LetsEncrypt Zertifikate aktualisieren

[Ben2013]

Hallo,

habe eie Meldung erhalten, dass die LetsEncrypt Zertifikate nicht aktualisiert werden können.

In der Liste aller vorhandener Zertifikate werden viele Einträge in Orange angezeigt. Das bedeutet, dass diese in den nächsten Tagen ablaufen werden.

Ein manuelles Aktualisieren schlägt ebenfalls fehl. Es wird jedoch nicht angezeigt, warum es fehlschlägt.

Im Reverse Proxy sind jeweils für Port 80 und 443 ein Eintrag angelegt worden, der auf den entsprechenden Webserver umleiten soll.

Ich habe die Vermutung, dass die Test-URL, mit der eine Subdomain von Letsencrypt getestet werden soll, sich geändert haben kann. Wäre so etwas möglich?

Im Router.log ist folgendes protokolliert:

$ tail -f /var/log/router.log
info 2023/08/08 19:18:31 PortForward:[2949] (src/libsynoportmap.cpp:286)===== Detect Router =====
info 2023/08/08 19:18:35 PortForward:[2949] (src/libsynonetcheck.cpp:336)szLevelIP[0]:192.168.1.1
info 2023/08/08 19:18:35 PortForward:[2949] (src/libsynonetcheck.cpp:337)szLevelIP[1]:192.168.178.1
err 2023/08/08 19:18:35 PortForward:[2949] (src/libsynoportmap.cpp:351)Network environment settings(hop) may not be correct.
info 2023/08/08 19:18:37 PortForward:[2949] (src/libsynoportmap.cpp:372)All network env checks are pass
err 2023/08/08 19:18:37 PortForward:[2949] (src/NatpmpDetector.cpp:95)remove SZF_AIRPORT_LIST=/tmp/airport.tcp.local failed
err 2023/08/08 19:19:18 PortForward:[2949] (src/libsynoportmap.cpp:416)upnp no response, timeout
info 2023/08/08 19:19:19 PortForward:[2949] (src/libsynoportmapHelper.cpp:388)SLibSynoPortMapRouterDetect() success: not support upnp / change port
err 2023/08/08 19:19:22 PortForward:[2949] (src/libsynoportmap.cpp:523)file=/etc/portforward/router.conf not exists
err 2023/08/08 19:19:22 PortForward:[2949] (src/libsynoportmapHelper.cpp:1045)Not initialized portforwarding
info 2023/08/08 19:41:18 PortForward:[20694] (src/libsynoportmapHelper.cpp:278)===== Detect Router helper function =====
err 2023/08/08 19:41:18 PortForward:[20694] (src/libsynoportmap.cpp:523)file=/etc/portforward/router.conf not exists
info 2023/08/08 19:41:18 PortForward:[20694] (src/libsynoportmap.cpp:286)===== Detect Router =====
info 2023/08/08 19:41:22 PortForward:[20694] (src/libsynonetcheck.cpp:336)szLevelIP[0]:192.168.1.1
info 2023/08/08 19:41:22 PortForward:[20694] (src/libsynonetcheck.cpp:337)szLevelIP[1]:192.168.178.1
err 2023/08/08 19:41:22 PortForward:[20694] (src/libsynoportmap.cpp:351)Network environment settings(hop) may not be correct.
info 2023/08/08 19:41:24 PortForward:[20694] (src/libsynoportmap.cpp:372)All network env checks are pass
err 2023/08/08 19:41:24 PortForward:[20694] (src/NatpmpDetector.cpp:95)remove SZF_AIRPORT_LIST=/tmp/airport.tcp.local failed
err 2023/08/08 19:42:05 PortForward:[20694] (src/libsynoportmap.cpp:416)upnp no response, timeout
info 2023/08/08 19:42:05 PortForward:[20694] (src/libsynoportmapHelper.cpp:388)SLibSynoPortMapRouterDetect() success: not support upnp / change port
err 2023/08/08 19:42:08 PortForward:[20694] (src/libsynoportmap.cpp:523)file=/etc/portforward/router.conf not exists
err 2023/08/08 19:42:08 PortForward:[20694] (src/libsynoportmapHelper.cpp:1045)Not initialized portforwarding
info 2023/08/08 19:42:37 PortForward:[21857] (src/libsynoportmapHelper.cpp:278)===== Detect Router helper function =====
err 2023/08/08 19:42:37 PortForward:[21857] (src/libsynoportmap.cpp:523)file=/etc/portforward/router.conf not exists
info 2023/08/08 19:42:37 PortForward:[21857] (src/libsynoportmap.cpp:286)===== Detect Router =====
info 2023/08/08 19:42:41 PortForward:[21857] (src/libsynonetcheck.cpp:336)szLevelIP[0]:192.168.1.1
info 2023/08/08 19:42:41 PortForward:[21857] (src/libsynonetcheck.cpp:337)szLevelIP[1]:192.168.178.1
err 2023/08/08 19:42:41 PortForward:[21857] (src/libsynoportmap.cpp:351)Network environment settings(hop) may not be correct.
info 2023/08/08 19:42:43 PortForward:[21857] (src/libsynoportmap.cpp:372)All network env checks are pass
err 2023/08/08 19:42:43 PortForward:[21857] (src/NatpmpDetector.cpp:95)remove SZF_AIRPORT_LIST=/tmp/airport.tcp.local failed
err 2023/08/08 19:43:24 PortForward:[21857] (src/libsynoportmap.cpp:416)upnp no response, timeout
info 2023/08/08 19:43:24 PortForward:[21857] (src/libsynoportmapHelper.cpp:388)SLibSynoPortMapRouterDetect() success: not support upnp / change port
err 2023/08/08 19:43:28 PortForward:[21857] (src/libsynoportmap.cpp:523)file=/etc/portforward/router.conf not exists
err 2023/08/08 19:43:28 PortForward:[21857] (src/libsynoportmapHelper.cpp:1045)Not initialized portforwarding

Zur Erläuterung:
In Synology ist kein Router eingetragen. In der Firewall des Routers sind Port 80 und 443 auf die Diskstation umgeleitet.

Es kann auch auf die Webseiten über http und https zugegriffen werden.

Dennoch wird versucht einen Router zu finden, um auf diesen die Port-Umleitung anpassen zu können?

Einen Router ist unter der IP-Adresse 192.168.1.1 zu finden, nicht jedoch unter der IP-Adresse 192.168.178.1.

Kann mir jemand weiter helfen, um die Fehler-Ursache weiter eingrenzen zu können?

 

[Ben2013]

Nachtrag:

Der Konsolenbefehl
$ syno-letsencrypt renew-all -vv
... zeigt die weiter unten gelisteten Meldungen. Die Domains sind durch Fake-Angaben ersetzt worden.

DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/8MWJJx/cert.pem]
DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/BdnriG/cert.pem]
DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/bFXOlD/cert.pem]
DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/gZSGbh/cert.pem]
DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/jbusZ6/cert.pem]
DEBUG: Issuer name of certificate. [Synology Inc.]->[/usr/syno/etc/certificate/_archive/naLxQH/cert.pem]
DEBUG: certificate is not issued by Let's encrypt. [/usr/syno/etc/certificate/_archive/naLxQH/cert.pem]
DEBUG: Issuer name of certificate. [Let's Encrypt]->[/usr/syno/etc/certificate/_archive/yeM2WM/cert.pem]
DEBUG: start to renew [/usr/syno/etc/certificate/_archive/8MWJJx].
DEBUG: setup acme url https://acme-v02.api.letsencrypt.org/directory
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: GET Request: https://acme-v02.api.letsencrypt.org/directory
DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:54:52 GMT
content-type: application/json
content-length: 752
cache-control: public, max-age=0, no-cache
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"fEY2wdcccVU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}]
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: GET Request: https://acme-v02.api.letsencrypt.org/acme/new-nonce
DEBUG: Curl Reply: [204] Header: [HTTP/2 204
server: nginx
date: Tue, 08 Aug 2023 18:54:52 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: HpCOzWvuxH_E0XRAwtYmniph1FCqCMaQ5WVbx2eUilICE2EadNo
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: []
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/new-order
DEBUG: Post JWS header: {
"alg" : "RS256",
"kid" : "https://acme-v02.api.letsencrypt.org/acme/acct/269973780",
"nonce" : "HpCOzWvuxH_E0XRAwtYmniph1FCqCMaQ5WVbx2eUilICE2EadNo",
"url" : "https://acme-v02.api.letsencrypt.org/acme/new-order"
}

DEBUG: Post JWS value: {
"identifiers" : [
{
"type" : "dns",
"value" : "domainA.de"
}
]
}

DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/new-order
DEBUG: Post value: {
"payload" : "eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoidGVzdC5zb2V0aS5kZSJ9XX0K",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiJIcENPeld2dXhIX0UwWFJBd3RZbW5pcGgxRkNxQ01hUTVXVmJ4MmVVaWxJQ0UyRWFkTm8iLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQo",
"signature" : "ROXMdKCzC7uQT0iJRPyPHciv66Y3PNlDB-Ig4j2I2_42CGa2YNa8UefK4BUdcH8xRE2GFvUbAn-OI7XlWDF3tYSyeKv-YZcMTxEbVmH8adsQl9YpSkeecMeSDuzM1JtyFyKqxNsawqj7XKsN4oacZfT6OyUheATPwqEWMp1QQpsSn9TwfN68KPS65vmOG4rvEEad914S05oMFbZbXNhZHliZw1W218iMvWRST4mqAWRnhH3-fZmvvj_cnn8KjISsFrTpH5rTDV_0wIIRxrujRxQN-0Hl43TvXv0GJnY_1bWA9ylMLJi-AfcvISVM6sL3Dgmi7naA0UiAWfR3HjochA"
}

DEBUG: Curl Reply: [201] Header: [HTTP/2 201
server: nginx
date: Tue, 08 Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 338
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/269973780/200299908556
replay-nonce: 691VxMFk9qXz_roROxhuCHR91MWUVPN4VF2KtIDb3NtzHgxjkO0
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"identifiers": [
{
"type": "dns",
"value": "domainA.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/269973780/200299908556"
}]
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: Post value: {
"payload" : "",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiI2OTFWeE1GazlxWHpfcm9ST3hodUNIUjkxTVdVVlBONFZGMkt0SURiM050ekhneGprTzAiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTMxNjU2Mjg2NDYifQo",
"signature" : "gx_sWT35vPACxSHpKNlFohEn3JuBjX-sqxo6KfxOiOrfNHthp1ZR-tC5NthvUe22U0kDg66d_aBZ-h4_w2yfJt6VVROnK1Hi9_Uq8_37tZ2e8EhucIaa3L_dYTTpI5jJupNE-oiHaL_K-DXBc2bV3-z0dXZf7GkJcVd4zA3OIfm590yWbcz1clfR-2044omGpCi6gYnwGOSuD4-xRL2EuIhfL-kXxKrL4XKvGTEY1TnLMUuqsh0Hm2jj5gJ89xi2alxrw-L1FHx5aFCvBWBrx-vTAcPS42eHxUF-_HsYyc82y3LL-cri3qHOg-r1jvJu8JtCK-RhUfYjV49RJeljkA"
}

DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 797
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: MU4gOfMfSPyN9EKT2_8FZ-dg6Z1MvCnarIyz_3VtuatX6I4D5aU
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"identifier": {
"type": "dns",
"value": "domainA.de"
},
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/u_B5nA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/IR_exQ",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
}
]
}]
DEBUG: dns-01 is not support for domainA.de
DEBUG: Setup challenge for domainA.de with type http-01
Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 338
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/269973780/200299908556
replay-nonce: 691VxMFk9qXz_roROxhuCHR91MWUVPN4VF2KtIDb3NtzHgxjkO0
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"identifiers": [
{
"type": "dns",
"value": "domainA.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/269973780/200299908556"
}]
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: Post value: {
"payload" : "",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiI2OTFWeE1GazlxWHpfcm9ST3hodUNIUjkxTVdVVlBONFZGMkt0SURiM050ekhneGprTzAiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTMxNjU2Mjg2NDYifQo",
"signature" : "gx_sWT35vPACxSHpKNlFohEn3JuBjX-sqxo6KfxOiOrfNHthp1ZR-tC5NthvUe22U0kDg66d_aBZ-h4_w2yfJt6VVROnK1Hi9_Uq8_37tZ2e8EhucIaa3L_dYTTpI5jJupNE-oiHaL_K-DXBc2bV3-z0dXZf7GkJcVd4zA3OIfm590yWbcz1clfR-2044omGpCi6gYnwGOSuD4-xRL2EuIhfL-kXxKrL4XKvGTEY1TnLMUuqsh0Hm2jj5gJ89xi2alxrw-L1FHx5aFCvBWBrx-vTAcPS42eHxUF-_HsYyc82y3LL-cri3qHOg-r1jvJu8JtCK-RhUfYjV49RJeljkA"
}

DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 797
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: MU4gOfMfSPyN9EKT2_8FZ-dg6Z1MvCnarIyz_3VtuatX6I4D5aU
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"identifier": {
"type": "dns",
"value": "domainA.de"
},
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/u_B5nA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/IR_exQ",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
}
]
}]
DEBUG: dns-01 is not support for domainA.de
DEBUG: Setup challenge for domainA.de with type http-01
Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 338
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/269973780/200299908556
replay-nonce: 691VxMFk9qXz_roROxhuCHR91MWUVPN4VF2KtIDb3NtzHgxjkO0
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"identifiers": [
{
"type": "dns",
"value": "domainA.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/269973780/200299908556"
}]
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: Post value: {
"payload" : "",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiI2OTFWeE1GazlxWHpfcm9ST3hodUNIUjkxTVdVVlBONFZGMkt0SURiM050ekhneGprTzAiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTMxNjU2Mjg2NDYifQo",
"signature" : "gx_sWT35vPACxSHpKNlFohEn3JuBjX-sqxo6KfxOiOrfNHthp1ZR-tC5NthvUe22U0kDg66d_aBZ-h4_w2yfJt6VVROnK1Hi9_Uq8_37tZ2e8EhucIaa3L_dYTTpI5jJupNE-oiHaL_K-DXBc2bV3-z0dXZf7GkJcVd4zA3OIfm590yWbcz1clfR-2044omGpCi6gYnwGOSuD4-xRL2EuIhfL-kXxKrL4XKvGTEY1TnLMUuqsh0Hm2jj5gJ89xi2alxrw-L1FHx5aFCvBWBrx-vTAcPS42eHxUF-_HsYyc82y3LL-cri3qHOg-r1jvJu8JtCK-RhUfYjV49RJeljkA"
}

DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 797
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: MU4gOfMfSPyN9EKT2_8FZ-dg6Z1MvCnarIyz_3VtuatX6I4D5aU
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"identifier": {
"type": "dns",
"value": "domainA.de"
},
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/u_B5nA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/IR_exQ",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
}
]
}]
DEBUG: dns-01 is not support for domainA.de
DEBUG: Setup challenge for domainA.de with type http-01
Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 338
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/269973780/200299908556
replay-nonce: 691VxMFk9qXz_roROxhuCHR91MWUVPN4VF2KtIDb3NtzHgxjkO0
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"identifiers": [
{
"type": "dns",
"value": "domainA.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/269973780/200299908556"
}]
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: Post value: {
"payload" : "",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiI2OTFWeE1GazlxWHpfcm9ST3hodUNIUjkxTVdVVlBONFZGMkt0SURiM050ekhneGprTzAiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTMxNjU2Mjg2NDYifQo",
"signature" : "gx_sWT35vPACxSHpKNlFohEn3JuBjX-sqxo6KfxOiOrfNHthp1ZR-tC5NthvUe22U0kDg66d_aBZ-h4_w2yfJt6VVROnK1Hi9_Uq8_37tZ2e8EhucIaa3L_dYTTpI5jJupNE-oiHaL_K-DXBc2bV3-z0dXZf7GkJcVd4zA3OIfm590yWbcz1clfR-2044omGpCi6gYnwGOSuD4-xRL2EuIhfL-kXxKrL4XKvGTEY1TnLMUuqsh0Hm2jj5gJ89xi2alxrw-L1FHx5aFCvBWBrx-vTAcPS42eHxUF-_HsYyc82y3LL-cri3qHOg-r1jvJu8JtCK-RhUfYjV49RJeljkA"
}

DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:54:53 GMT
content-type: application/json
content-length: 797
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: MU4gOfMfSPyN9EKT2_8FZ-dg6Z1MvCnarIyz_3VtuatX6I4D5aU
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"identifier": {
"type": "dns",
"value": "domainA.de"
},
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/u_B5nA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/IR_exQ",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
}
]
}]
DEBUG: dns-01 is not support for domainA.de
DEBUG: Setup challenge for domainA.de with type http-01
DEBUG: Failed to port map router detect. [1]
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA
DEBUG: Post JWS header: {
"alg" : "RS256",
"kid" : "https://acme-v02.api.letsencrypt.org/acme/acct/269973780",
"nonce" : "MU4gOfMfSPyN9EKT2_8FZ-dg6Z1MvCnarIyz_3VtuatX6I4D5aU",
"url" : "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA"
}

DEBUG: Post JWS value: {}

DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA
DEBUG: Post value: {
"payload" : "e30K",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiJNVTRnT2ZNZlNQeU45RUtUMl84RlotZGc2WjFNdkNuYXJJeXpfM1Z0dWF0WDZJNEQ1YVUiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNTMxNjU2Mjg2NDYvUEdiY0FBIn0K",
"signature" : "uEboa2DJMdMsOY9g5WeA_mFVpQS4saHt5a02pTRWGanTPdTzsu_OxfIqTDc6mwr2CAp2A0ggjkYbeXcyOWhfgM3doPhOt9tnZnUl74OAWDGnW7jxCIugjzgfP2RWxshvwJCcxt5un850wPho4SpEzUu2S-hyytnrsrecG0latfMInyZevFYglTgngecbEfNTeobbcXbdVAms4ZAdpkRg865H2rh7NgRwmjps0V29N3g9dxvh233Hww32Ao5qucTwC0Pq0tiXnAIo5vwQhsUpNP-eoWdgJOc-FAt-jn0oOJP6XSVYpJErztn92iaxRXOCM78evos2J7IbWQxAoPyiuA"
}

DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:55:42 GMT
content-type: application/json
content-length: 187
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA
replay-nonce: HpCOzWvusrAuFo-O3KpPq7JK2gb0PgD665A8RWoUeNULdEjsH_0
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
}]
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: Post value: {
"payload" : "",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiJIcENPeld2dXNyQXVGby1PM0twUHE3SksyZ2IwUGdENjY1QThSV29VZU5VTGRFanNIXzAiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTMxNjU2Mjg2NDYifQo",
"signature" : "UPfjtZzOgmq7O1Pz4pIyU_moQjDOLzg3UpAV-jroouLWB-qKQILiBU3pQ4IfLwtxyaFP1wfEgmM5trFbkTusN6PQe3BTfiEFtS1F2Cgi2EKGHvATJ9J1suTkzzCaUD0BCycCvX506aagnwaHA8uV1P7kuIzIb97DcjGXYaORrdY10E9PTdugGc_xut5_7KGqd8UpGgwDb_qzzi6G9Zrrgk6lY_M2W6bO4mmG7K7LtjS3KQBy67-8Ubihwq12br3FlhScmLomXth_UCLac0Cx7hJpGMEYtwHhQ-7nHsvFyLcymvxYEZJGaD-xOJMofsi1yHLHJof0xlQKXbIwPRXVmQ"
}

DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:55:42 GMT
content-type: application/json
content-length: 797
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: z3ddSHxKFZ0fl25QrohUZOy9CxEJgMHzMK8qzx1qpSLeKbgiXrQ
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"identifier": {
"type": "dns",
"value": "domainA.de"
},
"status": "pending",
"expires": "2023-08-15T18:54:53Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/u_B5nA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/IR_exQ",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50"
}
]
}]
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: Post Request: https://acme-v02.api.letsencrypt.org/acme/authz-v3/253165628646
DEBUG: Post value: {
"payload" : "",
"protected" : "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY5OTczNzgwIiwibm9uY2UiOiJ6M2RkU0h4S0ZaMGZsMjVRcm9oVVpPeTlDeEVKZ01Iek1LOHF6eDFxcFNMZUtiZ2lYclEiLCJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTMxNjU2Mjg2NDYifQo",
"signature" : "TLuBCz8XoZB1VFggKi3I1vX1shDjMgIJjGU8JFqE2sj7WFI1D0Mqfwo6-VBZXiffBJwgd5oi873PkDRJtFcGy00kc_IO3FPx_haEN8gZZdCj3kSYK1Yd25HGLyGgywg6DWgruAAB1Mv7PNFRojsXD5sGPh53Ut9IxA7NYMByZ4CiU0V5trr-Ltz-cWOwmmIV47TcMNcqm7aF3kxeuqr5jNzU-rLh17Li1SzgzmsJCkuF714QhFAqsEA43mNBP5Cv5kYF6hNq00RkkytBVTmwntcBG8MGeaPjNVm0xzBxdb889SitAQVKMvzTJGhi_vaV3dsLO-r1fAIOoiAglpyZgg"
}

DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:55:45 GMT
content-type: application/json
content-length: 1023
boulder-requester: 269973780
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: MU4gOfMfMlK-FQmEzx1er2Kre_qud9nOfAd6b21CwQcjARTvEXI
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"identifier": {
"type": "dns",
"value": "domainA.de"
},
"status": "invalid",
"expires": "2023-08-15T18:54:53Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietfarams:acme:error:unauthorized",
"detail": "217.195.149.50: Invalid response from http://domaina.de/.well-known/acme-challenge/xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/253165628646/PGbcAA",
"token": "xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50",
"validationRecord": [
{
"url": "http://domaina.de/.well-known/acme-challenge/xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50",
"hostname": "domainA.de",
"port": "80",
"addressesResolved": [
"217.195.149.50"
],
"addressUsed": "217.195.149.50"
}
],
"validated": "2023-08-08T18:55:42Z"
}
]
}]
DEBUG: Failed to do challenge for domainA.de with type http-01.
DEBUG: close port 80.
{"error":110,"file":"client_v2-base.cpp","msg":"217.195.149.50: Invalid response from http://domaina.de/.well-known/acme-challenge/xRwHY7BEGB6qlIfOwh7O6uUW6xO76T5eonU6KRZDy50: 404"}

DEBUG: start to renew [/usr/syno/etc/certificate/_archive/BdnriG].
DEBUG: setup acme url https://acme-v02.api.letsencrypt.org/directory
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: GET Request: https://acme-v02.api.letsencrypt.org/directory
DEBUG: Curl Reply: [200] Header: [HTTP/2 200
server: nginx
date: Tue, 08 Aug 2023 18:55:45 GMT
content-type: application/json
content-length: 752
cache-control: public, max-age=0, no-cache
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: [{
"gKdoa0UzDL0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}]
DEBUG: szUserAgent: [synology_v1000_1621+ DSM7.2-64570 Update 3 (DDNS)]
DEBUG: GET Request: https://acme-v02.api.letsencrypt.org/acme/new-nonce
DEBUG: Curl Reply: [204] Header: [HTTP/2 204
server: nginx
date: Tue, 08 Aug 2023 18:55:46 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: MU4gOfMfhrdpzHh_SJO3O6TQEriUK8rzbG3ckqbaS11wA-Ud2VY
x-frame-options: DENY
strict-transport-security: max-age=604800

] Body: []
DEBUG: Post JWS Request: https://acme-v02.api.letsencrypt.org/acme/new-order
DEBUG: Post JWS header: {
"alg" : "RS256",
"kid" : "https://acme-v02.api.letsencrypt.org/acme/acct/269973780",
"nonce" : "MU4gOfMfhrdpzHh_SJO3O6TQEriUK8rzbG3ckqbaS11wA-Ud2VY",
"url" : "https://acme-v02.api.letsencrypt.org/acme/new-order"
}

DEBUG: Post JWS value: {
"identifiers" : [
{
"type" : "dns",
"value" : "domainE.de"
}
]
}

 

[Ben2013]

Die Fehlerquelle wurde zwischenzeitlich gefunden und beseitigt.

Ursache: Im Router war in den Portweiterleitungen eine geringfügig andere IP-Adresse angegeben.

Nach der Korrektur lief die Erneuerung der LetsEncrypt-Zertifikate fehlerfrei durch.

Das Thema kann als Erledigt markiert werden