Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save bruvv/1da6f61b7d2e3104795fa66a2a52f0d0 to your computer and use it in GitHub Desktop.
Save bruvv/1da6f61b7d2e3104795fa66a2a52f0d0 to your computer and use it in GitHub Desktop.

We are going to use the script to accomplish this. For authentication of the domain name, we will use the DNS option. First login to your Synology with ssh as the admin user and then sudo -i to get root access. When you login into the Synology with ssh you will end up in the /root path. I assume for the rest of the guide we run everything from that path. Now we need to get the script and change the permissions so it is executable.

chmod a+x

Next we issue the certificate:

./ --issue -d *.website.come --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

You will get an output like below:

Registering account
Creating domain key
The domain key is here: /root/*.website.come/*.website.come.key
Single domain='*'
Getting domain auth token for each domain
Getting webroot for domain='*.website.come'
You need to add the txt record manually.
Add the following TXT record:
Domain: ''
TXT value: 'ThIsISNoTtHeReAlKeY'
Please be aware that you prepend _acme-challenge. before your domain
so the resulting subdomain will be:
Please add the TXT records to the domains, and re-run with --renew.
Please add '--debug' or '--log' to check more details.

As you can see you will have to create a DNS text record with your domain name provider according to the output I marked. Needless to say that you need to use your own values.After you created it we will have to run the script again with –renew. Note: It can take some time for DNS records to get updated. Depends on your provider for my provider it is less than a minute. For renewal, after 3 months you can just run the renew command.

./ --renew -d * --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

When all goes well you get an output like below:

Your cert is in /root/**
Your cert key is in /root/**
The intermediate CA cert is in /root/*
And the full chain certs is there: /root/*

Now copy the files to an accessible share on your NAS. In my case a made a share called Certs with the subfolder of in it.:

cp "/root/**" "/volume1/Certs/"
cp "/root/**" "/volume1/Certs/"
cp "/root/*" "/volume1/Certs/"
cp "/root/*" "/volume1/Certs/"

You will see that the files will be in that folder after running the cp actions. You can close the SSH session now and for security reasons, you can also disable SSH. All you need to do now is to import your certificate on the Synology if you want or just start using it where you need it!

To import it on your Synology

If you use your Synology as a reverse proxy and ssl ofloader like me this is pretty darn handy!

  1. Go to the Control Panel, then Security and Certificate. Choose Add.
  2. Then import
  3. And put in the files requested.
  4. Now you’re done and you have a Let’s Encrypt wildcard certificate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment