Today I used my trusty post Resolve certificate error for Synology Diskstation part 3 of 4 again to renew my certificate. The site startssl.com is still alive, is still free and still works. They even send me a reminder 2 weeks in advanced of the certificate expiring.
Uploading the certificate caused my browser to throw errors. The certificate was not trusted. Not happy 😦
There was some turbulence since last autumn. I totally mist this.
- Blocking Trust (apple support)
- Distrusting WoSign and StartCom Certificates (google security)
- StartCom reaction
I need another (free) SSL source.
After some searching I ended up using sslforfree.com since I could verify my domain by adding a TXT-record. Other sites needed me to host files or open ftp to them with username and password 😯
To verify my domain using a TXT-record I noticed the google support page was not providing the right solution. The DNS entry should have _acme_challenge for the Host name:
| Type | Host | Value | TTL |
| TXT-Record | _acme_challenge | R4nD0m57R1n9 | 1 min |
The provided certificate is valid for 90 days. Safari trusts this CA and the certificate. I’m happy again. 🙂
.NET Development by Eric 
Pingback: Resolve certificate error for Synology Diskstation part 3 of 4 | .NET Development by Eric
Pingback: Renew certificate 2020 edition | .NET Development by Eric