I ran this command: syno-letsencrypt new-cert -d subdomain.damacus.io -m @damacus.io -vv
It produced this output:
Generic error message failed to open port 80.
The most relevant bit of the debug output is DEBUG: [x.damacus.io] is not a subdomain of [x.synology.me]
My web server is (include version): nginx/1.11.10
The operating system my web server runs on is (include version): synology diskstation 6.1.3
My hosting provider, if applicable, is: self-hosted
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Tried both the Synology control panel & CLI.
Extra Information:
I’m using DDNS provided by synology to make my disk stations dynamic IP reachable. However that means that my DNS entry for x.damacus.io actually points to x.synology.me which is then resolvable, and does get resolved by the CLI tool.
This has been working for 3 renewals. So I don’t quite know what’s going on.
Port forwarding for both 443 & 80 are still on.
I can reach the webpage via curl -L
Let’s Encrypt starting refusing issue in the event of CAA lookup failures about a month ago in preparation for the CA/Browser Forum deadline requiring CAA checks of September 8. It would have stopped working at this point.
If you own a domain, you could create a dedicated CNAME entry (like: special.mydomain.tld) from it that resolves to the sinology.me FQDN and obtain a cert for the FQDN from your domain.
@damacus I’m curious… Did you find a solution already? I’m experiencing exactly the same problem on my Synology. And I do have the same setup as you describe (using the Synology DDNS)