No publicly-trusted certificate authority is allowed to issue certificates for a .local name. The rules agreed between browsers and CAs no longer permit this at all.
A lot of people have used the Let’s Encrypt certificate authority to get free certificates for the synology.me names that Synology offers for their NAS devices (or for another domain that they personally registered). If you can figure out what your synology.me name is, or you want to register your own domain, we can point you to some threads on this forum where people have had success with this.
But there is no way to get a publicly-trusted certificate for a .local name anymore. If you want to access the NAS only on your own network, using the .local name, you can also make a self-signed certificate (not publicly-trusted, which is to say it doesn’t work automatically in browsers). Then you could accept that certificate in your own browser, and it should work from then on. The only benefit in this sense of using a public CA like Let’s Encrypt is that it would work in other people’s browsers immediately without a warning and without their having to accept the certificate. That might not be relevant to you, though.
https://www.zerossl.com/ offers a tool for making a self-signed certificate, which would be one option for the .local name.
Also, your NAS possibly already has a self-signed certificate, so you might be able to add trust for that certificate in your browser and then make the warning go away. This isn’t a good idea for random Internet sites, but it’s generally just fine for devices that you own that you’re accessing over your own LAN.
Thank you schoen. I tried the web site and it still says the certificate name does not match the domain . I’m just gonna assign exceptions and move on.