yakatape wrote:its working for me after many try .. and i understand how is working letsencrypt on asustor now.. but its strange
I'm curious what you mean "strange". Can you share the details?
I mean if you put some "Alternatif Subject Name" during the process of letsencrypt creation of certificat from the asustor UI who arent available or created/joinable the process will fail all time and it don't care if the "domain" itselft is joinable on the port 80.
Looks like, i need join the domain on port 80, but need to check each Alternatif subject Name .. i saw that because i was thinking create some other subdomain for my NAS so i try to put them with out created the subdomain on my registar (OVH) and all time Failed to join domain on port 80 (where the domain was 100% joinable on the port 80) when i've deleted all Alternatif Subject Name and kept only the domain its works well.
So i have created each subdomain on my registar and retry to generate a new certificat with all my Alternatif Subject Name and its was working this time.. i've try again a new certificat with some random subdomain name who doesnt exist and fail.
So the generation letsencrypt cert don't focus only the "Domain", dunno if its the normal or lil tweak from asustor dev?
yakatape wrote:
I mean if you put some "Alternatif Subject Name" during the process of letsencrypt creation of certificat from the asustor UI who arent available or created/joinable the process will fail all time and it don't care if the "domain" itselft is joinable on the port 80.
Looks like, i need join the domain on port 80, but need to check each Alternatif subject Name .. i saw that because i was thinking create some other subdomain for my NAS so i try to put them with out created the subdomain on my registar (OVH) and all time Failed to join domain on port 80 (where the domain was 100% joinable on the port 80) when i've deleted all Alternatif Subject Name and kept only the domain its works well.
So i have created each subdomain on my registar and retry to generate a new certificat with all my Alternatif Subject Name and its was working this time.. i've try again a new certificat with some random subdomain name who doesnt exist and fail.
So the generation letsencrypt cert don't focus only the "Domain", dunno if its the normal or lil tweak from asustor dev?
I do have several SANs in my certificate. The SAN domains were all configured using virtual hosts on port 80. For some reason the SAN domains won't work on HTTPS, but engineers are looking into this.
for my case i don't have any problem on https for my subdomain, i've put a redirect on my apache vhost in @default to https. and add in @default-ssl a vhost dedicated to my subdomain with just specific ServerName value and like that i dont need to use a specific port because we haven't the possibility from UI of asustor to create a vhost with a port who already exist because they dont take on parameter a ServerName Value who can be a really nice way in futur .
joe wrote:I saw that ADM v2.6.2.R6L2 now has LetsEncrypt support built in so I applied the ADM update and the option is there in settings->certificate manager.
To get past stupid error #1 I had to port forward port 80 to the NAS and enable the NAS web server on port 80 in services->web server.
The next error I see when attempting to create the lets encrypt certificate is "The number of certificates issued by Let's Encrypt for your domain name has reached it's limit (Ref. 5017)" which I suspect is a rubbish error given that I've not requested any Let's Encrypt certs for this domain at any point in time ever; I have however in the past done Let's Encrypt the manual way and as a result of that manual method, I do have a LE SSL/TLS cert active right now on my NAS device for some other domain.
Fabulous well done - any further details or documentation? I certainly can't find anything here: https://www.asustor.com/online/college. So this feels like a less than sterling half baked poorly supported solution from Asustor.
I'll be sticking with doing Let's Encrypt the manual CLI way until this new 'feature' is revealed to be fabulous and working.
I did not public my NAS. So I cannot try Let's Encrypt. I think you'd better to report this issue through support ticket. http://support.asustor.com/
You're probably right, I should raise a support ticket if something doesn't work as smoothly as it ideally should work. But here's the thing - if Asustor can't be bothered to document an ADM UI feature then I'm afraid I can't really be bothered to debug it via their support channel to get it working. Call that selfish or whatever you like but life is too short for this sort of rubbish, even moreso when it's possible to just bypass this semi broken ADM UI feature with a Lets Encrypt CLI method that works well enough.
joe wrote:I saw that ADM v2.6.2.R6L2 now has LetsEncrypt support built in so I applied the ADM update and the option is there in settings->certificate manager.
To get past stupid error #1 I had to port forward port 80 to the NAS and enable the NAS web server on port 80 in services->web server.
I will bring a precision here : It's not enough to have web server accessible from outside on http://..80, internal port MUST be the same. Eg : configuring your router to mapp external port 80 to internal port 3080 on the NAS ( and have NAS'web server configured to listen on port 3080 ) will NOT work.
Out of that, I had configured network defender with GEOip and white list, and USA was not in it...
For the record I tried this again today for a new cert for a new domain and a new cert for an existing domain that has in the past has a lets encrypt certificate generated for it and both worked first time in 3.0.1.R9J2 on my AS202-TE.
I'm not sure when this got fixed but it seems to be working here now without any issues or delays or error messages so credit where it's due. I'll report back come auto-renewal time if I see any issues.
Issued On Sunday, October 1, 2017 at 7:59:10 AM
Expires On Saturday, December 30, 2017 at 6:59:10 AM
Auto-renewal came and went and whatever was done, it didn't successfully renew the certificate. I suspect it might have tried to autorenew and it failed due to port 80 being closed to the NAS. If anyone knows of any logs maintained around certificate maintenance that would be useful.
Just upgraded to the latest firmware which had a note about the Let's Encrypt updating. After the reboot the certificate was updated (as my NAS needed a new certificate as well).
All is well again until april second .
.