I use Let’s Encrypt certificate on my Synology Diskstation. I got the notice that I have to renew it in 10 days. Of course I have automatic renewal, but currently I have no internet provider in the flat. And will not have it for another 20 days.
Is there some way to renew the certificate without internet connection on Synology Diskstation? If that is not an option, can I still make the renewal after expiration?
I'm not familiair with Synology, but in theory it's perfectly possible to get a certificate for system X on a totally different system Y. For example, if the host to which the hostname in the DNS zonefile points isn't available at all, you could always go for the dns-01 challenge, assuming you are capable of adding TXT records to the DNS zone from system Y. You could even make the necessary DNS changes on your mobile phone, for example. You'd need a ACME client on system Y of course, which might be difficult on a mobile phone But assuming you have some kind of computer (since Certbot also works on Windows, it could even be a Windows PC), you can generate the certificate manually through the DNS challenge and manually move it to the Synology.
That latter part is also in theory, because I have no idea if Synology makes it possible to install certificates manually..
Yes, renewal is in essence just a new certificate with exactly the same hostnames as the previous certificate. Technically, it doesn't matter if you "renew" after one day or after 365 days (not regarding the Rate Limits obviously ).
@freessltools.com Generating a CSR through a website means the private key — which is required to sign the CSR — would be transfered to the website. Or at least the website code is being exposed to the private key, perhaps without uploading it and keeping it local, or not…
But this discussion is offtopic to say the least, unless @mohito doesn’t have any other way of running an ACME client. The biggest issue I think is getting any newly generated certificate into the Synology NAS.
@freessltools.com No need to generate a CSR manually when using certbot......
Also, you've pasted your own website THREE TIMES in that last post.. It looks very, very spammy to me.
You replied to my post about generating a CSR on a mobile device. That's one stap before you can turn to the ACME client. You're not reading correctly.
I’ve read it. Certbot generates the private key and CSR for you. The only thing the user needs to do is add the appropriate TXT records to the DNS zone. No need for manual OpenSSL commands, therefore easier and more userfriendly.