How to Renew Certificate 101 (Synology DSM)

Dear friends

I am a noob at computers, networking and whatnot.
I bought a Synology NAS system, followed step by step tutorials on youtube/forums/websites etc.

Thankfully, I was able to set up the connection properly.
This allows me to connect to my NAS remotely through secure SSL HTTPS connection using Let’s Encrypt.
But now, I received an email to renew the certificate - I have no idea how to do it, and I am afraid to mess around with the settings again.

Could anyone please give an idiot-proof step by step guide again on how to do this, specifically using the Synology DiskStationManager interface?

Thank you in Advance!


I have the same problem.
I have installed a certificate using Let’s Encrypt. Now, I have to renew it. To do it, I have deleted the old one but when installing the new one, I have an issue as you can see in attachment.
However, I have the configuration as when I have installed the first certificate (same ports opened…)

Could you help me?

hi @taistoidon and @aasyraf

The knowledge base is probably a good place to start


A quick google also reveals what you are after already exists:

There are a couple of challenges with Synology

A) Synology write their own plugin and do not use certbot so it’s hard to write a 101 unless you wrote the plugin
B) Synology equipment is not like a virtual server with an OS, you actually need the hardware to be able to do a guide (makes it prohibitive for people to write a guide without forking out 500 - 1K for a synology box)
C) Synology while it works is not really a web server (in my opinion). Yes you can serve web services of it etc but it is a NAS box and a lot of the challenges people run in to is because of it

Saying all that the best course of action is to review the article above and if you still need to get a 101 head over to the synology forums and ask for it there.


1 Like

as a follow on I did investigate using a virtualised version of DSM for a guide a while ago but it was just too hard :smiley:

Update - actually found what appears to be a working virtualbox image if anyone is interested in giving it a go


1 Like

Hi all, thanks for the replies.

So, my certificate expired a couple of days ago.
I visited my NAS online again
Everything seems to work fine - including the https connection and that green padlock logo is showing up.
Clicked to view certificate details and all seems in order.

I have done absolutely nothing - I was reading some of the links you guys posted
and it seems that even though the certificate is valid for 90 days, there is some sort of auto renewal
although I am not sure why and how to check that it was indeed auto-renewed.
Some of the comments also said that the log did not capture the renewal is

Can i confirm that the Let’s Encrypt Certificate does renew itself?
Still trying hard not to tinker with my setttings =P

I read this in website:
“Certificates issued by Let’s Encrypt are valid for 90 days. Before the certificates expire, DSM will automatically renew such certificates after successful domain validation. Please make sure your Synology NAS and router have port 80 open for certificate renewal.”

I guess that settles it then, huh? auto renewal…

Hi @ahaw021

thanks for your answer.
I have the same issue too.
Ports 80 ans 443 are opened on my Box (Freebox V6) and I can reach my WebStation via HTTP and HTTPS.
I don’t understand why I have this issue about port 80 not opened.

For information, when my first Let’s Encrypt certificate was expired, I changed it like “no default certificate”, then I deleted it.
May be some files are still somewhere in my NAS and prevent from the renewing of certificate?


@aasyraf and @taistoidon

I may have not communicated clearly.

I don’t have a Synology box or access to the syno-letsencrypt client (which is what I assume you are using)

Post these things on the synology forum as they should have a better insight on how their client works and how to troubleshoot common errors

Note: the official client is Certbot however other manufacturers and vendors (such as webhosts) may choose to write their own (ACME is an open specification). In cases such as this (and your case) you need to work with those who wrote the client to troubleshoot and it’s likely the issue could be with their clients and cofigurations


For port 80 and 443, I opened it manually using the router admin page instead of using the Synology automatic port forwarding software. This worked better than my initial setup when I used the automatic one. Not sure if thatll help tho!

Thanks but this is what I did too and it doesn’t work either.

I have opened ports 80 and 443 and the certificate still won’t renew.

DSM version DSM 6.1.3-15152 Update 1


Similar issues with Synology built in LetsEncrypt client. I previously received a certificate through DSM (also using Synology DDNS). When I recently tried to add a subdomain, I get the error about port 80 being closed. After checking my network settings several times to confirm 80 was open, I still failed port test for 80. It turns out my ISP blocks 80… The funny thing is I’ve been fiddling with this for the last several evenings, but when I read my current certificate, it was renewed two days ago! DSM must be using a different method to renew certs than to make a new request…???

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.