Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Synology Letsencrypt Renewal and Unifi Firmware Update Fail

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 2 Posters 759 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zsx
      last edited by

      Hi,
      pfSense 2.4.4-RELEASE-p3
      DNS Server Setting on General Setup Page 1.1.1.1, 1.0.0.1
      DNS Forwarder and Resolver enabled
      Firewall LAN rules forces pfSense IP to be used to used as DNS
      pfBlockerNG 2.1.4_18

      Synology Letsencrypt Renewal and Unifi Firmware Update Fail. If I disable pfBlockerNG, remove firewall LAN rule to allow other DNS and change Synology and Unifi Cloud Key DNS to 1.1.1.1 (or any external DNS), LE renewal and Unifi firmware update will work.

      Can anyone advise? Thank you.

      GertjanG 1 Reply Last reply Reply Quote 1
      • GertjanG
        Gertjan @zsx
        last edited by

        @saunada said in Synology Letsencrypt Renewal and Unifi Firmware Update Fail:

        Can anyone advise?

        Yep.
        It looks like you have a very off standard DNS setup.
        This :

        @saunada said in Synology Letsencrypt Renewal and Unifi Firmware Update Fail:

        DNS Forwarder and Resolver enabled

        has been done for what reason ?

        Normally, DNS Server Setting on General Setup Page is set to 127.0.0.1 you might consider adding "::1", but that's it.
        Your giving away your (private) DNS requests to "1.1.1.1" which isn't needed at all. Default DNS settings, using only the resolver works just fine.
        pfBlockerNG 2.1.4_18 is still available, but know that pfBlockerNG-devel / 2.2.5_29 is far more superior.

        Letsencrypt Renewal : all depend on what method you are using, etc. the ascme pfSense package logs severally. What does it tell you ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • Z
          zsx
          last edited by

          I had DNS Forwarding enabled because of the following, but I noticed now that they are also in DNS Resolver. I will disable dns forwarding.
          295a7713-6c7a-4f5f-b886-56d98456d401-image.png

          Do you mean 127.0.0.1::1 in the DNS Server Setting? what does "::1" mean?

          I will upgrade pfBlockerNG as well.

          Synology (LE renewal) logs in the web interface do not tell much. I am not sure where to get them. I am using the tool in the web interface. Not sure if it is acme in the background. I will make the above changes tonight (equipment are operational now) and update here again. Thank you.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @zsx
            last edited by Gertjan

            @saunada said in Synology Letsencrypt Renewal and Unifi Firmware Update Fail:

            Do you mean 127.0.0.1::1 in the DNS Server Setting? what does "::1" mean?

            127.0.0.1 is default - and it's IPv4
            ::1 is the IPv6 counterpart.

            Like :
            9194ff14-358d-4794-adc4-a421f593d25e-image.png

            @saunada said in Synology Letsencrypt Renewal and Unifi Firmware Update Fail:

            I am not sure where to get them

            Here : /tmp/acme/[acme - LE account name]/acme_issuecert.log if your talking about the acme pfSense package.
            LetsEnscrypt certs renewal on a Syno NAS is totally not related to pfSense. I would advise you to use the acme pfSense packages, ask for a wild card cert, and export it ones every 60 days or so to your Syno NAS (and other devices,, if needed).

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            Z 1 Reply Last reply Reply Quote 0
            • Z
              zsx @Gertjan
              last edited by

              @Gertjan said in Synology Letsencrypt Renewal and Unifi Firmware Update Fail:

              Like :
              9194ff14-358d-4794-adc4-a421f593d25e-image.png

              Thank you.

              Here : /tmp/acme/[acme - LE account name]/acme_issuecert.log if your talking about the acme pfSense package.
              LetsEnscrypt certs renewal on a Syno NAS is totally not related to pfSense. I would advise you to use the acme pfSense packages, ask for a wild card cert, and export it ones every 60 days or so to your Syno NAS (and other devices,, if needed).

              Is the exporting a manual process?

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                Yes.

                You have to click on these icons

                c0d3853f-ec31-4068-be7b-6b09a5d793eb-image.png

                to export the certs - P12 and pem format.

                The certs are also available here :

                caae1ef0-a836-428b-b1f4-27a526e4e4f2-image.png

                You'll have to write a scrip to send it over to other devices. But as you might have guessed : the Synology DSM GUI uses a ... GUI to install the certs. Maybe it can be done using scripts on the Synology;,an ssh interface exists, but you have to discover that yourself.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.