Automatic SSL renewal with Let’s Encrypt on DSM 5.x / Synology DS1010+ via dns-01 verification

The one downside with Let’s Encrypt has always been the limitation that for verification any internal server needed to open up ports. Using Cloudflare and acme.sh gives my old Synology DS1010+ new life with a proper SSL certificate (the acme.sh supports a number of other DNS providers other than Cloudflare as well):

As long as you have a CloudFlare account (or any other DNS provider supported by acme.sh DNS API) the installation and automation is really simple.

First we will install acme.sh – for this you need SSH / Telnet access into your Synology:

The above downloads the acme.sh installer and then installs it with the “nocron”-option (since my Synology does not have a scheduler running which is supported by acme.sh). The installer completes quickly:

After you closed and re-opened the terminal, we then configure acme.sh to automatically update itself:

As the last step you will need to adjust ACCOUNT_EMAIL in ~/.acme.sh/account.conf and add your CloudFlare Global API key and Email:

Next we run the Let’s Encrypt certificate installation (adjust the domain name accordingly):

Lastly, you need to add a Crontab entry via vi /etc/crontab:

Older Synology’s had issues with the format of the crontab – so make sure that you use tabs between the sections. Run the cronjob to verify that everything is fine:

 

Print Friendly, PDF & Email