Unable to renew cert on Synology NAS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ravensbourne.kaznmike.co.uk

I ran this command: On Synology NAS I ran the renew certificate operation as I have done many times before. I do not run a web site as I use certificate for https access to various NAS applications running on ports other than 80/443. Ports 80/443 are open but there is no web site there. This has NEVER been an issue. I have no issue accessing the services on the NAS via the given domain.

It produced this output: A pop up error which basically says it failed and I need to ensure ports 80/443 are open which they are.

My web server is (include version): ngnix

The operating system my web server runs on is (include version): Synology DSM

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No web site

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Do not know

Hello @m1kegibson, welcome to the Let's Encrypt community. :slightly_smiling_face:

Your Ports 80 & 443 are not Open, but filtered.

$ nmap -Pn -p80,443 ravensbourne.kaznmike.co.uk
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-18 20:23 UTC
Nmap scan report for ravensbourne.kaznmike.co.uk (
Host is up.

80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.64 seconds
1 Like

Sorry. I do not understand what that means; maybe you can explain what that means so I can look into it further. I have opened the ports on my router (as I have may times) and initiated the renewal from my NAS. Trouble is, I have little understanding of what my Synology NAS is doing behind the scenes.

1 Like

You likely need to forward ports 80 and 443 to the NAS's IP address (and make sure the address is reserved so that it doesn’t change).

1 Like

I am going to confess to being a complete d***head. I recently put some location based firewall rules in place on my NAS (after noticing a lot of probes that got through my router) and this filtered out the relevant requests originating outside UK. Sorry for wasting your time.


It means that nobody from the Public Internet is able to access your web site.
The HTTP-01 challenge of the Challenge Types - Let's Encrypt requires being able to access your web server via Port 80.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.