Although Synology help said that you must open port 80, it is in fact compulsory, but not sufficient. I had the following error (with port 80 open and redirected through Upnp) :

DEBUG: DNS challenge failed, reason: { "error": 108, "msg": "Not synology DDNS.", "file": "challenge.cpp:79"}

Yes, my ddns is at the moment not synology but no-ip.com.

How I made it work :

  • disable syno firewall
  • log to syn by ssh
  • type "sudo /usr/syno/sbin/syno-letsencrypt renew-all -v"
  • enable firewall

If anyone has any clue of why it did not work It would be great...

Update :
https://community.letsencrypt.org/t/impossible-to-renew-certificate-for-synology-nas/26721/24