Android App - won't sync

Hi! Sorry for the late reply - things have been hectic with covid etc etc. I finally got round to trying this. The commands worked but it has not changed anything in terms of access to Joplin from my Android. I'm still not able to connect

Is your certificate chain now complete and valid?

In fact now it is no longer working on my Mac either... My Synology address no longer seems to be connected to my ip address.

Here is what was returned from terminal:

user@NAS:~$ sudo cp /var/packages/WebDAVServer/target/etc/httpd/conf/extra/httpd-ssl.conf-cipher-webdav /var/packages/WebDAVServer/target/etc/httpd/conf/extra/httpd-ssl.conf-cipher-webdav.bak

user@NAS:~$ sudo sed -i -e "s/cert.pem/fullchain.pem/g" /var/packages/WebDAVServer/target/etc/httpd/conf/extra/httpd-ssl.conf-cipher-webdav

user@NAS:~$ sudo /var/packages/WebDAVServer/target/scripts/synowebdavserver_httpd_control.sh restart
/var/packages/WebDAVServer/target/scripts/synowebdavserver_httpd_control.sh: webdav httpd stopped
LoadModule synobandwidth_module modules/mod_synobandwidth.so
Start WebDav Apache Server .....  -DSSL -f /var/packages/WebDAVServer/target/etc/httpd/conf/httpd.conf-webdav
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
/var/packages/WebDAVServer/target/scripts/synowebdavserver_httpd_control.sh: webdav httpd started

Can you post the output from openssl s_client -showcerts -servername <HOST> -connect <HOST>:<PORT>

Hi sure:

User@NAS:~$ openssl s_client -showcerts -servername 192.168.0.15 -connect 192.168.0.15:22
CONNECTED(00000004)
1996242960:error:1408F10B:lib(20):func(143):reason(267):NA:0:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 314 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Replace the port with your WebDav port, not your SSH port.

Sorry!

User@NAS:~$ openssl s_client -showcerts -servername 192.168.0.15 -connect 192.168.0.15:22
CONNECTED(00000004)
1996242960:error:1408F10B:lib(20):func(143):reason(267):NA:0:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 314 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
User@NAS:~$ openssl s_client -showcerts -servername 192.168.0.15 -connect 192.168.0.15:31
CONNECTED(00000004)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = thishouse-nas.synology.me
verify return:1
---
Certificate chain
 0 s:CN = thishouse-nas.synology.me
   i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISBHyvs/ssA57pzY8zchDFQ/WfMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTAxMjIxNDA2MDhaFw0yMTA0MjIxNDA2MDhaMCQxIjAgBgNVBAMT
GXRoaXNob3VzZS1uYXMuc3lub2xvZ3kubWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEMtioCCthjHBOuEIXllZ/4kzM/wZu7lYPonik+qD8Nf200hAy
YxjVQBHKOmJ9svtbb1zTd7LU2Q3r/iWQ/PxTMnUjNopnHD7+ndsQQN1L5hK5YBF6
GsO1j3O3bRBbtna42NmZzmVr60NP7hAP8GTjXv46GaClRzqKAul5YybnhSOrM+7F
Ypp6mNOtHxSwcFRzrToYAJ3Sh3kAwqZ6xet1pbuJ58s44Q/uQYvFrWZmZDO+LiOd
Yv7QqBXyNBfoiA1gYnP9zg1jKLmxn22/hbVhNzn4qoIDLgT0m5mPABLinmMLt7rV
VmVkLgQx0Uz07rSlOf8oYB5TAkC1ySeMG04lAgMBAAGjggJUMIICUDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFGoUymkqGrzt6XEf0OVss0wfMpizMB8GA1UdIwQYMBaA
FBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcw
AYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMu
aS5sZW5jci5vcmcvMCQGA1UdEQQdMBuCGXRoaXNob3VzZS1uYXMuc3lub2xvZ3ku
bWUwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQC
BIH1BIHyAPAAdgBElGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAXcq
oZcwAAAEAwBHMEUCIF40z0hhhjXOukK7DfwEmEovZGXa0/3WlyGqJm9MmDRHAiEA
24eedByun7E8F+wIVgcVPenr/edm6ELxtYOzTGDgX54AdgB9PvL4j/+IVWgkwsDK
nlKJeSvFDngJfy5ql2iZfiLw1wAAAXcqoZdNAAAEAwBHMEUCIQD1f9P2VNiuE+lS
gZ5AQGgeQ/bxS3LhF8E/b/jb2UZjWAIgJ8bLizJP3yf84nCn8uqhJiZO23f2ygKL
ANpcg3dLlmgwDQYJKoZIhvcNAQELBQADggEBAIF6lS/n5EHCgLP3P0NXkg8c/V34
L1e/Lq/pRacOf9tViJoXH1vzMhHLgDYHIoqlWDYCoiD3D27wllNsdXLcWHh3UskY
0YjQKqx2UtP62cJysv0aRECv0MSQdCkbSENLb3Y7Z8TJs/Yux5wyhSCbh4mlVDmG
ex4h9Z5C7vezW32X7hBTZ/eMFG29nHcN9I6HBUD5aMRV1r4ejn9j7W5dZMu4tKHH
0AqPKzJoZTDgAK4Gk2kw8CdiXt6WhaxqhxcVOs8Yjs9VAbzzYEr15wMojzsPmZUW
ApHNDisijQApZ7MQWuzsM0aclA8Tr4+cA12kd2zQJhCWCuTXRU0JvNI+SX8=
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = thishouse-nas.synology.me

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3034 bytes and written 394 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: B748BCE108FA67C1F65BB591BB37D72DC0E3358375855875E4B6C53A8CE7E8F7
    Session-ID-ctx: 
    Resumption PSK: DB043E938FF31A083B119738B72BC66B4A62235D1D440436459E352A3ECF925F020E335B30993FFA93B9BC9525A6BA67
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 91 d7 cd b3 5d 74 6b 8d-4b e7 e4 92 ea f5 bb fa   ....]tk.K.......
    0010 - 83 d7 86 e7 35 da 90 f5-8b 39 40 32 54 5c 1c 04   ....5....9@2T\..

    Start Time: 1615661870
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 30C972FDFC68069D15863C446067288760292741A9038FB7D31F2F30A7F987BA
    Session-ID-ctx: 
    Resumption PSK: 7DAFA6674D84CC1D7E0E29252F4B890DFC19576EBA6613E232E4FA23C69BD81BBF75B65589EAC388D1EAA15239CA1901
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - e7 74 f6 08 b9 87 f2 46-b1 9c 08 b5 c2 96 c2 39   .t.....F.......9
    0010 - 2b 6e e6 53 4f a8 a0 fc-cd 46 18 3d 79 65 c4 e4   +n.SO....F.=ye..

    Start Time: 1615661870
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed

Edit: @scratchmaster2 please use code blocks for command output, otherwise markdown will apply formatting that isn't supposed to me applied.

OK, you have setup as WebDav URL https://thishouse-nas.synology.me:31/.... ?
Can your PC / Android resolve thishouse-nas.synology.me to 192.168.15 or is the name resolved to your public IP?

Hey, yes https://thishouse-nas.synology.me:31/ is webdav URL.

Both used to be able to resolve thishouse-nas.synology.me to 192.168.15 but since the commands suggested this no longer works.

The posted commands has nothing to do with the name resolution, they change only that the webserver is using the fullchain.pem.

OK - the problem is that it was resolving before and now it is not. Any ideas?

Since I do not know your system configuration / network setup, I can't answer this question.

But with the Build in Synology DDNS and a externel DNS Server in your Clients or only the DNS forwarder from your router, the thishouse-nas.synology.me will always resolved to the public IP.

As a solution, there are e.g. these two ways:

  1. Change the DNS resolution for thishouse-nas.synology.me on your locale network to 192.168.15 (Own DNS Server, Option on router, Pi Hole, ...)
  2. Create a NAT rule on the router that intern request to :31 would be forwarded to 192.168.15:31

Hi there,

I was a total idiot and the connection was being routed through a VPN and I hadn't realised. Everything is in order now!

  • Thanks a lot for your help it's working now.