Question LE cert renewal ask for CSR?

Currently reading
Question LE cert renewal ask for CSR?

DS4l8play, DS202j, DS3623xs+, DSM 8.025847-𝘣𝘦𝘵𝘢
Just renewed two LE certs and one went a bit odd asking to create CSR and country authority (huh???)... and then downloaded a cert zip. Clearly that is bizarre.

So I just "add" a new LE cert to replace the existing LE cert and all was finally settled.

The backstory... about a month ago, I completely redid this NAS... new drives, new pool... and then restored the config. At that time the LE cert wasn't recovered, so I restored it (import) from a backup I kept. So today when I selected "renew"... I got all this CSR mumbo jumbo...


Why did this occur? On the other machine, I just clicked renew and the renewal process ran. Just curious.
I can only make assumptions here:

If you manualy upload a certificate, regardless wheter its from LE, public bought or self signed, it will need to be maintained manually.

It would be perfectly possible to fetch the required details (see output: openssl x509 -in /path/to/crt -text -noout) from the certificate to detect that the uploaded certificat is issued by the Issuer "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3", then read the Subject and X509v3 Subject Alternative Name to get the domains it needs to be created for. Since the email address is not embedded in the crt, it would require user input for this.

This might be a charming RFC :)

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads