I have a problem with getting a certificate from Let’s Encrypt via a Synology NAS (DS114).
It worked before (got working Let’s Encrypt certificates out of it), now it stopped working (both renew -and- request) and the certificates expired.
Since the renew didn’t work, I decided on advise from this forum to delete the old certificate and request a new one.
The error from Synology via the Let’s Encrypt message is:
Failed to connect to Let’s Encrypt. Please make sure the domain is correct.
My domain is: xsc.cloud
I ran this command:
- (Via SSH from Synology DSM) -> ping letsencrypt.org - succes
- (Via CMD from Windows PC) -> ping xsc.cloud - succes
- Enabled and/or disabled every checkbox on the Synology DSM - no change getting cert - same error
- Enabled and/or disabled Synology firewall - no change getting cert - same error
My web server is (include version): DSM 6.2
The operating system my web server runs on is (include version): Linux
My hosting provider, if applicable, is: GoDaddy
I can login to a root shell on my machine (yes or no, or I don’t know): yes (SSH)
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Synology DSM
IP adress server: 188.8.131.52
Open ports on Synology: 887 (http) & 888 (https)
Open ports on Router: 80 (http) NAT to 887 & 443 (https) NAT to 888
Synology DSM forbids using port 80 and 443 directly, so NAT is the only option.
GoDaddy DNS configuration:
Domain name: xsc.cloud
A - @ - 184.108.40.206 - 1 hour
A - www - 220.127.116.11 - 1 hour
CNAME - _domainconnect - _domainconnect.gd.domaincontrol.com - 1 hour
MX - @ - smtp.secureserver.net (Priority: 0) - 1 hour
MX - @ - mailstore1.secureserver.net (Priority: 10) - 1 hour
NS - @ - ns39.domaincontrol.com - 1 hour
NS - @ - ns40.domaincontrol.com - 1 hour
SOA - @ Primary nameserver: ns39.domaincontrol.com. - 1 hour
I tried everything on the DSM, whatever I do, I keep getting the same message.
All DSM’s functionality is 100% operational by the way, it’s just the certificate.
My last solution would be a factory reset of the DSM, but before that I’ll give it a shot here