Get a Certificate for a not public NAS

Mannshoch · August 8, 2024, 10:51am

A general question.
I have a domain and I use it only for a simple static page.
Also I have a synology nas, that has no dyndns or other acces from external configured. (dont need that)

My goal is to get a wildcard certificate for *.nas.example.com
I need certificates for several docker apps I use on my nas. So I could address them by service.nas.example.com

I followed Certbot Instructions | Certbot

with sshfs I mounted the webroot of nas.example.com and on my nas I tried to run the acme script.

But I only get

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

rg305 · August 8, 2024, 11:45am

Hi @Mannshoch, and welcome to the LE community forum

Please show what that script looks like.

Also, you mentioned:

But wildcard certs require DNS-01 authentication [not HTTP-01/webroot].

Mannshoch · August 8, 2024, 12:16pm

Hm.. okay. It seems not so easy to get ssl certificate for my nas.

If I instead chose a certain subdomain test.nas.example.com
I get the error message that a DNS record is missing.

My hoster use Plesk but I have only a very limited access to the ssh. It seems only meant to upload/download data.

If I go for the DNS aproach. Is there a need that acme need direct access? Or could I somehow manually add the data to the DNS?

rg305 · August 8, 2024, 1:09pm

You can authenticate via DNS-01 manually.
It is not recommended as it can't be easily automated and would require you to repeat those steps prior to the 90 day cert expiration.

That said, if you intend on accessing that site from the Internet, you will need the name to resolve to your IP. And if you don't intend on accessing it from the Internet, then you don't really need a globally signed cert [you could use a private cert and make it last as long as you like].

Mannshoch · August 8, 2024, 2:51pm

Seems more difficult than I hoped.
These TXT records change on every cert update?

MikeMcQ · August 8, 2024, 2:52pm

Yes, they do.

rg305 · August 8, 2024, 3:36pm

Automation exists.
I would look carefully into going down that path.
[it's well worth it in the end]

system · September 7, 2024, 3:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Synology NAS on Internal Network Help	3	1939	January 6, 2023
Synology on internal network Help	5	2489	October 15, 2020
Can't get a cert on Synology NAS Help	54	5111	September 9, 2020
Allow wildcard and private host certificates with non-DNS-01 challenges using DNS delegation? Feature Requests	4	1940	April 25, 2020
Do you have to have a website Help	10	593	December 21, 2020

Get a Certificate for a not public NAS

Related topics