Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: station.bywater.nz
I ran this command: syno-letsencrypt renew-all -vv
It produced this output: (snippet only)
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3049612251
DEBUG: Post value: {
“payload” : “”,
“protected” : “”,
“signature” : “”
}
DEBUG: Curl Reply: [200] Header: [HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Mar 2020 08:58:27 GMT
Content-Type: application/json
Content-Length: 722
Connection: keep-alive
Boulder-Requester: 72221703
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce:
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
] Body: [{
“identifier”: {
“type”: “dns”,
“value”: “station.bywater.nz”
},
“status”: “valid”,
“expires”: “2020-03-29T00:34:15Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/”,
“token”: “”,
“validationRecord”: [
{
“url”: “http://station.bywater.nz/.well-known/acme-challenge/”,
“hostname”: “station.bywater.nz”,
“port”: “80”,
“addressesResolved”: [
“122.57.95.34”
],
“addressUsed”: “122.57.95.34”
}
]
}
]
}]
My web server is (include version): N/A
The operating system my web server runs on is (include version): Synology DSM 6.2
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): N/A
I am having issues renewing the LetsEncrypt certificate for the above domain. I started with the Synology UI to do the renewal but this errored and didn’t provide much detailed information so I found the syno-letsencrypt CLI which allowed more comprehensive logs and allowed me to find that, it appears, that LetsEncrypt’s services are using an old IP address for the domain rather than what it currently is as it ends up with an error about not being able to talk to the server (which it wouldn’t if it was using the old IP address).
I have checked various DNS servers via whatsmydns.net and found that the new IP address appears to have been propogated out to DNS servers worldwide so not sure why it appears that the old IP address is being used.
Am I wrong in thinking that the validation record like the one shown is what LetsEncrypt would try and talk with to check the validity of the request and if so I wonder what next steps can be taken to try and get the request to use the new IP address?
Thanks in advance.