Wildcard on synology dsm6.2

Help
1

My domain is:alhumbhra.com

I ran this command: i used sslforfree.com and zerossl.com and own DSM6.2

It produced this output: many kinds of errors like: something went wrong, not all domains could be ~.

My web server is (include version): apache2.4 and php

The operating system my web server runs on is (include version): synology dsm6.2

My hosting provider, if applicable, is: for domain name is google

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):inside the dsm mostly

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):no cerbot usually in synology i get my cecrtificate. but now it is about getting a wildcard in synology. most instructions do not apply to synology and they have few to no answers when it comes to this. i simply want a https://alhumbhra.com and https://*.alhumbhra.com. but so far only the basic works and issueing one from domains are a headage. cause i do not know how to keep an eye on dns records with the help of “dos command” like “nslookup -q=”. generating a csr is easy, pasting it in the wizard to continue i get the next thing to do and this is where i get stuck with every single one of all the tools i came in contact with (that are possible in my case) every time i click on next, i get error that seomething went wrong. The TTL is from 1 minute to 3 hours which i waited out patiently. ipv4 is _acme-challenge.alhumbhra.com and the text for example HofcIMU7DR_FtKVO43Z4otJgj6zxQUv3y62jgQvVNlg. i did this more that 15 time this far. i was even worried my ip was blacklisted when it tried checking it on dns checking sites. for 8 weeks i am patiently trying to figuring it out but i believe i should get some help so here i am. Thanks Guys.

2

Wildcard certs require DNS authentication.
That means adding TXT record(s) into your Internet DNS zone.
I don't think there is a way to have the Synology system do that for you.
You would have to handle the whole process yourself.

Preferably with a client that supports an API that can automatically update your DNS zone.
[which seems to be handled by Google - there should be an API for that]

1 Like
3

Hi @thifop

your correct nslookup code:

nslookup -type=txt _acme-challenge.alhumbhra.com.

You can also use online tools like ( https://check-your-website.server-daten.de/ - own tool) to check such things, such tools don't used cached data.

You want one certificate with two domain names. So you have to create two TXT entries with the same name

_acme-challenge.alhumbhra.com

and two different values.

  • create value 1
  • create value 2
  • wait one minute
  • use a tool to check
  • if you see the two different entries, next step
1 Like
4

I tried it again but no luck thas far.

1
1.jpg1256×757 153 KB

2
2.jpg924×340 43.7 KB

3
4
4.jpg1255×850 135 KB

5

You have the “Naam” and “Gegevens” the wrong way around…

Swap them.

6

Your second picture shows, that you have created the wrong entries.

Two entries with the same name, but different values.

Perhaps use as name only

_acme-challenge

it's possible that your menu adds the domain name.

7

i tried that the very first time but never got it to work so afterwards i switched them and than i got through but still no success in the end.

5
5.jpg934×350 80.3 KB

8

You have only created one entry:

TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
alhumbhra.com ok 1 0
www.alhumbhra.com ok 1 0
_acme-challenge.alhumbhra.com VOAV7SpDtAa00QSbKK80tTQ0TNV_AayZ3ILmh87A5ao looks good 1 0

You need two entries with the same name and different values.

9

that is what i get only one entry for the second entry i get error “record is al in gebruik” (record is already in use)

10

You need to edit the existing TXT record, and press the + button next to the value. It will allow you to add a second value.

Very confusing UI.

1 Like
11

There is a +

com
com934×350 65.2 KB

1 Like
12

can you give an example like before. when it comes to these things im like a noob. newly born unknown what to do, just copy and paste.

13

i finally got it to work but than i hit next but still got a problem2019-02-21_095508

2019-02-21_095441
2019-02-21_095441.jpg1225×816 170 KB

than i just hit next again and get another error “Unexpected error”

14

i tried it again and still the same error. ill try it with other tools to get it done. is there a tool for synology you would recommend it saves time to figure one out i use apache with php backend and have nginx optional as backend as well. my dsm is 6.2. i can access root access to my synology with putty.

15

This isn't the same error.

You can't use the same private key as account key and as certificate key.

You have to create a new key pair to create the CSR.

16

i don´t i understand.
i only use the site’s csr generator and wizard.
in csr generator i type in my site and its wildcard that creates a key and csr
in wizard i paste them in the key (left) and csr (right) order.
now i come in the window of the pictures. hit enter than get the new error. about account key etc. i closed the windows before, to make sure it is a clean start. i really hope i have missed a step or two so i can give it another try.
???account key, private key, certificate key???
i must say you guys are very clear and i see evolution speeding up being here. I thank you for that. And here i thought i was the only one in the world being too advance for my own good.

17

That's wrong.

You paste the CSR key in the account key field.

Let the left field empty.

1 Like
18

Yes it worked.

thanks for the time and help you all gave me and especially you JuergenAuer.

2 Likes
19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.