No publicly-trusted certificate authority is allowed to issue certificates for a
.local name. The rules agreed between browsers and CAs no longer permit this at all.
A lot of people have used the Let’s Encrypt certificate authority to get free certificates for the
synology.me names that Synology offers for their NAS devices (or for another domain that they personally registered). If you can figure out what your
synology.me name is, or you want to register your own domain, we can point you to some threads on this forum where people have had success with this.
But there is no way to get a publicly-trusted certificate for a
.local name anymore. If you want to access the NAS only on your own network, using the
.local name, you can also make a self-signed certificate (not publicly-trusted, which is to say it doesn’t work automatically in browsers). Then you could accept that certificate in your own browser, and it should work from then on. The only benefit in this sense of using a public CA like Let’s Encrypt is that it would work in other people’s browsers immediately without a warning and without their having to accept the certificate. That might not be relevant to you, though.
https://www.zerossl.com/ offers a tool for making a self-signed certificate, which would be one option for the