connection/certificate errors from DSM. Package center, QC, and much more unavailable. (Synology ds1621+)

Currently reading
connection/certificate errors from DSM. Package center, QC, and much more unavailable. (Synology ds1621+)

3
1
NAS
synology ds1621
A couple days ago I randomly received this notification email: "System is busy and unable to deliver the diagnostic data. Please try again later." there's no info in the body. When I received the email I checked my DSM dashboard and it was unreachable, but my docker ccontainers were still running and I was able to SSH to the machine.


I tried to reset it and it didn't reset for around 20 minutes (i think maybe something to do with virtual machine manager because after logging back in and restarting, this was holding up the restart process). I restarted by holding it down until it powered down and started up again

It has been exhibiting odd behavior: I cannot access the package manager, Security advisor, quickconnect, support center, push service under notifications, sign in on the notification > email page on control panel, it does nothing, synology account section of the control panel, active insight, DSM update, all are giving me errors that imply some broken connection, certificate, or networking issue.
I tried to update a docker container and I can't access the registry. It's giving me an error: "Error response from daemon: Get "https://registry-1.docker.io/v2/": x509: certificate signed by unknown authority"
Trying to access synology photos from my phone also gives an invalid certificate error

I have made no changes to my router or system or anything.

I can ping all the services here from SSH: What websites does my Synology NAS connect to when running services or updating software? - Synology Knowledge Center



I'm worried that I somehow got attacked. I've been trying to figure out how to connect to this thing with my double nat situation which has made it impossible to access from outside without tailscale. I just don't understand what's happening. My worst fear is that maybe someone hacked in and modified my dsm install to mess with it or something. IDK.

I reached out to synology support a couple days ago but they responded with the most generic tech support questions:
you attempted to access DSM using various devices or web browsers? Are there any indications of hardware-related issues?

Are there any third-party applications or packages installed on your Synology device that might be affecting its performance?

Can you access the Synology device's interface directly, or is the problem limited to accessing DSM?

Have you encountered any recent power outages or disruptions that might have influenced the current situation?

I saw on this thread some people having errors that sound very similar but they all got them resolved around the same time


I found something that says (removed bunch of random identification shit from url vars)

Failed to exec curl command, with url: https://update7.synology.com/autoupdate/v2/getList , with reason: error setting certificate file: /etc/ssl/certs/ca-certificates.crt
I SSHed into /etc/ssl/certs and that doesn’t exist. What does exist is a bunch of files like “b23h893.0” "“fb3j58d.0”, etc. using ls -l I see that they have lrwxrwxrwx permissions on all of them and they point to stuff like affirmtrust, comodo cert, amazon_root, etc. nothing that makes any sense to me.

checking certificates from the control panel, all certificates are assigened to the cert generated by my quick connect url. I have 3 in total, one with my quick connect url, one with .direct.synology.me, and and that’s just ‘synology’. They all have a lock with a green checkmark, assuming that means they’re legit but idk. What may be causing issues is that I can’t use my quick connect. It’s glitchy - I can’t enable it because I get a connection error, but I’m wondering if that’s cause of some certificate or maybe it’s due to the error I showed above - that setting up the quick connect is throwing an error because it wants to write to some certificate that doesn’t exist.

EDIT:

I found a (with the single quote around it) 'NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt' in my /usr/shares/ca-certificates/mozilla . So ca-certificates exists but not where this updater thing is looking.
 
My first initial thought when reading this post is time. Specifically is the time on the NAS correct? By time I mean date as well?

Considering you have working containers but errors across your whole DSM it could mean that something has happened and that the NAS is in the past or future, resulting in an unstable state when it needs to communicate with other secure web services.

Incorrect date/time could be the cause of these symptoms so check control panel NTP settings and rsync if needed.

If this is not the case, then maybe RAM is. Have you upgraded the memory with any 3rd party module?
 
a dev from synology fixed it by running 'update-ca-certificates.sh' from the /etc/ssl/certs folder as root.

Not sure if he somehow moved that file into my nas manually if that's included functionality. either way it was a really simple fix that only took them like 3 weeks to address.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

Ok finally found it... chance DNS settings in the profile file and now I am able to browser the Internet...
Replies
12
Views
769
  • Solved
hi im having the same problem can you tell me what you changed? I only my router to a tplink router it was...
Replies
4
Views
2,885
If I was only buying one then I'd go for higher AX spec too. But I'll get another Slate Plus with the...
Replies
29
Views
2,228
Hopefully smarter people than I will also comment here. Cliff Notes: Computers are intermittent data...
Replies
1
Views
1,188
  • Question
Web Station by default uses TCP port 80 so the firewall rule in DSM would look like: Enabled Ports =...
Replies
7
Views
6,851
Well opening locally and remotely are 2 different scenarios as well as the protocol being used. Try and...
Replies
11
Views
2,989

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top