Synology & LE don't work

#1

Hello,

I am looking for 2 weeks to install the certificate lets encrypt. I read some tutorials but it does not work.

Can anyone help me ? Please

The certificate lets encrypt is installed on my synology (DS618+ with DSM last update). Also, I see the renewal date on the certificate (12/06/2019). I had no error message.

I put this certificate by default and I deleted the old one (the self-signed synology certificate)

I use the synology domain name : xxx.synology.me

When I installed the certificate, I wrote:

domain name : xxx.synology.me
email : my email
Alternative name :

I checked: redirect the 5000 port to 5001
I disabled the firewall.

In my router (I use the freebox delta), I opened the ports then:

I redirected port 5000 to synology port 5000
I redirected port 5001 to port 5001 of synology
I redirected port 80 to port 80 of synology
I redirected port 443 to port 443 of synology

I restared my router.

But, i can’t to connect me to my server from the outside.

Inside, on my local network, i can to connect me with the domain name (xxx.synology.me:5001) but not with my ip:5001 and not with xxx.synology.me

Thank you for your help !

#2

Hi @petityom

we need your real domain name to check that.

Checking a special port you can use my online tool ( https://check-your-website.server-daten.de/ ), that supports checks of non-standard ports like 5000 / 5001.

We have a list of tools

but most tools support only the standard ports 80 / 443.

#3

Thank you !

Im sorry but im a beginner with the ssl certificate. Can you help me if i give you my real domain name ? I’m just a little bit afraid about to writing it here. Can you delete it after ? I tried to write you in pv but i dont find the possibility on this site.

#4

Please read the standard template of the #help category:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#5

My domain name is petityom.synology.me

Thank you very much

#6

You have checked your domain yesterday - https://check-your-website.server-daten.de/?q=petityom.synology.me

There are only timeouts.

So your domain isn’t visible, so Letsencrypt can’t check your domain name.

PS: If you want to use http-01 validation, an open port 80 is required. You can use a redirect to port 443. But to check your domain, you can’t use port 5000 or 5001.

You can install the certificate on that port. But to create a certificate, port 80 is required.

Or you use dns-01 validation. Then you don’t need a running webserver.

#7

So if i understand correctly, i have to change, in the dsm setting, the port 5000 in 80 and the port 5001 in 443 ?

Then open in the router the port 80 and 443 ?

Then renewal my certificate ?

Then, after that, i can to change, in the dsm setting, the port 80 in 5000 and the port 443 in 5001 ? And same for the router. And i have to let the 80 port open ?

#8

You have already created some certificates:

https://crt.sh/?q=petityom.synology.me

The last - 2019-03-14.

And DSM has an own solution, so you don’t need an own client.

Perhaps you have to install the certificate, not only to create one.

Check the DSM documentation.

closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.