I'm unable to get a SNA wildcard certificate from Let's Encrypt using Synology certificate manager. I can get a certificate without the SNA wildcard just fine.
I'm happy to run any shell commands if that would be helpful.
My domain is:
fresh. quatrelle .synology. me
I ran this command:
DSM > Control Panel > Security > Certificate > Add > Replace Existing Certificate > quatrelle .synology .me > Get a vertificate from Let's Encrypt > Set as default certificate
I know, I did look in the logs within the GUI but there's nothing at all at the time of the failure.
I'll try to find out where it logs at a unix level and check there.
There are a handful mentions of this error elsewhere on the forum (you've responded to some) but those other people are using their own domain pointing to their xxx .synology .me domain. But I'm just using the xxx .synology .me domain alone.
I'm requesting a new cert because my previous (first!) one ran out Thursday 12th and renewed Friday 13th without the wildcard. So, this is my first renewal.
We can see the change from with wildcard before to without wildcard in the historical records. Why would this happen?
2022-05-14T01:50:30+01:00 quatrelle syno-letsencrypt: syno-letsencrypt.cpp:121 Failed to do new authorization, may retry with another type. [{"error":202,"file":"client_v2.cpp","msg":"Failed to setup challegne for quatrelle .synology .me of dns-01"}
]
2022-05-14T01:50:31+01:00 quatrelle syno-letsencrypt: syno-letsencrypt.cpp:121 Failed to do new authorization, may retry with another type. [{"error":200,"file":"client_v2.cpp","msg":"do new auth by path: failed to do challenge."}
]
2022-05-14T01:50:31+01:00 quatrelle synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[5328]: certificate.cpp:966 syno-letsencrypt failed. 102 [Failed to new certificate.]
2022-05-14T01:50:31+01:00 quatrelle synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_create[5328]: certificate.cpp:1400 Failed to create Let's Encrypt certificate. [102][Failed to new certificate.]
other info
IPv4 only (IPv6 off)
ports 80,443,5000,5001 open, forwarded
web pages are accessible at /.well-known/acme-challenge/...
see you next week
i have exhausted certificates this week trying to fix this, will resume next week.
With no confidence this issue would be able to be resolved: I've switched to using acme.sh to issue a LE wildcard certificate on a subdomain of one of my own short domain names, which is hooked via CNAME record to a DDNS domain name. This gives me my own choice of domain as DDNS.
Everything is working well with this setup.
Thanks to everybody who responded in this thread. I won't be marking any reply as the solution as the original problem remains unresolved.