Change Certificate created via Synology


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ds918.abodin.net

I ran this command: n/a

It produced this output: n/a

My web server is (include version): n/a

The operating system my web server runs on is (include version): Synology DSM

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Synology DSM and Google Domains.

When I setup my Synology DS918+ I created a certificate that was for ds918.abodin.net, but now I want to change it to abodin.net only. I use Google Domains to host my domain, and I’ve setup a DDNS account for abodin.net and that works fine.

However, when I now want to modify or create a new certificate for abodin.net, it doesn’t get through.

How shall I proceed to have this working?

Thanks a lot in advance!

//AndieB


#2

Hi,

What’s the error message?

Thank you


#3

Since I do the certificate in the Synology DSM GUI, the only message I get is that it failed and I should try to log out of the Synology DSM system and re-try.

I’ll see if I can find some log.

Will get back to you soon.


#4

Hi @AndieB

does the Synology tool knows your new name?


#5

Hi JuergenAuer,

Well, the tool in Synology is actually handling the whole setup of certificate.
See the attached images that shows the current one which I’d like to replace.

Thanks in advance for the support!


#6

Hi again!

I now got it to work.
It seems to be connected with that I had entered additional names to be covered under the domain abodin.net, by adding www.abodin.net, ds918.abodin.net and drive.abodin.net.
When I left it blank to be created only for the abodin.net, it went through.

However, now when I visit www.abodin.net, the browser warns and it says that it is not trusted due to that the certificate is tied to abodin.net.

How can I make all my sub-domains be included in the certificate of abodin.net?

Thanks a lot in advance!

//AndieB


#7

Yes, Synology is a “closed world”, so you have only these options.

Yes, you need one certificate with many domain names.

But via https://crt.sh/ and https://transparencyreport.google.com/https/certificates - I can’t find a certificate with many domain names.

Your box “Subject alternative names” is the correct place.


#8

But it should be possible, right?
I read the info on this page…


#9

Yes. Now you have one certificate with 4 domain names:

https://transparencyreport.google.com/https/certificates/bvQS3ujyPNRZO5HcZfAO%2FXsel4KOzE14zYOpvb5IMkA%3D

abodin.net
drive.abodin.net
ds918.abodin.net
www.abodin.net

Yep, now all 4 domains are working properly.