How to install Let’s Encrypt SSL Certificate on Xpenology

For more information about Let’s Encrypt see https://letsencrypt.org

Prerequisites before starting

  • Create the DNS records for the domain names you want to use. This is an A record which points to your WAN IP address.
  • Create a port forward for port 80 or 443 from you router to the IP of your Synology NAS. This is because of the automatic approval and is used for installing the certificate.
  • Make sure the Web Server is running. In the new DSM the webserver is moved to the Package Center. Install the package Web Station. You don’t have to enable the option personal website in the settings Screen of the Web Station.

Getting started with Let’s Encrypt and DSM 6.x

Next go to the Control Panel –> Security and click on the tab Certificate

 

Click on “Add” to begin creating a SSL Certificate

Select the option “Add a new certificate” en click on “Next”

We are going to use the FREE SSL Certificates from Let’s Encrypt, did I already said they are free? Select the option “Get a certificate from Let’s Encrypt” en click on “Next”

Now you can insert the correct domain names you are going to use to connect to your DSM. You can also provide alternative names to the certificate so you can use the same certificate. For the purpose of this example I will use the creative names: example2.brainpulse.nl and example3.brainpulse.nl


Click on “Apply”, there should be a screen stating Processing. Please wait… or when you didn’t follow the steps correctly meaby the following error.

When you get the this error make sure you didn’t made any typo’s, you created the correct DNS records, and your NAS is accessible via port 80.

When everything is okay your Synology NAS will restart the web server automatically.

The result!

When finished, your Synology NAS now has a valid SSL Certificate from the Let’s Encrypt Authority X1, please note that the issued certificates are only valid for 90 days.  It  should auto renew after 90 days.

 

Original  Article

Leave a Reply

Your email address will not be published. Required fields are marked *

*