github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated Synology NAS Guide (markdown)

master
John Villalovos 2017-01-01 17:32:07 -08:00
parent 7510b518ac
commit a56426fabc
1 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Synology-NAS-Guide.md

@ -1,28 +1,33 @@
Since Synology introduced Let's Encrypt, many of us benefit from free SSL. Since Synology introduced [Let's Encrypt](https://letsencrypt.org/), many of us benefit from free SSL.
OTOH many of us dont want to expose port 80/443 to the internet. On the other hand, many of us don't want to expose port 80/443 to the Internet. The alternative is to use the DNS-01 protocol. Sadly the Synology implementation of Let's Encrypt currently (1-Jan-2017) only supports the HTTP-01 method which requires exposing port 80 to the Internet.
The alternative is to use DNS01 protocol.
Sadly, Synology implementation of LE is only acme (web).
But we can access the NAS via SSH and configure it to renew certs instead of using the web dashboard. But we can access the NAS via SSH and configure it to renew certs instead of using the web dashboard.
here's the HowTo (xpopst https://forum.synology.com/enu/viewtopic.php?f=7&t=123007). Here's the HowTo (xpopst https://forum.synology.com/enu/viewtopic.php?f=7&t=123007).
I've used https://github.com/Neilpang/acme.sh , a 3rd party client for Let's Encrypt, based on Perl. no extra dependencies. I've used https://github.com/Neilpang/acme.sh which is a 3rd party client for Let's Encrypt, based on Shell scripting. No extra dependencies are required.
I've also used it with DNS01 protocol, which means, I don't have any ports open on the router to do the validation, instead it use Cloudflare API, where I host my domain.
I've also used it with the DNS-01 protocol, which means, I don't have any ports open on the router to do the validation, instead it uses the [Cloudflare API](https://api.cloudflare.com/), where I host my domain.
Install:
Install
$ wget -O - https://get.acme.sh | sh $ wget -O - https://get.acme.sh | sh
so install is done :) so install is done :)
next, config next step is to do the configuration:
$ cd ~/.acme.sh/ $ cd ~/.acme.sh/
$ vi account.conf $ vi account.conf
set your email, cloudflare account and API (https://www.cloudflare.com/a/account/my-account) set your email, cloudflare account and API (https://www.cloudflare.com/a/account/my-account)
ctrl+c ctrl+c
:wq (and you are out of VI(M)) :wq (and you are out of VI(M))
now to create your cert Now to create your certificate:
$ ./acme.sh --issue -d YOURDOMAIN.TLD --dns dns_cf --certpath /usr/syno/etc/certificate/system/default/cert.pem --keypath /usr/syno/etc/certificate/system/default/privkey.pem --fullchainpath /usr/syno/etc/certificate/system/default/fullchain.pem $ ./acme.sh --issue -d YOURDOMAIN.TLD --dns dns_cf --certpath /usr/syno/etc/certificate/system/default/cert.pem --keypath /usr/syno/etc/certificate/system/default/privkey.pem --fullchainpath /usr/syno/etc/certificate/system/default/fullchain.pem
(anyone knows how to restart the webserver?) (anyone knows how to restart the webserver?)
simple right? simple right?