In this article, I am going to show you how to generate a Let’s Encrypt SSL certificate and use it on your Synology NAS. So, let’s get started.
Table of Contents:
- Requirements
- Using Let’s Encrypt for a DDNS Domain Name
- Using Let’s Encrypt for Your Domain Name
- Setting a Default Certificate for Synology NAS
- Configuring Specific Services to use Specific SSL Certificates
- Conclusion
- References
Requirements:
To generate an SSL certificate for your domain name with Let’s Encrypt, your ISP must have ports 80 and 443 open for you. Otherwise, you will fail the HTTP-01 challenge of Let’s Encrypt and the certification generation will fail as well. So, if you have problems with generating an SSL certificate with Let’s Encrypt, contact your ISP.
Using Let’s Encrypt for a DDNS Domain Name:
If you don’t have a domain name, you can use a DDNS (Dynamic DNS) service. Synology supports many DDNS services by default.
To configure a DDNS domain name, click on Control Panel > External Access.
From the DDNS tab, click on Add as marked in the screenshot below.
Select a DDNS Service Provider from the dropdown menu1, type in your desired Hostname2, and your desired DNS name from the dropdown menu3.
NOTE: I will show you how to use the Synology DDNS service provider in this section. But, you can use any one of the Synology-supported DDNS service providers.
If you want to use the Synology DDNS service provider, you will have to sign in to your Synology Account.
NOTE: If you want to use another DDNS service provider, you will have to type in the login information of that DDNS provider instead.
A popup window should open the Synology login page. Login to your Synology Account from here.
Once you’re logged in, your Synology Email address should be displayed as marked in the screenshot below.
To set the Let’s Encrypt SSL certificate that will be generated for this DDNS hostname as default, check the Get a certificate from Let’s Encrypt and set it as default checkbox as marked in the screenshot below.
Once you’re done, click on OK.
Click on OK.
The DDNS service is being set up. It may take a few seconds to complete.
Once the DDNS service is set up, the web server running on your Synology NAS will restart. It will take a few seconds to complete.
Once the web server has restarted, navigate to Control Panel > External Access > DDNS and you should see a new DDNS service added to your Synology NAS.
Navigate to Control Panel > Security > Certificate and you should see a new SSL certificate added to your Synology NAS as well.
Now, visit the DDNS domain name (In my case https://linuxhint-nas10.synology.me:5001/) from your favorite web browser and you should see a lock icon in the URL bar. It means that Let’s Encrypt is working just fine.
As you can see, the connection to the NAS is secure and the certificate is valid.
Using Let’s Encrypt for Your Domain Name:
If you have registered a domain name, you can also use it with Let’s Encrypt.
To do that, navigate to Control Panel > Security.
From the Certificates tab, click on Add as marked in the screenshot below.
Select Add a new certificate and click on Next.
Select Get a certificate from Let’s Encrypt1, check the Set as default certificate checkbox if you want to set this certificate as the default certificate for your Synology NAS2, and click on Next3.
Type in your Domain name1, your Email address2, and click on Done3.
It will take a while for the Let’s Encrypt SSL certificate to be generated.
The Let’s Encrypt SSL certificate should be generated for your domain name at this point.
Setting a Default Certificate for Synology NAS:
To set an SSL certificate as the default certificate for your Synology NAS, navigate to Control Panel > Security > Certificate, select your desired SSL certificate from the list, and click on Edit as marked in the screenshot below.
Check the Set as default certificate checkbox and click on OK.
Your desired SSL certificate should be set as the default certificate for your Synology NAS.
Configuring Specific Services to Use Specific SSL Certificates:
You can also configure different services of your Synology NAS to use different SSL certificates.
To do that, navigate to Control Panel > Security > Certificate and click on Settings as marked in the screenshot below.
All the services installed on your Synology NAS should be listed. You can use the respective Certificate dropdown menu to select an SSL certificate that you want to use for your desired Service.
Once you’re done, click on OK for the changes to take effect.
Conclusion:
In this article, I have shown you how to use the Synology DDNS service to register a DDNS domain name and generate a Let’s Encrypt SSL certificate for that domain. I have also shown you how to use your own domain name and generate a Let’s Encrypt SSL certificate for it. I have shown you how to set a default SSL certificate for your Synology NAS and configure service-specific SSL certificates as well.
References:
[1] Best Practice – Keep Port 80 Open – Let’s Encrypt
[2] How do I obtain a certificate from Let’s Encrypt on my Synology NAS? – Synology Knowledge Center