Certificate not valid on Synology NAS server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://mredard.diskstation.me/

I ran this command: Add a new certificate >> Get a certificate from lets encrypt. This succeeded however I am still not able to get it recognized by different browsers…

It produced this output: NET::ERR_CERT_AUTHORITY_INVALID

My web server is (include version): unsure

The operating system my web server runs on is (include version): Synology DSM 6.2.3-25426

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes

The problem seems to be within your synology config/setup:
https://www.ssllabs.com/ssltest/analyze.html?d=mredard.diskstation.me

Hello,

Thanks. What do you suggest I do? I don’t know what the analysis you posted means.

The link showed that we reached a system that is using a cert that covers the name “synology”.
Which means that we are able to reach your synology device; but the device isn’t configured to serve content via the name “mredard.diskstation.me”.
I suggest you read on how to add/change the names served by the synology device so that you can include the desired name.

I wrote to Synology support and they accessed my NAS drive to check what was wrong. They changed some settings regarding the certificate services, that were not active (or at least I couldn’t see them). Not sure what else they did but they did the trick.

Now the certificate works when I access from internet. However, I still have a warning message that the website is not secured when I access the NAS locally. Is that a problem or should I just leave it as is and not care about it?

1 Like

What name do you use when connecting to the NAS locally?

What IP does that name resolve to from your system?
[you can use ping to show the IP]