Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: cerebral.cua.uam.mx
I ran this command: syno-letsencrypt new-cert -d cerebral.cua.uam.mx -vv
It produced this output:
DNS problem: query timed out looking up A for cerebral.cua.uam.mx; DNS problem: query timed out looking up AAAA for cerebral.cua.uam.mx"
DEBUG: Failed to do challenge for cerebral.cua.uam.mx with type http-01.
DEBUG: close port 80.
My web server is (include version): nginx/1.20.1
The operating system my web server runs on is (include version): DSM 7.1.1-42962
My hosting provider, if applicable, is: --
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): --
Hello everyone,
I am not an expert in web page configuration. However, some years ago I was able to get a certificate for my web page hosted in my Synology NAS.
Recently I tried to get a new certificate for a NEW domain (cerebral.cua.uam.mx) in the same Synology NAS and the same IP.
First, I tried the Synology GUI Tool to obtain a LetsEncrypt certificate, but this time I got a message with this error:
"Invalid domain. Please make sure this domain can be resolved into a public IP address".
Also, I tried the following command line from my NAS to get more information:
syno-letsencrypt new-cert -d cerebral.cua.uam.mx -vv
The final lines of the output were:
--------
DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Fri, 18 Aug 2023 04:43:02 GMT
content-type: application/json
content-length: 672
boulder-requester: 1253688086
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: v8C-B80Y-_RAhVSObDs_bq28yZqQ9DZJ61K-7uhEFkrhSbbdkD8
x-frame-options: DENY
strict-transport-security: max-age=604800
] Body: [{
"identifier": {
"type": "dns",
"value": "cerebral.cua.uam.mx"
},
"status": "invalid",
"expires": "2023-08-25T04:41:39Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: query timed out looking up A for cerebral.cua.uam.mx; DNS problem: query timed out looking up AAAA for cerebral.cua.uam.mx",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/255995631996/Isp0Og",
"token": "_JHZpxA2nhjsSNfFk2iRBCSWm1y5jmQBF6WqGvHwSuk",
"validated": "2023-08-18T04:42:31Z"
}
]
}]
DEBUG: Failed to do challenge for cerebral.cua.uam.mx with type http-01.
DEBUG: close port 80.
{"error":109,"file":"client_v2-base.cpp","msg":"Failed to new certificate."}
--------
I also ran the LetEncrypt Debugging tool to check the status for the http-01 challenge, and I got:
A test authorization for cerebral.cua.uam.mx to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
DNS problem: query timed out looking up A for cerebral.cua.uam.mx; DNS problem: query timed out looking up AAAA for cerebral.cua.uam.mx
In some forums, I found that a possible problem was that port 80 was closed in the router or by the ISP. However, from my HOME (different network) I used this website https://www.yougetsignal.com/tools/open-ports/
and the result was that port 80 is open.
I also used check-host.net and the result is that my website is accessible through port 80 from several countries:
Finally, I checked the A record for my domain using this page:
and the A record is my domain: cerebral.cua.uam.mx
I don't know what other configuration in my NAS to check to find out what the problem is. I hope someone here can please help me to find the error.
Thanks in advance,
Antonio
