Lets Encrypt Port 80 issue

Post your questions about myQNAPcloud service here.
lewis.brooks
Getting the hang of things
Posts: 51
Joined: Wed Aug 27, 2014 1:30 am

Lets Encrypt Port 80 issue

Post by lewis.brooks » Sun Feb 05, 2017 5:57 am

Hi,

Trying to get an SSL cert using the inbuilt service but I constantly get the error about port 80. The port is open and forwarded to the NAS on the router.

Any ideas?

lewis.brooks
Getting the hang of things
Posts: 51
Joined: Wed Aug 27, 2014 1:30 am

Re: Lets Encrypt Port 80 issue

Post by lewis.brooks » Sun Feb 05, 2017 7:17 am

I can also access my test file on port 80 to my NAS DDNS address

ynocturnal
First post
Posts: 1
Joined: Thu Nov 27, 2014 1:41 am

Re: Lets Encrypt Port 80 issue

Post by ynocturnal » Fri Feb 17, 2017 5:42 am

same problem, even with 4.3.3

"Authentication fails. Please check the DNS server or if the port 80 is working."

any idea???

pavlosweb
Starting out
Posts: 41
Joined: Fri Nov 04, 2016 7:32 am

Re: Lets Encrypt Port 80 issue

Post by pavlosweb » Thu Feb 23, 2017 6:16 pm

Same problem. I had to generate certificate in virtual ubuntu and then I imported it via control panel > security > import certificate. It is not best way, since cert will expire in 90 days. Later I found this chat viewtopic.php?t=122747 maybe it will work best. It should be possible to create schedulled script for automatic renewal.
TS-451+ Beta FW 4.3.2.0017

myjablonec
New here
Posts: 4
Joined: Tue May 24, 2016 9:31 pm

Re: Lets Encrypt Port 80 issue

Post by myjablonec » Wed Apr 19, 2017 12:08 am

pavlosweb wrote:I had to generate certificate in virtual ubuntu. It is not best way, since cert will expire in 90 days.

How do you generate certificate in ubuntu for your NAS? Your PC doesn't have same IP and hostaname as your NAS.
Thank you

snarf007
Starting out
Posts: 37
Joined: Sun Jan 16, 2011 6:47 am

Re: Lets Encrypt Port 80 issue

Post by snarf007 » Mon May 01, 2017 3:59 am

Issue was already in the Beta, but isn't fixed.
Would like this to be fixed.
Does it work for others with your own domain?

ensignvorik
Easy as a breeze
Posts: 321
Joined: Sat Jul 14, 2012 8:24 pm

Re: Lets Encrypt Port 80 issue

Post by ensignvorik » Mon May 01, 2017 4:07 am

Works perfectly fine for me on a 253A using myqnapcloud as the domain.

Log a support ticket if it's not working.
Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A

myjablonec
New here
Posts: 4
Joined: Tue May 24, 2016 9:31 pm

Re: Lets Encrypt Port 80 issue

Post by myjablonec » Mon May 01, 2017 4:10 am

ensignvorik wrote:Works perfectly fine for me on a 253A using myqnapcloud as the domain.

That's nice, but I can't use myqnapcloud as the domain, I need to use my own.

ensignvorik
Easy as a breeze
Posts: 321
Joined: Sat Jul 14, 2012 8:24 pm

Re: Lets Encrypt Port 80 issue

Post by ensignvorik » Mon May 01, 2017 4:38 am

myjablonec wrote:
ensignvorik wrote:Works perfectly fine for me on a 253A using myqnapcloud as the domain.

That's nice, but I can't use myqnapcloud as the domain, I need to use my own.


The inbuilt service stats it will only work with myqnapcloud domains.

You can either try the community version here: viewtopic.php?f=320&t=122747

Or directly apply via the Let's Encrypt site, which has a simple process to follow, but you'll have to remember to re-do it every 90 days.

https://letsencrypt.org/
Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A

User avatar
jds580s
Know my way around
Posts: 198
Joined: Tue Dec 08, 2009 4:52 am

Re: Lets Encrypt Port 80 issue

Post by jds580s » Fri May 12, 2017 2:47 am

ensignvorik wrote:
myjablonec wrote:
ensignvorik wrote:Works perfectly fine for me on a 253A using myqnapcloud as the domain.

That's nice, but I can't use myqnapcloud as the domain, I need to use my own.


The inbuilt service stats it will only work with myqnapcloud domains.

You can either try the community version here: viewtopic.php?f=320&t=122747

Or directly apply via the Let's Encrypt site, which has a simple process to follow, but you'll have to remember to re-do it every 90 days.

https://letsencrypt.org/


I see the note about only working with myQNAPcloud domain names when trying to configure Let's Encrypt through "myQNAPcloud>SSL Certificate"
However, if you instead configure SSL/TLS through "System>Security>Certificate & Private Key" and click Replace Certificate, then select Let's Encrypt it allows you to input your own domain name and alternative names.
The process works great when I go through the first menu (but you can't input any alternative names), and returns the port 80 error when I use the second method where Alt names can be defined.

Like pavlosweb, ynocturnal, and lewis.brooks, I am having the same problem.
Really hoping to see a solution to this error in the next update.

Model: TVS-1282-i5-16G
  • Firmware: QTS 4.3.4.0537
  • Network: 10GbE ASUS XG-C100C card, MTU 9k
  • RAID 1: [System] 2x WD Blue M.2 SSD 250GB
  • Single Volume: [QVR Pro Storage] 1x WD Purple 4TB
  • RAID 6: [DATA] 5x HGST HDN728080ALE604 8TB
    • Qtier RAID 1: 2x Samsung SSD 850 EVO 500GB
    • Cache RAID 1: 2x Samsung SSD 960 EVO 500GB NVMe M.2 in two NGFF PCIe 3.0 x4 adapter cards
Model: TS-459 Pro
  • Firmware: QTS 4.2.6 build 20180504
  • RAID 6: 2x HGST HDN724030ALE640 3TB, x2 Seagate ST3000VN000 3TB
  • External: 4TB HGST eSATA Drive, UPS
  • Network: 1 Gbps, MTU 1500

snarf007
Starting out
Posts: 37
Joined: Sun Jan 16, 2011 6:47 am

Re: Lets Encrypt Port 80 issue

Post by snarf007 » Tue May 16, 2017 1:26 am

jds580s wrote:
ensignvorik wrote:
myjablonec wrote:
ensignvorik wrote:Works perfectly fine for me on a 253A using myqnapcloud as the domain.

That's nice, but I can't use myqnapcloud as the domain, I need to use my own.


The inbuilt service stats it will only work with myqnapcloud domains.

You can either try the community version here: viewtopic.php?f=320&t=122747

Or directly apply via the Let's Encrypt site, which has a simple process to follow, but you'll have to remember to re-do it every 90 days.

https://letsencrypt.org/


I see the note about only working with myQNAPcloud domain names when trying to configure Let's Encrypt through "myQNAPcloud>SSL Certificate"
However, if you instead configure SSL/TLS through "System>Security>Certificate & Private Key" and click Replace Certificate, then select Let's Encrypt it allows you to input your own domain name and alternative names.
The process works great when I go through the first menu (but you can't input any alternative names), and returns the port 80 error when I use the second method where Alt names can be defined.

Like pavlosweb, ynocturnal, and lewis.brooks, I am having the same problem.
Really hoping to see a solution to this error in the next update.


His is the same issue I have. Was already present in Beta. I've reported it, but no response then.

ensignvorik
Easy as a breeze
Posts: 321
Joined: Sat Jul 14, 2012 8:24 pm

Re: Lets Encrypt Port 80 issue

Post by ensignvorik » Tue May 16, 2017 2:36 am

You could try creating your certs with https://www.sslforfree.com/ and then using the control panel > Security section to upload the cert manually.

Doing this way I've managed to upload a cert for myqnapcloud afraid.or subdomains as well as my two top level domains.
Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A

myjablonec
New here
Posts: 4
Joined: Tue May 24, 2016 9:31 pm

Re: Lets Encrypt Port 80 issue

Post by myjablonec » Thu May 25, 2017 9:12 pm

I just spent several hours with QNAP developers and finally have valid Let's Encrypt certificate with own domain.
The developers tried generete cert many times with different settings in acme_tiny.py. Here is summary of code, which I get from history and worked for me for generate cert again.

Code: Select all

cd /mnt/ext/opt/QcloudSSLCertificate
rm -rf cert/
rm -rf data/
/etc/init.d/QcloudSSLCertificate.sh restart
curl "https://s3.amazonaws.com/anry-temp-data/acme_tiny.py" -o bin/acme-tiny/acme_tiny.py
rm -rf /share/Web/.well-known

After that go to Control panel -> Security -> Certificate & private key -> first Restore to defautl, after that Replace certificate -> Get from Let's Encrypt -> fill domain name and email (doesn't work when I fill alternative name) ->if no error occurs, the certificate should be generated, so close the browser and reopen your NAS webgui with https.
Hope it will wor for you too.
Last edited by myjablonec on Thu May 25, 2017 9:50 pm, edited 1 time in total.

User avatar
jds580s
Know my way around
Posts: 198
Joined: Tue Dec 08, 2009 4:52 am

Re: Lets Encrypt Port 80 issue

Post by jds580s » Thu May 25, 2017 9:23 pm

Glad you were able to get it resolved!

After a number of attempts I was able to get my Let's Encrypt cert to successfully be issued from the GUI
I used the Alternate Name, but I had to remove one of the addresses that wasn't correctly DNS mapped from the public WAN side of my network to the NAS.

For anyone having a similar issue to mine, each address used in the Let's Encrypt "Domain Name" or "Alternative Name" fields must be publicly accessible, and not an IP address. The Let's Encrypt servers will try to reach each destination to verify ownership, and if they are unable to reach them you will see the Port 80 error. Also LE doesn't issue certs for IP addresses since it's more difficult to prove ownership of an IP address.

Model: TVS-1282-i5-16G
  • Firmware: QTS 4.3.4.0537
  • Network: 10GbE ASUS XG-C100C card, MTU 9k
  • RAID 1: [System] 2x WD Blue M.2 SSD 250GB
  • Single Volume: [QVR Pro Storage] 1x WD Purple 4TB
  • RAID 6: [DATA] 5x HGST HDN728080ALE604 8TB
    • Qtier RAID 1: 2x Samsung SSD 850 EVO 500GB
    • Cache RAID 1: 2x Samsung SSD 960 EVO 500GB NVMe M.2 in two NGFF PCIe 3.0 x4 adapter cards
Model: TS-459 Pro
  • Firmware: QTS 4.2.6 build 20180504
  • RAID 6: 2x HGST HDN724030ALE640 3TB, x2 Seagate ST3000VN000 3TB
  • External: 4TB HGST eSATA Drive, UPS
  • Network: 1 Gbps, MTU 1500

chapeaurouge
New here
Posts: 8
Joined: Fri Oct 10, 2014 4:44 am

Re: Lets Encrypt Port 80 issue

Post by chapeaurouge » Mon Jun 05, 2017 5:22 pm

Still not working for me, even with no alternative name, restoring to default and trying again.

Latest version of 4.3 at this time on an old TS412.

Post Reply

Return to “myQNAPcloud service”