Updated Synology NAS Guide (markdown)

master
Jonas Gröger 2017-08-15 02:07:58 +02:00
parent 7fb3876e31
commit 8cd5711e4f
1 changed files with 5 additions and 6 deletions

@ -44,15 +44,14 @@ Alternatively, you can change the certificates install path to your DSM cert lib
For example:
$ export CERT_FOLDER="$(find /usr/syno/etc/certificate/_archive/ -maxdepth 1 -mindepth 1 -type d)"
$./acme.sh --issue -d YOURDOMAIN.TLD --dns dns_cf \
--certpath /usr/syno/etc/certificate/_archive/**vPATH**/cert.pem \
--keypath /usr/syno/etc/certificate/_archive/**vPATH**/privkey.pem \
--fullchainpath /usr/syno/etc/certificate/_archive/**vPATH**/fullchain.pem \
--capath /usr/syno/etc/certificate/_archive/**vPATH**/chain.pem \
--certpath "$CERT_FOLDER/cert.pem" \
--keypath "$CERT_FOLDER/privkey.pem" \
--fullchainpath "$CERT_FOLDER/fullchain.pem" \
--capath "$CERT_FOLDER/chain.pem" \
--reloadcmd "/usr/syno/etc/rc.sysv/nginx.sh reload"
You need to manually replace the 'vPATH' field with the directory name under your /usr/syno/etc/certificate/_archive/ . The directory name is a six characters unique name.
Now you can check the DSM control panel - Security - Certificates to see the nominated certificate has been replaced by letsencrypt one. You can now configure to use this one as default and assign to specific services, like vpn, sftp, etc.
To auto renew the certificates in the future, you need to configure the cronjob. However, acme.sh seems not properly add tasks to Synology crontab. You have to do this manually.