Let's Encrypt certificate creation not working

Topics including remote access and management can go here, including port forwarding, telnet, ssh, and advanced network settings.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
overtone85
I'm New!
I'm New!
Posts: 7
Joined: Thu May 11, 2017 12:17 pm

Let's Encrypt certificate creation not working

Postby overtone85 » Wed Aug 02, 2017 5:30 pm

Hi

I purchased a DS1517+ about 6 weeks ago. I would like to use the Synology apps on iPhone and also protect myself with encryption/https.

I don't know anything about setting ports, or setting up a firewall. So don't take anything for granted because I might not know what you're saying.

Here's what I tried.

I updated DSM to the latest version as of yesterday. DSM 6 but I don;t remember which specific version (I'm not at home at the moment).

I've setup a QuickConnect profile in my nas, and tested it with DSnote and DSfile on my iPad.

By reading about HTTPS I learned about having a certificate and I tried to download the Synology CA self-signed certificate included in the DSM. I sent it via email to my iPhone/iPad and installed it but it only works the first time. by the second login the connection is rejected. (HTTPS is enable in the login option of DSnote and DSfile)

Since the internet domain I used to have expired, I decided to buy it again on GoDaddy so I could use the domain name for the certificate.

I tried to use Let's Encrypt when adding a new certificate in DSM, I used the domain name and my gmail account email. but I get a warning saying it failed to connect to Let's Encrypt and that the domain name might be incorrect.

I don't have any hosting on my domain, and I haven't setup any email with it. I don't wanna pay more for an email service that I won't use. All I have is the gmail account I used to buy the domain.

I don't know if I have to open any ports in a firewall or the router and I don't know why. I am a total newbie when it comes to this.

Were do I go from here?

Thank you
Last edited by overtone85 on Mon Aug 07, 2017 10:48 pm, edited 1 time in total.
sincarne
Distinguished
Distinguished
Posts: 839
Joined: Wed Feb 15, 2017 9:57 pm

Re: New to Synology - setup certificate and HTTPS

Postby sincarne » Wed Aug 02, 2017 6:13 pm

u have to open port 80 to nas to get lets encrypt certification
domain also need to point to WAN with NAS
could use synology domain to make easy i use both in case one not work
overtone85
I'm New!
I'm New!
Posts: 7
Joined: Thu May 11, 2017 12:17 pm

Re: New to Synology - setup certificate and HTTPS

Postby overtone85 » Sun Aug 06, 2017 2:12 pm

hi sincarne

I opened port 80 and 443 on my router, and I still get the same error message. :|

How do I get the domain to point to WAN?

Thanks

R
User avatar
Rusty1281
Seeker
Seeker
Posts: 1601
Joined: Fri Jun 03, 2011 10:51 pm

Re: New to Synology - setup certificate and HTTPS

Postby Rusty1281 » Sun Aug 06, 2017 6:32 pm

Are you sure that the domain is not in used already (registered)? If you are certain that your traffic via port 80 is open and accessible towards your NAS then there has to be something to do with the domain name. Be sure that its not in use.
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1) | RT1900AC
overtone85
I'm New!
I'm New!
Posts: 7
Joined: Thu May 11, 2017 12:17 pm

Re: New to Synology - setup certificate and HTTPS

Postby overtone85 » Mon Aug 07, 2017 5:57 pm

Hi Rusty

I just bought the domain on GoDaddy, so I'm definitely sure. I didn't buy any hosting service so I just registered the name. I'm not gonna have any website there. Is this a problem? The domain is just a blank page.

I live in UK and I have a BT router. in the settings for the firewall the list of ports doesn't give the port number, instead it lists the "applications". I understand that if I choose "HTTP server" it means port 80.

That didn't work for me.

R
overtone85
I'm New!
I'm New!
Posts: 7
Joined: Thu May 11, 2017 12:17 pm

Re: Let's Encrypt certificate creation not working

Postby overtone85 » Sun Aug 13, 2017 1:22 am

I tried to follow this guide but I can't get my domain to point to my synology.

https://synoguide.com/2016/04/14/secure ... s-encrypt/

https://synoguide.com/2016/04/14/map-yo ... p-address/

In the second link it explains how to get a subdomain to point to the NAS. But I can't get it to work.

In the screenshot the target host name is different than what he's saying in the explanation. I am trying to do the same thing in GOdaddy DNS management, but i'm not sure if the terminology is the same there.
On godaddy, is the 'value' of the DNS record the same as thew target host the tutorial is talking about?

Also if he's setting 'ds' as a subdomain, why does he say to connect to domainname.com:5000 without the subdomain prefix? like ds.domainname.com:5000 ?
User avatar
Rusty1281
Seeker
Seeker
Posts: 1601
Joined: Fri Jun 03, 2011 10:51 pm

Re: Let's Encrypt certificate creation not working

Postby Rusty1281 » Sun Aug 13, 2017 11:22 am

I think you need to test out if your NAS is really 100% accessible via port 80/443 from the internet. It might be that LE can't access your NAS in order to complete the cert as it should.

your godaddy domain should be registered with LE with no problem (make sure to add subject alternative names as well if you want your domain to respond to various subdomain names as well, this way you wont have to reissue a new cert for each syno service you want behind ssl) as long as LE can talk to your NAS.

Try with http://canyouseeme.org and see if your NAS is accessible from the outside
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1) | RT1900AC
overtone85
I'm New!
I'm New!
Posts: 7
Joined: Thu May 11, 2017 12:17 pm

Re: Let's Encrypt certificate creation not working

Postby overtone85 » Mon Aug 14, 2017 12:12 am

I found some instructions to create ports for the NAS on the BT hub here:
https://community.bt.com/t5/Connected-D ... -p/1308807

I managed to setup the router according to instructions but when I have to setup the DDNS i get stuck.

The instructions in the forum post say i have to register for a DDNS service. When i click "add" and select Synology in the service provider menu I don't get any register button. It just says "Test connection" and under the host field it loads my email already.

Does it mean the service is already in place? Also if I type any name in the host name it fails the connection and says it's already in use.

This is getting more convoluted and I am hitting a wall in every approach...
sincarne
Distinguished
Distinguished
Posts: 839
Joined: Wed Feb 15, 2017 9:57 pm

Re: Let's Encrypt certificate creation not working

Postby sincarne » Mon Aug 14, 2017 12:19 am

if your domain does not point to NAS then you no can get certificate

change A-Name on domain host to WAN IP
overtone85
I'm New!
I'm New!
Posts: 7
Joined: Thu May 11, 2017 12:17 pm

Re: Let's Encrypt certificate creation not working

Postby overtone85 » Mon Aug 21, 2017 10:31 pm

sincarne wrote:if your domain does not point to NAS then you no can get certificate

change A-Name on domain host to WAN IP


Where do I find the WAN IP?

R
sincarne
Distinguished
Distinguished
Posts: 839
Joined: Wed Feb 15, 2017 9:57 pm

Re: Let's Encrypt certificate creation not working

Postby sincarne » Mon Aug 21, 2017 10:35 pm

overtone85 wrote:
sincarne wrote:if your domain does not point to NAS then you no can get certificate

change A-Name on domain host to WAN IP


Where do I find the WAN IP?

R


Use website like http://www.whatsmyip.org/
pacman
Student
Student
Posts: 77
Joined: Thu Jul 12, 2012 3:19 pm

Failed to connect to Let's encrypt

Postby pacman » Tue Aug 22, 2017 8:40 am

I'm trying to get a certificate from Let's Encrypt using the Synology NAS certificate procedure and keep getting the message "Failed to connect to Let's Encrypt. Please make sure the domain name is correct". I've typed in, and rechecked several times, the domain name. Always the same error message.

Where do I go from here ?

Pacman
Squozen
Knowledgeable
Knowledgeable
Posts: 394
Joined: Wed Jan 09, 2013 1:35 am

Re: Failed to connect to Let's encrypt

Postby Squozen » Tue Aug 22, 2017 9:21 am

What are you entering in the fields?
pacman
Student
Student
Posts: 77
Joined: Thu Jul 12, 2012 3:19 pm

Re: Let's Encrypt certificate creation not working

Postby pacman » Tue Aug 22, 2017 10:34 am

Domain name: mydomainname.org (it's registered at GoDaddy but I don't yet have a website or an email address based on that domain)
Email: my personal email address
Subject alternative name: left empty/unchanged because I don't know what it means or what to enter here.

Thanks in advance for any further leads.

pacman
User avatar
Rusty1281
Seeker
Seeker
Posts: 1601
Joined: Fri Jun 03, 2011 10:51 pm

Re: Let's Encrypt certificate creation not working

Postby Rusty1281 » Tue Aug 22, 2017 12:30 pm

@pacman are you sure that your NAS is accessible via port 443 and 80 tcp, while requesting your new cert?
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1) | RT1900AC

Return to “Remote Access and Network Management”

Who is online

Users browsing this forum: No registered users and 5 guests