External access

patapalo · August 9, 2021, 3:54pm

Hi there,
since last update i can not get external access neither app mobile nor web access. I have synology NAS, HA running inside a docker, certificate through let’s encrypt and always get the same error:NET::ERR_CERT_COMMON_NAME_INVALID
i have tried to renew the cerfiticate, create new one… with no success.
Any idea? thanks in any case.

EKC · August 9, 2021, 6:50pm

Check your certificate and make sure you are using the exact same hostname to access HA. For example, a certificate for “example.com” will fail if you try to access “www.example.com”.

If this works, then you’ll need to adjust your certificate to include the appropriate variations or wildcards.

patapalo · August 12, 2021, 11:00pm

hi! thank you for your answer, but yeah i have the same hostname. The fact is i updated few versions ago and out of the blue i could not have external access. i have tried to renew my let’s encrypt certificate and nothing still not working. I am trying to acces with https://ha.hostname.me:5051 which is my https port.

EKC · August 13, 2021, 4:38am

It’s tricky - I understand why you don’t want to share the actual URL, but troubleshooting certs without it is a bit of a shot in the dark!

Does your common name include the port? If so, it would be worth removing it to see if that works.

Depending on your setup you may or may not need to include the port in the URL to access your instance, but from what I can tell the cert should work for any port, as long as no port is specified in the cert.

patapalo · August 22, 2021, 3:41pm

hey thank you anyway for your answer! it does not matter if i write the URL with or without port. The result is the same.

EKC · August 22, 2021, 8:29pm

Is the domain in your certificate ha.*******.synology.me?

patapalo · August 24, 2021, 8:17am

Hi, yes it is

koying · August 24, 2021, 8:24am

Is your HA actually listening on 5051, and the synology only doing port forwarding, or is the synology acting as a reverse proxy?

patapalo · August 24, 2021, 10:14am

hi koying, first question yes, HA is listening 5051. ( At least it seems… ). Second question, yes too, Syno is acting as a reverse proixy

patapalo · August 24, 2021, 10:17am

no idea if it helps, but if i try to access when i am my local net, it works, i mean, 192.168.0.101:8123 works perfectly. so i guess the problem is with the certificate but i am lost…

koying · August 25, 2021, 8:06am

Your certificate must be on the synology, then, because that’s where the “SSL termination” occurs.

patapalo · August 25, 2021, 10:39am

hey! but it is already. I mean i created a let’s encrypt certificate time ago. It was running ok and out of the blue i update HA and i realized i could not have external access anymore. of course i have tried to renew it, also tried with no firewall…and nothing, always the same message…certificate not valid

koying · August 25, 2021, 12:40pm

Oh, ok.

Did you also trust the synology (as a reverse proxy) on HA side?
It’s mandatory since a couple versions

patapalo · August 25, 2021, 2:19pm

where and how do you do this ? not sure if it is done

smi · January 14, 2023, 8:25pm

Hi!

I’m having the exact same issue. Have you been able to fix it?

Thanks