Failed to renew the Let's Encrypt certificate
-
- Easy as a breeze
- Posts: 271
- Joined: Mon Mar 13, 2017 3:33 pm
- Location: Sydney Oz
Failed to renew the Let's Encrypt certificate
Getting this message.
How can I try and fix this please?
App Name: myQNAPcloud
Category: QTS SSL Certificate
Message: [myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain.
How can I try and fix this please?
App Name: myQNAPcloud
Category: QTS SSL Certificate
Message: [myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain.
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
-
- Easy as a breeze
- Posts: 271
- Joined: Mon Mar 13, 2017 3:33 pm
- Location: Sydney Oz
Re: Failed to renew the Let's Encrypt certificate
No suggestions ?
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
- Moogle Stiltzkin
- Guru
- Posts: 11448
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Failed to renew the Let's Encrypt certificate
mine need to renew by next month. so i'm waiting to see if auto renew works or not.
that said i noticed this in email
as for the tls sni thing is that on the qnap qts side or the router side ?
https://support.myqnapcloud.com/faq/_fa ... ly?lang=en
ok so auto renew didn't kick in for me. also afaik i didn't get ANY notification in QTS about a failed auto renewal
i only got an email alert about impending expiration from lets encrypt themselves.
so i did a manual renew pressing the button in myqnapcloud and that worked.
maybe auto renew requires port forwarding? not sure
that said i noticed this in email
Hello,
Your certificate (or certificates) for the names listed below will expire in 10 days (on 29 May 19 ...........). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration. See
https://letsencrypt.org/docs/integration-guide/ for details.
You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/feb ... port/74209
Step-by-step instructions for updating Certbot are here: https://community.letsencrypt.org/t/how ... tbot/83210
Regards,
The Let's Encrypt Team
nm read the FAQ on the myqnapcloud site that explained itbut looking at myqnapcloud there is no indication WHEN it will decide to auto renew. leaving it to the last second when it just expires is something even lets encrypt says is a bad idea.
So.... i hope they change this to allow a setting WHEN to perform the auto renew (so you can set it e.g. 30 days before it expires). So you have a leeway to sort it out in case auto renew doesn't work as intended
as for the tls sni thing is that on the qnap qts side or the router side ?
just wondering but did you have port forwarding set?
sauceWill the QTS SSL Certificate app renew my Let's Encrypt SSL certificate automatically before it expires?
Yes. If you check the "auto renew" option when you apply for a Let's Encrypt SSL certificate, then the certificate will be automatically renewed when it is close to its expiry date. You can also change the auto-renewal setting of an existing certificate using the QTS SSL Certificate app
Auto-renewal works as follows:
1. 30 days before a certificate expires, the QTS SSL Certificate app will try to renew the certificate.
2. To confirm that you still control the domain, Let's Encrypt will send a challenge request to myQNAPcloud DNS server.
3. If myQNAPcloud's DNS server cannot complete the challenge request, then the QTS SSL Certificate app will start other challenge methods using port 80 or 443.
4. The certificate will be downloaded to your device once the challenge request is complete.
5. The Web Server will be restarted after the new certificate is applied.
Notes: Renewing a certificate using port 443 first requires a new self-signed certificate to be generated. The web server will then be restarted, after the self-signed certificate is generated. This is normal behaviour.
https://support.myqnapcloud.com/faq/_fa ... ly?lang=en
ok so auto renew didn't kick in for me. also afaik i didn't get ANY notification in QTS about a failed auto renewal
i only got an email alert about impending expiration from lets encrypt themselves.
so i did a manual renew pressing the button in myqnapcloud and that worked.
maybe auto renew requires port forwarding? not sure
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
-
- Easy as a breeze
- Posts: 271
- Joined: Mon Mar 13, 2017 3:33 pm
- Location: Sydney Oz
Re: Failed to renew the Let's Encrypt certificate
Many thanks for your time and help.
ipfingerprints.com says port 80 is 'filtered' tcp http but not sure what that means.
I will check the port 80 on the router too.
oz
ipfingerprints.com says port 80 is 'filtered' tcp http but not sure what that means.
I will check the port 80 on the router too.
oz
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
-
- Easy as a breeze
- Posts: 271
- Joined: Mon Mar 13, 2017 3:33 pm
- Location: Sydney Oz
Re: Failed to renew the Let's Encrypt certificate
Hi,
I went into the NAS Auto Router Config area to check things and eventually found that the DDNS was not enabled.
I enabled that and sure enough the SSL update worked. So that is now okay.
Now I need to try and get my web server going in the NAS so I can get some web sites up. I tried this before but had problems too.
I may be back here begging for help again
I appreciate your time and help. Thanks
I went into the NAS Auto Router Config area to check things and eventually found that the DDNS was not enabled.
I enabled that and sure enough the SSL update worked. So that is now okay.
Now I need to try and get my web server going in the NAS so I can get some web sites up. I tried this before but had problems too.
I may be back here begging for help again
I appreciate your time and help. Thanks
QNAP TS-231P 2 x 4TB Group 1 RAID 1
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
QNAP TS-451A 3 x 2 TB Group 1 RAID 5
- Moogle Stiltzkin
- Guru
- Posts: 11448
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Failed to renew the Let's Encrypt certificate
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
-
- First post
- Posts: 1
- Joined: Mon Aug 13, 2018 2:37 am
Re: Failed to renew the Let's Encrypt certificate
I found I already had my DDNS enabled for the myqnapcloud domain, but I had an IP forwarding rule in my Router, that was forwarding Port 80 to a different server I have running.
To fix this: I temporarily changed that forward rule to my QNAP NAS IP address, then went back to the SSL Certificate, and was then able to Renew the Let's Encrypt SSL certificate for another 3 months.
Don't forget to change your Port 80 forward rule back to the original web server IP.
To fix this: I temporarily changed that forward rule to my QNAP NAS IP address, then went back to the SSL Certificate, and was then able to Renew the Let's Encrypt SSL certificate for another 3 months.
Don't forget to change your Port 80 forward rule back to the original web server IP.
-
- New here
- Posts: 2
- Joined: Fri Dec 11, 2020 1:47 pm
Re: Failed to renew the Let's Encrypt certificate
Hi
I am getting similar issues when renewing my LetSencrypt domains.
I have one main and multiple alternative names. I am facing 2 issues:
1. Every 3 months when i need to renew the certificates , i press on the renew button but only the main is rnewed and not the alternatives.
2. Then if i wish to manually enter the list of alternative names with a manual renewal , it systematically fails.
The only option is to restore to default and then reenter the list again, and then it works.
This operation is really painful especially when you need to do this every 3months.
Can someone check this problem ad solve it definitely? Using TVS-871 with latest version of BIOS
Thanks!
I am getting similar issues when renewing my LetSencrypt domains.
I have one main and multiple alternative names. I am facing 2 issues:
1. Every 3 months when i need to renew the certificates , i press on the renew button but only the main is rnewed and not the alternatives.
2. Then if i wish to manually enter the list of alternative names with a manual renewal , it systematically fails.
The only option is to restore to default and then reenter the list again, and then it works.
This operation is really painful especially when you need to do this every 3months.
Can someone check this problem ad solve it definitely? Using TVS-871 with latest version of BIOS
Thanks!
-
- New here
- Posts: 9
- Joined: Fri Oct 23, 2020 1:16 am
Re: Failed to renew the Let's Encrypt certificate
Looking for your help,
Can't update let's encrypt certificate (let's encrypt site is not available?) Ports are forwarded and opened: Let's encrypt site status: *Trying to update almost 2 days in a row
Thanks in advance
Can't update let's encrypt certificate (let's encrypt site is not available?) Ports are forwarded and opened: Let's encrypt site status: *Trying to update almost 2 days in a row
Thanks in advance
You do not have the required permissions to view the files attached to this post.
-
- First post
- Posts: 1
- Joined: Sat Apr 24, 2021 12:38 am
Re: Failed to renew the Let's Encrypt certificate
Hi, same issue with certificate renewal or new certificate
the port 80 and 443 open
the port 80 and 443 open
-
- New here
- Posts: 2
- Joined: Mon Jan 25, 2021 11:18 pm
Re: Failed to renew the Let's Encrypt certificate
I contact the QNAP support team.
They manually fixed my renew problem through ssh and told me next official 5.0 update will fix this bug.
They manually fixed my renew problem through ssh and told me next official 5.0 update will fix this bug.