Try to generate certificate with DSM

garcipat · February 22, 2021, 4:56pm

I ran this command: Generate certificate with DSM (Synology)

It produced this output: could not validate domain (told me domains is wrong). Now I get the message that the limit to apply for a certificate is reached for my domain. I have a German setup, so I dont know it the error message helps

My web server is (include version): DSM 6.2.2.24922

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): I dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
My synology DSM

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

It tells me I reached the max tries to apply fo a certificate. I didnt realize that those "tires" count as applying when I get an error message...

Followed the following guide: DiskStation Manager - Knowledge Base | Synology Inc.

If I can get one more try, I could chnage to english and identify the error message better.

Kind regards
Patrick

JuergenAuer · February 22, 2021, 5:04pm

Hi @garcipat

what's the exact error message? There are different limits.

Checking your domain there are only timeouts - see mcflux.org - Make your website better - DNS, redirects, mixed content, certificates

A working port 80 is required if your DSM (normally) uses http validation.

Your ip

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
mcflux.org	A	31.164.183.53 Winterthur/Zurich/Switzerland (CH) - Sunrise Communications AG Hostname: xdsl-31-164-183-53.adslplus.ch	yes	1	0
	AAAA		yes
www.mcflux.org	A	31.164.183.53 Winterthur/Zurich/Switzerland (CH) - Sunrise Communications AG Hostname: xdsl-31-164-183-53.adslplus.ch	yes	1	0
	AAAA		yes

looks like a home server. Does your ISP allow incoming port 80 traffic?

Correct router / port forwarding configuration?

garcipat · February 22, 2021, 5:26pm

I had my traffic going to a separat computer and I read that I need to disable it. I will fordward teh traffic of port 80 to my synology, maybe this is required that it can talk with Lets Encrypt.

I het the first error message now that tells me, I cannot connect to Lets Encrypt, I should check my domain.

garcipat · February 22, 2021, 5:30pm

This seem to be the problem before. It couldnt connect because the port was not forwarded. It worked now. Thank you for the hint!

JuergenAuer · February 22, 2021, 5:43pm

Yes, that's required.

Letsencrypt must be able to connect your domain, port 80. So if online tools can't connect your domain, Letsencrypt can't connect.

So we know the DSM error message is a little bit wrong.

system · March 24, 2021, 5:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.