Failed to renew the Let's Encrypt certificate

Post your questions about myQNAPcloud service here.
Post Reply
ozstar
Getting the hang of things
Posts: 83
Joined: Mon Mar 13, 2017 3:33 pm

Failed to renew the Let's Encrypt certificate

Post by ozstar » Wed May 15, 2019 11:34 am

Getting this message.

How can I try and fix this please?

App Name: myQNAPcloud
Category: QTS SSL Certificate
Message: [myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain.

ozstar
Getting the hang of things
Posts: 83
Joined: Mon Mar 13, 2017 3:33 pm

Re: Failed to renew the Let's Encrypt certificate

Post by ozstar » Mon May 20, 2019 7:03 am

No suggestions ?

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 7380
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Failed to renew the Let's Encrypt certificate

Post by Moogle Stiltzkin » Mon May 20, 2019 8:18 am

mine need to renew by next month. so i'm waiting to see if auto renew works or not.

that said i noticed this in email
Hello,

Your certificate (or certificates) for the names listed below will expire in 10 days (on 29 May 19 ...........). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration.
See
https://letsencrypt.org/docs/integration-guide/ for details.

You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/feb ... port/74209

Step-by-step instructions for updating Certbot are here: https://community.letsencrypt.org/t/how ... tbot/83210

Regards,
The Let's Encrypt Team
but looking at myqnapcloud there is no indication WHEN it will decide to auto renew. leaving it to the last second when it just expires is something even lets encrypt says is a bad idea.

So.... i hope they change this to allow a setting WHEN to perform the auto renew (so you can set it e.g. 30 days before it expires). So you have a leeway to sort it out in case auto renew doesn't work as intended :)
nm read the FAQ on the myqnapcloud site that explained it :)


as for the tls sni thing is that on the qnap qts side or the router side ? :'

ozstar wrote:
Wed May 15, 2019 11:34 am
Getting this message.

How can I try and fix this please?

App Name: myQNAPcloud
Category: QTS SSL Certificate
Message: [myQNAPcloud] Failed to renew the Let's Encrypt certificate. The server failed to connect to the NAS and verify the domain.
just wondering but did you have port forwarding set? :'

Will the QTS SSL Certificate app renew my Let's Encrypt SSL certificate automatically before it expires?

Yes. If you check the "auto renew" option when you apply for a Let's Encrypt SSL certificate, then the certificate will be automatically renewed when it is close to its expiry date. You can also change the auto-renewal setting of an existing certificate using the QTS SSL Certificate app
Auto-renewal works as follows:
1. 30 days before a certificate expires, the QTS SSL Certificate app will try to renew the certificate.
2. To confirm that you still control the domain, Let's Encrypt will send a challenge request to myQNAPcloud DNS server.
3. If myQNAPcloud's DNS server cannot complete the challenge request, then the QTS SSL Certificate app will start other challenge methods using port 80 or 443.
4. The certificate will be downloaded to your device once the challenge request is complete.
5. The Web Server will be restarted after the new certificate is applied.

Notes: Renewing a certificate using port 443 first requires a new self-signed certificate to be generated. The web server will then be restarted, after the self-signed certificate is generated. This is normal behaviour.
sauce
https://support.myqnapcloud.com/faq/_fa ... ly?lang=en



ok so auto renew didn't kick in for me. also afaik i didn't get ANY notification in QTS about a failed auto renewal :(

i only got an email alert about impending expiration from lets encrypt themselves.

so i did a manual renew pressing the button in myqnapcloud and that worked.

maybe auto renew requires port forwarding? not sure :'
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS (HDN724040ALE640) & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 + 16gb ddr4 Crucial + QWA-AC2600 wireless adapter.
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[^] QNAP TS-659 Pro II 1x 4TB HGST Deskstar NAS
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-228 w. 1x 1TB WD RE3 (WD1002FBYS)
[^] QNAP TS-128
Mobile NAS TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Asus AC68U Router|100dl/50ul MBPS FTTH Internet | Windows 10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review

https://www.patreon.com/mooglestiltzkin

ozstar
Getting the hang of things
Posts: 83
Joined: Mon Mar 13, 2017 3:33 pm

Re: Failed to renew the Let's Encrypt certificate

Post by ozstar » Mon May 20, 2019 9:58 am

Many thanks for your time and help.

ipfingerprints.com says port 80 is 'filtered' tcp http but not sure what that means.

I will check the port 80 on the router too.

oz

ozstar
Getting the hang of things
Posts: 83
Joined: Mon Mar 13, 2017 3:33 pm

Re: Failed to renew the Let's Encrypt certificate

Post by ozstar » Tue May 21, 2019 6:31 am

Hi,

I went into the NAS Auto Router Config area to check things and eventually found that the DDNS was not enabled.

I enabled that and sure enough the SSL update worked. So that is now okay.

Now I need to try and get my web server going in the NAS so I can get some web sites up. I tried this before but had problems too.

I may be back here begging for help again :-)

I appreciate your time and help. Thanks

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 7380
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Failed to renew the Let's Encrypt certificate

Post by Moogle Stiltzkin » Tue May 21, 2019 6:37 am

ozstar wrote:
Tue May 21, 2019 6:31 am
..
yep i got my ddns disabled.

you're welcome :)
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS (HDN724040ALE640) & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 + 16gb ddr4 Crucial + QWA-AC2600 wireless adapter.
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[^] QNAP TS-659 Pro II 1x 4TB HGST Deskstar NAS
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-228 w. 1x 1TB WD RE3 (WD1002FBYS)
[^] QNAP TS-128
Mobile NAS TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Asus AC68U Router|100dl/50ul MBPS FTTH Internet | Windows 10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review

https://www.patreon.com/mooglestiltzkin

Post Reply

Return to “myQNAPcloud service”