Unable to renew a now expired certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: soup2nutsstore.myqnapcloud.com

I ran this command: Update certificate within qnap control panel

It produced this output: Error - check DNS Server and port 80

My web server is (include version): Unknown

The operating system my web server runs on is (include version): QNAP TS-219P+ Ver 4.3.3.2784

My hosting provider, if applicable, is: myqnapcloud.com

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): built in control panel in qnap os.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not using Certbot

This is not enough information to debug your situation unfortunately. Does the QNAP provide more detailed logs somewhere you can share?

2 Likes

For what it's worth, DNSViz reports that AAAA glue records are missing and one of the DNS server isn't responding. That may not be the root of your problem, but it probably isn't helping things.

3 Likes

Hi Osiris, although there are hundreds of logs the only one I can see about the cert says;
Type Date Time Users Source IP Computer name Content
Warning 07/18/2025 09:09:08 AM System 127.0.0.1 localhost [myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain. Not sure if that is helpful. I don't have any more specific logs

Hi Petercooperjr, I have the dns set to 1.1.1.1 and 1.0.0.1 and the internal system check said they were ok. Not sure if that means anything. I also tried port forwarding the http port 80 direct to the NAS but that didn't help thing l used the router upnp set up tool on the NAS too.

Is it unusual that everything works correctly (connectivity wise) but the certificate doesn't want to update? I can't update it from the myqnapcloud.com as well.

Not really, no.

What @petercooperjr mentioned might be some indication, but not sure.. I'm not getting any IPv6 issues.

Earlier, I got an "everything all good" result on Let's Debug (Let's Debug), but now when I re-run it, I get a "ANotWorking" error:

soup2nutsstore.myqnapcloud.com has an A (IPv4) record (74.105.208.153) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://soup2nutsstore.myqnapcloud.com/.well-known/acme-challenge/letsdebug-test": dial tcp 74.105.208.153:80: connect: no route to host

Trace:
@0ms: Making a request to http://soup2nutsstore.myqnapcloud.com/.well-known/acme-challenge/letsdebug-test (using initial IP 74.105.208.153)
@0ms: Dialing 74.105.208.153
@3153ms: Experienced error: dial tcp 74.105.208.153:80: connect: no route to host

And from my perspective, I can't even resolve soup2nutsstore.myqnapcloud.com to an IP address any longer.

So earlier I did not see anything wrong and you got an error with QNAP and now everything seems to break everywhere :man_shrugging:

First steps now for you is to get your QNAP accessible again, in general. If renewing the certificate still doesn't work then while Let's Debug gives the "All OK" signal again, I'd recommend asking some QNAP specific support channel, because the error message provided does not help at all from an ACME perspective.

3 Likes

Hi I'm on the east coast time zone and my NAS shuts down for the evening which explains why you got the no connection. I have no connection issues from any where. I can use the QNAP apps on my phone I can login on the computer from work or on Safari from the road. I just can't renew the certificate.

Ah, that would explain that indeed..

Then I suggest to take this issue up with the QNAP support channels, because the current error message does not explain anything in detail what's going on and without details, there's not much advice we can give you.

4 Likes

Thanks Osiris, I did that this morning, I sent them a detailed explanation of the issue. I cannot find any detailed logs. on a side note I tried to copy and paste a link to this thread and their system wouldn't allow it. Hopefully they'll email me and I can upload it so they know how far we got.
I'll update here if I get any further.
Thanks again, Dennis

2 Likes

Hi Osiris, Although I was not included in the diagnosis, they made me open up a portal to my NAS so they could fiddle with it themselves. Which is still giving me nightmares. They said since my NAS was older the certificate was no longer supported so they needed to get me a new certificate that was supported. Does that make sense to you?

Not really, no.

Did they said you needed to get a new certificate?

Maybe because your NAS is older you need to get an older certificate perhaps? The one thing I can think of, if your NAS is "older", that perhaps its older software can't handle newer ECDSA certificates or something? And you should somehow configure your QNAP ACME client to use an RSA keypair? (How?) But that wouldn't explain the "check DNS Server and port 80" message from the error. Unless QNAP simply slaps that suggestion on EVERY single error an ACME server can produce... Which would be immensely unhelpful from QNAPs side..

Did they provide ANY details? Beyond these vague suggestion?

Perhaps buy a new NAS? Preferably NOT a QNAP? I really have no idea here.. QNAP should provide you with detailed error logs or something, not such a vague suggestion....... They are not helping (more part of the problem if you'd ask me..)

(Especially after providing external, fairly untrusted people [employees from QNAP at least, right?] access to your device.. :roll_eyes:)

3 Likes

Thanks Osiris, I share your frustration but that was all they said. I asked for clarification but they closed the ticket and didn’t respond. I have 3 months on this certificate so I’m a bit worried about what happens then. The NAS is about 5 years old seems a bit premature to get rid of it especially since it’s been pretty reliable. Not to mention I wouldn’t know what other one to get in its place.