This works on DSM 6.1 with a custom TLD for NAS (split-horizon DNS), e.g. nas.example.com.
ssh admin@nas.iocaine.org
sudo -i
git clone https://github.com/Neilpang/acme.sh
cd acme.sh
./acme.sh --install --nocron --home /usr/local/acme.sh --accountemail test@example.com
cd /usr/local/acme.sh
export CF_Key="examplekey"
export CF_Email="test@example.com"
./acme.sh \
--issue \
-d nas.example.com \
--dns dns_cf \
--certpath /usr/syno/etc/certificate/system/FQDN/cert.pem \
--keypath /usr/syno/etc/certificate/system/FQDN/privkey.pem \
--fullchainpath /usr/syno/etc/certificate/system/FQDN/fullchain.pem \
--reloadcmd "/usr/syno/etc/rc.sysv/nginx.sh reload" \
--dnssleep 10
Then create a scheduled task in the management console with this script:
/usr/local/acme.sh/acme.sh --cron --home /usr/local/acme.sh
/usr/syno/etc/rc.sysv/nginx.sh reload