SSL certificate for Synolygy private NAS without a domain name?


#6

So if have to “buy” a domain name?

Or can I find a domain name for free?

In case I have to buy a domain name only to have the possibility to “activate” a Letsencrypt certificate, which one do you recommand me?


#7

See the link @mnordhoff has posted.

https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/What_Is_Synology_DDNS_Service

DDNS (Dynamic Domain Name Service) simplifies connecting to your Synology NAS over the Internet by mapping a hostname to its IP address. As a DDNS provider, Synology offers a variety of host addresses (such as *.synology.me, *.DiskStation.me, *.myDS.me, etc.) free to registered users with a Synology Account to apply to their NAS devices. On the DSM web interface, go to Control Panel > External Access > DDNS for related settings. On the SRM web interface, go to Network Center > Internet > QuickConnect & DDNS for related settings.

So choose one of these domains and your own name.


#8

I have create a quickconnect.to/… with my name and so I have created also a Synolgy certificate but even if I marked it as Trusted, when I go on Google or Safari Browser, is does not recognise it as a "trusted "certificate.

Also in order to have a Lets’s Encrypt certificate, I need to have a domain name…


#9

quickconnect.to/ doesn’t sound like a DDNS service to me.

For the, like, third time, you’ll need to get a (sub)domain name for Let’s Encrypt certificates to work.


#10

I just bought with OVH.com a domain name. But now I don’t know how to get a Let’s Encrypt certificate?


#11

Once the domain name is pointed at your NAS device, there are features in the Synology user interface to create a certificate.

I didn’t find the official Synology documentation with a quick web search, but I know I’ve seen these instructions there as well.


#12

Hi

Yes I am up to date with my NAS : DSM 6.2-23739 Update 2.

It is really not easy to understand the all process and configuration to get Let’s Encrypt certificate installed…

I also read a lot and there are so many possibilties to mistake the configuration.

I continue my research …

Thanks to all of you for your support!


#13

A key point is that it’s almost always easier to use the Synology built-in features to create and install the certificate on the device from within DSM, rather than using some other tool and importing the certificate afterward. A lot of confusion may come in when people describe other processes that create the certificate elsewhere or with other software (which used to be a popular approach but is now superseded for almost all purposes by the DSM’s native Let’s Encrypt support).


#14

What part does the Synology documentation not explain?


#15

It is true …

I have Synology Certificate installed, the one that is originally from Synology and issued with the DMS but the problem is that even if it is marked as Trusted, when I open the link with Google Chrome, is shows as “Not Secure”!


#16

Yes, you’ll need a Let’s Encrypt certificate. And @schoen has linked to a guide on how to get a Let’s Encrypt certificate with Synology DSM. Just telling us “it doesn’t work!!11oneone” doesn’t really gives us much to work with. For us to help you, you’ll need to exactly specify what you’ve tried, what results you were expecting and what results you actually got. Or tell us if you don’t understand something, but tell us WHAT you don’t understand, not just telling us you don’t understand it, because we don’t have crystal globes or something.


#17

I thought you had one, but it kept getting broken.


#18

Yeah, it was damaged beyond repair this time and you can’t really buy a new one at Wallmart :grin:


#19

SSL works fine with no domain name, just use DDNS with Synology, i.e. myname.synology.me and request a certificate via the security section as per normal using that domain. Works fine.


#20

Willy,
I’ve also got a Synology NAS and I use a free DDNS service to point to my NAS for the Let’s Encrypt Certificate. There are a few hoops to jump through, including getting Web Station on your NAS and making sure port 80 on your router forwards to your NAS.

After all that, though, if you’re on your home network and connect to your NAS, you will still get the warning page, because the SSL certificate will be for your domain, but your browser will be connecting to a local IP address instead of the domain associated with your certificate.

So, if you want a CA trusted certificate for connection to your NAS outside from your home network, Let’s Encrypt is a good solution. But if you just want to get rid of the “Not Secure” warning when accessing your NAS within your home network, it won’t work.


#21

If the local IP address doesn’t change over time, you could create a hosts file on your computer(s) pointing this name to the local IP address so that you could use the name and see the valid certificate from within the LAN (although this would then prevent you from accessing the NAS using your computer(s) when you’re not on your LAN). There are lots of different solutions to this limitation, although they’re all a bit more work.


#22

Hi !

Thanks a lot for all your support!

Setting up DDNS I have thius error message on my Synology :

Failed to register IP address 109.133.160.192 to hostname willyandchiara.eu [Authentication failed.]

What do you think I did wrong?


#23

Currently, willyandchiara.eu points to 188.165.53.185 in DNS, not 109.133.160.192. If your public IP address 109.133.160.192 was assigned by your ISP, you might not have your dynamic DNS client correctly configured to point the domain name to your address.


#24

Schoen,
Thanks for the tip. This makes perfect sense for my home desktop.


#25

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.