How to install Lets Encrypt SSL Certificate on Synology NAS with DSM 6

I’ve been using my Synology NAS with HTTPS enabled for a while now but with a self-signed certificate it wasn’t all that secure. Today I decided to try the new feature in DSM 6 Beta 2 for installing a SSL certificate to better secure my NAS. Since the release of DSM 6 Beta 2 Let’s Encrypt is integrated.

In this part I will try to explain how you can easily secure your Synology NAS with a SSL certificate for free. In the examples below I will use the subdomain names: example.brainpulse.nl, example2.brainpulse.nl and example3.brainpulse.nl

Note: I’ll be using a Synology DS412+ running DSM 6.0-7274

For more information about Let’s Encrypt see https://letsencrypt.org

Prerequisites before starting

  • Create the DNS records for the domain names you want to use. This is an A record which points to your WAN IP address.
  • Create a port forward for port 80 from you router to the IP of your Synology NAS. I don’t know for sure but I think this is because of the automatic approval and is used for installing the certificate.
  • Make sure the Web Server is running. In the new DSM the webserver is moved to the Package Center. Install the package Web Station. You don’t have to enable the option personal website in the settings Screen of the Web Station.

Synology_WebStation_DSM6_beta

Getting started with Let’s Encrypt and DSM 6 Beta 2

Next go to the Control Panel –> Security and click on the tab Certificate

Synology_DSM6_Certificates_1

Click on “Add” to begin creating a SSL Certificate

Synology_DSM6_Certificates_2

Select the option “Add a new certificate” en click on “Next”

Synology_DSM6_Certificates_3

We are going to use the FREE SSL Certificates from Let’s Encrypt , did I already said they are free? Select the option “Get a certificate from Let’s Encrypt” en click on “Next”

Now you can insert the correct domain names you are going to use to connect to your DSM. You can also provide alternative names to the certificate so you can use the same certificate. For the purpose of this example I will use the creative names: example2.brainpulse.nl and example3.brainpulse.nl

DSM 6 Beta 2 - Let’s Encrypt DSM 6 Beta 2 - Let’s Encrypt

Click on “Apply”, there should be a screen stating Processing. Please wait… or when you didn’t follow the steps correctly meaby the following error.

DSM 6 Beta 2 - Restarting Webserver

DSM 6 Beta 2 - Let’s Encrypt error

When you get the this error make sure you didn’t made any typo’s, you created the correct DNS records, and your NAS is accessible via port 80.

When everything is okay your Synology NAS will restart the web server automatically.

The result!

When finished, your Synology NAS now has a valid SSL Certificate from the Let’s Encrypt Authority X1, please note that the issued certificates are only valid for 90 days. After that I think there will be an automatic renewal?

DSM 6 Beta 2 - Example Let’s Encrypt SSL Certificate

DSM 6 Beta 2 - Example Let’s Encrypt SSL Certificate properties

Synology_DSM6_Certificates_10

Please leave a comment if you found this post usefull.

* Update: 27-03-2016:

Today I reviewed my current certificate! To my suprise the certificate was automatically renewed. The only downside is that I cannot find an entry log in DSM’s Log Center.

comments powered by Disqus