Tuesday, March 13, 2018

Synology Let's Encrypt SSL certificate failure and ASUS AC68U

So...I was running my own SSL cert from a free SSL certificate provider SSLForFree.com but thought I'd try the built in capability of my Synology DS413J to provision one from Let's Encrypt for free.

I walked through the menus to find the Control Panel, Security, and Certificates tab. Once I walked through adding/replacing a cert, I receive this error:

For clarity, this is what it says:
     Get a Certificate from Let's Encrypt
     Failed to connect to Let's Encrypt. Please make sure your DiskStation and router have port 80
     open to Let's Encrypt domain validation from the Internet. All the other communications with
     Let's Encrypt go over HTTPS to keep your DiskStation secure.

I originally was thinking my router, an Asus AC68U, wasn't capable of forwarding port 80 because it uses that port for the web interface. Turns out that later software updates fixed this issue and is now able to pass the traffic from outside:80->Synology:80. All good.

I made sure Web Station was running. And it still failed.

Turns out, I think the biggest issue was that even though the screen suggests you should just use your top TLD, you really need to put in your full FQDN in both the domain name and the alternative subject name fields.

Then the wizard worked like a charm.

Good luck!