On a Synology DSM 2415+ DSM 6.0.2-8451 Update 9 - which previously was using a STARTSSL Certificate that expired this week.
Will not allow for adding a Let’s Encrypt certificate. I removed all other certificates - only a self signed one is shown and the error message is constantly “The operation failed. Please log in to DSM again and retry”
I checked logs - no entry showing successful deletion of certificates.
I confirmed the Synology Web Server is running and port forwarding for Lets Encrypt is connected for Ports 80 and 443 (using FIOS). So, I know that is not the problem.
Any advice on something I didn’t think of would be greatly appreciated.
Did you do this with the Log Center app? In an older thread I noticed that the logs from the Let's Encrypt plugin don't seem to show up there. They get written to /var/log/messages, where you could read them via SSH.
assuming you aren't logged in as root, the sudo will ask for your password and give you root permissions (assuming you're allowed to have root permissions )
The first thing I’d try is placing a plain text file in your webroot/.well-known/acme-challenge/test and then see if you can reach yourdomain.com/.well-known/acme-challenge/test in a browser from somewhere on the internet.
jtucker2017, I’m having the same issue, however it’s not entirely clear to me what you mean by configure the web server to match the domain, are you talking about Web Station or something else?
Ensure it’s running and you can reach it from the internet (port 80 and 443 being open and port forwarding is set correctly through your router to your Synology box)
Open Webstation and create a Virtual Host with the same hostname you are securing your Certificate for (ie mail.MYDOMAIN.com) or whatever the certificate domain info request is for)
Ensure the backend server and PHP is set (along with checking the box for Port 80/443). I used the same default document root “\web”
Go back and request a lets encrypt certificate - and it should work for you. It’s basically trying to confirm the certificate you’re requesting can be reached on Ports 80/443 back to your Synology box and it needs a web server to allow for that validation to take place - not too clear for the everyday layman.
Ahhhh thank you for the clear instructions, after quite a bit of digging I found out I had an issue with my subdomain forwarding… I had it forwarded on domain.tld:8080, the port was obviously throwing a wrench in the works.
I figured this out by not doubting your instructions as they seemed to make perfect sense, I was hinted of the subdomain issue when I tried to issue a new certificate for my domain alone, which worked, so I knew there was an issue with the subdomain part.
So my certificate now has a Subject Alternative Name for my subdomain, however Chrome is still telling me it can’t be reached and shows an error: ERR_SSL_UNRECOGNIZED_NAME_ALERT
However when I navigate to random_subdomain.domain.tld it doesn’t give the same SSL error.
So not sure what I’m doing wrong now, but I guess I got one step closer.
My apologies for not responding for so long, I will not bother you with the details, just with the result:
A while after trying to understand the UI on my domain provider’s site I realized the configuration was incorrect, by default my subdomain.domain.tld was still pointing at subdomain.domain.tld, so I created a CNAME for it to point to domain.tld and it worked.