Useless error message #1253

07.06.2022 20:08 UTC+02:00
[ perma(?)link ]
< previous | next >

DSM error message: “Let's Encrypt is unable to validate this domain name. Please make sure your DiskStation and router have port 80 open to Let's Encrypt domain validation from the Internet. All the other communications with let's Encrypt go over HTTPS to keep your DiskStation secure.”

I had Let's Encrypt certificates working long-time on my Synology DiskStation NAS, that is until some extended shenanigans by my ISP left me offline during the renewal period. To add to the fun, my router also died, so I had to install a new one. All of this, of course, meant that the certificate wasn't renewed in the usual manner. Ne'ermind, I'll just delete the old certificate and create a new one. Or so I thought.

Because the DiskStation Manager software (DSM) returned the above error. Clearly, port 80 and/or 443 was not open on the router, or was not being forwarded to the NAS. Except that extensive checking, rechecking, and re-rechecking showed that they both were.

To cut a long story short, one of the shenanigans during my ISP adventures was the addition of an IPv6 address to my NAS. I only use IPv4 and DDNS, because I've had none-too-positive experience with IPv6 on my setups. It turns out that Let's Encrypt prefers IPv6 over IPv4 when available. Who knew?

The solution to the problem is to either setup IPv6 to reach the NAS, or to delete the NAS's IPv6 address and any AAAA record on the webhost's DNS. I changed the IPv6 DDNS settings in DSM from auto to off, and voila! all's good.

But that DSM error is about as helpful as a chocolate teapot.