Way to combine several certificates created on synology NAS

I have created several certificates on synologyNAS trying to cover multiple language subdomains for wordpress language plugin for domain blog.songswell.com
is there away to combine them into one default certificate I don't think there is a certbot for synology

2 Likes

Welcome to the Let's Encrypt Community :slightly_smiling_face:

There are several ways to do this. I'm not sure how you have acquired your certificates thus far. I would highly recommend that you consider using an apex (songswell.com) and wildcard (*.songswell.com) certificate (that I affectionately call an A&W certificate). With that you can add as many translation (or other) subdomains as you desire and they will automatically be covered. This would require fulfilling two dns-01 challenges entailing the creation of two TXT records in your DNS where the host/name for both would be _acme-challenge.songswell.com. and the values would be different.


Your Complete Certificate History
2 Likes

Hello Griffen, so how can I do this. I created my certificates with my synology NAS and it won't allow a wildcard creation for my songswell.com domain. As you can see from my certificates I tried to include all my language subdomains yet it only will recognize one default certificate with 11 subdomains. I have 46 languages on my plugin! The synology server runs Linux but it's certificate creation is limited. The synology has no way to create a txt verification for your domain host, best joe

2 Likes

A certificate is for domain names, not devices. Thus when you acquire a certificate, you must prove that you control the domain name(s) for that certificate.

You might take a look at this:

Things to know:

  • the domain name (common name) is songswell.com
  • the subject alternative names (SANs) are songswell.com and *.songswell.com
  • you must use DNS TXT records to verify ownership of songswell.com and *.songswell.com

Hi @songswell

why is this a problem?

Create 5 certificates, 4 with 10 domain names, the last with the other 6 domain names. Job done.

You can use another client

to create a wildcard blog.songswell.com + *.blog.songswell.com and you can import that wildcard manual.

But you have to do that every 60 - 85 days, so it's painful.

Using the integrated NAS client automated renewal should work. So you can add additional languages.

1 Like

Thanks Griffin and Jeurgen for replies, as I am learning indeed the synology is creation limited and has worked fine until my need to make many language subdomains. As you see from certificate 3675832015 I have included 11 language subdomains and this is my "default" certificate. So if you go to https://de.blog.songswell.com (de for German) the site works with a lock on URL. This certificate will automatically update. I then went and created additional certificates like 3674574798 that has multiple subdomains. Since it is not the "default" certificate it doesn't work properly. If you go to https://ct.blog.songswell.com ( ct for Welsh) it doesn't work.
Is there a way to join certificates already created under blog.songswell.com so that all the language subdomains are under one "default" certificate 36758320151? best joe

1 Like

I am getting additional certificates to work that are not "default" created on synology. The domain name needs to be active in synology virtual host. I created new name records in my domain host fr pointing to songswell.com and es pointing to songswell.com. Then one can create certificates for fr.songswell.com and es.songswell.com and each can have 11 subdomains. When you configure in synology that certificate needs to be chosen for the ports used.

2 Likes

OT: It's es.blog.songswell.com - there is a valid certificate.

1 Like

Hello Juergen, you sent me a site that shows all my certificates made through the synology NAS. Is there a tool that modifies the certificates after they have been made. The problem with having multiple certificates is if a browser has a window open using one certificate and then switch to a language using another certificate it doesn't always work properly. best joe

1 Like

I actually gave you that. :slightly_smiling_face:


No.Once a certificate is generated it cannot be modified. If you need to change something, you need to generate a new certificate.


This sounds like a good reason to have all of the languages on the same certificate.

Hello Griffin, yes I correct myself. You first sent my output on my certificates. I agree as well I would be better just creating two new wildcard certificates that would simplify my problem. My domain host is namecheap and I have put Docker on my synology and I have loaded linuxserver/swag. I just need to learn how to send a request to Let's Encrypt for a DNS text record and then how to run docker to generate a certificate. It's a little confusing.

1 Like

Why would you need two wildcard certificates?

I believe you only need one wildcard certificate for songswell.com and *.songswell.com .

How about this?

Article looks amazing the devils in the details to get this to work:

C:\Users\medsp>ssh adminCertificate@192.168.1.242 -p24
adminCertificate@192.168.1.242's password:
adminCertificate@NewDiskStation:~$ wget -0 /tmp/acme.sh.zip https://github.com/acmesh-official/acme.sh/archive/dev.zip # currently using dev branch sudo 7z x -o/usr/local/share/acme.sh-dev/ /temp/acme.sh.zip sudo mv /usr/local/share/acme.sh-dev/ /usr/local/share/acme.sh #currently using dev branch sudo chown -R adminCertificate /usr/local/share/acme.sh/ #use your newly created admin user
wget: invalid option -- '0'
Usage: wget [OPTION]... [URL]...

Try `wget --help' for more options.

I tried his code to download acme.sh and this is wahat I got joe