Failed to renew the Let's Encrypt certificate

Post your questions about myQNAPcloud service here.
Locked
ozstar
Easy as a breeze
Posts: 271
Joined: Mon Mar 13, 2017 3:33 pm
Location: Sydney Oz

Failed to renew the Let's Encrypt certificate

Post by ozstar »

Getting this message.

How can I try and fix this please?

App Name: myQNAPcloud
Category: QTS SSL Certificate
Message: [myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain.
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
ozstar
Easy as a breeze
Posts: 271
Joined: Mon Mar 13, 2017 3:33 pm
Location: Sydney Oz

Re: Failed to renew the Let's Encrypt certificate

Post by ozstar »

No suggestions ?
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Failed to renew the Let's Encrypt certificate

Post by Moogle Stiltzkin »

mine need to renew by next month. so i'm waiting to see if auto renew works or not.

that said i noticed this in email
Hello,

Your certificate (or certificates) for the names listed below will expire in 10 days (on 29 May 19 ...........). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration.
See
https://letsencrypt.org/docs/integration-guide/ for details.

You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/feb ... port/74209

Step-by-step instructions for updating Certbot are here: https://community.letsencrypt.org/t/how ... tbot/83210

Regards,
The Let's Encrypt Team
but looking at myqnapcloud there is no indication WHEN it will decide to auto renew. leaving it to the last second when it just expires is something even lets encrypt says is a bad idea.

So.... i hope they change this to allow a setting WHEN to perform the auto renew (so you can set it e.g. 30 days before it expires). So you have a leeway to sort it out in case auto renew doesn't work as intended :)
nm read the FAQ on the myqnapcloud site that explained it :)


as for the tls sni thing is that on the qnap qts side or the router side ? :'

ozstar wrote: Wed May 15, 2019 11:34 am Getting this message.

How can I try and fix this please?

App Name: myQNAPcloud
Category: QTS SSL Certificate
Message: [myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain.
just wondering but did you have port forwarding set? :'

Will the QTS SSL Certificate app renew my Let's Encrypt SSL certificate automatically before it expires?

Yes. If you check the "auto renew" option when you apply for a Let's Encrypt SSL certificate, then the certificate will be automatically renewed when it is close to its expiry date. You can also change the auto-renewal setting of an existing certificate using the QTS SSL Certificate app
Auto-renewal works as follows:
1. 30 days before a certificate expires, the QTS SSL Certificate app will try to renew the certificate.
2. To confirm that you still control the domain, Let's Encrypt will send a challenge request to myQNAPcloud DNS server.
3. If myQNAPcloud's DNS server cannot complete the challenge request, then the QTS SSL Certificate app will start other challenge methods using port 80 or 443.
4. The certificate will be downloaded to your device once the challenge request is complete.
5. The Web Server will be restarted after the new certificate is applied.

Notes: Renewing a certificate using port 443 first requires a new self-signed certificate to be generated. The web server will then be restarted, after the self-signed certificate is generated. This is normal behaviour.
sauce
https://support.myqnapcloud.com/faq/_fa ... ly?lang=en



ok so auto renew didn't kick in for me. also afaik i didn't get ANY notification in QTS about a failed auto renewal :(

i only got an email alert about impending expiration from lets encrypt themselves.

so i did a manual renew pressing the button in myqnapcloud and that worked.

maybe auto renew requires port forwarding? not sure :'
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
ozstar
Easy as a breeze
Posts: 271
Joined: Mon Mar 13, 2017 3:33 pm
Location: Sydney Oz

Re: Failed to renew the Let's Encrypt certificate

Post by ozstar »

Many thanks for your time and help.

ipfingerprints.com says port 80 is 'filtered' tcp http but not sure what that means.

I will check the port 80 on the router too.

oz
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
ozstar
Easy as a breeze
Posts: 271
Joined: Mon Mar 13, 2017 3:33 pm
Location: Sydney Oz

Re: Failed to renew the Let's Encrypt certificate

Post by ozstar »

Hi,

I went into the NAS Auto Router Config area to check things and eventually found that the DDNS was not enabled.

I enabled that and sure enough the SSL update worked. So that is now okay.

Now I need to try and get my web server going in the NAS so I can get some web sites up. I tried this before but had problems too.

I may be back here begging for help again :-)

I appreciate your time and help. Thanks
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Failed to renew the Let's Encrypt certificate

Post by Moogle Stiltzkin »

ozstar wrote: Tue May 21, 2019 6:31 am ..
yep i got my ddns disabled.

you're welcome :)
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
dbaxterqforum
First post
Posts: 1
Joined: Mon Aug 13, 2018 2:37 am

Re: Failed to renew the Let's Encrypt certificate

Post by dbaxterqforum »

I found I already had my DDNS enabled for the myqnapcloud domain, but I had an IP forwarding rule in my Router, that was forwarding Port 80 to a different server I have running.

To fix this: I temporarily changed that forward rule to my QNAP NAS IP address, then went back to the SSL Certificate, and was then able to Renew the Let's Encrypt SSL certificate for another 3 months.

Don't forget to change your Port 80 forward rule back to the original web server IP.
lfabry
New here
Posts: 2
Joined: Fri Dec 11, 2020 1:47 pm

Re: Failed to renew the Let's Encrypt certificate

Post by lfabry »

Hi
I am getting similar issues when renewing my LetSencrypt domains.
I have one main and multiple alternative names. I am facing 2 issues:
1. Every 3 months when i need to renew the certificates , i press on the renew button but only the main is rnewed and not the alternatives.
2. Then if i wish to manually enter the list of alternative names with a manual renewal , it systematically fails.
The only option is to restore to default and then reenter the list again, and then it works.

This operation is really painful especially when you need to do this every 3months.
Can someone check this problem ad solve it definitely? Using TVS-871 with latest version of BIOS

Thanks!
bullgod
New here
Posts: 9
Joined: Fri Oct 23, 2020 1:16 am

Re: Failed to renew the Let's Encrypt certificate

Post by bullgod »

Looking for your help,
Can't update let's encrypt certificate (let's encrypt site is not available?)
IMG_20211014_204741.jpg
Ports are forwarded and opened:
IMG_20211014_210842.jpg
IMG_20211014_210929.jpg
IMG_20211014_211120.jpg
Let's encrypt site status:
Screenshot_2021-10-14-21-16-18-248_com.android.chrome.jpg
*Trying to update almost 2 days in a row
Thanks in advance
You do not have the required permissions to view the files attached to this post.
crazybyte
First post
Posts: 1
Joined: Sat Apr 24, 2021 12:38 am

Re: Failed to renew the Let's Encrypt certificate

Post by crazybyte »

Hi, same issue with certificate renewal or new certificate
the port 80 and 443 open
hisptoot
New here
Posts: 2
Joined: Mon Jan 25, 2021 11:18 pm

Re: Failed to renew the Let's Encrypt certificate

Post by hisptoot »

I contact the QNAP support team.
They manually fixed my renew problem through ssh and told me next official 5.0 update will fix this bug.
Locked

Return to “myQNAPcloud service”