{"id":147115,"date":"2024-01-15T05:23:38","date_gmt":"2024-01-15T05:23:38","guid":{"rendered":"https:\/\/mustafa.net\/?p=147115"},"modified":"2024-01-15T05:23:39","modified_gmt":"2024-01-15T05:23:39","slug":"secure-your-nas-with-ssl-using-letsencrypt","status":"publish","type":"post","link":"https:\/\/mustafa.net\/2024\/01\/15\/secure-your-nas-with-ssl-using-letsencrypt\/","title":{"rendered":"Secure your NAS with SSL using LetsEncrypt"},"content":{"rendered":"\n
Create a user in Synology DSM. The certadmin user only needs Read\/Write access to the homes folder and you can deny access to all applications. NOTE: some other guides do not specify adding the user to the administrators and http groups, this is required! Once the user has been created go back to the Control Panel home and click Terminal & SNMP. Check Enable SSH service and click apply.<\/p>\n\n\n\n Type the following commands:<\/p>\n\n\n\n <\/p>\n\n\n\n To create a certificate:<\/p>\n\n\n\n <\/p>\n\n\n\n Add this if using cloudflare:<\/p>\n\n\n\n <\/p>\n\n\n\n Add account to ZeroSSL:<\/p>\n\n\n\n <\/p>\n\n\n\n Now issue the certificate<\/p>\n\n\n\n <\/p>\n\n\n\n
<\/strong>Log into your Synology device, click Control Panel, click User & Group, and click Create. I used certadmin as the username and give the user a good description. Make sure the user is a member of the administrators group (this is required for SSH access that we will be using in a moment) and the http group (this is required for the process to authenticate to DSM in the SSH session). <\/p>\n\n\n\nssh certadmin@YOURHOSTorIPADDRESS\r<\/code><\/pre>\n\n\n\n
wget -O \/tmp\/acme.sh.zip https:\/\/github.com\/acmesh-official\/acme.sh\/archive\/master.zip\r\n\r\nsudo 7z x -o\/usr\/local\/share \/tmp\/acme.sh.zip\r\n\r\nsudo mv \/usr\/local\/share\/acme.sh-master\/ \/usr\/local\/share\/acme.sh\r\n\r\nsudo chown -R certadmin \/usr\/local\/share\/acme.sh\/\r\n\r\ncd \/usr\/local\/share\/acme.sh<\/code><\/pre>\n\n\n\n
export CF_Key=\"763eac4f1bcebd8b5c95e9fc50d010b4\"\r\nexport CF_Email=\"alice@example.com\"<\/code><\/pre>\n\n\n\n
.\/acme.sh --register-account -m my@example.com<\/code><\/pre>\n\n\n\n
.\/acme.sh --issue --dns dns_cf -d domain.com -d '*.domain.com'<\/code><\/pre>\n\n\n\n