How to get a certificate


#1

I was referred to Lets Encrypt from Synology, as I just received a NAS.
I downloaded the two files that were created from my Synology NAS and need to know what to do next to get a https certificate.


#2

Hi @networkman,

The best choice for most Synology users is to use the built-in Let’s Encrypt support inside the NAS software (“DiskStation Manager”), instead of trying to obtain a Let’s Encrypt certificate with other tools.

Synology has some official documentation about this at

https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/connection_certificate


#3

I received, thanks. The certificate shows thename.synology.me I registered. It’s listed as: issued by Let’s Encrypt Authority X3, which now shows in my Synology NAS DiskStation Manager. But, when I type both my static IP address, https://xxx.xxx.x.xx:5001/ and the name I registered with Let’s Encrypt xxxxxxx.synology.me, into web browsers like GoogleChrome and FireFox, here’s what I get.
GoogleChrome
(static IP) https://xxx.xxx.x.xx:5001/
Connects, but on the address bar it states, Not Secure. I might have accepted the webpage to open, that’s why it’s connecting. But, there’s no lock on the address bar.
https://xxxxxxxx.synology.me:5001
Webpage states, Your connection is not private. Address bar says, Not secure

On Firefox
(static IP) https://xxx.xxx.x.xx:5001/
Webpage states, Your connection is not secure. Doesn’t connect.
https://xxxxxxxx.synology.me:5001
Webpage states, Your connection is not secure. Doesn’t connect.

What should I do the finish this HTTPS process?


#4

So, Let’s Encrypt doesn’t issue certificates for IP addresses and the browser verifies that the name that you actually accessed matches the certificate. Therefore, Let’s Encrypt certificates will never be valid if you navigate to a server by IP address instead of by using one of the domain names that the certificate covers.

For the other case, where you used the DNS name, we need to know the exact reasons that the browser says your connection is insecure, and ideally the actual name rather than xxxxxxxx. (It’s possible that the problem is that port 5001 isn’t actually forwarded to port 443 of your NAS, or some other problem, but you haven’t given us enough information yet to make a useful diagnosis.)


#5

When I connect to the site that was made by synology with the user name that I picked, like you mentioned the name that was actually accessed, I connected to the site. It says secure but, Web Station has been enabled. To finish setting up your website, please see the “Web Service” section of DSM Help.
This might not be what I was trying to get a certificate for, as I don’t have a website. I was wanting to make sure when I collect and access information (files) from the NAS that it’s a secure connection?
Three questions:
1- When I access and save files on the NAS, on the same network, is it secure?
2- When I access files on the road using the Quickconnect.to/name from Synology is this what my certificate should be set up for?
3- When I sent files from the NAS, as an email link, it’s a different website name also saying un-secure. What should I do about the http://gofile.me/xxxxx because the name will be different with every file?


#6

It looks like you might have to do more in your NAS configuration to let it know that it has a specific public name and that it doesn’t need to use gofile.me at all (so apparently it could generate links to your public domain name instead). For example I found this thread which mentions two configuration changes related to this:

I haven’t used a Synology device myself and so I’m gradually learning more about this from what people post here on this forum or elsewhere online.

If you find the documentation confusing, I’d suggest asking on the Synology forum instead—although your question is perfectly appropriate here, you can probably get quicker and better-informed replies there.


#7

(Synology does use Let’s Encrypt certificates, but we don’t have any particular relationship with them, to my knowledge. This is totally OK and even encouraged, but it also means that the Let’s Encrypt community doesn’t provide “official” support—although we do have some community participants who are fairly knowledgeable about this.)


#8

Thank you for the replies. So it looks as if I have setup the correct name for the encryption certificate. I’ll have to do some research and read the site you provided. Thanks again for all the great information.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.