This is not simple, as the synology box won’t support running the client directly.
A workaround, which worked for me, was to run the client on a different machine using ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly -a manual. In a second console, using ssh root@synology-box, you need to create the /volume1/web/.well-known/acme-challenge folder for the challenge in your webroot. The manual installer will ask you to place two files there, and press enter after each step.
Note that the first time I was asked to make files with a different content header. This can be done with vi /volume1/web/.well-known/acme-challenge/.htaccess with content <Files "*"> ForceType 'application/jose+json' </Files>
The second time I tried it both files to be placed were text/plain, which didn’t require any changes and worked much simpler.
Would it be possible for you to jot down some additional steps you took to get to a working authentication on your NAS? I tried running a manual request from my Ubuntu machine and to follow the steps the manual process describes, but I can’t get it to work.
Which part are you struggling with specifically: Installing the certificates after you received them, or getting the certificate issued in the first place? Also appropriate error messages might help? Thanks.
Thanks for the reply. I found that I should first solve issues with redirecting my domain name to my Synology’s dynamic hostname as I do not have a static ip adress. Therefore it makes sense I can pass the first step of the manual LE client config to put the response file in place. This will take a couple of days, depending if I can get my hosting provider to cooperate. I have requested some sub domains as part of the LE Beta program as well where I can more easily redirect and use mod_rewrite on the NAS side if needed. Will report back if I manage to prgress a bit.
You can follow below step to using Let’s Encrypt CA on Synology NAS.
join Let’s Encrypt Beta, type in your domain name and e-mail address https://docs.google.com/forms/d/15Ucm4A20y2rf9gySCTXD6yoLG6Tba7AwYgglV7CKHmM/viewform?edit_requested=true
wait about one day, you will get a mail from Let’s Encrypt, It is mean your domain already on Let’s Encrypt Server’s whitelist.
log in your synology then creat folders (.well-known/acme-challenge) in “web” shared folder.
e.g. web/.well-known/acme-challenge
note: you have to enable web station service and make sure let’s encrypt server could access your NAS by 80 port.
use ubuntu OS 14.04.1, open terminal then type
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly -a manual
type your domain name and agree IP will be saved.
e.g. test.synology.me
You will get some information.
++++++++++
Make sure your web server displays the following content at
h ttp://test.synology.me/.well-known/acme-challenge/aFQ0LDDkn75K3LmvCIUvEYwq2Op1s9-ullGSwjsh0Is before continuing:
Content-Type header MUST be set to text/plain.
++++++++++
creat a file in NAS acme-challenge folder.
e.g. /acme-challenge/aFQ0LDDkn75K3LmvCIUvEYwq2Op1s9-ullGSwjsh0Is
note1: you can creat file on ubuntu then upload to Synolgoy NAS by file station
note2: file content is “aFQ0LDDkn75K3LmvCIUvEYwq2Op1s9-ullGSwjsh0Is.ONcckxWtBH9uUepl5Eo_BMJHTng23yAdFJ_jVtfSNLg” from above information
note3: make sure the file encoding format is UTF-8. You can check or change the format by Synology text editor on file station.
finish step 6 then press Enter key on ubuntu terminal. You will get the CA files at below path on ubuntu OS.
/etc/letsencrypt/archive/test.synology.me
copy below files out from step 7 path
cert1.pem
chain1.pem
fullchain1.pem
privkey1.pem
import privkey1.pem, cert1.pem and chain1.pem to Synology NAS certificate.
control panel > Security > Certificate > “Import certificate”
I followed your step-by-step guide, which was straight forward and everything just worked as described! Finally I am not required to import the ca.crt of my self-signed certificate =)
When I do the steps I get a privkey.pem which has some bytes in it, but it seems to be corrupt or broken. When I want to import the certs to my Syno-box, I get an error, that the import of the certificate failed. Furthermore, I cannot open the certificate with openssl, it gives me following error:
I followed your steps, which seemed to success:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/**/fullchain.pem.
How ever, the folder /etc/letsencrypt/live
is empty!
What did I wrong?
Note that I failed to run the python part in step 6:
socket.error: [Errno 98] Address already in use
I just tried this guide but i always getting “Self-verify of challenge failed, authorization abandoned” on Ubuntu desktop 14.04 in VirtualBox on Win10.
I can’t figure out if there is a error in the file I have to create or it’s somewhere else.
Surprisingly if i just enter the URL where my file should be my browser finds it and ofcourse shows me the content.
Thank you so much @dip987 ! Your tutorial worked like a charm (it has to be followed thoroughly though)… I would have never found out all these paths by myself, but thanks to you my Synology NAS is now LE certified, which is GREAT news
Do you mind me translating your post in french when I have a moment for that ? For others, for french fellows…
I just created the file under Ubunto and saved it as UTF8. Are there any better ways to do so? FileStation shows on openig an other encoding but when i cange it with FileStation it again shows another wrong encoding on the second openig.
i’am actually at work now, it’s 12:39 PM here (Germany) If it’s possible to teamviewer onto a virtual machin within Win10 we can do so. I’am at home in around 3-4 hours. I will message you by mail. thank you