Let's Encrypt Certificate
- Thread starter tekguru
- Start date
- Latest activity Latest activity:
- Replies 16
- Views 4,563
Currently reading
Let's Encrypt Certificate
Registering a non-synology domain (are you going via for a wild card cert?) you will need to configure specific settings on your domain registration to get a LE cert out.
In this article - Let's Encrypt + Docker = wildcard certs there is a Getting a 3rd party domain wild card cert using Synology UI and Cloudflare section on the bottom, how this would work if your custom domain is being handled by Cloudflare.
There are steps that need to be done and one TXT record that also needs to be valid and exist in your DNS registry for your domain.
Also, for more info on the error (if there will be some more text that is) you could go via SSH into
In this article - Let's Encrypt + Docker = wildcard certs there is a Getting a 3rd party domain wild card cert using Synology UI and Cloudflare section on the bottom, how this would work if your custom domain is being handled by Cloudflare.
There are steps that need to be done and one TXT record that also needs to be valid and exist in your DNS registry for your domain.
Also, for more info on the error (if there will be some more text that is) you could go via SSH into
var/log/messages file and do a cat command on it. Then review in detail whats going on.
For LE cert you do have to have specific settings in place and be sure that you own the root domain, yes. Same reason that when you do this process for *.synology.me domain, it works just fine for a device that runs DSM. Synology has all in place that allows for the generation of LE certificates for all subdomain under their DDNS ownership.
I think (but maybe someone will correct me) you will not be able to pull this off for a scenario you are going for.
Last edited:
I'm not exactly sure what you're looking to do, but here is my experience with that error.
Use a subdomain to register the LE certs. In my setup mydomain.com is hosted by google domains. Mydomain.com lands on a website hosted by google websites. I then used google DDNS in synology, address is DDNS.mydomain.com. On my domain account this is setup as an A record. I then created a subdomain (CNAME) called DSM.mydomain.com which points to DDNS.mydomain.com.
I am then able to create a LE cert Domain = DSM.mydomain.com, my email address, and if you want add in SAN names, including DDNS.mydomain.com. Anytime I need to create an additional domain name related to the synology, I just use a new subdomin.mydomain.com in the domain name portion of LE and works without issue.
In my case when I first started (and thanks to @Rusty for all his support), I was getting the same error. Turns out I was using mydomain.com under domain name, but that was wrong since it technically points to a hosted google site (technically the verification is that google has possession of this domain name and uses their own cert for the root domain). Since realizing that, I have been using subdomain.mydomain.com names in the domain name field of LE and it has been flawless.
Use a subdomain to register the LE certs. In my setup mydomain.com is hosted by google domains. Mydomain.com lands on a website hosted by google websites. I then used google DDNS in synology, address is DDNS.mydomain.com. On my domain account this is setup as an A record. I then created a subdomain (CNAME) called DSM.mydomain.com which points to DDNS.mydomain.com.
I am then able to create a LE cert Domain = DSM.mydomain.com, my email address, and if you want add in SAN names, including DDNS.mydomain.com. Anytime I need to create an additional domain name related to the synology, I just use a new subdomin.mydomain.com in the domain name portion of LE and works without issue.
In my case when I first started (and thanks to @Rusty for all his support), I was getting the same error. Turns out I was using mydomain.com under domain name, but that was wrong since it technically points to a hosted google site (technically the verification is that google has possession of this domain name and uses their own cert for the root domain). Since realizing that, I have been using subdomain.mydomain.com names in the domain name field of LE and it has been flawless.
Okay for me I don't have a site at mydomain.com at all, the domain was originally bought for email purposes only.
In the DS918+ I use Synology DDNS which points to MYDOMAIN.synology.me.
On the domain account I've only created CNAME records which are: myforum & mynas which both point to MYDOMAIN.synology.me
So if I understand you correctly I need to:
In the DS918+ I use Synology DDNS which points to MYDOMAIN.synology.me.
On the domain account I've only created CNAME records which are: myforum & mynas which both point to MYDOMAIN.synology.me
So if I understand you correctly I need to:
- Create two new A records for myforum & mynas (name = @, and point to MYDOMAIN.synology.me), or do I use myforum & mynas as the name?
- Create a LE cert Domain of mynas.mydomain.com, add SAN names of myforum
- OR is it create a LE cert Domain of mydomain.com, add SAN names of mynas & myforum
CNAME towards your DDNS name would do.
if you can, this, if not then option 2
Okay.... I'll leave the DNS settings as they are for the moment. Just tried to get a cert again from LE. Data put in:
Tried again with:
What am I missing?
- Domain name: MYDOMAIN.COM
- Email: domain based email
- Subject Alternative name: mynas.MYDOMAIN.COM;myforum.MYDOMAIN.COM
Tried again with:
- Domain name: mynas.MYDOMAIN.COM
- Email: domain based email
- Subject Alternative name: myforum.MYDOMAIN.COM
- MYDOMAIN.synology.me (default)
- synology.com
- mynas.MYDOMAIN.COM (also holds myforum.MYDOMAIN.COM)
- MYDOMAIN.synology.me
- synology.com (synology DDNS Certificate)
- mynas.MYDOMAIN.COM (default)
What am I missing?
Last edited:
I believe this is failing because mydomain.com isn’t associated anywhere with your nas. Is mydomain.com being used for the email? If not, if you create a reverse proxy mydomain.com which then forwards to your nas, then do the LE cert as stated.
Mynas.mydomain.com works because that url is associated with your nas ( cname name record is pointing to it)
When you configure the certs, don’t use the synology.com one at all. Change it to either your domain or synology.me. If you plan on accessing nas with synology.me domain, make sure that domain name is what the LE is attached to. If le attached (configured) to mynas.domain.com and your using the synology.me domain you’ll get the error. Alternatively if you want to use mynas.mydomain.com to access the nas make sure the LE cert is configured for that domain name then and not synology.me.
Whatever domain name you decide to pick to access your nas, make sure you select the LE cert that matches that domain name and that it is configured for the same
Keep the synology.me cert associated with the synology.me domain name.
Well good news since I last posted the mynas.MYDOMAIN.COM has decided to show the right certificate so maybe it took a few minutes for it to propagate through the system.
I assume that the certificates will all auto-renew and I don't need to worry about that ?
- The mynas.MYDOMAIN.COM is set to work with mynas.MYDOMAIN.COM, forum.MYDOMAIN.COM, phpBB3, FTPS, System Default and Synology Drive Server.
- The MYDOMAIN.synology.me certificate is used for MYDOMAIN.synology.me
- The synology.com certificate is there but not allied to anything.
I assume that the certificates will all auto-renew and I don't need to worry about that ?
- 4,064
- 1,395
- NAS
- DS4l8play, DS202j, DS3623xs+, DSM 7.3.3-25847
Create an account or login to comment
You must be a member in order to leave a comment
Create account
Create an account on our community. It's easy!
Log in
Already have an account? Log in here.
Similar threads
OK thanks. I have an ongoing ticket with them but have kind of taken matters into my own hands and used...
I can tell you that this method also didn't work for me:
So this is one of the reason's I've moved away...
Welcome to SynoForum.com!
SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.
Registration is free, easy and fast!
Trending threads
-
Synology Blog Decoding myths associated with data deduplication- Started by Synology RSS
- Replies: 0
-
-
NAS Compares Synology NAS Noctua Fans and Velcro Mod – DS923+ / DS423+ / DS920+ / DS420+ / DS918+- Started by NAS Compares
- Replies: 2
-
DNS Relay using Container Manager- Started by southerndoc
- Replies: 0
-
Reaching global.download.synology.com through Palo Alto firewall- Started by Hein
- Replies: 3
-