DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Topics including remote access and management can go here, including port forwarding, telnet, ssh, and advanced network settings.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Mon Feb 13, 2017 1:56 pm

Dear Community,

I started with a DS214play and I purchased recently a DS916+. The DS214play is now just a backup not accessible to the internet and doing sync with the new main DS916+.
The new DS916+ was working just perfectly until one week ago and since then I get these 2 symptoms:
1) When using any service (DScam, DSphoto, DSfile, MailPlus) I get the message: "The SSL-Certificate on the diskstation is not trusted. This could mean, that you have a self signed certificate, or that someone is trying to spoof your connection" (translated from german).
2) When using DSM over Firefox/Edge/IE I get connection timed-out and can never see the login screen. Only IE tells me to activate TLS1.0, 1.1 and 1.2. But it is already activated.

A little bit on my configuration:
domain: I have one from GoDaddy. The A DNS entry is directed to my fix IP.
router: I have a Cisco ISR. All needed ports are redirected to the Diskstation and the firewall is also working. I have however tried to turn it completely off and still the same error persists.
certificate: I have one from Lets Encrypt issued to my domain. It is still valid and seems to be ok. All services are configured to work on this certificate. The original from synology is not deleted, but the default is the new one.
firewall: the firewall on the diskstation is also configured correctly. And I have also tried disabling it completely and it still does not work.
dsm: I have the latest DSM 6 installed. I used to let automatic updates be performed. Since this weekend I changed this configuration and will update only if I really have to.

The funny thing is that the system was working perfectly until one week ago.
I know that the requests are coming to the diskstation. I know this because:
3) When I hit the domain on port 80 (if I open it) I get the WebServer.
4) I also see on my router when packets are reaching from the internet. Every time I try to connect from the android app I see one packet reaching the diskstation on the correct port with the permission of the firewall.


I don't know what could have gone wrong. I have reviewed my configuration many times. I have even issued a new certificate from lets encrypt and nothing works.
The support from Synology keeps telling me to check router ports and on that pace I will have the problem solved in a few months.
The biggest problem is having my Email server down and not receiving emails from those accounts.
Does anybody have any suggestion?
I am no IT guy and I am on my limit here. My thinking right now is....

5) Is there any kind of black list for certificates and maybe my IP landed on it?
6) Could anyone be really messing with the DNS and re-routing traffic to a different IP? How can I test this? This is anyway unlikely since I see packets reaching my router when I try to connect.
7) Internet, DNS and router should be working fine. I get access using HTTP from Internet or LAN.

I appreciate any help. Thanks!
Last edited by br8bruno on Tue Feb 14, 2017 9:16 am, edited 2 times in total.
User avatar
Rusty1281
Distinguished
Distinguished
Posts: 862
Joined: Fri Jun 03, 2011 10:51 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby Rusty1281 » Mon Feb 13, 2017 8:36 pm

Sounds like your https requests are not working. You might try and import LE root cert. It might be that browsers are dropping requests that are using that cert because it cant be verified. This is just of the top of my head, considering that everything works via http. If you havent upgrade anything or changed your FW rules it might be a simple ssl problem.
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1)
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Tue Feb 14, 2017 9:11 am

What do you mean by importing the LE root certificate? To make it available at the list of certificates in windows? I think I could try that.
It is just weird that it used to work on the same PC, with the same browsers.

I didn't get any reply from support for 4 days now. The first time they just asked some very basic stuff.
So I am considering doing a master reset. However the reset function also deletes all my files. Is there any option to reset only the configuration?
Is there any way to restore all system files? Maybe something got corrupted or something.

I strongly believe that the problem is on the Diskstation and it is probably some bizarre error or corrupted system file that it will be impossible to find.
I can't go another week without emails and files on the road.
User avatar
Rusty1281
Distinguished
Distinguished
Posts: 862
Joined: Fri Jun 03, 2011 10:51 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby Rusty1281 » Tue Feb 14, 2017 7:10 pm

Noticed that you posted on Reddit as well.

Regarding your reset question read up on this: https://www.synology.com/en-global/know ... nology_NAS but in short you wont lose your data. Just be sure to READ UP all of it before you go through with it.

I still think its a matter of your SSL on some lvl. You can try and again reissues the cert, import its root cert on your PCs (there is also a possibility that something regarding that cert has gone wrong on your computers/browsers) or setup SSL from scratch.
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1)
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Thu Feb 16, 2017 9:52 am

I had another very frustrating night with my Synology DS916+...

I did the full reset and reinstalled DSM. I am glad it didn't erase any data, that is a positive point. Everything else was just as bad as it could get.

After the new installation I just went and set my domain for the eternal access, no firewall enabled, and just the self signed certificate.
I was able to connect to DSM using http://mydomain.com:5000. When trying https://mydomain:5001 the page will not load. Using https://lan-ip:5001 it will give me the certificate warning and I could access DSM.
Then I tried to create a new certificate from Let's Encrypt. That did not work. I get a message saying I have to open port 80 and the log messages say the same thing: "not able to open port 80". The port 80 is however open and redirected to the diskstation. When I try http://mydomain.com:80 I see on my router the packet being permitted and transfered, but my browser is redirected to http://mydomain.com:5000. It is the diskstation that is doing this.
I have seen a tutorial saying that the Web Station has to be installed and running to create a Let's Encrypt certificate and I tried that as well. With this service running the problem is exactly the same. Just now port 80 won't be redirected to port 5000, the connection is just refused.
The guy from Synology support (after 5 days waiting) just told me that I have to stop Web Station because otherwise this service will block port 80 for itself.

Just another update. This morning the access over http://mydomain.com:5000 is not working as well. Connection refused. The packets are however being forwarded to the diskstation and it is the diskstation refusing the connection. Nothing changed over the night, it just stoped working. The IP and DNS configuration are the same. I have a simple configuration of my fixed IP to the A DNS protocol.

In the end it is just a bag of cats, no idea what to do next and this is just not acceptable.
Synology support will respond one email every 5 days and there is no other way to contact them.
The device seems to be doing some crazy stuff that I cannot understand.
Its been 2 weeks without being able to use my email accounts, no access to my security cameras and not files on the road.

Can anybody help? Do people from Synology ever check this forum?
I owned a DS214play and just bought a DS916+ for home use. These devices are not cheap and I was hoping for better support.
User avatar
Rusty1281
Distinguished
Distinguished
Posts: 862
Joined: Fri Jun 03, 2011 10:51 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby Rusty1281 » Thu Feb 16, 2017 12:16 pm

Sorry to hear that you have so much problem with your 916+. As a syno user for the past 8y I have never had similar experience. As far as support goes, no official syno support on the forum, and getting an email support after xy days is normal.

Their weakest point I have to say.

Not sure what to tell you regarding your current problem, considering that it puzzles me as well. I'm guessing you have no similar problems with your older model? If so, is there an option to change 916+ for a different model or get a replacement unit?
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1)
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Fri Feb 17, 2017 1:43 pm

It just worked.
I still don't know how or why it worked.
Didn't change anything on the router... the problem now is to imagine that it could stop working again for no reason, at any time.

:cry:
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Sat Feb 18, 2017 9:20 am

And just like that it stoped working again.
Went to sleep yesterday and everything worked. Woke up now and all services are down.
The same thing as before, the connection is just refused: "Unable to connect" says Firefox, "can't reach this page" says Edge. And the Android apps all say that the SSL certificate is not trusted.

Again the router is working just fine. It is the diskstation refusing the connection.
User avatar
Rusty1281
Distinguished
Distinguished
Posts: 862
Joined: Fri Jun 03, 2011 10:51 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby Rusty1281 » Sat Feb 18, 2017 3:40 pm

I say you return that box and get a new one. Not worth the trouble
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1)
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Mon Feb 20, 2017 12:42 pm

It is working again. And I believe I now know the reason why.

I have to run the "Web Station" and configure it with "nginx" and "php 5.6".
If I remove the "php 5.6" and leave it "not configured" then all services are no longer accessible through https, just through htttp.

I don't know if this makes sense or not. I tried it a couple of times and service was not reachable unless the configuration is done as I told.
I didn't want to test too much and find something else going wrong.


Could you please tell me what your configuration on Web Station is? Could you do the same test?
User avatar
Rusty1281
Distinguished
Distinguished
Posts: 862
Joined: Fri Jun 03, 2011 10:51 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby Rusty1281 » Mon Feb 20, 2017 2:38 pm

Glad you found something that might be related to this problem. I cant confirm this considering I have both NAS setup to use web station and I have users active atm. However I can confirm that PHP setting is 5.6 PHP and http backed I use Apache (2.2 version. 2.4 is not installed).

So are these setting being changed without your modification, on their own, or have you changed them at one point?
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1)
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Mon Feb 20, 2017 3:00 pm

Some services installed apache and php automatically. And this changes the configuration on Web Station.
This is the only way I can explain it.

At some point I must have changed this configuration as well, since I was trying to change everything and see what happens. This is how I came to this solution.
I did the hard reset and then went all configurations step by step testing if it would work. As soon as it worked I went on adding all security services that I used to have and it worked every step of the way... hence, this must have been the problem :)
br8bruno
Trainee
Trainee
Posts: 14
Joined: Mon Feb 13, 2017 12:50 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby br8bruno » Tue Feb 21, 2017 9:53 am

It stopped working again. So the solution I suggested is not correct.
I also did another test to eclude the possibility of a defect hardware. I substituted my DS916+ with my 214play and used the same configuration and services. The problem occurs exactly the same way.

I need more information to find the problem here. How can I get more logs from the diskstation?
I am getting again the "connection refused" from the diskstation. The router is working correctly and sending the requests through.
If the diskstation is refusing the connection there should be some kind o logging for it. How do I get these logs?
I am able to log into my diskstation using putty and access root. I just need to now what files to read. Can anybody help?
User avatar
Rusty1281
Distinguished
Distinguished
Posts: 862
Joined: Fri Jun 03, 2011 10:51 pm

Re: DS916+ refusing HTTPS connection - ran out of ideas to try, please help

Postby Rusty1281 » Tue Feb 21, 2017 10:35 am

/etc/httpd/logs
/var/log

check these destinations for various logs
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1)

Return to “Remote Access and Network Management”

Who is online

Users browsing this forum: No registered users and 4 guests