Try to generate certificate with DSM

Help
#1

My domain is: mcflux.org

I ran this command: Generate certificate with DSM (Synology)

It produced this output: could not validate domain (told me domains is wrong). Now I get the message that the limit to apply for a certificate is reached for my domain. I have a German setup, so I dont know it the error message helps

My web server is (include version): DSM 6.2.2.24922

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): I dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
My synology DSM

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

It tells me I reached the max tries to apply fo a certificate. I didnt realize that those "tires" count as applying when I get an error message...

Followed the following guide: DiskStation Manager - Knowledge Base | Synology Inc.

If I can get one more try, I could chnage to english and identify the error message better.

Kind regards
Patrick

#2

Hi @garcipat

what's the exact error message? There are different limits.

Checking your domain there are only timeouts - see mcflux.org - Make your website better - DNS, redirects, mixed content, certificates

A working port 80 is required if your DSM (normally) uses http validation.

Your ip

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
mcflux.org A 31.164.183.53 Winterthur/Zurich/Switzerland (CH) - Sunrise Communications AG Hostname: xdsl-31-164-183-53.adslplus.ch yes 1 0
AAAA yes
www.mcflux.org A 31.164.183.53 Winterthur/Zurich/Switzerland (CH) - Sunrise Communications AG Hostname: xdsl-31-164-183-53.adslplus.ch yes 1 0
AAAA yes

looks like a home server. Does your ISP allow incoming port 80 traffic?

Correct router / port forwarding configuration?

1 Like
#3

I had my traffic going to a separat computer and I read that I need to disable it. I will fordward teh traffic of port 80 to my synology, maybe this is required that it can talk with Lets Encrypt.

I het the first error message now that tells me, I cannot connect to Lets Encrypt, I should check my domain.

#4

This seem to be the problem before. It couldnt connect because the port was not forwarded. It worked now. Thank you for the hint!

1 Like
#5

Yes, that's required.

Letsencrypt must be able to connect your domain, port 80. So if online tools can't connect your domain, Letsencrypt can't connect.

So we know the DSM error message is a little bit wrong.

1 Like