Hello, I recently acquired a DS918+ and am trying to get SSL certificates up and running. I just can't get get it to work.
I have my port forwarding and DNS records configured correctly. I am able to access DiskStation from my custom domain sub.domain.com:1234, and I correctly encounter a web server which runs inside a Docker. So all that configuration is good. It's the SSL certification process in particular that won't work here. I have also confirmed that the ports are forwarded correctly, as I am redirected correctly sub.domain.com:80 --> sub.domain.com:4000 and https://sub.domain.com:443 --> sub.domain.com:4001. ( I changed the ports for the Synology web interface).
Here's what I've tried:
- In the DSM: Control Panel > Security > Certificate > Add > ... > "Failed to connect to Let's Encrypt. Please make sure the domain name is valid."
- Running certbot on the host network (inside a Docker container). I get this error: Problem binding to port 80: Could not bind to IPv4 or IPv6.
- Running certbot on its own network (inside a Docker container). "Local port 443,80 conflicts with other ports used by other services."
I looked inside the /etc/nginx.conf and I see that the DS is already listening on ports 80 and 443, for some reason. So that explains why I can't bind a Docker to those ports in the second and third attempts. This means I have to rely on the webserver and method that DSM already provides, in the first option above. But that isn't working!
I would appreciate help getting this to work. I know I can clobber the /etc/nginx.conf but I don't want a solution which will break the next time I update the machine. Thanks.
I have my port forwarding and DNS records configured correctly. I am able to access DiskStation from my custom domain sub.domain.com:1234, and I correctly encounter a web server which runs inside a Docker. So all that configuration is good. It's the SSL certification process in particular that won't work here. I have also confirmed that the ports are forwarded correctly, as I am redirected correctly sub.domain.com:80 --> sub.domain.com:4000 and https://sub.domain.com:443 --> sub.domain.com:4001. ( I changed the ports for the Synology web interface).
Here's what I've tried:
- In the DSM: Control Panel > Security > Certificate > Add > ... > "Failed to connect to Let's Encrypt. Please make sure the domain name is valid."
- Running certbot on the host network (inside a Docker container). I get this error: Problem binding to port 80: Could not bind to IPv4 or IPv6.
- Running certbot on its own network (inside a Docker container). "Local port 443,80 conflicts with other ports used by other services."
I looked inside the /etc/nginx.conf and I see that the DS is already listening on ports 80 and 443, for some reason. So that explains why I can't bind a Docker to those ports in the second and third attempts. This means I have to rely on the webserver and method that DSM already provides, in the first option above. But that isn't working!
I would appreciate help getting this to work. I know I can clobber the /etc/nginx.conf but I don't want a solution which will break the next time I update the machine. Thanks.