Synology NAS using LE as a CA Signing Authority?

This is not simple, as the synology box won’t support running the client directly.

A workaround, which worked for me, was to run the client on a different machine using
./letsencrypt-auto --agree-dev-preview --server certonly -a manual. In a second console, using ssh root@synology-box, you need to create the /volume1/web/.well-known/acme-challenge folder for the challenge in your webroot. The manual installer will ask you to place two files there, and press enter after each step.

Note that the first time I was asked to make files with a different content header. This can be done with vi /volume1/web/.well-known/acme-challenge/.htaccess with content
<Files "*"> ForceType 'application/jose+json' </Files>
The second time I tried it both files to be placed were text/plain, which didn’t require any changes and worked much simpler.

1 Like