Dear All
I am struggling with ACME client certification deployment to Synology. What is so strange to me is, that it works for one Synology NAS but not for the other.
My setup:
- OPNsense on 24.7.10_2
- 2 * Synology on DSM 7.2.2-72806
- Both NAS systems are in different VLANs
- SSH access is fine from OPNsense root to relevant NAS user
I have set Log Level to debug3 in ACME Client settings but I do not see more than the following.
My domain is public but the hostnames of these 2 NAS systems are not. I am running BIND9 as DNS for my local network
I successfully tested SFTP automation to both NAS systems with the same Synology users. OTP are not configured.
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] Error encountered while deploying.
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] Error deploying for domain: <host>.<domain>
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] Unable to authenticate to https://<host>.<domain>:5001, you may report this by providing full log with '--debug 3'.
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] SynoToken
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] Session ID
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] error_code
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] response
2024-12-08T09:31:06 acme.sh [Sun Dec 8 09:31:06 CET 2024] ret='60'
Meanwhile I manually uploaded the LE certificate and set it as standard cert (I also deleted the self signed Synology cert)
All I can find about return code 60 is this:
CURLE_PEER_FAILED_VERIFICATION (60): The remote server's SSL certificate or SSH fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.
Any advice that helps me to identify the misconfiguration is highly appreciated.