SSL certificates on Synology behind double firewall

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

  • Tried Synology certificate but doesn't work behind double firewall (and no, I can not get rid of that, sorry, would make my life much easier too ) with double port fwd
  • Tried installing certbot but can't find synology as device OS.... any alternative ?
  • Tried playing with but my domain provider is not listed and I am not skilled enough to program it myself.

It produced this output:

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): Synology DSM 6

My hosting provider, if applicable, is: voor DNS records, I host my website on my home synology nas

I can login to a root shell on my machine (yes or no, or I don't know): absolutely

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Euh, yeah, the one provided by I suppose ?

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): failed to install for now on my synology

Would appreciate some help. I tried configuring my synology in the internet facing firewall but they are not in the same domain so my ISP router (Technicolor) doesn't accept it . So I put my 2nd firewall, but that port 80 points to its own management web page.

Please help. Tx in advance.


1 Like

Welcome Back to the Let's Encrypt Community, Kris :slightly_smiling_face:

Have you considered just using a dns-01 challenge (instead of the http-01 challenge you are trying to use) to prove control of the domain name that your NAS uses?

1 Like

Synology NAS have a built-in menu choice to get an LE cert:
Control Panel | Security | Certificate

The typical problem is that Synology runs HTTP on port 5000 and HTTPS on 5001.
So one of your NATs may have to accommodate 80 > 5000 to validate via HTTP.
You could hack the web server config and add:
Listen 80

[ I also have multiple firewalls :slight_smile: ]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.