Synology DDNS Setup

Please fill out the fields below so we can help you better.

My domain is: xxx.synology.me

I ran this command:synology automattic lets encrypt setup

It produced this output: produced a cert that isn’t valid

My web server is (include version):Synology

The operating system my web server runs on is (include version):DSM 6.1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):DSM 6.1

Having trouble getting a working cert. If I use Synology as my DDNS provider, I can have a FQDN to my NSA something like “myNas.synology.me”.

My question is, how should I set up the cert? *.synology.me widely used, and the email that corresponds to is is not mine. But, if I use myNas.synology.me, I get an untrusted cert…

There are hundreds, if not thousands, of certificates issued for *.synology.me domains. We would need more information in order to determine why you aren’t successfully getting a certificate.

The Synology Let’s Encrypt client logs its errors to syslog when invoked from the web interface. Please look in the log viewer in the Synology web interface (or /var/log/messages via SSH) for any errors related to Let’s Encrypt or certificates and paste them here.

Also if you provided the domain in question we could check it for common problems that prevent issuance.

Thanks for the response! However, I’m still having trouble.

To start, could you give a Synology-specific example of how to create/configure a cert? (ie tld vs subdomains, etc). I think this is trivial, but if I am doing it incorrectly, I would not necessarily know it…

Thanks in advance.

Control Panel > Security > Certificates > Add > Add A New Certificate > Get a Certificate from Let’s Encrypt.

Then you can just enter any domain that you can access your Synology box at from the public
Internet, be that yourdomain.synology.me or any custom domain. You must also select an email address to receive notifications about certificate expirations and changes to the Let’s Encrypt Subscriber Agreement.

You can leave the subject alternative names blank if you don’t have multiple domains to secure. If you do, e.g. you have a custom domain and your synology.me subdomain, you would enter one here and one in the main domain field (it does not matter which one is which).

Note that for this to work for a custom domain you must have Synology listening and port forwarded from your router on port 80, not on any custom port. If you are just using a synology.me subdomain, you can use custom ports like 8080. This is because Let’s Encrypt must verify you own the domain. The Synology certificate client can vouch for your ownership of a subdomain under their control via DNS, eliminating the need to open port 80. But for custom domains they cannot do this; verification must be performed over HTTP port 80.

https://www.synology.com/en-us/knowledgebase/DSM/help/DSM/AdminCenter/connection_certificate

thanks, got it.

FYI, I have a router which features upnp that doesn’t play well with synology, even though synology thinks it does. so, getting a proper cert per your directions helped me look elsewhere…the router is now manually configured and all is well.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.