Synology: Failed to Renew Let’s Encrypt Certificate

Synology Failed to Renew Let's Encrypt Certificate

Have you ever tried to manually renew your Let’s Encrypt certificate on your Synology NAS and received the following error message on DSM 6.2.4?

Failed to connect to Let’s Encrypt. Please make sure your DiskStation and router have port 80 open to Let’s Encrypt domain validation from the Internet. All the other communications with Let’s Encrypt go over HTTPS to keep your DiskStation secure.

Synology Failed to Renew Let's Encrypt Certificate DSM 6.2.4

You may also receive a similar message on DSM 7 which says:

Please check if your IP address, reverse proxy rules, and firewall settings are correctly configured and try again.

Synology Failed to Renew Let's Encrypt Certificate DSM 7

The first thing you definitely did was check if ports 80 and 443 both TCP and UDP on your router were properly configured and pointing at your NAS local IP. Use the test below to make sure ports 80 and 443 are open correctly.

Port Forwarding Tester

If the ports are opened correctly and the error message persists, the only way to get the certificate renewed and unlocked is not to restart your Synology NAS, but to delete and recreate the problematic certificate again.

Note: Deleting and retrieving the certificate from scratch will solve the issue.

This post was updated on Sunday / April 25th, 2021 at 11:46 PM