I’ve been using my Synology NAS with HTTPS enabled for a while now but with a self-signed certificate it wasn’t all that secure. Today I decided to try the new feature in DSM 6 Beta 2 for installing a SSL certificate to better secure my NAS.
Since the release of DSM 6 Beta 2 Let’s Encrypt is integrated.In this part I will try to explain how you can easily secure your Synology NAS with a SSL certificate for free. In the examples below I will use the subdomain names: example.brainpulse.nl, example2.brainpulse.nl and example3.brainpulse.nlNote: I’ll be using a Synology DS412+ running DSM 6.0-7274For more information about Let’s Encrypt see Prerequisites before starting. Create the DNS records for the domain names you want to use. This is an A record which points to your WAN IP address. Create a port forward for port 80 from you router to the IP of your Synology NAS. I don’t know for sure but I think this is because of the automatic approval and is used for installing the certificate.
Make sure the Web Server is running. In the new DSM the webserver is moved to the Package Center. Install the package Web Station. You don’t have to enable the option personal website in the settings Screen of the Web Station.Getting started with Let’s Encrypt and DSM 6 Beta 2Next go to the Control Panel – Security and click on the tab CertificateClick on “Add” to begin creating a SSL CertificateSelect the option “Add a new certificate” en click on “Next”We are going to use the FREE SSL Certificates from, did I already said they are free?
Install Certificate On Synology Lets Encrypt Pdf
Select the option “Get a certificate from Let’s Encrypt” en click on “Next”Now you can insert the correct domain names you are going to use to connect to your DSM. You can also provide alternative names to the certificate so you can use the same certificate. For the purpose of this example I will use the creative names: example2.brainpulse.nl and example3.brainpulse.nlClick on “Apply”, there should be a screen stating Processing. Please wait or when you didn’t follow the steps correctly meaby the following error.When you get the this error make sure you didn’t made any typo’s, you created the correct DNS records, and your NAS is accessible via port 80.When everything is okay your Synology NAS will restart the web server automatically. The result!When finished, your Synology NAS now has a valid SSL Certificate from the Let’s Encrypt Authority X1, please note that the issued certificates are only valid for 90 days.
After that I think there will be an automatic renewal?Please leave a comment if you found this post usefull. Update::Today I reviewed my current certificate! To my suprise the certificate was automatically renewed. The only downside is that I cannot find an entry log in DSM’s Log Center.Filed Under: Tagged With:,.
Contents.The default self-signed certificate is rejected by modern browsersIf you try to access the WEB interface in HTTPS of Domoticz from a modern browser, you will get this alert that informs you that you are going to access a dangerous site (from the browser’s point of view). Do not worry, you know this site. Click Show advanced settings and then Continue to site (dangerous) to access Domoticz.We will fix all that by replacing the self-signed certificate installed by default during the installation of Domoticz by a valid certificate Let’s Encrypt. Configure the router or the box Internet to make Domoticz accessible from internetThe first thing to do is to configure a port routing to the Domoticz server. To do this, connect to the management interface of your router or your internet. Here is an example on my internet box or you have to go in the menu Network v4 then NAT.