Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:conant.com
I ran this command:get a certificate from Let's Encrypt on Synology DSM 7.1.1 (latest)
It produced this output:Let's Encrypt is unable to validate this domain name...
My web server is (include version):Wordpress custom install on Synology, latest version as of Jan '23
The operating system my web server runs on is (include version):DSM 7.1.1
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know):Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):n/a
I got it working back in January. Not sure where the hangup is. Currently using eero as the router and both 80 and 443 are forwarded (TCP and UDP) to the synology's local IP.
AAAANotWorking
Error
conant.com has an AAAA (IPv6) record (2600:1700:b770:515f:211:32ff:fed4:15dd) but a test request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address. You should either ensure that validation requests to this domain succeed over IPv6, or remove its AAAA record.
A timeout was experienced while communicating with conant.com/2600:1700:b770:515f:211:32ff:fed4:15dd: Get "http://conant.com/.well-known/acme-challenge/letsdebug-test": dial tcp [2600:1700:b770:515f:211:32ff:fed4:15dd]:80: i/o timeout
Trace:
@0ms: Making a request to http://conant.com/.well-known/acme-challenge/letsdebug-test (using initial IP 2600:1700:b770:515f:211:32ff:fed4:15dd)
@0ms: Dialing 2600:1700:b770:515f:211:32ff:fed4:15dd
@10004ms: Experienced error: dial tcp [2600:1700:b770:515f:211:32ff:fed4:15dd]:80: i/o timeout
InternalProblem
Warning
An internal error occurred while checking the domain
An unknown issue occurred when performing a test authorization against the Let's Encrypt staging service: acme: challenge update timeout
Also it looks like the it is configured for for the domain name conant.synology.me instead of conant.com base off of the certificate presently being served.
Common Name: conant.synology.me
SANs: DNS:conant.synology.me
Total number of SANs: 1
Thanks all! It started working, but not sure what I changed to make it so:
@Bruce5051 I had added the AAAA record last night while trying to debug. I just removed it. Also, last night I deleted the expired conant.com certificate and tried to recreate (but wasn't able to). the Synology settings defaulted my conant.synology.me certificate in place of the conant.com one when I did so. I've now switched it back.
I turned off "deny incoming ICMP echo requests from WAN" on my router, not sure if that was a factor
So, all is good for now! Again, not sure why it stopped working, or what I did to fix it, but thanks for the debugging help!