Cant change my server connection from my IP to synology.me

[Cobra]

I have an error SSL certificate has been changed and it says the SSL certificate does not belong to the IP address and sign in with synology.me. I tried that and it wont let me switch it.

 

[Rusty]

does not belong to the IP address

Not sure I follow this. Can you explain a bit more what you are trying to do and what your have actually done so far?

 

[Cobra]

So on the desktop app of active backup for business, I want to change my connection from the IP to blank.synology.me

 

[fredbert]

From memory:

ABB client will silently fail to connect and update when using the NAS IP as the server name when the SSL certificate assigned to ABB has been renewed/changed. You can right-click the ABB client icon and select Edit Connection then save it again: this forces the client to revalidate the connection and notify you that there's a SSL certificate mis-match.​

When using the NAS IP or any other domain name that isn't explicitly covered by the SSL certificate you will have a second step when setting up the client's connection: it will tell you the connection isn't trusted but do you want to proceed. You tell it do proceed but next time the certificate changes the client doesn't alert you but instead just stops connecting. This is not that great!

Now you have changed to using server name mynas.synology.me, because you know you have a SSL certificate assigned to ABB that covers this name, you will also have to confirm that the routing between PC client and NAS is working.

The PC client connects to the the NAS using TCP 5510 for ABB server. This would be a direct connection when using the NAS IP but with mynas.synology.me then this domain name is being resolved to the Internet IP of your router. So unless the router support NAT loopback then the connection will fail as the router won't be listening on port 5510. Firstly, you will have to add a port forward rule in the router to send TCP 5510 to the NAS LAN IP and then hope the router supports NAT loopback. If this now fails you will know it isn't supported.

The alternative to adding a port forward rule in the router would be to edit the PC's host file and assign mynas.synology.me to NAS LAN IP. Not something I have done on PC as I only dig in the macOS / Linux garden. But this will probably be the simpler way if you don't plan to use ABB client -> server when away from the LAN. It also should work when away but connect back through a VPN tunnel.

 

[Cobra]

Well that does sound complicated. Ill give it a try. Thanks for the info. How do you know when the certificate will expire?

 

[fredbert]

How do you know when the certificate will expire?

Control Panel -> Security -> Certificate

Each certificate shows its expiry date after the certificate name. If it's a Let's Encrypt certificate then they expire after 3 months but should auto-renew. Even auto-renewed LE certs will cause the ABB client to stop connecting ... unless they cover the server name you use in the ABB client.

 

[fredbert]

Also, note that there are two parts to the ABB service:

1. ABB server that is listening on port 5510 for PC backups.
2. ABB restore web portal, which is listening/accessible by HTTP/HTTPS using whatever application portal servername / port numbers you've assigned.

Both these require a SSL certificate to match the server name that you use to access each, but they don't have to be the same. But the ABB client will assume the server name is the same for both service elements.

 

[Cobra]

I changed the host file and now it is connected using synology.me. I will see if this helps.
Thanks