Errors setting up Arq to use MinIO on Synology, cert errors, etc

(Not sure where to go with this problem, as it involves several systems/vendors. Excuse the reddit crosspost, casting a wide net.)

I’ve set up Docker and have MinIO running.

The iMac Pro destination for Arq is https://myid.synology.me:9000, after some initial certificate trouble, this is working fine, and has been doing hourly backups for the past four days without errors.

I decided to install Arq on my MacBook Pro (MBP). The same host address for Arq does not work.

https://myid.synology.me:9000Could not connect to the server
https://10.0.0.35:9000Certificate is invalid

I think https://myid.synology.me:9000 is the valid choice since it works on my iMac Pro.

So I try to open the MonIO interface in Brave browser, or Safari using https://myid.synology.me:9000, and it says This site can't be reached myid.synology.me refused to connect. If I try https://10.0.0.35:9000, I get an error that the certificate is invalid NET::ERR_CERT_COMMON_NAME_INVALID, choose proceed anyway, and the interface opens.

A few times during my troubleshooting, I’ve gotten a login screen for my ISP/router they provide.

I’m not sure how to proceed, and would greatly appreciate any help.

DS918+          DSM DSM 6.2.2-24922 Update 5
Docker          18.09.0-0506
MinIO           can't find version info, latest as of 3/20/2020
iMac Pro        macOS 10.15.4
MacBook Pro     macOS 10.15.3
Arq             5.17.3

What was the initial certificate trouble when setting up the iMac Pro? What is the cert saying for the IP address connection (guessing myid.synlogy.me?) What DNS resolution are you getting for myid.synology.me from the MBP?

10.0.0.35 is a local address, is it your Synology or ?

Don’t recall verbatim, but it was along the lines of the errors I’m getting on the MBP. Cert invalid, doesn’t match, etc. From my iMac Pro I use these addresses and they work:
https://myid.synology.me:5001/ to access DSM
https://10.0.0.35:28888 to access Resilio Sync
https://myid.synology.me:9000 to access MinIO

If I try, for instance, https://myid.synology.me:28888 to access Resilio Sync, I get:

If I try https://10.0.0.35:9000 to access MinIO, I get:


and I can choose to proceed anyway.


What is the cert saying for the IP address connection (guessing myid.synlogy.me?)

If I try https://10.0.0.35:9000, I get an error that the certificate is invalid NET::ERR_CERT_COMMON_NAME_INVALID , choose proceed anyway, and the interface opens.

What DNS resolution are you getting for myid.synology.me from the MBP?

Using https://myid.synology.me:9000 , and it says This site can't be reached myid.synology.me refused to connect.

Yes, should have mentioned that.

Why are you going up (via the internet) to the Synology Quickconnect address, just so it routes back to. your local NAS – that’s a path you can ignore by activating the right port on your router and going from device to device on your LAN.

I think the cert. error makes sense because if you have a certificate for the name, it won’t be valid for the IP address. It looks as if the service itself isn’t running correctly. (Or am I just stating the obvious? I do that sometimes :slight_smile: )

Because of the cert errors. As shown above, the IP address doesn’t work for MinIO, but the DDNS name does.

This is true. There’s no way to add the IP address to a cert though.

I don’t know. Can you elaborate?

Turns out my router (Airport Extreme) “sucks at hairpinning” as said by someone on Reddit. (Hairpinning is sending traffic from myname.synology.me back to the internal IP address of the Synology.)
They suggested adding a DNS entry to resolve to my Synology’s IP address, but I have nowhere to do that on the AE (unless I missed it).
I’ve since used a domain I have registered and created a CNAME record that points from a bogus subdomain back to my synology.me address, then created a Let’s Encrypt certificate for both of those FQDNs.
And that also kind of works.

I might look into a Synology router, which I would assume would “suck less at hairpinning”.

If you do buy Synology future-proof your purchase by focusing on one of their Wi-Fi 6 routers. I’m waiting to see what arrives later this year from Eero and how it compares to upcoming devices from Velop, Ubiquiti, Orbi (and hopefully Plume).

1 Like