"The operation failed. Please log in to DSM again and retry"

On a Synology DSM 2415+ DSM 6.0.2-8451 Update 9 - which previously was using a STARTSSL Certificate that expired this week.

Will not allow for adding a Let’s Encrypt certificate. I removed all other certificates - only a self signed one is shown and the error message is constantly “The operation failed. Please log in to DSM again and retry”

I checked logs - no entry showing successful deletion of certificates.

I confirmed the Synology Web Server is running and port forwarding for Lets Encrypt is connected for Ports 80 and 443 (using FIOS). So, I know that is not the problem.

Any advice on something I didn’t think of would be greatly appreciated.

Did you do this with the Log Center app? In an older thread I noticed that the logs from the Let's Encrypt plugin don't seem to show up there. They get written to /var/log/messages, where you could read them via SSH.

Thank you PFG.

Q:How do you read the with SSH? I logged in via SSH as an administrator and didn’t have permission to view the file. It’s

-rw-rw---- 1 system log 9343803 Feb 5 12:07 messages

I tried to change the permissions to allow for +r, but keep getting permission denied.

try

sudo less /var/log/messages

assuming you aren't logged in as root, the sudo will ask for your password and give you root permissions (assuming you're allowed to have root permissions )

Duhp, thank you!! :slight_smile:

So the error message is

"certificate.cpp:1359 Failed to create Let’sEncrypt certificate. [1][syno-letsencrypt output is not a json: { “error”: 102, “msg”: "Invalid response from http://MYDOMAINNAME.com/.well-known/acme-challenge/fbAS4g6tieuwZ50Z7KmcWUBb4RhFBgdn_5ttwvcxOzI: “”

Any ideas what could the “syno-letsencrypt output is not a json” problem be in requesting a Letsencrypt certificate?

The first thing I’d try is placing a plain text file in your webroot/.well-known/acme-challenge/test and then see if you can reach yourdomain.com/.well-known/acme-challenge/test in a browser from somewhere on the internet.

Thank you!! All good - needed to configure the Web server to match the domain name. Once done, that all worked!!

Much appreciated.

1 Like

Great, glad you have it all sorted :slight_smile: and thanks for explaining (always useful for others hitting similar issues )

jtucker2017, I’m having the same issue, however it’s not entirely clear to me what you mean by configure the web server to match the domain, are you talking about Web Station or something else?

Install the Synology package called Webstation.

Ensure it’s running and you can reach it from the internet (port 80 and 443 being open and port forwarding is set correctly through your router to your Synology box)

Open Webstation and create a Virtual Host with the same hostname you are securing your Certificate for (ie mail.MYDOMAIN.com) or whatever the certificate domain info request is for)

Ensure the backend server and PHP is set (along with checking the box for Port 80/443). I used the same default document root “\web”

Go back and request a lets encrypt certificate - and it should work for you. It’s basically trying to confirm the certificate you’re requesting can be reached on Ports 80/443 back to your Synology box and it needs a web server to allow for that validation to take place - not too clear for the everyday layman.

Hope this helps!!
JT

2 Likes

Ahhhh thank you for the clear instructions, after quite a bit of digging I found out I had an issue with my subdomain forwarding… I had it forwarded on domain.tld:8080, the port was obviously throwing a wrench in the works. :confounded:

I figured this out by not doubting your instructions as they seemed to make perfect sense, I was hinted of the subdomain issue when I tried to issue a new certificate for my domain alone, which worked, so I knew there was an issue with the subdomain part.

So my certificate now has a Subject Alternative Name for my subdomain, however Chrome is still telling me it can’t be reached and shows an error: ERR_SSL_UNRECOGNIZED_NAME_ALERT
However when I navigate to random_subdomain.domain.tld it doesn’t give the same SSL error.

So not sure what I’m doing wrong now, but I guess I got one step closer. :slight_smile:

If you provide your domain name, we can have a look at what the problem is that you are having.

My apologies for not responding for so long, I will not bother you with the details, just with the result:
A while after trying to understand the UI on my domain provider’s site I realized the configuration was incorrect, by default my subdomain.domain.tld was still pointing at subdomain.domain.tld, so I created a CNAME for it to point to domain.tld and it worked.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.