I’ve been using my Synology NAS with HTTPS enabled for a while now but with a self-signed certificate it wasn’t all that secure. Today I decided to try the new feature in DSM 6 Beta 2 for installing a SSL certificate to better secure my NAS. Since the release of DSM 6 Beta 2 Let’s Encrypt is integrated.
In this part I will try to explain how you can easily secure your Synology NAS with a SSL certificate for free. In the examples below I will use the subdomain names: example.brainpulse.nl, example2.brainpulse.nl and example3.brainpulse.nl
Note: I’ll be using a Synology DS412+ running DSM 6.0-7274
For more information about Let’s Encrypt see https://letsencrypt.org
Prerequisites before starting
- Create the DNS records for the domain names you want to use. This is an A record which points to your WAN IP address.
- Create a port forward for port 80 from you router to the IP of your Synology NAS. I don’t know for sure but I think this is because of the automatic approval and is used for installing the certificate.
- Make sure the Web Server is running. In the new DSM the webserver is moved to the Package Center. Install the package Web Station. You don’t have to enable the option personal website in the settings Screen of the Web Station.
Getting started with Let’s Encrypt and DSM 6 Beta 2
Next go to the Control Panel –> Security and click on the tab Certificate
Click on “Add” to begin creating a SSL Certificate
Select the option “Add a new certificate” en click on “Next”
We are going to use the FREE SSL Certificates from Let’s Encrypt, did I already said they are free? Select the option “Get a certificate from Let’s Encrypt” en click on “Next”
Now you can insert the correct domain names you are going to use to connect to your DSM. You can also provide alternative names to the certificate so you can use the same certificate. For the purpose of this example I will use the creative names: example2.brainpulse.nl and example3.brainpulse.nl
Click on “Apply”, there should be a screen stating Processing. Please wait… or when you didn’t follow the steps correctly meaby the following error.
When you get the this error make sure you didn’t made any typo’s, you created the correct DNS records, and your NAS is accessible via port 80.
When everything is okay your Synology NAS will restart the web server automatically.
When finished, your Synology NAS now has a valid SSL Certificate from the Let’s Encrypt Authority X1, please note that the issued certificates are only valid for 90 days. After that I think there will be an automatic renewal?
Please leave a comment if you found this post usefull.
* Update: 27-03-2016:
Today I reviewed my current certificate! To my suprise the certificate was automatically renewed. The only downside is that I cannot find an entry log in DSM’s Log Center.