Solved LE cert failed to auto renew

Currently reading
Solved LE cert failed to auto renew

295
32
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
my lets encrypt certficiate failed to auto-renew last night, and it's not expired.
when i try to manually renew it thinks about it a short while then says "the operation failed, please log into DSM again and retry".
can't see anything in the logs about this either.

any suggestions?
 
my lets encrypt certficiate failed to auto-renew last night, and it's not expired.
when i try to manually renew it thinks about it a short while then says "the operation failed, please log into DSM again and retry".
can't see anything in the logs about this either.

any suggestions?
Log into NAS via SSH and open up /var/log/messages to check for more details. Of the bat, I would say that port 80 or 443 was not open that LE needs to renew certs.
 
port 80 and 443 are definitely open, the sites were working fine yesterday before the cert expired, and no port changes have been made.

the sites also load in HTTP mode (albeit chrome complains a LOT about that).
 
anything in particular to look for in messages? that file has a LOT of stuff in it that is mostly meaningless to me
 
anything in particular to look for in messages? that file has a LOT of stuff in it that is mostly meaningless to me
Well just open it up, scroll to the bottom and try and renew the cert again, then just look at the time stamp from that point forward and see if there will be anything related to a specific error.
 
sorted.
i just deleted the cert and re-created it. seems fine now.

although it's showing as valid on the main site but not the sub-domains, even though i added the sub-domains to the new cert (via CSR).
 
i created the cert for my base domain.
then once it was created and active (set as default) i clicked on "configure" and set all the sub-domains (and everything else) to use that new cert.

chrome is showing that the sub-domains are trying to use that cert (correct valid from date), but says the cert is invalid.
 
when creating the cert in the "domain name" field i just entered "blah.co.uk", it doesn't let you put "*.blah.co.uk" in there.
 
when creating the cert in the "domain name" field i just entered "blah.co.uk", it doesn't let you put "*.blah.co.uk" in there.
Then you dont have a root cert and if you skipped entering SAN values in the wizard, you will have to create a new cert that has all the subdomain names (new and future). Only then will you have a valid cert.

Other option if this is custom domain name (not a Syno ddns) is to run your own LE docker container and create a valid wild card cert there, and then import it.

You can read a bit about the process here:
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hi, This code will delete oldest data or recently data? I also want to delete oldest data to newest...
Replies
2
Views
5,416

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top