Synology NAS and acme.sh failure 5510, 5514

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
syenz.org

I ran this command:
./acme.sh -d "*.syenz.org" --deploy --deploy-hook synology_dsm --home $PWD
also ran with --debug 2. 3 ITEMS / ERRORS are in BOLD ITALIC

It produced this output after "fixing 5510 error where ssl files were not found in correct location and had to be copied - can add that stream as well I think":
when using --debug 2 with command.....

[Sun Nov  9 05:16:24 PM EST 2025] _is_idn_d='*.syenz.org'
[Sun Nov  9 05:16:24 PM EST 2025] _idn_temp
[Sun Nov  9 05:16:24 PM EST 2025] Let's find the script directory.
[Sun Nov  9 05:16:24 PM EST 2025] _SCRIPT_='./acme.sh'
[Sun Nov  9 05:16:24 PM EST 2025] _script='/usr/local/share/acme.sh/acme.sh'
[Sun Nov  9 05:16:24 PM EST 2025] _script_home='/usr/local/share/acme.sh'
[Sun Nov  9 05:16:24 PM EST 2025] Using config home: /usr/local/share/acme.sh
[Sun Nov  9 05:16:24 PM EST 2025] LE_WORKING_DIR='/usr/local/share/acme.sh'
https://github.com/acmesh-official/acme.sh
v3.1.2
[Sun Nov  9 05:16:24 PM EST 2025] Running cmd: deploy
[Sun Nov  9 05:16:24 PM EST 2025] Using config home: /usr/local/share/acme.sh
[Sun Nov  9 05:16:24 PM EST 2025] default_acme_server
[Sun Nov  9 05:16:24 PM EST 2025] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sun Nov  9 05:16:24 PM EST 2025] _ACME_SERVER_HOST='acme.zerossl.com'
[Sun Nov  9 05:16:24 PM EST 2025] _ACME_SERVER_PATH='v2/DV90'
[Sun Nov  9 05:16:24 PM EST 2025] The domain '*.syenz.org' seems to already have an ECC cert, let's use it.
[Sun Nov  9 05:16:24 PM EST 2025] DOMAIN_PATH='/usr/local/share/acme.sh/*.syenz.org_ecc'
[Sun Nov  9 05:16:24 PM EST 2025] DOMAIN_CONF='/usr/local/share/acme.sh/*.syenz.org_ecc/*.syenz.org.conf'
[Sun Nov  9 05:16:24 PM EST 2025] _deployApi='/usr/local/share/acme.sh/deploy/synology_dsm.sh'
[Sun Nov  9 05:16:24 PM EST 2025] _cdomain='*.syenz.org'
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_USE_TEMP_ADMIN
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_USERNAME='brian'
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_PASSWORD='[hidden](please add '--output-insecure' to see this value)'
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_DEVICE_NAME
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_DEVICE_ID='[hidden](please add '--output-insecure' to see this value)'
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_SCHEME='http'
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_HOSTNAME='localhost'
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_PORT='5501'
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_CERTIFICATE='Let's Encrypt'
[Sun Nov  9 05:16:25 PM EST 2025] Getting API version...
[Sun Nov  9 05:16:25 PM EST 2025] _base_url='http://localhost:5501'
[Sun Nov  9 05:16:25 PM EST 2025] GET
[Sun Nov  9 05:16:25 PM EST 2025] url='http://localhost:5501/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth'
[Sun Nov  9 05:16:25 PM EST 2025] timeout=
[Sun Nov  9 05:16:25 PM EST 2025] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header  -L  --trace-ascii /tmp/tmp.fqINWbK3DQ  -g '
[Sun Nov  9 05:16:25 PM EST 2025] ret='0'
[Sun Nov  9 05:16:25 PM EST 2025] Logging into localhost:5501...
[Sun Nov  9 05:16:25 PM EST 2025] GET
[Sun Nov  9 05:16:25 PM EST 2025] url='http://localhost:5501/webapi/entry.cgi?api=SYNO.API.Auth&version=7&method=login&format=sid&account=brian&passwd=Lafitup-200191&enable_syno_token=yes'
[Sun Nov  9 05:16:25 PM EST 2025] timeout=
[Sun Nov  9 05:16:25 PM EST 2025] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header  -L  --trace-ascii /tmp/tmp.0QS9LbJJEi  -g '
[Sun Nov  9 05:16:25 PM EST 2025] ret='0'
[Sun Nov  9 05:16:25 PM EST 2025] error_code
[Sun Nov  9 05:16:25 PM EST 2025] Session ID='v_yj7RmQtEoEdbmALAwz89tpgSoFELBOiruLVWzeJ2smzyVUfnxZ-3tNH7G1pwq2DDmC9olsZv3rZ7SVYzgACk'
[Sun Nov  9 05:16:25 PM EST 2025] SynoToken='voRdOVNWIjE4M'
[Sun Nov  9 05:16:25 PM EST 2025] H1='X-SYNO-TOKEN: voRdOVNWIjE4M'
[Sun Nov  9 05:16:25 PM EST 2025] Getting certificates in Synology DSM...
[Sun Nov  9 05:16:25 PM EST 2025] POST
[Sun Nov  9 05:16:25 PM EST 2025] _post_url='http://localhost:5501/webapi/entry.cgi'
[Sun Nov  9 05:16:25 PM EST 2025] body='api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=v_yj7RmQtEoEdbmALAwz89tpgSoFELBOiruLVWzeJ2smzyVUfnxZ-3tNH7G1pwq2DDmC9olsZv3rZ7SVYzgACk'
[Sun Nov  9 05:16:25 PM EST 2025] _postContentType
[Sun Nov  9 05:16:25 PM EST 2025] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header  -L  --trace-ascii /tmp/tmp.52SyfULItf  -g '
[Sun Nov  9 05:16:25 PM EST 2025] _ret='0'
[Sun Nov  9 05:16:25 PM EST 2025] escaped_certificate='Let's Encrypt'
[Sun Nov  9 05:16:25 PM EST 2025] id
[Sun Nov  9 05:16:25 PM EST 2025] error_code
[Sun Nov  9 05:16:25 PM EST 2025] SYNO_CREATE='1'
[Sun Nov  9 05:16:25 PM EST 2025] Generating form POST request...
[Sun Nov  9 05:16:25 PM EST 2025] default='This is NOT the default certificate'
[Sun Nov  9 05:16:25 PM EST 2025] Upload certificate to the Synology DSM.
[Sun Nov  9 05:16:25 PM EST 2025] POST
[Sun Nov  9 05:16:25 PM EST 2025] _post_url='http://localhost:5501/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=voRdOVNWIjE4M&_sid=v_yj7RmQtEoEdbmALAwz89tpgSoFELBOiruLVWzeJ2smzyVUfnxZ-3tNH7G1pwq2DDmC9olsZv3rZ7SVYzgACk'
[Sun Nov  9 05:16:25 PM EST 2025] body='----------------------------20251109221625
Content-Disposition: form-data; name="key"; filename="*.syenz.org.key"
Content-Type: application/octet-stream

-----BEGIN EC PRIVATE KEY-----
REMOVED ACTUAL CERT STRING
-----END EC PRIVATE KEY-----

----------------------------20251109221625
Content-Disposition: form-data; name="cert"; filename="*.syenz.org.cer"
Content-Type: application/octet-stream

-----BEGIN CERTIFICATE-----
REMOVED ACTUAL CERT STRING
-----END CERTIFICATE-----

----------------------------20251109221625
Content-Disposition: form-data; name="inter_cert"; filename="ca.cer"
Content-Type: application/octet-stream

-----BEGIN CERTIFICATE-----
REMOVED ACTUAL CERT STRING
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
REMOVED ACTUAL CERT STRING
-----END CERTIFICATE-----

----------------------------20251109221625
Content-Disposition: form-data; name="id"


----------------------------20251109221625
Content-Disposition: form-data; name="desc"

Let's Encrypt
----------------------------20251109221625--
'
[Sun Nov  9 05:16:25 PM EST 2025] _postContentType='multipart/form-data; boundary=--------------------------20251109221625'
[Sun Nov  9 05:16:25 PM EST 2025] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header  -L  --trace-ascii /tmp/tmp.N34dnRNwhm  -g '
[Sun Nov  9 05:16:26 PM EST 2025] _ret='0'
***[Sun Nov  9 05:16:26 PM EST 2025] Unable to update certificate, got error response: {"error":{"code":5514},"success":false}.***
[Sun Nov  9 05:16:26 PM EST 2025] GET
[Sun Nov  9 05:16:26 PM EST 2025] url='http://localhost:5501/webapi/entry.cgi?api=SYNO.API.Auth&version=7&method=logout&_sid=v_yj7RmQtEoEdbmALAwz89tpgSoFELBOiruLVWzeJ2smzyVUfnxZ-3tNH7G1pwq2DDmC9olsZv3rZ7SVYzgACk'
[Sun Nov  9 05:16:26 PM EST 2025] timeout=
[Sun Nov  9 05:16:26 PM EST 2025] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header  -L  --trace-ascii /tmp/tmp.O1nIs1lGAF  -g '
[Sun Nov  9 05:16:26 PM EST 2025] ret='0'
*[Sun Nov  9 05:16:26 PM EST 2025] Error deploying for domain: *.syenz.org*
*[Sun Nov  9 05:16:26 PM EST 2025] Error encountered while deploying.*

My web server is (include version):
Synology NAS DSM 7.2

The operating system my web server runs on is (include version):
Synology NAS DSM 7.2

My hosting provider, if applicable, is:
DNS provider: porkbun

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

I am not a Synology expert but did you mean to stop using Let's Encrypt certs in favor of ZeroSSL certs? You can see ZeroSSL as your default provider in the log entry you provided. And, https://crt.sh history confirms this

image
image2043×732 140 KB

Generally this looks like some kind of Synology problem you might be better off asking at their forum. Getting certs doesn't look like your problem :slight_smile:

Still, perhaps someone here with Synology experience will have something to say.

2 Likes
3

So I did specify Let's Encrpt for the cert issuance, whci was successful and the four cert entries were downloaded. However, I did have to move them since directory the deploy was looking for them in was not the same as download directory. The lack of proper directory for cert file locations caused a different error (5510), which was resolved by moving files.

It is in the deploy where the error occurs and where I am really confused since i am a relative noobie to this. So I will make same post in syno forum and see if there's any response there; think I'll take it to syno support as well. Hate to post in multiple places but I have found others running into same / similar issues, especially with the 5510.

And can't remember if I stated, but acme.sh was upgraded to latest version and same errors arose.

Frustrating and I usually blame myself for missing something...just everything went fairly smooth up to the "last" step (deploy)

4

I suggest you to use absolute path instead of using $PWD for your --home argument, which should be /usr/local/share/acme.sh

And run everything with absolute --home path again.