Another feature, very convenient, supported by Synology: the ability to generate and install a let’s Encrypt SSL certificate directly from/on a synology!
In a previous article-Synology : Reverse proxy on NAS Synology saw how to use its synology NAS as reverse proxy. It is rather not bad because it allows to centralize access to the different Web services that one hosts at or for example.
In this tutorial we will see that we can generate public certificates, free, issued by the certification authority let’s Encrypt! and assign them directly to our previously generated reverse Proxy entries.
In other words, no more error pages when you access your personal services in HTTPS :
Generate and install a Let’s Encrypt SSL certificate
To generate the appointment certificate here:
- Control Panel > Security > certificate
- Click on “Add“
- A window of this type (below) must open, then click on “Add New certificate“
- Click on “Get a certificate from Let’s Encrypt“
- Fill in the requested information and confirm by clicking on “Apply“
- The fully qualified domain name for which you want to obtain the certificate
- The contact email address used only for the renewal of the certificate (the address will not be public)
- If you want to add name aliases to the certificate
Install the certificate
Now that we have generated our certificate, we will be able to assign it to the service to be protected. In my case I want to secure access in HTTPS to one of my services that is processed by my reverse proxy.
To do this you have to go to “Configure“, select the desired service and assign the previously generated certificate.
It is possible to export the certificate (export certificate) so that it can be installed on your Web server. The export will then generate 3 files:
These files will be necessary to install the certificate on the side of your Web server. Since several environments exist (Apache/Nginx etc…) I leave it to you to consult the documentation to find out how to add a certificate to your Web server.
Validate the correct operation
Once all is OK, we can test that our certificate is well functioning: