I run a Synology NAS for family use and so don’t really want port 80 and/or 443 permanently open.
Is it possible to use port triggering so that when my Synology NAS tries to renew the certificate, the router will open port 80/443 and close it after?
Port triggering doesn’t seem like it’s going to help, unless you can get the Synology software to make an outbound connection on the trigger port, right before it performs renewal.
What you might be able to do is to identify what times of day your device tries to perform its renewals, and setup a scheduled task (cron) to open and close the ports.
Synology does automatically renew the certificate (not sure on what port though), wouldn’t that be the trigger?
Well, technically yes. But you would have to setup the trigger on port 443, which is triggered by like a million other things on your NAS.
Oh right, really? I didn’t know that port would generally be used seeing as I’m using custom ports.
What would my best option be then or is Letsencrypt not the solution for me?
A good solution would be to use the DNS-01 challenge. Your DNS provider will need an API that can be called programmatically. This list of DNS providers should point you in the right direction. I recently had success on a Synology NAS using
acme.sh and following this guide. I recommend testing issuance against the staging environment.
Thanks for the reply.
My provider is namecheap, which appears in the list, but I don’t understand what I have to do with the code?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.