Can't certificate SSL on iPhone

I’m would like to add my LE certificate on my iPhone but although the profile is there, it doesn’t appear on the 'régalge des certificats" So I can’t approve it!

My domain is:

The operating system my web server runs on is (include version): iOS 10,3,3



Do you mean you want to make as trusted on your iphone (remove “connection is not secure” message?)

The certificate there has CN =, so there is a mismatch.

But you have a Letsencrypt-certificate:

Not Before: Jun 13 17:05:39 2018 GMT

8 days old.

So you must told your webserver to use this certificate.

1 Like

Hi Juergen,
I manage to install the SSL Synology certificate. This is why it appears. But I didn’t manage to install the SSL LE certificate.

All profiles appear on my iPhone, but to turn on the SSL certificate, it doesn’t appear as previous image shows.
I’m my own “webmaster” and I learn as I go…

Hi Steven,
Yes but I can’t because the certificate doesn’t appear so I can make it as trustful.
Only the sinology certificate appears.
Thank you for your help! :wink:

@PascalLacourneuve, the observation correctly made by @stevenzhu and @JuergenAuer is that the problem is on your Synology device, not on your iPhone.

Let’s Encrypt certificates are already trusted by iPhones without any further configuration. You don’t need to modify or configure anything on your iPhone at all.

Instead, you need to configure your Synology device so that it correctly presents your Let’s Encrypt certificate. This has not been done yet. Your Synology device is currently configured incorrectly and presents the wrong certificate. Since it’s the Synology device that has the incorrect configuration, this should be fixed on the Synology device, not on the iPhone.

1 Like

In Synology's web interface, go to Control Panel > Security > Certificate.

Here you would be able to ask Let's Encrypt for a certificate if you didn't have one already, but someone already found that you do. So you should see a certificate for listed here.

Select that certificate and click Edit, then select Set as default certificate and click Apply, and this should resolve your issue.

1 Like

The problem isn’t on my Synology NAS. It works fine on my Mac with the certificate
I did configure my NAS as image shows. And did what Patches described.
But I can’t authorize that same certificate on my iPhone because the option doesn’t appear.


The website is not working at my side…

You probably need to install a certificate on the server which is binding to port 5001 too…

Thank you

Hi Steven,
It is normal that the website isn’t working as there is no website.
I use my synology only for private access to my files through Drive or DS file.

When I connect to, it presents the correct certificate and immediately redirects me to, which presents the incorrect certificate. Is that the same thing that you see on your Mac? Is the certificate error not present for you after the redirection?

Edit: Did you previously add an additional trusted certificate on your Mac in order to make a certificate error message go away?

You do not need to authorize the certificate on your iPhone. You do not need to authorize the certificate on your iPhone. You do not need to authorize the certificate on your iPhone. You do not need to authorize the certificate on your iPhone. Please stop thinking you need to do this, because you don't. Your problem is that your Synology box is presenting the wrong cert:

 dan@Dan-MacBook-Pro-7  ~/Downloads  openssl s_client -connect
depth=0 /C=TW/L=Taipei/O=Synology Inc./
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=TW/L=Taipei/O=Synology Inc./
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=TW/L=Taipei/O=Synology Inc./
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
 0 s:/C=TW/L=Taipei/O=Synology Inc./
   i:/C=TW/L=Taipei/O=Synology Inc./CN=Synology Inc. CA
Server certificate
subject=/C=TW/L=Taipei/O=Synology Inc./
issuer=/C=TW/L=Taipei/O=Synology Inc./CN=Synology Inc. CA
No client certificate CA names sent
SSL handshake has read 1753 bytes and written 456 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES128-SHA
    Session-ID: B8536FE7CFABEA7E30E13695F2F3605376E546153709F2058E8D61E283A840C5
    Master-Key: 2F7FDC0969AEF9628E39EA6659D167F5E2D11199B8391561EC5B824EF3318EFCC2A52E09ABF223D91E84DE0F2BB55AD3
    Key-Arg   : None
    Start Time: 1529704426
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

Until you fix that configuration, nothing you do to your iPhone will matter.

Even if you've perhaps previously authorized the certificate on your Mac, this is really a workaround rather than a fix to the underlying problem. Let's Encrypt certificates generally do not need to be authorized on individual client devices because they are issued by a CA that the devices already trust for this purpose. (In the same way, the certificate used on this forum is issued by Let's Encrypt just like the certificate for your Synology device is, with the same general type and technical characteristics; you don't have to authorize the forum's certificate on most current IT equipment in order to visit this forum.)

As @danb35 pointed out and as I tried to suggest above, the certificate that's presented on port 5001 is not the Let's Encrypt certificate, and therefore the iPhone error is not related to the Let's Encrypt certificate.

Port 5001 gave the same result, but the test I posted was on port 443.

That’s what I also see right now, but I thought I tested it before and saw something different.

Thk u Shoen an Dan for your help.
OK So this is not a problem on my phone.
I opened a ticket with Synology but I it happened to work, they closed the ticket.
I updated the OS of the DSM.
So since, “SynologyDrive - 1003” appeared that was not present before. So I change to it “” certificate. Was it that the I’m supposed to do ?!
Now the links are not working.
I don’t know exactly what I did before. (This all very very new to me. And I don’t have any informatics background)
How do I present the LE certificate to port 5001 ?


This is what I get on safari now.

"The connection is not secure".

Are there additional informations? Near the address or near https?

I don’t know. How do I get more info ?