![]() volume1/.acme.sh/acme.sh -cron -home /volume1/.acme.I recently made an addition to my setup in the form of a Synology DS716 ii NAS – I’ll probably write some more posts about it in the near future but for now I want to cover how I replaced the default SSL/TLS certificate it uses with one issued by my pfSense system. Go to Control Panel -> Task Scheduler and create task with User-defined script: Otherwise, it would be "/volume1/web" or wherever your vHost points too, refer to Web Services documentation. Webroot points to /var/lib/letsencrypt because /etc/httpd/conf/nf contains line " Alias /.well-known/acme-challenge /var/lib/letsencrypt/.well-known/acme-challenge". reloadcmd '/usr/syno/sbin/synoservicecfg -reload httpd-sys' capath /usr/syno/etc/ssl/ssl.intercrt/server-ca.crt \ keypath /usr/syno/etc/ssl/ssl.key/server.key \ certpath /usr/syno/etc/ssl/ssl.crt/server.crt \ DSM uses Apache web server with some crazy configuration. OK, Close and reopen your terminal to start using acme.sh If you don't use standalone mode, just ignore this warning. We use nc for standalone server if you use standalone mode. It is recommended to install nc first, try to install 'nc' or 'netcat'. acme.sh -install -nocron -home /volume1/.acme.sh $ ssh v1.16.1 ( 17:11:07 CST) built-in shell (ash)Įnter 'help' for a list of built-in commands. ![]() Install to /volume1/.acme.sh, do not create cronjob: Since DSM have very limited shell, I chose acme.sh client. Also, you need domain name, and your DSM must have Web Services enabled, and listen on port 80, and so on. Do not "Create Certificate", Import something valid. I guess you need to import something once, so DSM will properly configure his Apache. ![]() I already imported private key, server certificate and intermediate CA from StartSSL ( Control Panel -> Security -> Certificate). Are there any other free CA services? I don't know and don't really want to re-issue and re-upload certificate every once in a while, so with Let's Encrypt we go, even if it's not officially supported. Synology added Let's Encrypt support for their DSM 6, but for older models, like my DS410, only DSM 5 with critical security updates is available. Chrome and Firefox refuses to trust StartSSL certificates and gives zero fucks about that. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |