Https for synology


#1

Which setup do i have to choose , to make a certivicate for a synology NAS …
how can help me ?


#2

The latest version of Synology’s OS has first-party support for Let’s Encrypt. You can find the documentation here. Would that work for you?


#3

Dear pfg

Thanks for you fast reply , but i already did that.
what unclear is for me, is what i have to setup at the side “lets encrypte” to get a free certificate


#4

All the steps necessary are described in the documentation linked above, and the functionality described here is part of Synology DSM (to be found at Control Panel > Security > Certificate). I’ll quote the relevant section:

To get certificates from Let’s Encrypt:
You can get free and secure SSL/TLS certificates automatically from Let’s Encrypt, an open and well-trusted certificate authority.

  1. Click Add.
  2. Select Add a new certificate and click Next.
  3. Select Get a certificate from Let’s Encrypt.
  4. Specify the following information:
  • Domain name: Enter the domain you have registered from the domain provider.
  • Email: Enter the email address used for certificate registration.
  • Subject Alternative Name: To allow one certificate to cover multiple domains, enter the other domain names here.
  1. Click Apply to save the settings. Once confirmed, the certificate will be instantly imported into your Synology NAS.

Note:
You can only register for certificates from Let’s Encrypt with a limited number of email accounts. If the limit is exceeded, use an email account previously registered to get more certificates.
You can only register for a limited number of certificates per domain from Let’s Encrypt. If the limit is exceeded, enter the current domain name as the Subject Alternative Name (SAN) and use another domain name for certificate request.
Let’s Encrypt will perform domain validation before issuing certificates for your domains. Please make sure your Synology NAS and router have port 80 open for domain validation from the Internet. All the other communications with Let’s Encrypt go over HTTPS and will keep your Synology NAS secure.
Certificates issued by Let’s Encrypt are valid for 90 days. Before the certificates expire, DSM will automatically renew such certificates after successful domain validation. Please make sure your Synology NAS and router have port 80 open for certificate renewal.

If you’re running into any issues or errors, please provide more details.


#5

So only at the synology side i have to do the settings. i do not have to setup anything at the site "lest encrypte"
I already did setup mij synology . but it did not work… . im a new bee in this … sorry …
For the Domain name , i filled in a DDNS hostname from synology (IP number does not work) is this possible ?
greetings


#6

Yep, that’s correct.

What error did you encounter?

One of the important bits mentioned in the documentation is that you’ll need to forward port 80 (on your router) to your NAS - maybe that’s the issue you’re having.

Yes, the DDNS domain provided by Synology should work.


#7

I already did open and forward Port 80 no NAS. that should be OK
When i setup the nas, all looked fine
But when i open my https:// my DDNS domain
the error i get is :ERR_TUNNEL_CONNECTION_FAILED


#8

I also have a : Let’s Encrypt Authority X3 at NAS. Should it be X1 , according to forums


#9

X3 is the correct intermediate. X1 hasn’t been active for a few months.


#10

thanx for information

i did also a portforward of port 443
I also found out , that the services of the certificate was not automatically changed to lets encrypte, but was still synology
so changed these to items , and it is working now …

Thanks all


#11

i still have a question:

  • do i have to make a port forward of port 443 in mij router to NAS?
  • do i have to run WEB STATION on mijn NAS?

#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.