Synology NAS Error Code 57: How to Fix It

Medium 30-60 minutes Medium Severity Verified June 2026
Summarize with ChatGPTSummarize with ClaudeSummarize with Perplexity Add as Preferred Source on Google
Error Code
57
Brand
Synology
Product Type
nas
Severity
Medium
DIY Difficulty
Medium
Estimated Fix Time
30-60 minutes
Synology DSM Error Code 57 means that the automatic renewal of your Let's Encrypt SSL/TLS certificate has failed, leaving your NAS without a valid HTTPS certificate. This typically happens when your NAS cannot be reached from the public internet on port 80 or 443, your domain DNS records are misconfigured, or Let's Encrypt's servers are temporarily unavailable. Without a valid certificate, browsers will show security warnings when you access your NAS remotely, so it is important to resolve this quickly.
Ad

Tools You'll Need

How to Fix Error Code 57

  1. Check DSM Notification Logs for Details

  2. Verify Your Domain DNS Is Resolving Correctly

  3. Confirm Port 80 Is Open and Forwarded to Your NAS

    Do not leave unnecessary ports permanently open. Only forward port 80 during the certificate renewal process if your ISP or security policy allows it.

  4. Make Sure DSM HTTP Port Is Set to 80

  5. Attempt Manual Certificate Renewal

  6. Switch to DNS-01 Challenge If Port 80 Is Blocked

  7. Check Let's Encrypt Rate Limits

  8. Update DSM to the Latest Version

    Back up your DSM configuration before updating. Go to Control Panel > Update & Restore > Configuration Backup and download a backup file to your computer.

  9. Delete and Re-Add the Let's Encrypt Certificate

    Deleting the certificate will immediately remove HTTPS trust for your domain until a new certificate is issued. Plan for a short period of access disruption or security warnings.
Ad

When to Call a Professional

Contact Synology support (support.synology.com) if you have verified that port 80 is open, DNS is resolving correctly, and you are not rate-limited, but renewal still fails with a cryptic or undocumented error code. Also seek professional help if your NAS is deployed in a business environment with complex firewall or proxy rules that require a network administrator to modify, or if your managed DNS provider does not support API-based DNS-01 challenge validation through DSM.

Frequently Asked Questions

Why does Synology DSM Error Code 57 keep coming back?
Error Code 57 recurs because the underlying cause — most commonly a blocked port 80, incorrect DNS record, or router port forwarding issue — has not been permanently fixed. Let's Encrypt certificates expire every 90 days and DSM tries to auto-renew them 30 days before expiry. If the network configuration problem is still present at renewal time, Error Code 57 will appear again. Fixing the root cause (opening port 80 permanently or switching to DNS-01 challenge) will prevent recurrence.
Can I use my Synology NAS without fixing Error Code 57?
Yes, your NAS will continue to function normally for local network tasks and most services. However, remote HTTPS access will show browser security warnings once the certificate expires (within 90 days of issue). Users may be unable to connect via HTTPS without bypassing the warning. It is strongly recommended to resolve Error Code 57 before the certificate expires to maintain secure remote access.
Does Synology DDNS work with Let's Encrypt certificates?
Yes. Synology DDNS domains (e.g., yourname.synology.me) are fully supported by Let's Encrypt through DSM's built-in certificate manager. The same port 80 or DNS-01 requirements apply. Make sure your DDNS hostname is up to date by going to Control Panel > External Access > DDNS and clicking Update Now before attempting Let's Encrypt renewal.
What is the difference between HTTP-01 and DNS-01 challenge for Let's Encrypt on Synology?
HTTP-01 challenge verifies you own the domain by placing a file on your server accessible via port 80 from the public internet — this is the default and easiest method if port 80 is open. DNS-01 challenge verifies ownership by temporarily adding a TXT record to your domain's DNS zone via your DNS provider's API — this works even if port 80 is blocked by your ISP and is often more reliable for home or business users with dynamic IPs. DNS-01 requires API credentials for a supported DNS provider like Cloudflare.
How do I stop seeing HTTPS certificate warnings on my browser while I fix Error Code 57?
You can generate a temporary self-signed certificate in DSM to replace the expired Let's Encrypt certificate. Go to Control Panel > Security > Certificate, click Add, and choose 'Create self-signed certificate'. Assign it to DSM and your services. Browsers will still show a warning for self-signed certificates, but you can click 'Advanced' and proceed. Once you fix Error Code 57 and renew your Let's Encrypt certificate, switch back to it via Control Panel > Security > Certificate > Configure.

Related Error Codes