Install a Let’s Encrypt SSL certificate on a Synology NAS

The benefits of Let’s Encrypt certificates are that they are automated, short lifetimes (90 days) and that they are completely FREE!.

Below is a quick guide on how to install Let’s Encrypt SSL on a Synology NAS!

Create and maintain a Let’s Encrypt certificate on a Synology NAS.

Uses lego and the ACME DNS-01 challenge for any of the supported DNS Providers.

Install & Update Script

To install or update synology-letsencrypt, run the install script. To do that, either download and run the script manually, or use the following cURL command:

curl -sSL https://raw.githubusercontent.com/JessThrysoee/synology-letsencrypt/master/install.sh | bash

Configuration

Update /usr/local/etc/synology-letsencrypt/env with domain(s), email, and DNS API-key:

DOMAINS=(--domains "example.com" --domains "*.example.com")
EMAIL="[email protected]"

# Specify DNS Provider (this example is from https://go-acme.github.io/lego/dns/simply/)
DNS_PROVIDER="simply"
export SIMPLY_ACCOUNT_NAME=XXXXXXX
export SIMPLY_API_KEY=XXXXXXXXXX
export SIMPLY_PROPAGATION_TIMEOUT=1800
export SIMPLY_POLLING_INTERVAL=30

Now you should be able to run /usr/local/bin/synology-letsencrypt.sh.

To schedule a daily task, log into the Synology DSM and add a user-defined script:

Synology DSM -> Control Panel -> Task Scheduler
   Create -> Scheduled Task -> User-defined script
      General -> User = root
      Task Settings -> User-defined script = /usr/local/bin/synology-letsencrypt.sh

Uninstall

To uninstall synology-letsencrypt, run the uninstall script. To do that, either download and run the script manually, or use the following cURL command:

curl -sSL https://raw.githubusercontent.com/JessThrysoee/synology-letsencrypt/master/uninstall.sh | bash