Want to get rid of "Not Secure | HTTPS://xxx.xxx.x.xx"

Hi Guys.

I'm new to this.

Just bought a Asustor AS5202T NAS, which came with Asustor Control Center (ACC, which seems to be local and doesn't go on the internet) and Asustor Device Manager (ADM) that I have to use to connect to my NAS but from a browser that is "Not Secure | HTTPS://xxx.xxx.x.xx". The HTTPS:// is strikethrough.

Every time I want to connect, it has to be done from a browser.
But I want to use my NAS locally but also, securely.

I own 4 domains.
3 are redirected to the main (4th), which is connected to my Wix WebSite.
I've tried each of them during the process to use the Let's Encrypt utility in ADM.
Certificate manager/Add/Create New Certificate/...From Let's Encrypt and follow the rest of the instructions.

All instructions in any manual from Asustor is to use their Asustor domain.
Which defeats the purpose of having my own NAS and prevent external invaders, even if this means that it could be the manufacturer of the NAS.

It produced this output: "Not Secure | HTTPS://xxx.xxx.x.xx"

So even if I would like to give you any other info, I can't because I'm stuck at trying to create a certificate with Asustor ADM, where I need a domain, which I provided.

Did some of you had the same problem ?

I just don't want to access my NAS from the Internet.
I use it only locally but the way I'm obligated to access my NAS, anybody can have access from a Nor Secure link to it.

If you need other info, ask away.

Bad sense of insecurity.
If you don't want the Internet to reach your secure site, don't NAT port 443 to your NAS.

HTTP authentication simply requires an FQDN that points to your IP and you NAT the HTTP ACME challenge requests to the device requesting the cert.

Then don't.

  1. Is HTTP allowed to your router?
    If you answered NO to #1, stop here and switch to DNS authentication.
  2. Can you NAT HTTP to your NAS?
    If you answered NO to #2, stop here and switch to DNS authentication.
  3. Do you have admin access to the NAS?
    If you answered NO to #3, stop here and switch to another ACME client OR DNS authentication.
  4. Which web server does the NAS use?
    If you don't know, you will need to find out.
  5. Do you know how to redirect HTTP to HTTPS (in that web server)?
    If you don't know, you will need to find out [someone here may know].
  6. Do you know how to exclude the HTTP challenge requests from being redirected to HTTPS?
    If you don't know, you will need to find out [someone here may know].

If you need to switch to DNS authentication continue reading, otherwise STOP here:
7. Does the default Asustor ACME client support DNS authentication?
[highly unlikely - but maybe only for FQDNs from their domain]
8. Can you upload a certificate manually into the NAS?
If not, then stop and ask for HELP.
9. If you answered NO to #3 [else skip to #10], then do you have any other server that can run an ACME client and request a cert on behalf of the NAS?
If you answered NO, then there might still be a way to obtain a cert manually via DNS authentication from any PC.
10. Is there any way to operate the ACME client from CLI?
If not, then you may need to manually obtain a cert.
11. Where does the ACME client store the certificates?
This location and file names can be used directly to minimize the modifications required to the NAS.
12. For your domains, does your DNS service provider support updates via API.
This can facilitate the process of obtaining new certs.
13. If you answered NO to #12, you will have to obtain certs manually.
14. Are you able to create scripts on the NAS?
OR can the cert files be uploaded to the NAS via external script?
15. Are you familiar with writing scripts?
If not, someone here might be able to assist.
16. Are you tired of reading this novel?
If not, it doesn't matter much as I'm tired of writing it, so, it will end here - LOL

1 Like

Hi @ManSurfingOnLifeBuoy,

You might find some better advice on

https://forum.asustor.com/

However, from what you wrote, I suspect that (maybe) the ADM function is only integrated with the Asustor domain, and doesn't automate the process of getting certificates for your own domain at all (which, if true, is unfortunate but vaguely understandable because the means of doing this varies a lot).

Some more context for what @rg305 wrote about different prerequisites for getting Let's Encrypt certificates can be found at

This explains the different ways that you can prove to Let's Encrypt that you control a particular domain, and what the requirements for each will be.

3 Likes

If you don't intend to allow the general public (or yourself via arbitrary devices) to access this NAS, you might also be better off generating a self-signed certificate and importing that, and then telling your own devices to accept the self-signed certificate.

Although web browsers, for example, display scary warnings about accepting self-signed certificates, the actual encryption is 100% just as strong as using a publicly-trusted certificate, and the authentication is just as good or better if you are the person who generated the self-signed certificate and you know that it's the right one. That's not the case when accessing someone else's site (because you couldn't necessarily distinguish between a self-signed certificate deliberately generated by the site owner, or one generated by a spy agency, or one generated by a router or captive portal on the network you're using), but it is true when accessing your own device on your own network (because you can easily tell that the certificate is the one you made yourself, and know that that certificate is expected in that context).

5 Likes