Let's Encrypt is in!

Topics including remote access and management can go here, including port forwarding, telnet, ssh, and advanced network settings.
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
sincarne
Guru
Guru
Posts: 1578
Joined: Wed Feb 15, 2017 9:57 pm

Re: Beta 2 has been released

Unread post by sincarne » Tue Feb 27, 2018 7:47 pm

alan sh wrote:I have an issue with "Import a valid and trusted SSL certificate. A self-signed certificate will not be acknowledged.". Where do I find one of those?

Alan
guide has tutorial hyperlink...

alan sh
Experienced
Experienced
Posts: 117
Joined: Wed Oct 02, 2013 3:25 pm

Re: Beta 2 has been released

Unread post by alan sh » Wed Feb 28, 2018 11:11 am

I'm trying to ge a certificate from Lets Encrpt, but I don't really know what I am doing.

I did look at the guide, it it requires me to have a certifacate. I don't have my own domain name here at home.

Given that Alexa is a home device, making this require business level tools and knowledge is not really very good.

Alan

sincarne
Guru
Guru
Posts: 1578
Joined: Wed Feb 15, 2017 9:57 pm

Re: Beta 2 has been released

Unread post by sincarne » Wed Feb 28, 2018 8:48 pm

alan sh wrote:I'm trying to ge a certificate from Lets Encrpt, but I don't really know what I am doing.

I did look at the guide, it it requires me to have a certifacate. I don't have my own domain name here at home.

Given that Alexa is a home device, making this require business level tools and knowledge is not really very good.

Alan
the guide have link that say how to get certificate. there domain feature in DSM. you cannot solve issue if you not do any work.

czorny86
I'm New!
I'm New!
Posts: 1
Joined: Fri Apr 13, 2018 11:55 pm

Re: Let's Encrypt is in!

Unread post by czorny86 » Sat Apr 14, 2018 12:14 am

Hi,

i have problem with renewal of my ssl - letsencrypt cet. It's out of date already and I was trying to renew it on some different ways already. Seems it's a problem with 80 port. However please kindly check and help as it's still not resolved for me.

1. sudo syno-letsencrypt renew-all -v

DEBUG: Issuer name of certificate. [domain_name]->[/usr/syno/etc/certificate/_archive/23Ni3t/cert.pem]
DEBUG: certificate is not issued by Let's encrypt. [/usr/syno/etc/certificate/_archive/23Ni3t/cert.pem]
DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/YzSPxQ/cert.pem]

2. via synology GUI

i am getting note: Cant connect to letsencrypt. Please check if domain name is correct

Please note I was trying to check that on different email and domain name - the same effect

3. I have forwarded port 80 for synology IP on 80 for TCP

4. When I am trying to update router ports via Synology GUI for port 80 then I am getting info that it's impossible because router port is from 5xxx range

5. Force mapping doesn't work as well

6. All ports on Synology level are reverted now to initial ranges

7. I was trying to put that 5xxx port on black list but seems that someting is opening another one

8. https://portchecker.co/ is saying me that 80 port is closed / same on local port scaner

Please help! many thanks for any hints / tips

fm76
Trainee
Trainee
Posts: 16
Joined: Sat Apr 09, 2011 9:24 am

Re: Let's Encrypt won't renew

Unread post by fm76 » Tue May 22, 2018 7:39 pm

Hello jeroen3,
I have exactly the same problem to renew LetsEncrypt Certificate.
How do you mamage this issue ?
Thanks for help
jeroen3 wrote:
Thu Jul 13, 2017 12:55 pm
My Synology seems unable to renew.
It runs 6.1.2 - 15132, on domain `rheden.jeroen3.nl`.

Automatic renew failed because port 80 wasn't open. Just like last time.
I've since removed the virtual hosts and port remapping I used, and plainly forwarded 80/443 to the Synology. Like it expects.
I also added some .htaccess files to in some subfolders.

However, it still won't renew.
I ran (root) syno-letsencrypt renew-all -v it gave me:

Code: Select all

DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/7knl2r/cert.pem]
And it exits with code 0.
Which gives me zero useful information on what went wrong. Did it even start?

There is only 1 cert which expires end of this month, no hurry _yet_.
What is going on?

Update:
I found logs. Renew is broken.
>syno-letsencrypt: syno-letsencrypt.cpp:311 can not find renew.json. [No such file or directory][/usr/syno/etc/certificate/_archive/7knl2r/renew.json]

mhoney
I'm New!
I'm New!
Posts: 1
Joined: Tue Jun 26, 2018 6:00 pm

Letsencrypt sub-domain limit

Unread post by mhoney » Tue Jun 26, 2018 6:04 pm

Why is the input box for the list of domains you want to register with Letsencrypt limited to 277 characters? How do I add more sub-domains? By the time you have a handful of websites and other services running on the Synology, you easily get over 277 characters worth of domain names.

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Letsencrypt sub-domain limit

Unread post by Briolet » Sat Aug 11, 2018 1:48 pm

The only work around for the 277 character limit is to create several certificates. (I use 3 certificates for this reason). Indeed a pitty as Let's Encrypt itself supports up to 100 domains in a single certificate.

User avatar
Rusty1281
Sagacious
Sagacious
Posts: 3246
Joined: Fri Jun 03, 2011 10:51 pm

Re: Let's Encrypt is in!

Unread post by Rusty1281 » Mon Aug 13, 2018 7:56 am

Well on top of this Synology still hasn't implemented wild card cert in their wizard... that would solve all of these problems.
Synology DS918+ (4x4TB WD RED - RAID 5 with 2x250GB 960EVO NVMe) | Synology DS412+ (4x3TB WD RED - RAID 5) | RT1900AC

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Re: Let's Encrypt is in!

Unread post by Briolet » Mon Aug 13, 2018 11:08 am

The certificate wizzard is also inconsistent and therefor confusing.

On the certificate itself the field for alternative domains should also contain the main domain.

When you create a certificate for Let's Encrypt, you don't need tho fill the main domain in twice. Synology makes sure the main domain is also added to the alternative domains.

However, when you create a self signed certificate, the main domain is not added to the alternative domains. You have to add it yourself in the additional domain field. I just tested this with DSM 6.2 and the inconsistency is still in.

When a certificate contains the SAN field with alternative names, the browser should not check the main domain field and is likely to give a certificate error when using the url of the main domain.

tb123
Knowledgeable
Knowledgeable
Posts: 362
Joined: Sun Sep 03, 2017 10:55 am

Re: Let's Encrypt is in!

Unread post by tb123 » Tue Aug 14, 2018 11:09 pm

I’ve been using a Let’s Encrypt certificate for a few months now and it appears it is due to expire 9th September. The date field of the certificate has turned orange presumably as a warning.

Just to clarify, do I need to do anything or will it auto renew?
DS916+, 3 x 4TB WD Red, 1 x 4TB WD Purple
UniFi USG, 16 port PoE switch and 4 x AP’s, some Windows, Mac, Android and iDevices

telos
Specialist
Specialist
Posts: 1093
Joined: Mon Sep 23, 2013 6:12 pm

Re: Let's Encrypt is in!

Unread post by telos » Tue Aug 14, 2018 11:44 pm

It will not auto-renew. You must push that.

tb123
Knowledgeable
Knowledgeable
Posts: 362
Joined: Sun Sep 03, 2017 10:55 am

Re: Let's Encrypt is in!

Unread post by tb123 » Tue Aug 14, 2018 11:45 pm

telos wrote:
Tue Aug 14, 2018 11:44 pm
It will not auto-renew. You must push that.
How do I do that?
DS916+, 3 x 4TB WD Red, 1 x 4TB WD Purple
UniFi USG, 16 port PoE switch and 4 x AP’s, some Windows, Mac, Android and iDevices

telos
Specialist
Specialist
Posts: 1093
Joined: Mon Sep 23, 2013 6:12 pm

Re: Let's Encrypt is in!

Unread post by telos » Tue Aug 14, 2018 11:49 pm

Make sure your Synology NAS and router have port 80 open for certificate renewal. Otherwise you must manually renew.

Manual info here:
https://forum.synology.com/enu/viewtopi ... 99#p445842

More reading...
https://www.reddit.com/r/synology/comme ... d_port_80/

Locked

Return to “Remote Access and Network Management”