traceroute.

That must be the same machine where your Letsencrypt client runs.

But curl says: You can connect the api.

1 Like

Here it is :

$ traceroute
traceroute to (, 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * (  146.543 ms (  146.455 ms
 7 (  146.465 ms (  146.543 ms (  146.457 ms
 8 (  147.982 ms  147.952 ms (  147.938 ms
 9 (  150.682 ms  151.468 ms  151.442 ms
10 (  154.426 ms  154.312 ms (  152.100 ms
11  * (  154.353 ms *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
1 Like

Also I made some changes in my router but I can’t get it to work :

And :

That says: It works. http + /.well-known/acme-challenge/random-filename - there is a Synology answer.

No timeout.

May be you have additional regional blockings, so Berlin works, but other ip addresses not.

Letsdebug has a timeout -> regional filter.

1 Like

Ok… So now I’ll try to understand what it means :wink:

As I’m using OpenMPTCPRouter, all my traffic goes through a VPS, maybe the regional filter stands there ? I’ll make some tests right now

1 Like

So… I did not manage to understand the problem.
What could be this “regional filter” you are talking about @JuergenAuer ?

For example, this could happen if your Internet service provider, VPS provider, or router has a firewall which blocks connections from other countries.

1 Like

Thank you, I’ll investigate that way :wink: