Automatic SSL renewal with Let’s Encrypt on DSM 5.x / Synology Diskstation via Dreamhost with dns-01 verification
Adapted from https://www.naschenweng.info/2017/01/06/automatic-ssl-renewal-encrypt-dsm-5-x-synology-ds1010-dns-01-verification/
-
SSH into your Synology as
root$ ssh root@my.synology.tld -
First we will install acme.sh – for this you need SSH / Telnet access into your Synology.
cd /tmp curl -L -o /tmp/master.tgz https://github.com/Neilpang/acme.sh/archive/master.tar.gz tar xvf master.tgz cd acme.sh-master/ ./acme.sh --install --nocronThe above downloads the acme.sh installer and then installs it with the “nocron”-option (since my Synology does not have a scheduler running which is supported by acme.sh). The installer completes quickly:
-
Close and then re-open the terminal
exit ssh root@my.synology.tld -
After you closed and re-opened the terminal, we then configure acme.sh to automatically update itself:
acme.sh --upgrade --auto-upgrade -
Create an API Key at Dreamhost with
All dns functions -
Add the API key using
export DH_API_KEY="<api key>" -
Issue a certificate using
acme.sh --issue --dns dns_dreamhost -d my.synology.tldThe 'DH_API_KEY' will be saved in ~/.acme.sh/account.conf and will be reused when needed.
-
Add a Crontab entry via
vi /etc/crontab3 2 * * 2 root /root/.acme.sh/acme.sh --cronEveryone forgets how to exit vi. Use
esc :wqto quit and save oresc :q!to quit without savingOlder Synology’s had issues with the format of the crontab – so make sure that you use tabs between the sections.
-
Run the cronjob to verify that everything is fine:
/root/.acme.sh/acme.sh --cron