How Do I Use Let’s Encrypt on Synology?

Let’s Encrypt is a free certificate authority (CA). They issue SSL certificates for your domain name for free.

In this article, I am going to show you how to generate a Let’s Encrypt SSL certificate and use it on your Synology NAS. So, let’s get started.

Table of Contents:

1. Requirements
2. Using Let’s Encrypt for a DDNS Domain Name
3. Using Let’s Encrypt for Your Domain Name
4. Setting a Default Certificate for Synology NAS
5. Configuring Specific Services to use Specific SSL Certificates
6. Conclusion
7. References

Requirements:

To generate an SSL certificate for your domain name with Let’s Encrypt, your ISP must have ports 80 and 443 open for you. Otherwise, you will fail the HTTP-01 challenge of Let’s Encrypt and the certification generation will fail as well. So, if you have problems with generating an SSL certificate with Let’s Encrypt, contact your ISP.

Using Let’s Encrypt for a DDNS Domain Name:

If you don’t have a domain name, you can use a DDNS (Dynamic DNS) service. Synology supports many DDNS services by default.

To configure a DDNS domain name, click on Control Panel > External Access.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-1.png" data-lazy- height="761" src="data:image/svg xml,” width=”1357″>

From the DDNS tab, click on Add as marked in the screenshot below.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-2.png" data-lazy- height="703" src="data:image/svg xml,” width=”1170″>

Select a DDNS Service Provider from the dropdown menu¹, type in your desired Hostname², and your desired DNS name from the dropdown menu³.

NOTE: I will show you how to use the Synology DDNS service provider in this section. But, you can use any one of the Synology-supported DDNS service providers.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-3.png" data-lazy- height="705" src="data:image/svg xml,” width=”1164″>

If you want to use the Synology DDNS service provider, you will have to sign in to your Synology Account.

NOTE: If you want to use another DDNS service provider, you will have to type in the login information of that DDNS provider instead.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-4.png" data-lazy- height="531" src="data:image/svg xml,” width=”774″>

A popup window should open the Synology login page. Login to your Synology Account from here.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-5.png" data-lazy- height="859" src="data:image/svg xml,” width=”600″>

Once you’re logged in, your Synology Email address should be displayed as marked in the screenshot below.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-6.png" data-lazy- height="532" src="data:image/svg xml,” width=”774″>

To set the Let’s Encrypt SSL certificate that will be generated for this DDNS hostname as default, check the Get a certificate from Let’s Encrypt and set it as default checkbox as marked in the screenshot below.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-7.png" data-lazy- height="537" src="data:image/svg xml,” width=”777″>

Once you’re done, click on OK.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-8.png" data-lazy- height="534" src="data:image/svg xml,” width=”774″>

Click on OK.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-9.png" data-lazy- height="531" src="data:image/svg xml,” width=”771″>

The DDNS service is being set up. It may take a few seconds to complete.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-10.png" data-lazy- height="531" src="data:image/svg xml,” width=”770″>

Once the DDNS service is set up, the web server running on your Synology NAS will restart. It will take a few seconds to complete.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-11.png" data-lazy- height="530" src="data:image/svg xml,” width=”773″>

Once the web server has restarted, navigate to Control Panel > External Access > DDNS and you should see a new DDNS service added to your Synology NAS.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-12.png" data-lazy- height="703" src="data:image/svg xml,” width=”1167″>

Navigate to Control Panel > Security > Certificate and you should see a new SSL certificate added to your Synology NAS as well.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-13.png" data-lazy- height="929" src="data:image/svg xml,” width=”1920″>

Now, visit the DDNS domain name (In my case https://linuxhint-nas10.synology.me:5001/) from your favorite web browser and you should see a lock icon in the URL bar. It means that Let’s Encrypt is working just fine.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-14.png" data-lazy- height="823" src="data:image/svg xml,” width=”1214″>

As you can see, the connection to the NAS is secure and the certificate is valid.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-15.png" data-lazy- height="823" src="data:image/svg xml,” width=”1214″>

Using Let’s Encrypt for Your Domain Name:

If you have registered a domain name, you can also use it with Let’s Encrypt.

To do that, navigate to Control Panel > Security.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-16.png" data-lazy- height="751" src="data:image/svg xml,” width=”1418″>

From the Certificates tab, click on Add as marked in the screenshot below.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-17.png" data-lazy- height="929" src="data:image/svg xml,” width=”1920″>

Select Add a new certificate and click on Next.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-18.png" data-lazy- height="708" src="data:image/svg xml,” width=”1170″>

Select Get a certificate from Let’s Encrypt¹, check the Set as default certificate checkbox if you want to set this certificate as the default certificate for your Synology NAS², and click on Next³.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-19.png" data-lazy- height="557" src="data:image/svg xml,” width=”658″>

Type in your Domain name¹, your Email address², and click on Done³.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-20.png" data-lazy- height="562" src="data:image/svg xml,” width=”661″>

It will take a while for the Let’s Encrypt SSL certificate to be generated.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-21.png" data-lazy- height="961" src="data:image/svg xml,” width=”1920″>

The Let’s Encrypt SSL certificate should be generated for your domain name at this point.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-22.png" data-lazy- height="704" src="data:image/svg xml,” width=”1163″>

Setting a Default Certificate for Synology NAS:

To set an SSL certificate as the default certificate for your Synology NAS, navigate to Control Panel > Security > Certificate, select your desired SSL certificate from the list, and click on Edit as marked in the screenshot below.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-23.png" data-lazy- height="707" src="data:image/svg xml,” width=”1168″>

Check the Set as default certificate checkbox and click on OK.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-24.png" data-lazy- height="714" src="data:image/svg xml,” width=”1174″>

Your desired SSL certificate should be set as the default certificate for your Synology NAS.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-25.png" data-lazy- height="710" src="data:image/svg xml,” width=”1166″>

Configuring Specific Services to Use Specific SSL Certificates:

You can also configure different services of your Synology NAS to use different SSL certificates.

To do that, navigate to Control Panel > Security > Certificate and click on Settings as marked in the screenshot below.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-26.png" data-lazy- height="961" src="data:image/svg xml,” width=”1920″>

All the services installed on your Synology NAS should be listed. You can use the respective Certificate dropdown menu to select an SSL certificate that you want to use for your desired Service.

Once you’re done, click on OK for the changes to take effect.

<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2022/03/echo/How-Do-I-Use-Lets-Encrypt-27.png" data-lazy- height="708" src="data:image/svg xml,” width=”1169″>

Conclusion:

In this article, I have shown you how to use the Synology DDNS service to register a DDNS domain name and generate a Let’s Encrypt SSL certificate for that domain. I have also shown you how to use your own domain name and generate a Let’s Encrypt SSL certificate for it. I have shown you how to set a default SSL certificate for your Synology NAS and configure service-specific SSL certificates as well.

References: