Although Synology help said that you must open port 80, it is in fact compulsory, but not sufficient. I had the following error (with port 80 open and redirected through Upnp) :
DEBUG: DNS challenge failed, reason: { "error": 108, "msg": "Not synology DDNS.", "file": "challenge.cpp:79"}
Yes, my ddns is at the moment not synology but no-ip.com.
How I made it work :
- disable syno firewall
- log to syn by ssh
- type "sudo /usr/syno/sbin/syno-letsencrypt renew-all -v"
- enable firewall
If anyone has any clue of why it did not work It would be great...
Update :
https://community.letsencrypt.org/t/impossible-to-renew-certificate-for-synology-nas/26721/24