Automatic SSL renewal with Let’s Encrypt on DSM 5.x / Synology DS1010+ via dns-01 verification

The one downside with Let’s Encrypt has always been the limitation that for verification any internal server needed to open up ports. Using Cloudflare and gives my old Synology DS1010+ new life with a proper SSL certificate (the supports a number of other DNS providers other than Cloudflare as well):

As long as you have a CloudFlare account (or any other DNS provider supported by DNS API) the installation and automation is really simple.

First we will install – for this you need SSH / Telnet access into your Synology:

The above downloads the installer and then installs it with the “nocron”-option (since my Synology does not have a scheduler running which is supported by The installer completes quickly:

After you closed and re-opened the terminal, we then configure to automatically update itself:

As the last step you will need to adjust ACCOUNT_EMAIL in ~/ and add your CloudFlare Global API key and Email:

Next we run the Let’s Encrypt certificate installation (adjust the domain name accordingly):

Lastly, you need to add a Crontab entry via vi /etc/crontab:

Older Synology’s had issues with the format of the crontab – so make sure that you use tabs between the sections. Run the cronjob to verify that everything is fine:


Print Friendly, PDF & Email