Synology TLS-SNI-01 End of Life Email?

This information might be useful for you guys:

Excerpt from the official Synology Support:

The Let’s Encrypt built-in Synology supports TLS-SNI-01, HTTP-01 and DNS-01 validation.

Although TLS-SNI-01 validation is reaching end-of-life, the Synology Let’s Encrypt will not be affected.

If you have enabled Synology DDNS and use the name to apply for the certificate, the process will go through HTTP-01 validation first.

Once Synology DDNS server is not ready, or there is any failure during HTTP-01 validation, the process will fall back to DNS-01 validation.

For non-Synology name service, it uses HTTP-01 which requires port 80 accessibility.

Thus, we suggest you keep port 80 open for validation if you do not use Synology DDNS name to apply the certificate.

1 Like