Certificate Verification Error

Currently reading
Certificate Verification Error

  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
I'm getting the attached error when trying to login in to my vpn server on my DS718+ through the openvpn app on my iphone. I have an email from the Expiry Bot at LE that says the certificate expires on 11/21 (so, not expired). I haven't changed any settings and this has been working for a couple of years for me. Not sure what changed now. Upgraded DSM to the latest (update 4 that just came out), but no solve. Any ideas?


  • certificate verification failed.jpg
    certificate verification failed.jpg
    24.4 KB · Views: 211
Don't select "certificate" in the preceding pop-up window... choose "continue". That's how Android works, anyway. Maybe the same for iphone.
not an option in iOS. In the settings for this profile, none is selected for certificate.
Yep for iOS, don't select certificate.

However, I think that if you have changed settings in the OpenVPN server then it's best to export the .ovpn again and reinstall on you devices. I don't use the DSM VPN Server rather VPN Plus on SRM, and there may be subtle differences.
i will probably have to try that next. Or maybe first I’ll renew LÊ cert and see if it changes anything. I remember setting up the first time was hard for me. iOS doesn’t accept any files with the keys and so i had to put it in the opvn file at the bottom. Not sure i remember full process. Any links on how to do this (which file to pull from once the three files are exported from DSM?).

maybe i should look in to changing to srm as well since i have rt2600ac router. Wouldn’t have to port fwd then to DSM. Any drawbacks?
Last edited:
I was going to say no drawbacks but there are things to think about:
  1. Do you want normal users logging onto the router? I don't so:
    • Installed LDAP Server on the NAS and created a set of users on there plus a vpnusers group
    • Connected the RT to the LDAP server and assigned VPN Plus access to vpnusers.
    • The NAS can be used by these accounts to manage their passwords etc. and I stopped permission to access other NAS services.
  2. LE certificate renewal is tricky or manual if you have to share one IP between devices. Synology's SSL-VPN service will use the one certificate that SRM supports so you need to decide how to maintain it (or resign yourself to self-signed). ... this isn't really a drawback since SSL-VPN isn't on the NAS VPN server.**
Otherwise, haven't found any drawbacks and the, ahem, plus is you can use SSL VPN and WebVPN if you want to. And the iOS VPN Plus app.

Each NAS/router has a limit on the number of connections to each type of VPN. My DS218+ allows 30 concurrent connections which is more than the RT2600ac's 20, but I've never hit this limit.

The 'plus' VPNs require a licence per concurrently connected user (it's per account so two connections on the same account is 1 licence). You have a free one and extras are $10 + vat and non-transferrable to a new RT/MR.

We discussed this a bit here too VPN server: on DSM or SRM?

**Rusty will say to run the letsencrypt Docker container to resolve this, but I still haven't sat down and worked this through.
OK. I'm an idiot. the DDNS associated with my DS718+ was not expired, but the DDNS associated with my rt2600ac was expired. And the latter is what I point the openvpn config file to...ergo, the certificate verification error. All is well now.

I'm going to post another question though related to my process of renewing the certs and which DDNS I should really be using. After racquetball late tonight!!
I spoke too soon. So, i did need to renew my certificate, and now when I click on the profile in the openvpn app it says it is connected, however, no traffic gets through. Any thoughts?
Last edited:
It appears it was advice I got from this website to fix dns leaking: adding "block-outside-dns" to the config file of openvpn. This worked for sometime for me but at some point stopped (wonder if DNS over HTTPS in SRM update affected this?). It looked like it wouldn't resolve DNS queries once connected to the VPN. Removing the line allows a connection...at least on my windows 10 laptop. Now to check the iphone.

EDIT: Yep, that was the issue on the iphone as well. Strange that it was working before and now it did not.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

A couple of weeks ago I updated my RT2600ac to SRM 1.2.4-8081 Update 2. Over the course of a week or so, I...
Yes you’re :) But I’m sure your tinkering habits will get the best of you and you’ll need to restart soon :)

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads