Synology failing to connect

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: simard57.synology.me

I ran this command: Synology -> Control Panel -> Security -> Add Certificate

It produced this output:

image
image897×764 71.4 KB

My web server is (include version): No Webserver - Plex Version 4.47.3

The operating system my web server runs on is (include version): synology DSM 6.2.3-25426 Update 3

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like
2

Hi and welcome to the LE community forum.

This failure could be caused by several things.
It would be helpful to (enable SSH login if needed and) do some very basic tests right from that system.

  1. ping acme-v02.api.letsencrypt.org
  2. curl -I https://acme-v02.api.letsencrypt.org/
1 Like
3

Hi @simard57

you have already created two Letsencrypt certificates - see simard57.synology.me - Make your website better - DNS, redirects, mixed content, certificates

Issuer not before not after Domain names LE-Duplicate next LE
R3 2020-12-20 2021-03-20 simard57.synology.me
1 entries
R3 2020-12-19 2021-03-19 simard57.synology.me
1 entries

The R3 is the new Letsencrypt intermediate.

So install and use one of these instead of creating the next.

PS: The error messages of the DSM sometimes a little bit bad.

2 Likes
4

May be a service restart, or system restart, is all it needs now.

1 Like
5

PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=1 ttl=60 time=23.5 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=2 ttl=60 time=25.2 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=3 ttl=60 time=22.8 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=4 ttl=60 time=24.5 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=5 ttl=60 time=25.1 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=6 ttl=60 time=24.2 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=7 ttl=60 time=23.1 ms
^C
--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6008ms
rtt min/avg/max/mdev = 22.858/24.096/25.267/0.866 ms
don@SimardNAS:/usr/bin$ sudo curl -I https://acme-v02.api.letsencrypt.org/
HTTP/2 200
server: nginx
date: Thu, 24 Dec 2020 17:39:36 GMT
content-type: text/html
content-length: 2174
last-modified: Wed, 09 Oct 2019 18:16:23 GMT
etag: "5d9e23f7-87e"
x-frame-options: DENY
strict-transport-security: max-age=604800

1 Like
6

regrettably I mistakenly removed them using the gui without backing them up ...

7

I rebooted the server - and received the same error when trying to create a cert

8

Let's see if the external IP is up-to-date:
curl -4 ifconfig.co

1 Like
9

don@SimardNAS:~$ sudo curl -4 ifconfig.co
Password:
71.244.164.17

1 Like
10

OK that IP matches the name.
Are you forwarding port 80 and port 443 to the Synology?
I'm getting a time-out on both ports.

1 Like
11

Actually, I'm not sure that the Synology ACME client requires HTTP authentication.
I think you may need to review the Synology help site for troubleshooting details.

1 Like
12

Or maybe it does need HTTP:
What should I do if I cannot add or renew the Let's Encrypt certificate? | Synology Inc.

1 Like
13

I am trying to do that now - but I my mojo for networking is weak.
odd thing is I successfully did create certs before but stupidly deleted before backing up.

The Synology is connected to a Orbi Satellite, I will plug directly into the FIOS Router and reboot. Right now, i do not see it's IP listed in the FIOS Router so taking out the Orbi might be smart to do

I am on FIOS if that matters. I will peek trying to configure to forward pots.

1 Like
14

do I need a static IP address for the Synology?

15

I am able to create a new cert - thanks for all the help and patience. I enabled DDNS and it asked me to generate a Let's Encrypt Cert and that succeeded. I can now create new certs through the Certificate path.

2 Likes
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.