ACME client / Synology / CURL 60

Started by boku, December 08, 2024, 09:58:45 AM

Previous topic - Next topic
Dear All

I am struggling with ACME client certification deployment to Synology. What is so strange to me is, that it works for one Synology NAS but not for the other.

My setup:
- OPNsense on 24.7.10_2
- 2 * Synology on DSM 7.2.2-72806
- Both NAS systems are in different VLANs
- SSH access is fine from OPNsense root to relevant NAS user

I have set Log Level to debug3 in ACME Client settings but I do not see more than the following.

My domain is public but the hostnames of these 2 NAS systems are not. I am running BIND9 as DNS for my local network

I successfully tested SFTP automation to both NAS systems with the same Synology users. OTP are not configured.



2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] Error encountered while deploying.
2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] Error deploying for domain: <host>.<domain>
2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] Unable to authenticate to https://<host>.<domain>:5001, you may report this by providing full log with '--debug 3'.
2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] SynoToken
2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] Session ID
2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] error_code
2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] response
2024-12-08T09:31:06   acme.sh   [Sun Dec 8 09:31:06 CET 2024] ret='60'

Meanwhile I manually uploaded the LE certificate and set it as standard cert (I also deleted the self signed Synology cert)

All I can find about return code 60 is this:
CURLE_PEER_FAILED_VERIFICATION (60): The remote server's SSL certificate or SSH fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.

Any advice that helps me to identify the misconfiguration is highly appreciated.