unable to install certificate from Lets Encrypt

Moderator: Lillian.W@AST

steve6443
Posts: 18
youtube meble na wymiar Warszawa
Joined: Mon Mar 15, 2021 7:38 am

unable to install certificate from Lets Encrypt

Post by steve6443 »

I have an AS5304. Previously I had a certificate from Let's Encrypt for my domain installed but although I set it to automatically renew, it expired. I tried updating it but got an error message so deleted it and decided to try again.

Let's Encrypt is sending me the certificate according to their logs but the NAS is not allowing it to be installed, instead I receive an error: settings could not be applied, please try later (5401).

I've checked everything I can, it appears that the default certificate is causing the issue. Any ideas how I can get my own domain back secured?
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: unable to install certificate from Lets Encrypt

Post by ilike2burnthing »

Uninstall the Let's Encrypt ACME Client from App Central, reinstall it, create a new certificate.
steve6443
Posts: 18
Joined: Mon Mar 15, 2021 7:38 am

Re: unable to install certificate from Lets Encrypt

Post by steve6443 »

ilike2burnthing wrote:Uninstall the Let's Encrypt ACME Client from App Central, reinstall it, create a new certificate.
Doesn't help. Still gives me the same message. To explain, I have a google domain, use Google DynDNS set up on the NAS. If I set the DYNDNS for NAS-ID.org and request the Lets Encrypt certificate, I get the 5401 error. Let's encrypt sends a challenge to my NAS but the response is incorrect hence the verification only goes as far as a pre certificate.

If however, I set the A record in my google domain to http://www.NAS-ID.org, I can request and receive the certificate as http://www.NAS-ID.org, all works well. However if I then say I want the certificate to be issued for http://www.NAS-ID.org and as NAS-ID.org as an alternative, it fails. This tells me there has to be a bug in the system somewhere - why else does http://www.nas-id.org complete but has-id.org fail?

Going a little further. This worked once. But the certificate didn't renew, even though I set it to auto renew. This would indicate that Let's encrypt sent the new certificate but the response received from my NAS didn't match what they were expecting. TLS 1.2 is set up as minimum so it can't be due to that either as I know Let's encrypt stopped accepting TLS 1.0 etc.
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: unable to install certificate from Lets Encrypt

Post by ilike2burnthing »

Ah, that's a shame. I was experiencing the same issue as the user here - https://forum.asustor.com/viewtopic.php?f=240&t=13190

I waited for a week, saw your post, tried again, and got the same error. I had a look at logs and couldn't see anything enlightening, so I uninstalled the client, reinstalled, and tried once more; that was the only thing which resolved it.
duckpinchris
Posts: 27
Joined: Sun Aug 24, 2014 7:32 am

Re: unable to install certificate from Lets Encrypt

Post by duckpinchris »

i cant remove the client wont let me
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: unable to install certificate from Lets Encrypt

Post by ilike2burnthing »

What error does it give you?

Have you removed the certificate first?
duckpinchris
Posts: 27
Joined: Sun Aug 24, 2014 7:32 am

Re: unable to install certificate from Lets Encrypt

Post by duckpinchris »

ive done all this and now i am stuck and am not able to retrieve a certificate now threw LetsEncrypt. any other ideas. i have seen alot of forums with this particular issue and no fix.
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: unable to install certificate from Lets Encrypt

Post by ilike2burnthing »

Over a year to reply...?

I can only ask the same questions again. What error does it give you? Have you removed the certificate first?
duckpinchris
Posts: 27
Joined: Sun Aug 24, 2014 7:32 am

Re: unable to install certificate from Lets Encrypt

Post by duckpinchris »

my apologies for taking so long to get back to this i didnt realize anyone replied. after trying multiple times getting the error that please make sure port 80 is configured i would then get this error The number of certificates issued by Let's Encrypt for your domain name has reached its limit. (Ref. 5017)



my issue is Asustor told me to delete the expired cert and try again and so i did that and now i continue to get this so uninstalling lets encrpyt and reinstalling didnt work. Any ideas would be greatly appreciated as my mail server keeps throwing the invalid cert so mail has been having issues. I also tried to use nginx proxy manager which worked fine to create certs but when i tried to upload them to asustor for a work around for now it told me it was invalid so something on asustor nas is not functioning correctly
ilike2burnthing
Posts: 379
Joined: Thu Apr 09, 2020 8:01 pm

Re: unable to install certificate from Lets Encrypt

Post by ilike2burnthing »

When you say Asustor told you, are you referring to Asustor Support? If so, how long did you go back and forth with them, and what else did they have you do?
Post Reply

Return to “[Official] For AS52xx/53xx/66xx Series”