I know I had this issue (unable to validate) retrieving the original certificates. After days of searching and trying I finally made it work, but didn't know how. Now, my certificates are about to expire and I have the same issue when I try to renew them. I have tried almost everything, which resulted in a new error "Maximal certificate requests reached for this domain name" for one of the two domains I'm trying to renew (te one stated below). The two domains are exactly the same, except that the other is .be instead of .com.
Tried disabling all firewalls, didn't work. Tried different methods of port forwarding, didn't work. Tried changing security settings on my NAS, didn't work. Tried disabling HSTS in my web service portal, didn't work.
Checked on Open Port Check Tool - Test Port Forwarding on Your Router if port 80 is open for the domain name and IP address. That seems okay.
Also checked letsdebug.net using http-01 ass well as dns-01 and tls-alpn-01. All gave a positive result with 0 fatal errors, 0 errors and 0 warnings.
My certificates expire in a couple of hours and I have no idea what to do to fix this.
My domain is: daviddk.com
I ran this command:
It produced this output:
"Let's Encrypt is unable to validate this domain name. Please make sure your Synology NAS and router have port 80 open to Let's Encrypt domain validation from the internet. All the other communications with Let's Encrypt go over HTTPS to keep your Synology NAS secure."
My web server is (include version):
Nginx / Apache HTTP Server 2.4
The operating system my web server runs on is (include version):
Synology DSM 7.0.1-42218 Update 2
My hosting provider, if applicable, is
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Synology Web Station 3.0.0-0308
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):