Unable to create certificate from synology

Help
1

My domain is: cloud.xts.nl

I run Synology DSM version: 6.2.2-24922-4
My web server is (include version): apache 2.4 and php 7.2
I can login to a root shell on my machine: yes
I currently only have 1 certificate installed, the default synology.com one.

I try to install my own certificate via the Synology tool using the “Get a certificate from Let’s Encrypt” on my Synology NAS with the following settings:

domain name: xts.nl
e-mail: admin@xts.nl
subject alternative name: cloud.xts.nl;homenas.xts.nl;wolk.xts.nl

There are CNAME records in place for cloud.xts.nl, homenas.xts.nl and wolk.xts.nl

ports 80, 443, 887-888, 5000 5001 are all forwarded to my Synology NAS.

The error I get is: “Failed to connect to Let’s encrypt. please make sure the domain name is valid.”

What am I doing wrong? what is the issue? I cannot seem to get logfiles containing this error.

1 Like
2

That seems to indicate a problem with the outbound connection.
Does the Synology have access to the Internet?
Does it have access to DNS?

1 Like
3

Hi @letsencryptxtsnl

there are some checks of your domain - https://check-your-website.server-daten.de/?q=cloud.xts.nl

~~ 45 minutes old, only timeouts. But two checks this morning with a Grade N and a working port 80.

That configuration looks better, the current configuration can't work.

This morning, there is a Synology answer. Now (checked with my browser) there is

Apache is functioning normally

So that's

wrong, your Synology doesn't see these requests.

1 Like
4

I logged into my synology via SSH and I can confirm I have internet access. I can ping www.synology.com and www.letsencrypt.org.
DNS is working.

5

OKE, I got it working.
temporarily opened the ports 80, 443, 778-888, 5000 and 5001 on my FR/router to my Synology NAS.
entered the same domain name as the subject alternative name in the Certificate screen.
It seems these two need to have the same IP address, so the names should be the same.

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.