Let's Encrypt certificate creation not working

Topics including remote access and management can go here, including port forwarding, telnet, ssh, and advanced network settings.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
overtone85
I'm New!
I'm New!
Posts: 6
Joined: Thu May 11, 2017 12:17 pm

Let's Encrypt certificate creation not working

Postby overtone85 » Wed Aug 02, 2017 5:30 pm

Hi

I purchased a DS1517+ about 6 weeks ago. I would like to use the Synology apps on iPhone and also protect myself with encryption/https.

I don't know anything about setting ports, or setting up a firewall. So don't take anything for granted because I might not know what you're saying.

Here's what I tried.

I updated DSM to the latest version as of yesterday. DSM 6 but I don;t remember which specific version (I'm not at home at the moment).

I've setup a QuickConnect profile in my nas, and tested it with DSnote and DSfile on my iPad.

By reading about HTTPS I learned about having a certificate and I tried to download the Synology CA self-signed certificate included in the DSM. I sent it via email to my iPhone/iPad and installed it but it only works the first time. by the second login the connection is rejected. (HTTPS is enable in the login option of DSnote and DSfile)

Since the internet domain I used to have expired, I decided to buy it again on GoDaddy so I could use the domain name for the certificate.

I tried to use Let's Encrypt when adding a new certificate in DSM, I used the domain name and my gmail account email. but I get a warning saying it failed to connect to Let's Encrypt and that the domain name might be incorrect.

I don't have any hosting on my domain, and I haven't setup any email with it. I don't wanna pay more for an email service that I won't use. All I have is the gmail account I used to buy the domain.

I don't know if I have to open any ports in a firewall or the router and I don't know why. I am a total newbie when it comes to this.

Were do I go from here?

Thank you
Last edited by overtone85 on Mon Aug 07, 2017 10:48 pm, edited 1 time in total.
sincarne
Skilled
Skilled
Posts: 629
Joined: Wed Feb 15, 2017 9:57 pm

Re: New to Synology - setup certificate and HTTPS

Postby sincarne » Wed Aug 02, 2017 6:13 pm

u have to open port 80 to nas to get lets encrypt certification
domain also need to point to WAN with NAS
could use synology domain to make easy i use both in case one not work
overtone85
I'm New!
I'm New!
Posts: 6
Joined: Thu May 11, 2017 12:17 pm

Re: New to Synology - setup certificate and HTTPS

Postby overtone85 » Sun Aug 06, 2017 2:12 pm

hi sincarne

I opened port 80 and 443 on my router, and I still get the same error message. :|

How do I get the domain to point to WAN?

Thanks

R
User avatar
Rusty1281
Virtuoso
Virtuoso
Posts: 1320
Joined: Fri Jun 03, 2011 10:51 pm

Re: New to Synology - setup certificate and HTTPS

Postby Rusty1281 » Sun Aug 06, 2017 6:32 pm

Are you sure that the domain is not in used already (registered)? If you are certain that your traffic via port 80 is open and accessible towards your NAS then there has to be something to do with the domain name. Be sure that its not in use.
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1) | RT1900AC
overtone85
I'm New!
I'm New!
Posts: 6
Joined: Thu May 11, 2017 12:17 pm

Re: New to Synology - setup certificate and HTTPS

Postby overtone85 » Mon Aug 07, 2017 5:57 pm

Hi Rusty

I just bought the domain on GoDaddy, so I'm definitely sure. I didn't buy any hosting service so I just registered the name. I'm not gonna have any website there. Is this a problem? The domain is just a blank page.

I live in UK and I have a BT router. in the settings for the firewall the list of ports doesn't give the port number, instead it lists the "applications". I understand that if I choose "HTTP server" it means port 80.

That didn't work for me.

R
overtone85
I'm New!
I'm New!
Posts: 6
Joined: Thu May 11, 2017 12:17 pm

Re: Let's Encrypt certificate creation not working

Postby overtone85 » Sun Aug 13, 2017 1:22 am

I tried to follow this guide but I can't get my domain to point to my synology.

https://synoguide.com/2016/04/14/secure ... s-encrypt/

https://synoguide.com/2016/04/14/map-yo ... p-address/

In the second link it explains how to get a subdomain to point to the NAS. But I can't get it to work.

In the screenshot the target host name is different than what he's saying in the explanation. I am trying to do the same thing in GOdaddy DNS management, but i'm not sure if the terminology is the same there.
On godaddy, is the 'value' of the DNS record the same as thew target host the tutorial is talking about?

Also if he's setting 'ds' as a subdomain, why does he say to connect to domainname.com:5000 without the subdomain prefix? like ds.domainname.com:5000 ?
User avatar
Rusty1281
Virtuoso
Virtuoso
Posts: 1320
Joined: Fri Jun 03, 2011 10:51 pm

Re: Let's Encrypt certificate creation not working

Postby Rusty1281 » Sun Aug 13, 2017 11:22 am

I think you need to test out if your NAS is really 100% accessible via port 80/443 from the internet. It might be that LE can't access your NAS in order to complete the cert as it should.

your godaddy domain should be registered with LE with no problem (make sure to add subject alternative names as well if you want your domain to respond to various subdomain names as well, this way you wont have to reissue a new cert for each syno service you want behind ssl) as long as LE can talk to your NAS.

Try with http://canyouseeme.org and see if your NAS is accessible from the outside
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1) | RT1900AC
overtone85
I'm New!
I'm New!
Posts: 6
Joined: Thu May 11, 2017 12:17 pm

Re: Let's Encrypt certificate creation not working

Postby overtone85 » Mon Aug 14, 2017 12:12 am

I found some instructions to create ports for the NAS on the BT hub here:
https://community.bt.com/t5/Connected-D ... -p/1308807

I managed to setup the router according to instructions but when I have to setup the DDNS i get stuck.

The instructions in the forum post say i have to register for a DDNS service. When i click "add" and select Synology in the service provider menu I don't get any register button. It just says "Test connection" and under the host field it loads my email already.

Does it mean the service is already in place? Also if I type any name in the host name it fails the connection and says it's already in use.

This is getting more convoluted and I am hitting a wall in every approach...
sincarne
Skilled
Skilled
Posts: 629
Joined: Wed Feb 15, 2017 9:57 pm

Re: Let's Encrypt certificate creation not working

Postby sincarne » Mon Aug 14, 2017 12:19 am

if your domain does not point to NAS then you no can get certificate

change A-Name on domain host to WAN IP

Return to “Remote Access and Network Management”

Who is online

Users browsing this forum: No registered users and 9 guests