My domain is: qwerty-soluciones.com
Hello,
quick question:
if i have a wildcard cert on my hosted webserver, will that prevent me from renewing a specific cert i had for my home nas?
Hi @zanda
no, that' not relevant / possible.
Certificates are independend.
Only thing: The global rate limit:
Max. 50 certificates per domain per week. But that shouldn't be a problem.
1 Like
well i tried to renew 5 times on my NAS got errors everytime. then i hit some sort of daily limit as the error message changed.
i will ask the synology community where to find error logs to see what’s going on…
Then share your first error message to see, why the certificate creation didn't work.
What's the domain name of the nas?
1 Like
it seems to be firewall related... i closed off 80 a few weeks ago and hoped having 443 open would be enough !?
when will the 5 try limit expire so i can try again? 24h?
2019-12-22T16:19:12+01:00 CL4P-TP synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_renew[20909]: certificate.cpp:973 syno-letsencrypt failed. 200 [Fetching http://cl4p-tp.qwerty-soluciones.com/.well-known/acme-challenge/-EDITED FOR PRIVACY-: Timeout during connect (likely firewall problem)]
That's wrong, an open port 80 is required.
The rate limit document has the answer.
1 Like
if i open port 80 on my router, but redirect it to 443 on my nas, would that work?
rate limit for renewals is a week. good that i still have time left before expiry, or i’d be screwed -_-
I don't know. The ACME client must support that.
That's correct, but that's not your rate limit.
Checking your domain there is a configuration error - https://check-your-website.server-daten.de/?q=cl4p-tp.qwerty-soluciones.com
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://cl4p-tp.qwerty-soluciones.com/ 83.47.207.73 | 400 | Html is minified: 106,90 % | 0.203 | M |
| Bad Request | ||||
| • https://cl4p-tp.qwerty-soluciones.com/ 83.47.207.73 | 302 | https://cl4p-tp.qwerty-soluciones.com:5001/ | ||
| Html is minified: 111,29 % | 3.250 | B | ||
| • https://cl4p-tp.qwerty-soluciones.com:5001/ | -14 | 10.000 | T | |
| Timeout - The operation has timed out | ||||
| • https://cl4p-tp.qwerty-soluciones.com:80/ 83.47.207.73 | 302 | https://cl4p-tp.qwerty-soluciones.com:5001/ | ||
| Html is minified: 111,29 % | 2.830 | Q | ||
| Visible Content: 302 Found nginx | ||||
| • http://cl4p-tp.qwerty-soluciones.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 83.47.207.73 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0 | 400 | Html is minified: 106,90 % | 0.126 | M |
| Bad Request | ||||
| Visible Content: 400 Bad Request The plain HTTP request was sent to HTTPS port nginx |
Your http doesn't work, so Letsencrypt can't validate your domain.
Looks like your port forwarding is wrong - port 80 extern -> port 443 intern.
Port 80 extern -> port 80 intern is required.
1 Like
no. it’s just that those ports are closed right now. i only open them when i (manually) renew my NAS cert. i just thought that 80 wasnt necesary, which i guess was wrong.
i tried 5 times today (with 443 only open) and got 5 errors and then a rate limit error. so i guess i have to wait a week before trying again. and meanwhile, those ports will remain closed.
No, you don't. Read the rate limits documentation a little more carefully.
1 Like
opened 80, renewed. closed 80 again.
thx for the help.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.