Synology New Certificate after OS restore

aeroclub.brocard · February 4, 2024, 7:14am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

portail.aeroclub-brocard.fr

I ran this command:

After a full NAS restore, I've recreated 4 certificates successfully except one.
I get "Le nombre maximum de demandes de certificats est atteints pour ce nom de domaine" meaning "The maximum number of certificate requests has been reached for this domain name".

I've tried to get a certificat yesterday and today unsuccessfully.
But with crt.sh I see this log of successfully request. I don't understand what's going on.

The community help will be appreciated.
Thx
Christophe

crt.sh ID ⇧	Logged At	Not Before	Not After	Common Name	Matching Identities	Issuer Name
11970731496	2024-02-04	2024-02-04	2024-05-04	portail.aeroclub-brocard.fr	portail.aeroclub-brocard.fr	C=US, O=Let's Encrypt, CN=R3
11970731229	2024-02-04	2024-02-04	2024-05-04	portail.aeroclub-brocard.fr	portail.aeroclub-brocard.fr	C=US, O=Let's Encrypt, CN=R3
11959632654	2024-02-03	2024-02-03	2024-05-03	portail.aeroclub-brocard.fr	portail.aeroclub-brocard.fr	C=US, O=Let's Encrypt, CN=R3
11959627139	2024-02-03	2024-02-03	2024-05-03	portail.aeroclub-brocard.fr	portail.aeroclub-brocard.fr	C=US, O=Let's Encrypt, CN=R3

It produced this output:

My web server is (include version):

Apache 2.4

The operating system my web server runs on is (include version):

DSM 7.2.1-69057 Update 1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Synology Security Certificates

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

MikeMcQ · February 4, 2024, 12:25pm

I don't know why Synology would do that either. You might need to ask on a Synology forum.

But, all of your domains are having a problem. Your system is frequently getting certs and you will become rate limited on all of them if you do not correct this.

The portail subdomain is the only one that uses the default Synology self-signed cert though. The others are using the Let's Encrypt cert.

The Let's Debug Cert Search (link here) shows this more easily than crt.sh

Note in crt.sh a single cert will often have two entries. One is a "precert" and the other the "leaf"

aeroclub.brocard · February 4, 2024, 5:23pm

Hello Mike,

Thank you for your answer.
I will be raised a ticket to Synology Support for this strange behavior.

Best regards
Christophe

system · March 5, 2024, 5:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Synology NAS Maximal certificate requests reached for this domain Help	10	494	October 18, 2023
Maximal certificate requests reached for this domain name Help	2	710	February 3, 2022
Requests reached for this domain name Help	6	421	March 24, 2023
Re-create cert for Synology Help	3	467	March 14, 2020
Maximal Certificate Requests reached for this domain Help	2	904	March 21, 2020

Synology New Certificate after OS restore

Related topics