Let's Encrypt stuck at "Authorizing"

[tetete]

DDNS works, I can access my router via the domain name.

A quick search here indicates this might be related to port 80 being blocked, but I don't think I did that on the router, and I don't think my ISP (shaw cable) would do that as well.

Can anyone shed some light on what else to check?

Thanks

 

[Ripshod]

DDNS works, I can access my router via the domain name.

A quick search here indicates this might be related to port 80 being blocked, but I don't think I did that on the router, and I don't think my ISP (shaw cable) would do that as well.

Can anyone shed some light on what else to check?

Thanks

View attachment 48101

I believe namecheap are having issues at the moment and no sign of a fix coming soon (don't quote me - I said believe)
*edit*
However, if this a brand new domain it takes a while to propogate. Also in your screenshot you appear to have an "@" as the first part of your domain? That won't work.

 

[RMerlin]

I suspect Let's Encrypt might not work with Namecheap because that DDNS provider uses a username rather than a hostname, so Let's Encrypt has no way of knowing what hostname to use.

 

[tetete]

I believe namecheap are having issues at the moment and no sign of a fix coming soon (don't quote me - I said believe)
*edit*
However, if this a brand new domain it takes a while to propogate. Also in your screenshot you appear to have an "@" as the first part of your domain? That won't work.

Thanks. It's an old domain, SSL just never worked.

Why I can't have an @ there? I can't use the root folder, so it has to be like www.abc.com instead of just abc.com?

 

[tetete]

I suspect Let's Encrypt might not work with Namecheap because that DDNS provider uses a username rather than a hostname, so Let's Encrypt has no way of knowing what hostname to use.

Thanks, Merlin.

I can potentially transfer my domain to no-ip, which I found ppl on this forum made it working. But interms of the settings, ain't they are the same with namecheap?

Please forgive my ignorance on this, but why Let's Encrypt would know the hostname when it's set up the same way in the router?

 

[RMerlin]

I can potentially transfer my domain to no-ip, which I found ppl on this forum made it working. But interms of the settings, ain't they are the same with namecheap?

I don`t remember specifically for no-ip, but I think the configuration requires you to enter the FQDN, so it will be usable by Let's Encrypt.

I'd ask myself tho if you need Let's Encrypt bad enough to justify the hassle of changing DDNS provider. It's largely used just to provide a recognized certificate for remote use, and remotely enabling a router's webui is a major security risk. You don't need a LE certificate to access the router within your LAN.

 

[tetete]

I don`t remember specifically for no-ip, but I think the configuration requires you to enter the FQDN, so it will be usable by Let's Encrypt.

I'd ask myself tho if you need Let's Encrypt bad enough to justify the hassle of changing DDNS provider. It's largely used just to provide a recognized certificate for remote use, and remotely enabling a router's webui is a major security risk. You don't need a LE certificate to access the router within your LAN.

Thanks Merlin, I will look into FQDN.

For my application, it's not about using the router's WebUI. In fact, it's disabled.

It's about accessing my Synology server behind the router. So I can use my domain on a specified port to access my Synology services which have port forwarding enabled on the router.

I also have the domain name resolved locally on the router, so on my phone, I can always use the domain name to access the Synology service. At home, it will be Lan speed, because the domain is resolved by the router to the local IP of the Synology server. Outside the home, the domain name will be resolved by DDNS to my router IP, then forwarded to the Synology server.
(I'm not sure if my phone will cache the domain IP. If that's the case, accessing the Synology server locally may still go to the public IP of the router first. )

 

[RMerlin]

It's about accessing my Synology server behind the router. So I can use my domain on a specified port to access my Synology services which have port forwarding enabled on the router.

You don't need Let's Encrypt for that, just DDNS. You could also use the synology.me DDNS service.

 

[bradetter]

I'm using no-ip for ddns. Let's encrypt certificate is stuck on authorizing. I tried to export, and chrome choked and said it was corrupted.

 

[bradetter]

You don't need Let's Encrypt for that, just DDNS. You could also use the synology.me DDNS service.

I need a security certificate, and I would prefer not to pay for one.
Synology seems geared towards NAS more than router applications.

 

[bradetter]

You don't need Let's Encrypt for that, just DDNS. You could also use the synology.me DDNS service.

I intend to implement the OpenVPN server, so would I have better luck trying to implement the OpenSSL certificate?

 

[RMerlin]

I intend to implement the OpenVPN server, so would I have better luck trying to implement the OpenSSL certificate?

You don't need a Let's Encrypt certificate for OpenVPN.

 

[bradetter]

You don't need a Let's Encrypt certificate for OpenVPN.

I understand. However, without the SSL certificate, won’t the traffic still be susceptible to MITM attacks?
I’ve also tried to create a self signed certificate, but neither Chrome or Firefox will accept them.

 

[RMerlin]

I understand. However, without the SSL certificate, won’t the traffic still be susceptible to MITM attacks?

That certificate is strictly for the webui, and it has nothing to do with OpenVPN.

If you are worried with a MITM attack within your LAN between your personal PC and your personal router, then you probably have more important problems to solve than having the communication between both devices be encrypted.