Using Let’s Encrypt Certification for Synology Nas Systems With dynu as DDNS Provider and auto-renew it (updated 5-26-23)

When we use the Synology Nas system it is convenient to access it from the webpage interface.

The common solution is using a ddns provider to get a domain name and access it.

But taking for security consideration, we often do not prefer the HTTP web interface,so we need to get an SSL certification from Let’s encrypt and use the HTTPS technique.

This tutorial shows you how to get Let’s encrypt certification by using dynu ddns provider and auto renew it.

​We use the following steps: 

1. SSH client login the Synology nas.

2. Issue the certificate through DNS-01 challenge.

3. Deploy the certificate.

4. Check if the certificate is active.

5. Create the automatically renew certificate task.

1. SSH client login  the Synology nas.

Be sure that you enable the ssh service in dsm control panel.

then login to dsm with ssh client.

$ sudo -i
$ wget https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
$ sh ./acme.sh --install --nocron --home /volume1/pool/admin/acme

$ #Install the client’s API for dynu:
$ mkdir /volume1/pool/admin/acme/dnsapi && \
cd /volume1/pool/admin/acme/dnsapi && \
wget https://raw.githubusercontent.com/acmesh-official/acme.sh/master/dnsapi/dns_dynu.sh && \
cd /root

2. Issue the certificate by DNS-01 challenge

vi /volume1/pool/admin/acme/account.conf
add this fragment to the bottom of the file and save :

Dynu_ClientId='***************************'
Dynu_Secret='*******************************'

$/volume1/pool/admin/acme/acme.sh  --issue --dns dns_dynu -d example.com  \
 --accountemail "*@example.com" \
 --home /volume1/pool/admin/acme

3. Deploy the certificate.

First, we must install the deploy hook:

$ mkdir /volume1/pool/admin/acme/deploy && \
cd /volume1/pool/admin/acme/deploy && \
wget https://raw.githubusercontent.com/acmesh-official/acme.sh/master/deploy/synology_dsm.sh && \
cd /root

The structure of the installation directory should like this:

$export SYNO_Username="**"
$export SYNO_Password="******"
$export SYNO_Certificate="mycert01" 
$export SYNO_Create=1 
$/volume1/pool/admin/acme/acme.sh --deploy -d example.com --home /volume1/pool/admin/acme --deploy-hook synology_dsm 

4. Check if the certificate is active.

go to the dsm control panel->security->certificate to see if the certificate works, if it is, 

set it to default.

5. Create the automatically renew certificate task.

Go to the dsm control panel->Task Scheduler->Create->User defined script:

export SYNO_Username="**"
export SYNO_Password="************"

/volume1/pool/admin/acme/acme.sh --renew -d "*.example.com" --home /volume1/pool/admin/acme

The task user should be root.

That is all done.

開始討論

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *