Synology won't update cert

IIIPgCIII · June 29, 2017, 9:28pm

Please fill out the fields below so we can help you better.

I ran this command: /usr/syno/sbin/syno-letsencrypt renew-all -vv

It produced this output: Lots of output, but at the end:

] Body: [{“code”:“badparam”}]
DEBUG: Dns01 challenge: Teardown [{“code”:“badparam”}].
DEBUG: DNS challenge failed, reason: {“error”:203,“file”:“client.cpp”,“msg”:“Challenge setup is failed.”}

DEBUG: Normal challenge failed, reason: {“error”:107,“file”:“client.cpp”,“msg”:“syno.paulcomo.com: Fetching https://pcomo.synology.me:5001/.well-known/acme-challenge/-2hSSdRWx-UprW4Tji52x9Rrxph3F0Atx-RGXbopbF0: Timeout”}

DEBUG: failed to open port 80.

Port 80 is open, and 443. I also allowed those ports through the Synology firewall. http://canyouseeme.org/ can see those ports fine.

It is expiring 7/10.

Patches · June 30, 2017, 1:33am

syno.paulcomo.com has an A record pointing to 184.168.221.12 and there appears to be no web server listening there, which would explain why validation fails.

pcomo.synology.me has an A record pointing to 71.167.163.27 and does have a web server listening.

Perhaps the A record for syno.paulcomo.com is out of date? (If so, consider making it a CNAME to pcomo.synology.me to avoid having to manually update it in the future.)

IIIPgCIII · June 30, 2017, 11:15am

That did it, thanks!

system · July 30, 2017, 11:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.