Synology NAS using LE as a CA Signing Authority?

I just tried this guide but i always getting “Self-verify of challenge failed, authorization abandoned” on Ubuntu desktop 14.04 in VirtualBox on Win10.
I can’t figure out if there is a error in the file I have to create or it’s somewhere else.
Surprisingly if i just enter the URL where my file should be my browser finds it and ofcourse shows me the content. :frowning:


I have the same problem.

What do I 'm doing wrong?..

Thank you so much @dip987 ! Your tutorial worked like a charm (it has to be followed thoroughly though)… I would have never found out all these paths by myself, but thanks to you my Synology NAS is now LE certified, which is GREAT news :smile:

Do you mind me translating your post in french when I have a moment for that ? For others, for french fellows…

Sure, you can translate and share it. Let more people use Let’s Encrypt and donate it.:smile:

Make sure below file ******* on Synology NAS decode format is “UTF-8”

I just created the file under Ubunto and saved it as UTF8. Are there any better ways to do so? FileStation shows on openig an other encoding but when i cange it with FileStation it again shows another wrong encoding on the second openig.

Are you mind let me Teamviewer to your ubuntu OS check this problem ?
If not, please mail me. Thanks

i’am actually at work now, it’s 12:39 PM here (Germany) :wink: If it’s possible to teamviewer onto a virtual machin within Win10 we can do so. I’am at home in around 3-4 hours. I will message you by mail. thank you :blush:

OK, we can contact in mail. My time zone is GMT +8.

1 Like

With the great help from @dip987 i finally managed to get a valid certificate. I don’t really know what was the failure but we created the file for authentification completly in FileStation and not unter Ubunto, like i’ve done before.

First we opened a dummyfile in TextEdit in FileStation in DSM went to Preferences -> Edit and changed the default encoding to UTF-8.
Then we edited the file like the script tells you.
The authentification works well.

we testet this with only one domain. I actually whitlistet the and so in the first try the www. domain gets an error because this wasen’t included in the certificate.

We were kinda confused that after we first hitted enter the dialog shows us a new file we have to create an thought it was a bug. But you actually have to lay as much files onto your server like the dialog asks you. If you read carefully u can see that (in my case) in asks in the first try for htt p:// and in the second one for htt p://

After done this now i finally importet the files into DSM and all works.

Info: If u using ubunto you dont have rights to view content in the folder /etc/letsencrypt/archive/ you have to edit and move them via console and change chmod to 777 or cange the privileges with nautilus. to get this open terminal enter

sudo apt-get install gksu
gksudo nautilus &

This browser navigate as root user. You then can change the owner and group to your main account and move the files to desktop and finally could upload them.

EDIT: I also translated the whole Manual to german which can be read here:

Thanks dip987. Managed to get LE setup with part of my requested domains located in the web directory.

Now to figure out how to do this for Synology’s photo and surveillance station…

I’m just starting to dive in, but with DSM 5.2+ we have Docker, and I see letsencrypt/lets-encrypt-preview:latest in the repository.

Is there any good reason you wouldn’t want to fire up a temporary docker container to get your cert, do the needful, then destroy the container? No need for native anything on the Synology.

After the initial run/test, automate the deployment of a letsencrypt container (“latest”), a script within to perform certificate updating with the tool, and finally destroying the container once certificate updating is completed successfully - on a 60day, 90day, or whatever timeframe fits?

1 Like

My config:
Synology DS213
Virtualbox: Ubuntu 14.04 in Win10.

What do I 'm doing wrong?

Hi Steve,
just in case this is still a problem, here some notes:

  • “openssl x509” operates on certificates, but you want to process keys. “openssl rsa” is the correct subcommand.
  • how does your privkey-file look? does it have textual content (starting with “-----BEGIN RSA PRIVATE KEY-----”), or does it look binary? If the later, it is probably DER-encoded instead of PEM. You could convert it with “openssl rsa -in privkey.pem -inform der -out privkey_new.pem -outform pem”

Did you really have port 80 open and is the file really UTF-8? I have the same error but after i done the file completly within DMS with TextEdit ist worked well.

Open TextEdit and go to Preferences -> Edit -> Standard Encoding and change to UTF-8. Then create the file with TextEdit and make shure there are no spaces or additional rows in the file. Then choose Save as and fill in the correct filename. Make shure there is no .txt at the end of the file.

Do you want to register two domain in one? Then you have to do two files within the process read carefully.


Yes , I did everything correctly.

The link below has a solution , but I do not know which file should I change in my Synology.

I need to modify the utf8 in Apache Synology , but do not know how to do.

Hmm i didn’t change anything on the Synology Apache. I’m running a DS412+ but i don’t think we have different Apaches… I could offer you to get onto your Ubuntu via TeamViewer and check if it’s all right.

Thanks, now it worked. Must have been blind while reading the blog

I hope, there will be some integration into the Synology NAS to update the certificate automatically.

Are you being dense like I was and not realising that the random strings that name and go in the challenge file change every time you attempt it? The example strings given in the instructions won’t work, you need to copy what the installer tells you to. Worked as soon as I realised that :smile:


I think I just encountered this same error, since you referred to the privkey.pem instead of privkey1.pem. The files in /etc/letsencrypt/live/ are actually symlinks to the real files, so if you try to load those, they won’t work. What you want are the files in /etc/letsencrypt/archive/