Wildcard on one server prevent renew on another?

My domain is: qwerty-soluciones.com

Hello,

quick question:

if i have a wildcard cert on my hosted webserver, will that prevent me from renewing a specific cert i had for my home nas?

Hi @zanda

no, that' not relevant / possible.

Certificates are independend.

Only thing: The global rate limit:

Max. 50 certificates per domain per week. But that shouldn't be a problem.

1 Like

well i tried to renew 5 times on my NAS got errors everytime. then i hit some sort of daily limit as the error message changed.

i will ask the synology community where to find error logs to see what’s going on…

Then share your first error message to see, why the certificate creation didn't work.

What's the domain name of the nas?

1 Like

it seems to be firewall related… i closed off 80 a few weeks ago and hoped having 443 open would be enough !?

when will the 5 try limit expire so i can try again? 24h?

2019-12-22T16:19:12+01:00 CL4P-TP synoscgi_SYNO.Core.Certificate.LetsEncrypt_1_renew[20909]: certificate.cpp:973 syno-letsencrypt failed. 200 [Fetching http://cl4p-tp.qwerty-soluciones.com/.well-known/acme-challenge/-EDITED FOR PRIVACY-: Timeout during connect (likely firewall problem)]

That's wrong, an open port 80 is required.

The rate limit document has the answer.

1 Like

if i open port 80 on my router, but redirect it to 443 on my nas, would that work?

rate limit for renewals is a week. good that i still have time left before expiry, or i’d be screwed -_-

I don't know. The ACME client must support that.

That's correct, but that's not your rate limit.

Checking your domain there is a configuration error - https://check-your-website.server-daten.de/?q=cl4p-tp.qwerty-soluciones.com

Domainname Http-Status redirect Sec. G
http://cl4p-tp.qwerty-soluciones.com/ 83.47.207.73 400 Html is minified: 106,90 % 0.203 M
Bad Request
https://cl4p-tp.qwerty-soluciones.com/ 83.47.207.73 302 https://cl4p-tp.qwerty-soluciones.com:5001/
Html is minified: 111,29 % 3.250 B
https://cl4p-tp.qwerty-soluciones.com:5001/ -14 10.000 T
Timeout - The operation has timed out
https://cl4p-tp.qwerty-soluciones.com:80/ 83.47.207.73 302 https://cl4p-tp.qwerty-soluciones.com:5001/
Html is minified: 111,29 % 2.830 Q
Visible Content: 302 Found nginx
http://cl4p-tp.qwerty-soluciones.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 83.47.207.73 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0 400 Html is minified: 106,90 % 0.126 M
Bad Request
Visible Content: 400 Bad Request The plain HTTP request was sent to HTTPS port nginx

Your http doesn't work, so Letsencrypt can't validate your domain.

Looks like your port forwarding is wrong - port 80 extern -> port 443 intern.

Port 80 extern -> port 80 intern is required.

1 Like

no. it’s just that those ports are closed right now. i only open them when i (manually) renew my NAS cert. i just thought that 80 wasnt necesary, which i guess was wrong.

i tried 5 times today (with 443 only open) and got 5 errors and then a rate limit error. so i guess i have to wait a week before trying again. and meanwhile, those ports will remain closed.

No, you don't. Read the rate limits documentation a little more carefully.

1 Like

opened 80, renewed. closed 80 again.
thx for the help.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.